RIG Exploit Kit replaces the Raccoon stealer trojan with Dridex financial malware after one of its developers was killed in the Russian-Ukrainian war.
Read details: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Read details: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
π2
Europol dismantled an organized cybercrime group engaged in phishing, fraud, scams, and money laundering activities.
Details: https://thehackernews.com/2022/06/europol-busts-phishing-gang-responsible.html
Details: https://thehackernews.com/2022/06/europol-busts-phishing-gang-responsible.html
π1
A newly discovered Magecart attack has been linked to the infrastructure of an ongoing skimming campaign.
Read: https://thehackernews.com/2022/06/newly-discovered-magecart.html
Read: https://thehackernews.com/2022/06/newly-discovered-magecart.html
π1
Ukrainian CERT has warned of a new series of Russian cyberattacks exploiting the "Follina" vulnerability in the Windows operating system to deploy password-stealing malware.
Read details: https://thehackernews.com/2022/06/russian-hackers-exploiting-microsoft.html
Read details: https://thehackernews.com/2022/06/russian-hackers-exploiting-microsoft.html
Researchers demonstrate 5 cryptographic attacks to break the encryption of the cloud storage service "MEGA," allowing compromise of user confidentiality.
https://thehackernews.com/2022/06/researchers-uncover-ways-to-break.html
βRSA Key Recovery
βPlaintext Recovery
βFraming Attack
βIntegrity Attack
βGaP-Bleichenbacher Attack
https://thehackernews.com/2022/06/researchers-uncover-ways-to-break.html
βRSA Key Recovery
βPlaintext Recovery
βFraming Attack
βIntegrity Attack
βGaP-Bleichenbacher Attack
A critical PHP vulnerability leaves QNAP's network attached storage (NAS) devices vulnerable to remote attackers, allowing them to execute malicious code on the affected systems.
Read details: https://thehackernews.com/2022/06/critical-php-vulnerability-exposes-qnap.html
Read details: https://thehackernews.com/2022/06/critical-php-vulnerability-exposes-qnap.html
π2
Tropic Trooper Chinese hacker group has been spotted using a new malware coded in the Nim programming language, and distributed hidden inside an "SMS bomber" tool.
Read details: https://thehackernews.com/2022/06/chinese-hackers-distributing-sms-bomber.html
Read details: https://thehackernews.com/2022/06/chinese-hackers-distributing-sms-bomber.html
Israeli surveillanceware vendor NSO Group admitted to the European Union lawmakers that its Pegasus spyware tool was used by at least 5 countries in the region.
Read: https://thehackernews.com/2022/06/nso-confirms-pegasus-spyware-used-by-at.html
Read: https://thehackernews.com/2022/06/nso-confirms-pegasus-spyware-used-by-at.html
π1
CISA and the Coast Guard have issued a joint advisory warning of ongoing attempts by hackers to exploit the Log4Shell vulnerability in VMware Horizon servers to steal sensitive data from targeted networks.
Read: https://thehackernews.com/2022/06/log4shell-still-being-exploited-to-hack.html
Read: https://thehackernews.com/2022/06/log4shell-still-being-exploited-to-hack.html
Chinese state-sponsored hackers are using ransomware as a ruse to carry out cyberespionage attacks and hide their true intentions.
Read details: https://thehackernews.com/2022/06/state-backed-hackers-using-ransomware.html
Read details: https://thehackernews.com/2022/06/state-backed-hackers-using-ransomware.html
π1
Researchers are warning of a new malware tool available on cybercrime forums that allows cybercriminals to easily create malicious Windows shortcut (.LNK) files.
Read details: https://thehackernews.com/2022/06/new-quantum-builder-lets-attackers.html
Read details: https://thehackernews.com/2022/06/new-quantum-builder-lets-attackers.html
Researchers have identified multiple malicious Python packages designed to steal AWS credentials and environment variables.
https://thehackernews.com/2022/06/multiple-backdoored-python-libraries.html
What is more worrying is that they upload sensitive, stolen data to a publicly accessible server.
https://thehackernews.com/2022/06/multiple-backdoored-python-libraries.html
What is more worrying is that they upload sensitive, stolen data to a publicly accessible server.
Google believes that ISPs may have helped attackers infect the Android and iPhone smartphones of high-profile victims with "Hermit" spyware.
Read details: https://thehackernews.com/2022/06/google-says-isps-helped-attackers.html
Read details: https://thehackernews.com/2022/06/google-says-isps-helped-attackers.html
π2
Researchers reveal that ransomware hackers used a zero-day vulnerability in Mitel VoIP appliances as an entry point to infiltrate an undisclosed company.
Read details: https://thehackernews.com/2022/06/hackers-exploit-mitel-voip-zero-day-bug.html
Read details: https://thehackernews.com/2022/06/hackers-exploit-mitel-voip-zero-day-bug.html
Researchers warn of a new malware campaign driven by "Matanbuchus," a malware-as-a-service (Maas) that spreads via phishing campaigns and drops the Cobalt Strike post-exploitation framework on targeted machines.
Read: https://thehackernews.com/2022/06/researchers-warn-of-matanbuchus-malware.html
Read: https://thehackernews.com/2022/06/researchers-warn-of-matanbuchus-malware.html
If you're using Google Analytics, you're likely breaking EU data protection laws.
Following in the footsteps of Austria and France, the Italian watchdog has also found that the use of Google Analytics to be non-compliant with EU regulations.
https://thehackernews.com/2022/06/italy-data-protection-authority-warns.html
Following in the footsteps of Austria and France, the Italian watchdog has also found that the use of Google Analytics to be non-compliant with EU regulations.
https://thehackernews.com/2022/06/italy-data-protection-authority-warns.html
π2
CODESYS has released security patches to address 11 newly identified vulnerabilities that could lead to information disclosure and a denial of service (DoS) condition, among others.
Read details: https://thehackernews.com/2022/06/critical-security-flaws-identified-in.html
Read details: https://thehackernews.com/2022/06/critical-security-flaws-identified-in.html
π1
Cybersecurity experts warn of "Black Basta" ransomware that attacked dozens of companies in the U.S., Canada, U.K., Australia, and New Zealand within 2 months of its emergence, making it a prominent threat in a short period of time.
Read: https://thehackernews.com/2022/06/cybersecurity-experts-warn-of-emerging.html
Read: https://thehackernews.com/2022/06/cybersecurity-experts-warn-of-emerging.html
π1
Researchers have discovered a new Android banking trojan β dubbed "Revive" β targeting customers of the Spanish financial services company BBVA.
Read details: https://thehackernews.com/2022/06/new-android-banking-trojan-revive.html
Read details: https://thehackernews.com/2022/06/new-android-banking-trojan-revive.html
A remote memory-corruption vulnerability has been discovered in the latest version of OpenSSL library that can be exploited very easily by an attacker.
Read: https://thehackernews.com/2022/06/openssh-to-release-security-patch-for.html
"If RCE exploitation is possible, this makes it worse than Heartbleed..."
Read: https://thehackernews.com/2022/06/openssh-to-release-security-patch-for.html
"If RCE exploitation is possible, this makes it worse than Heartbleed..."