-
Updated PowerLess backdoor is actively storming Israeli organizations
Iranian cybercriminals Educated Manticore are improving their tools and methods with each new attack.Researchers at Check Point have linked an Iranian state-owned hacking group to a new wave of phishing attacks targeting Israel in a recent report. The purpose of the malicious campaign was to deploy an updated version of the Windows backdoor called PowerLess.Check Point tracks these intruders under the alias of the mythical creature "Educated Manticore". The group, according to the researchers, shows “strong overlaps” in methods and tools with the APT35 hacker group (aka Charming Kitten, Cobalt Illusion, ITG18, Mint Sandstorm, TA453...
-
ChatGPT, PaperCut and Google Chrome bugs are on the CISA list of exploited vulnerabilities
CISA has warned companies to urgently fix the flaws to protect users.The Cybersecurity and Infrastructure Protection Agency (CISA) has added an issue in its PaperCut print management software to its catalog of known exploitable vulnerabilities (KEV).PaperCut is a print management software company for Canon, Epson, Xerox, Brother and other major printer manufacturers. PaperCut tools are widely used in government agencies, universities and large companies around the world.PaperCut, a provider of print management software, said on April 19 that unpatched PaperCut MF/NG servers are being actively exploited in the wild.Of the two discovered vulnerabilities, one (...
-
The collaboration of former Conti hackers with the FIN7 group led to the spread of Domino and Nemesis malware
A new strain of malware developed by attackers with ties to the FIN7 cybercriminal group was used by former members of the now-defunct Conti ransomware gang, indicating a collaboration between the two hacker groups.Malicious software, dubbed Domino, is primarily intended to facilitate the subsequent exploitation of malicious software on compromised systems.“Former members of the TrickBot/Conti syndicate have been using Domino since at least the end of February 2023 to deliver the Project Nemesis information thief or more powerful backdoors such as Cobalt Strike,” IBM Security X-Force security researcher said in the report.FIN7, also known as...
-
Hackers were able to seize control of the satellite
Cybersecurity researchers will show the process of seizing control of a European Space Agency (ESA) satellite in a demonstration that has been described as the world's first ethical satellite hacking exercise. A group of experts from Thales and members of the ESA team will demonstrate the attack scenario at the CYSAT conference in Paris.The attack targets OPS-SAT, a shoebox-sized nanosatellite that was launched in December 2019 and contains "an experimental computer 10 times more powerful than any modern ESA spacecraft."The purpose of OPS-SAT is to eliminate the risks associated with testing flight control systems in...
-
DeFi protocol SafeMoon made a peace deal with a hacker
The attacker who withdrew $8.9 million from SafeMoon agreed to return 80% of the funds.The SafeMoon DeFi protocol reached an agreement with hackers who hacked the platform at the end of March and stole about $9 million. The platform agreed to return 80% of the stolen funds, as it wrote to the hackers in a comment to the transaction sent to them.On March 28, the SafeMoon token liquidity pool lost $8.9 million after unknown hackers took advantage of the newly added “burn” smart contract feature, which artificially inflated the price of the SFM cryptocurrency, allowing...
-
Chinese APT41 hackers actively use Google cloud infrastructure in their attacks
A Chinese government-sponsored cyber gang attacked an unnamed Taiwanese media organization using a suite of publicly available Google services and tools.Google TAG specialists have no doubt that the Chinese group HOODOO, which has been active since at least 2007, also known as APT41, Barium, Bronze Atlas, Wicked Panda and Winnti, is behind the malicious campaign.The starting point of the attack is a phishing email containing a link to a password-protected file hosted on Google Drive. This file includes the "Google Command and Control" (GC2) publicly available Red Teaming tool, developed by enthusiasts and used by...
-
Zaraza bot steals passwords from browsers using Telegram
Uptycs, an information security company, has discovered a new credential-stealing malware called Zaraza bot, which is sold on Telegram and uses the messenger as a command and control server (C2, C&C).Zaraza bot targets a large number of web browsers and is actively spreading on the Telegram channel, which is popular among cybercriminals. Once the malware infects the victim's computer, it extracts sensitive data and sends it to a Telegram bot controlled by the attacker.Zaraza bot is a 64-bit binary compiled with C#. When infected, the malware extracts all possible credentials stored on the victim's computer....
-
Cheap mass hacking tool: EvilExtractor infostealer is sold on the dark web for pennies
A powerful data thief targeting Windows systems will clearly spur malicious activity in cyberspace.A new malware called EvilExtractor is positioned as an all-in-one theft tool. It is freely available on the dark web and offers buyers a powerful tool to steal data and files from Windows systems for just $39. It is not specified whether this is a one-time purchase or if the malware is available on a subscription basis, but usually malicious software costs much more. The low price tag lowers the entry threshold for new potential attackers who would like to steal someone's...
-
Malefactors compete among themselves for cryptocurrency in Kubernetes
Hackers gain environment privileges to eliminate competitors.Security company Aqua has discovered a large-scale campaign in which attackers use the Kubernetes Role Based Access Control (RBAC) policy to create backdoors and run cryptocurrency miners.The attackers also deployed DaemonSets to steal resources from targeted Kubernetes clusters, experts say. 60 unprotected clusters used by hackers were found.The chain of attacks, dubbed "RBAC Buster", began with an attacker gaining initial access through a misconfigured API server, then checking for competing miners on the compromised server, and then using RBAC to establish persistence.The attacker created:the "ClusterRole" object (describes the rights...
-
New method of car theft using NOKIA 3310 has appeared in the US
The almighty phone can now start a car engine.A new type of car theft has emerged in the US, in which criminals use NOKIA 3310 phones to interact with the vehicle's control system.A new hijacking method allows a thief, even without technical experience, to steal cars without a key in 10-15 seconds. Thanks to devices that can be bought online for several thousand dollars, the barrier of entry to stealing even expensive luxury cars is drastically reduced.Ken Tindell, CTO of car cybersecurity company Canis Labs, spoke about the operation of such devices. Essentially, the device...