💥 Infamous cybercrime syndicate FIN7 is back in business, launching their first ransomware campaign in years and utilizing powerful tools such as POWERTRASH, Lizar, OpenSSH, and Impacket for exploitation.

Find details here: https://thehackernews.com/2023/05/notorious-cyber-gang-fin7-returns-cl0p.html

From teenage hacker to cybercriminal mastermind: Meet 'Jack,' the mind behind Golden Chickens malware. eSentire reveals his digital trail and involvement in developing malicious tools.

Read details here: https://thehackernews.com/2023/05/meet-jack-from-romania-mastermind.html

⚠️ Important notice for the Python community!

The administrators of the PyPI software repository have disabled new user sign-ups and package uploads until further notice due to an overwhelming surge of malicious users and projects.

Read details here: https://thehackernews.com/2023/05/pypi-repository-under-attack-user-sign.html

🚨 Attention KeePass users! A newly discovered security flaw (CVE-2023-32784) could expose your master password in cleartext!

Read details here: https://thehackernews.com/2023/05/keepass-exploit-allows-attackers-to.html

Upgrade to KeePass 2.54 once it's released.

UK national sentenced to 13+ years in prison for operating iSpoof, an online phone number spoofing service. The platform enabled fraudsters to impersonate banks and deceive victims.

Read details: https://thehackernews.com/2023/05/uk-fraudster-behind-ispoof-scam.html

New revelations about the Bad Magic hacker group uncover a longer history than expected. Kaspersky's latest report connects them to CloudWizard, a modular framework with alarming capabilities.

Read details: https://thehackernews.com/2023/05/bad-magics-extended-reign-in-cyber.html

#cybersecurity #hacking #malware

GUI-vil, the financially driven Indonesian group, leverages AWS EC2 instances for crypto mining, leaving victim organizations to bear the cost.

Read details: https://thehackernews.com/2023/05/indonesian-cybercriminals-exploit-aws.html

Facebook's parent company Meta hit with a record $1.3 billion fine by EU regulators for unlawfully transferring personal data of European users.

Read details here: https://thehackernews.com/2023/05/eu-regulators-hit-meta-with-record-13.html

China bans U.S. chip maker Micron from supplying crucial infrastructure projects, citing national security risks. Investigation finds "serious cybersecurity problems," endangering critical information infrastructure.

Read details: https://thehackernews.com/2023/05/china-bans-us-chip-giant-micron-citing.html

A new cyber threat, "GoldenJackal," is targeting government and diplomatic entities in the Middle East and South Asia. This stealthy and capable adversary employs tailored #malware to steal data and conduct surveillance.

Read details: https://thehackernews.com/2023/05/goldenjackal-new-threat-group-targeting.html

🚨 Alert: Kimsuky, the North Korean APT group, is back in action! They're using a new custom malware called "RandomQuery" to conduct reconnaissance and steal sensitive information.

Read details: https://thehackernews.com/2023/05/north-korean-kimsuky-hackers-strike.html

WINTAPIX: A newly discovered malware, acting as a loader, has been identified in attacks targeting Saudi Arabia, Qatar, and UAE. By exploiting a vulnerable kernel driver, the attacker gains privileged access & executes a multi-stage attack.

https://thehackernews.com/2023/05/new-wintapixsys-malware-engages-in.html

Ukraine's state bodies under cyber attack! CERT-UA warns of an espionage campaign targeting ministries. Hackers, known as UAC-0063, are leveraging phishing emails and malicious tools to infiltrate systems.

Read: https://thehackernews.com/2023/05/cyber-attacks-strike-ukraines-state.html

North Korean Lazarus Group remains relentless in targeting vulnerable Microsoft IIS servers, utilizing DLL side-loading techniques to deploy malicious software in latest espionage operations.

Read details: https://thehackernews.com/2023/05/n-korean-lazarus-group-targets.html

Legion, the Python-based hack tool, evolves with expanded capabilities. Latest version exploits SSH servers and gains access to DynamoDB and CloudWatch credentials associated with AWS.

Read details: https://thehackernews.com/2023/05/legion-malware-upgraded-to-target-ssh.html

🚨 Popular app gone rogue! "iRecorder - Screen Recorder" app sneaks in information stealing capabilities after a year on Play Store.

Read details: https://thehackernews.com/2023/05/data-stealing-malware-discovered-in.html

Google has finally removed it from the Play Store, but the damage may already be done.

Researchers identify a series of watering hole attacks targeting shipping and logistics companies in China.

Read details here: https://thehackernews.com/2023/05/iranian-tortoiseshell-hackers-targeting.html

🔒 Google introduces GUAC Beta 0.1, an open-source framework to secure software supply chains. By combining SBOMs, vulnerability feeds, and internal metadata, organizations gain a holistic view of their risk profile.

Read details: https://thehackernews.com/2023/05/guac-01-beta-googles-breakthrough.html

Iranian threat actor Agrius is using a new ransomware strain called Moneybird (programmed in C++) to target Israeli organizations

Read details: https://thehackernews.com/2023/05/iranian-agrius-hackers-targeting.html

🚨 A China-based state-sponsored group, Volt Typhoon, has stealthily infiltrated critical infrastructure organizations in the U.S. and Guam, remaining undetected until now.

Learn about their advanced tactics: https://thehackernews.com/2023/05/chinas-stealthy-hackers-infiltrate-us.html

Cybercrime group Blacktail is transitioning from using its Buhti ransomware to leaked LockBit and Babuk ransomware versions, expanding its targets to include Windows and Linux systems.

Read details here: https://thehackernews.com/2023/05/buhti-ransomware-gang-switches-tactics.html