All articles tagged with #cyber threat
Originally Published 4 months ago — by Internet Crime Complaint Center (IC3) (.gov)
The FBI warns of Russian FSB cyber actors exploiting vulnerabilities in networking devices, particularly targeting critical infrastructure in the US and globally, using tools like SNMP and SMI to conduct reconnaissance and unauthorized access, with ongoing guidance for mitigation and reporting suspected intrusions.
Originally Published 1 year ago — by CISA
VMware has issued a security advisory addressing vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation that could potentially allow a cyber threat actor to take control of affected systems. CISA advises users and administrators to review the advisory (VMSA-2024-0006) and apply the required updates.
Originally Published 1 year ago — by The Hacker News
A new variant of Android malware called MoqHao has been discovered, which automatically executes on infected devices without user interaction, targeting users in France, Germany, India, Japan, and South Korea. This malware is associated with a Chinese financially motivated cluster and is distributed via smishing techniques, with the latest iteration running automatically upon installation and prompting victims to grant risky permissions. Additionally, a previously unknown cybercrime syndicate named Bigpanzi has been linked to compromising Android-based smart TVs and set-top boxes for conducting distributed denial-of-service attacks, posing a significant threat to social order and stability.
Originally Published 1 year ago — by The Associated Press
FBI Director Chris Wray warns House lawmakers about Chinese government hackers targeting US critical infrastructure, including water treatment plants, electrical grid, and transportation systems, with the potential to cause real-world harm to American citizens and communities. Outside cybersecurity firms have also reported state-backed Chinese hackers targeting US critical infrastructure, raising concerns about potential disruption of critical communications between the US and Asia during future crises. Wray emphasizes China's active attacks on US economic security and wholesale theft of innovation and personal and corporate data, while the Chinese government has dismissed these accusations as groundless.
Originally Published 2 years ago — by The Hacker News
The BazaCall phishing scammers have started using Google Forms to enhance the credibility of their attacks. By impersonating popular subscription services like Netflix and Norton, the scammers send emails urging targets to contact a support desk to dispute or cancel a plan. In the latest attack variant, a Google Form is used to share details of the supposed subscription, with response receipts enabled to send a copy of the form to the target. The use of Google Forms and dynamically generated URLs helps bypass traditional security measures. In a separate phishing campaign, recruiters are being targeted with direct emails that lead to the More_eggs JavaScript backdoor, attributed to a financially motivated threat actor known as TA4557.
Originally Published 2 years ago — by The Hacker News
A governmental entity in Guyana has been targeted in a cyber espionage campaign called Operation Jacana. The attack involved a spear-phishing email that led to the deployment of a previously undocumented implant called DinodasRAT. The campaign is attributed with medium confidence to a China-nexus adversary due to the use of the remote access trojan PlugX. The attackers used a combination of DinodasRAT and traditional backdoors like Korplug, and they tailored their emails to entice their chosen victim organization. The attackers are monitoring the geopolitical activities of their victims to increase the success of their operation.
Originally Published 2 years ago — by The Hacker News
Iranian hackers, believed to be linked to APT35, have launched a new wave of phishing attacks targeting Israel using an updated version of the PowerLess backdoor. The attacks use ISO images and other archive files to initiate infection chains, with the PowerLess implant being launched via a custom in-memory downloader. The malware is capable of stealing data from web browsers and apps, taking screenshots, recording audio, and logging keystrokes. The attackers are continuously refining their malware arsenal to expand their functionality and resist analysis efforts, while also adopting enhanced methods to evade detection.
Originally Published 2 years ago — by Ars Technica
Emotet, one of the most dangerous botnets, has returned after a four-month hiatus with new evasion techniques. The botnet sends malicious spam messages that appear to come from a known contact, address the recipient by name, and seem to be replying to an existing email thread. The malware pilfers passwords and other sensitive data and uses the device to send malicious spam to other users. The infection chain includes downloading additional malware such as the Ryuk ransomware or the TrickBot malware. The latest revival includes binary padding, invisible text, and a graphic that says the content can’t be accessed unless the user clicks the “enable content” button.