RSS ze světa hackingu

The Emotet malware is now being leveraged by ransomware-as-a-service (RaaS) groups, including Quantum and BlackCat, after Conti's official retirement from the threat landscape this year. Emotet started off as a banking trojan in 2014, but updates added to it over time have transformed the malware into a highly potent threat that's capable of downloading other payloads onto the victim's machine,…

Organizations and security teams work to protect themselves from any vulnerability, and often don't realize that risk is also brought on by configurations in their SaaS apps that have not been hardened. The newly published GIFShell attack method, which occurs through Microsoft Teams, is a perfect example of how threat actors can exploit legitimate features and configurations that haven't been…

A decryptor for the LockerGoga ransomware has been made available by Romanian cybersecurity firm Bitdefender in collaboration with Europol, the No More Ransom project, and Zürich law enforcement authorities. Identified in January 2019, LockerGoga drew headlines for its attacks against the Norwegian aluminum giant Norsk Hydro. It's said to have infected more than 1,800 victims in 71 countries,…

Microsoft said it's tracking an ongoing large-scale click fraud campaign targeting gamers by means of stealthily deployed browser extensions on compromised systems. "[The] attackers monetize clicks generated by a browser node-webkit or malicious browser extension secretly installed on devices," Microsoft Security Intelligence said in a sequence of tweets over the weekend. The tech giant's…

Uber, in an update, said there is "no evidence" that users' private information was compromised in a breach of its internal computer systems that was discovered late Thursday. "We have no evidence that the incident involved access to sensitive user data (like trip history)," the company said. "All of our services including Uber, Uber Eats, Uber Freight, and the Uber Driver app are operational." …

Password management solution LastPass shared more details pertaining to the security incident last month, disclosing that the threat actor had access to its systems for a four-day period in August 2022. "There is no evidence of any threat actor activity beyond the established timeline," LastPass CEO Karim Toubba said in an update shared on September 15, adding, "there is no evidence that this…

Cybersecurity researchers have exposed new connections between a widely used pay-per-install (PPI) malware service known as PrivateLoader and another PPI service dubbed ruzki. "The threat actor ruzki (aka les0k, zhigalsz) advertises their PPI service on underground Russian-speaking forums and their Telegram channels under the name ruzki or zhigalsz since at least May 2021," SEKOIA said. The…

A threat with a North Korea nexus has been found leveraging a "novel spear phish methodology" that involves making use of trojanized versions of the PuTTY SSH and Telnet client. Google-owned threat intelligence firm Mandiant attributed the new campaign to an emerging threat cluster it tracks under the name UNC4034. "UNC4034 established communication with the victim over WhatsApp and lured them…

Unified threat management is thought to be a universal solution for many reasons. First of all, it is compatible with almost any hardware. As a business or an MSP, you don’t have to bother with leasing or subleasing expensive equipment. There is no need to chase your clients to return your costly hardware. The all-in-one UTM solution will save you money and time & make work routine less…

Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. Cybersecurity company Trend Micro said it found the financially-motivated group leveraging the vulnerability to drop Python scripts with capabilities to disable operating system (OS) security features such as…