News Picks

50% reduction in Google account hacks after enabling 2SV

One of the main problems is the lack of understanding by users of the benefits of additional authorization procedures. It turns out that with just...

Chinese hack group GhostEmperor uses new rootkit against Windows 10

At the SAS 2021 conference, Kaspersky Lab analysts spoke about the tools of the new Chinese cyber-espionage group GhostEmperor, which has been attacking large organizations in Southeast Asia...

Google developers told how they will implement Manifest V3

This week, Google revealed exactly how it plans to phase out Manifest V2, which defines the capabilities and limitations for extensions in Chrome. The developers also shared...

DDoS service operator DownThem faces up to 35 years in prison

A California jury found a former DDoS service administrator (DownThem and Ampnode) guilty. Paid users of these services have carried out over 200,000 DDoS attacks both on...

Cyberattack suspends banks in New Zealand

At the moment, it is unclear who is behind the cyberattack and whether it resulted in a data breach. On Wednesday, September 8, a cyberattack...

Attackers scan the network looking for Microsoft Exchange servers vulnerable to ProxyShell

Recently at the Black Hat conference, they talked about the remote code execution vulnerabilities in Microsoft Exchange, collectively known as ProxyShell. Now experts are warning...

Kaseya now has a decryptor for REvil

Representatives of the Kaseya company, whose clients have recently suffered from attacks by the ransomware REvil, said that the company now has a universal tool for...

Microsoft has released its own Linux distribution

This week Microsoft posted on GitHub the first stable build of its own Linux distribution,  CBL-Mariner (Common Base Linux), which was published under the open source...

Mercedes-Benz reports data breaches of 1.6 million customers

The American division of Mercedes-Benz has reported a data breach affecting some of the company's customers. The incident affected 1.6 million records that included customer names, addresses,...

Advertising of ransomware was banned on the XSS hacker forum

The administration of the popular hacker forum XSS (formerly DaMaGeLab) has banned the advertising and sale of any ransomware on the site. Although groups such...

Last Articles

Microsoft Exchange servers suffer from SessionManager backdoor attacks

Kaspersky Lab experts have discovered a hard-to-detect SessionManager backdoor that allows access to corporate IT infrastructure and perform a wide range of malicious actions. So, the malware can read corporate mail, distribute other malware, and remotely control infected servers. Analysts say that attackers inject malware remotely, as a module for Microsoft IIS (a set of web services that includes the Exchange mail server). To...

Dangerous vulnerability has been discovered in the latest version of the OpenSSL library

The vulnerability was discovered in the latest version of OpenSSL 3.0.4 , which was released on June 21, 2022 and affects x86_64 systems with support for AVX-512 instructions . According to Guido Vranken 's blog post , the vulnerability could be exploited by a remote attacker to corrupt the contents of a process's memory. Successful exploitation of the vulnerability could allow an attacker to read and overwrite...

Chrome 103 fixes 14 vulnerabilities

This week, Google developers released a stable version of Chrome 103 , which fixed 14 vulnerabilities. Independent researchers who uncovered some of these problems received a total of $44,000 from the company through a bug bounty program. The most serious of all the issues addressed was CVE-2022-2156, which is a critical use-after-free vulnerability in Base. This bug was discovered by Google Project Zero specialist...

Chinese hack group Aoqin Dragon has been quietly attacking companies since 2013

Sentinel Labs has discovered the Aoqin Dragon hacker group, which is engaged in cyber espionage, attacking government, educational and telecommunications organizations in Singapore, Hong Kong, Vietnam, Cambodia and Australia. Analysts have been lucky to link the hackers to malicious activity dating as far back as 2013. Aoqin Dragon managed to remain virtually unnoticed for ten years, with only a fraction of the hackers'...

Hacker steals data from hundreds of Verizon employees

The media reported that a hacker had accessed a database that contained the full names, email addresses, corporate IDs and phone numbers of hundreds of Verizon employees. Journalists from the Vice Motherboard write that last week an anonymous hacker contacted the editorial office, claiming to have compromised Verizon. He claimed to have gained access to the above data by tricking an employee into...

Conti ransomware stops working and splits into several groups

Experts report that the Conti ransomware group has ceased operations, its infrastructure is disabled, and the leaders of the group have said that the brand is no more. One of the first to notice the change was Yelisey Boguslavsky of Advanced Intel, who tweeted that the group's internal infrastructure had been shut down. According to him, other internal services of the group, such...

The emergence of cheap DarkCrystal RAT worried experts

Researchers from BlackBerry conducted an analysis of the DarkCrystal RAT (aka DCRat) malware and the activity of its developer on the dark web. Apparently, the malware has been active since 2019, is the “brainchild” of a Russian-speaking developer, and sells for as little as 500 rubles (about $7) for two months or 4,200 rubles (about $60) for a lifetime license. The company’s report...

What is Advanced Threat Protection, and can you fully rely on it?

ATP or advanced threat protection is a premiere suite of analytical tools and malware protection systems that protect against phishing attacks, security threats, and other known advanced threats. To help you understand what advanced threat protection is, we need to look at what advanced threats mean. Advanced threats can be malicious files, links, and other code that bypasses traditional security solutions...

Synology and QNAP warn about bugs in their products

Companies have reported numerous critical Netatalk server vulnerabilities. Based on a published report , multiple flaws allow remote attackers to obtain sensitive information and possibly execute arbitrary code using a vulnerable version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM) On March 22, Netatalk developers released version 3.1.13 to fix bugs in several Synology products: DSM 7.1DSM7.0DSM 6.2VS Firmware 2.3SRM 1.2 The manufacturer notified customers...

Quantum ransomware operators carried out the attack in almost 4 hours

The attackers used the IcedID malware as one of their initial access vectors. Quantum ransomware, first discovered in August 2021, has been used in fast network attacks. The attackers used the IcedID malware as one of their initial access vectors, which deploys Cobalt Strike for remote access and leads to data theft and encryption with Quantum. The DFIR Report analyzed Quantum ransomware attacks. The attack...

ZingoStealer malware is distributed among criminals for free

Cisco Talos experts have discovered the ZingoStealer malware, which is distributed for free by the Haskers Gang hacker group. The malware is capable of stealing confidential information and uploading additional malware to infected systems. For example, it can be RedLine Stealer and XMRig-based cryptocurrency mining malware called ZingoMiner. Haskers Gang has been active since at least January 2020, while ZingoStealer came out around the...

Fodcha botnet attacks over 100 victims daily

Qihoo 360 (360 Netlab) experts report the discovery of a new Fodcha botnet that launches DDoS attacks on hundreds of victims every day. According to the company, the threat is growing rapidly and is replenished with new bots, including routers, DRVs and vulnerable servers. From March 29 to April 10, the Fodcha botnet included more than 62,000 devices. The number of unique IP addresses...

RaidForums: Law enforcement officers closed the hacker Forum

During the international operation TOURNIQUET , which was coordinated by Europol, the well-known hacker resource RaidForums, which was mainly used to trade in stolen databases, was closed. The administrator of RaidForums and two of his accomplices have been arrested, and the site's infrastructure is now under the control of law enforcement agencies. The operation was reportedly prepared by the authorities of the United...

Apple leaves critical bugs unpatched in macOS Big Sur and Catalina

Apple patched two actively exploited vulnerabilities in macOS Monterey last week , but Intego analysts emphasize that the company left users of older supported versions of its OS, i.e. Big Sur and Catalina, unprotected. We are talking about vulnerabilities CVE-2022-22674 (a problem in the AppleAVD media decoder code) and CVE-2022-22675 (out-of-bounds entry in the Intel Graphics Driver). Intego expert Joshua Long writes that the AppleAVD...

German authorities shut down Hydra Market darknet marketplace and confiscated $25 million in bitcoin

Law enforcement officials announced the liquidation of Hydra Market, the largest Russian-language trading platform on the darknet. During the operation, the German authorities were able to seize 543 bitcoins (about $25 million at the current exchange rate) from the criminals. The liquidation of the marketplace was announced today by the German Federal Criminal Police Office (Bundeskriminalamt, BKA) and the German Central Cybercrime Office...

Pay2Key ransomware Attacked Again! Intel-owned Habana Labs Were attacked !

Edition Bleeping Computer reports that the Israeli company Habana Labs, which develops solutions in the field of AI, since 2019 owned by the Intel, was attacked...

Experts infiltrated the “old school” IRC botnet and talked to its operator

Confident that he was communicating with fellow hackers, the botnet operator got into a conversation with the researchers. The CyberNews portal specialists penetrated the infrastructure...

Google Chrome conflict with anti viruses in Windows 10

In Google Chrome, we fixed a bug due to which antivirus programs installed in Windows 10 could block files generated by the browser. Earlier,...

Hackers steal millions of dollars by spoofing thousands of mobile devices

A group of cybercriminals have used mobile emulators to simulate thousands of mobile devices, allowing them to steal millions of dollars in a matter...

Hackers Pre-Hacked the SolarWinds codebase

Information security specialists continue to investigate a cyberattack on SolarWinds' internal network, as a result of which a malicious update was implemented for its Orion software...

New vulnerability in macOS allows an attacker to remotely execute commands

The researcher found a bug in the macOS Finder that allows an attacker to run commands on Mac computers with any version of macOS...

Apple leaves critical bugs unpatched in macOS Big Sur and Catalina

Apple patched two actively exploited vulnerabilities in macOS Monterey last week , but Intego analysts emphasize that the company left users of older supported versions of its OS,...

Notable hacker Fxmsp was selling access to SolarWinds computers in 2017

A few years before breaking computer SolarWinds network, in which the network has been compromised several federal government agencies, a well-known hacker tried to sell access...