News Picks

50% reduction in Google account hacks after enabling 2SV

One of the main problems is the lack of understanding by users of the benefits of additional authorization procedures. It turns out that with just...

Chinese hack group GhostEmperor uses new rootkit against Windows 10

At the SAS 2021 conference, Kaspersky Lab analysts spoke about the tools of the new Chinese cyber-espionage group GhostEmperor, which has been attacking large organizations in Southeast Asia...

Google developers told how they will implement Manifest V3

This week, Google revealed exactly how it plans to phase out Manifest V2, which defines the capabilities and limitations for extensions in Chrome. The developers also shared...

DDoS service operator DownThem faces up to 35 years in prison

A California jury found a former DDoS service administrator (DownThem and Ampnode) guilty. Paid users of these services have carried out over 200,000 DDoS attacks both on...

Cyberattack suspends banks in New Zealand

At the moment, it is unclear who is behind the cyberattack and whether it resulted in a data breach. On Wednesday, September 8, a cyberattack...

Attackers scan the network looking for Microsoft Exchange servers vulnerable to ProxyShell

Recently at the Black Hat conference, they talked about the remote code execution vulnerabilities in Microsoft Exchange, collectively known as ProxyShell. Now experts are warning...

Kaseya now has a decryptor for REvil

Representatives of the Kaseya company, whose clients have recently suffered from attacks by the ransomware REvil, said that the company now has a universal tool for...

Microsoft has released its own Linux distribution

This week Microsoft posted on GitHub the first stable build of its own Linux distribution,  CBL-Mariner (Common Base Linux), which was published under the open source...

Mercedes-Benz reports data breaches of 1.6 million customers

The American division of Mercedes-Benz has reported a data breach affecting some of the company's customers. The incident affected 1.6 million records that included customer names, addresses,...

Advertising of ransomware was banned on the XSS hacker forum

The administration of the popular hacker forum XSS (formerly DaMaGeLab) has banned the advertising and sale of any ransomware on the site. Although groups such...

Last Articles

Conti ransomware stops working and splits into several groups

Experts report that the Conti ransomware group has ceased operations, its infrastructure is disabled, and the leaders of the group have said that the brand is no more. One of the first to notice the change was Yelisey Boguslavsky of Advanced Intel, who tweeted that the group's internal infrastructure had been shut down. According to him, other internal services of the group, such...

The emergence of cheap DarkCrystal RAT worried experts

Researchers from BlackBerry conducted an analysis of the DarkCrystal RAT (aka DCRat) malware and the activity of its developer on the dark web. Apparently, the malware has been active since 2019, is the “brainchild” of a Russian-speaking developer, and sells for as little as 500 rubles (about $7) for two months or 4,200 rubles (about $60) for a lifetime license. The company’s report...

What is Advanced Threat Protection, and can you fully rely on it?

ATP or advanced threat protection is a premiere suite of analytical tools and malware protection systems that protect against phishing attacks, security threats, and other known advanced threats. To help you understand what advanced threat protection is, we need to look at what advanced threats mean. Advanced threats can be malicious files, links, and other code that bypasses traditional security solutions...

Synology and QNAP warn about bugs in their products

Companies have reported numerous critical Netatalk server vulnerabilities. Based on a published report , multiple flaws allow remote attackers to obtain sensitive information and possibly execute arbitrary code using a vulnerable version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM) On March 22, Netatalk developers released version 3.1.13 to fix bugs in several Synology products: DSM 7.1DSM7.0DSM 6.2VS Firmware 2.3SRM 1.2 The manufacturer notified customers...

Quantum ransomware operators carried out the attack in almost 4 hours

The attackers used the IcedID malware as one of their initial access vectors. Quantum ransomware, first discovered in August 2021, has been used in fast network attacks. The attackers used the IcedID malware as one of their initial access vectors, which deploys Cobalt Strike for remote access and leads to data theft and encryption with Quantum. The DFIR Report analyzed Quantum ransomware attacks. The attack...

ZingoStealer malware is distributed among criminals for free

Cisco Talos experts have discovered the ZingoStealer malware, which is distributed for free by the Haskers Gang hacker group. The malware is capable of stealing confidential information and uploading additional malware to infected systems. For example, it can be RedLine Stealer and XMRig-based cryptocurrency mining malware called ZingoMiner. Haskers Gang has been active since at least January 2020, while ZingoStealer came out around the...

Fodcha botnet attacks over 100 victims daily

Qihoo 360 (360 Netlab) experts report the discovery of a new Fodcha botnet that launches DDoS attacks on hundreds of victims every day. According to the company, the threat is growing rapidly and is replenished with new bots, including routers, DRVs and vulnerable servers. From March 29 to April 10, the Fodcha botnet included more than 62,000 devices. The number of unique IP addresses...

RaidForums: Law enforcement officers closed the hacker Forum

During the international operation TOURNIQUET , which was coordinated by Europol, the well-known hacker resource RaidForums, which was mainly used to trade in stolen databases, was closed. The administrator of RaidForums and two of his accomplices have been arrested, and the site's infrastructure is now under the control of law enforcement agencies. The operation was reportedly prepared by the authorities of the United...

Apple leaves critical bugs unpatched in macOS Big Sur and Catalina

Apple patched two actively exploited vulnerabilities in macOS Monterey last week , but Intego analysts emphasize that the company left users of older supported versions of its OS, i.e. Big Sur and Catalina, unprotected. We are talking about vulnerabilities CVE-2022-22674 (a problem in the AppleAVD media decoder code) and CVE-2022-22675 (out-of-bounds entry in the Intel Graphics Driver). Intego expert Joshua Long writes that the AppleAVD...

German authorities shut down Hydra Market darknet marketplace and confiscated $25 million in bitcoin

Law enforcement officials announced the liquidation of Hydra Market, the largest Russian-language trading platform on the darknet. During the operation, the German authorities were able to seize 543 bitcoins (about $25 million at the current exchange rate) from the criminals. The liquidation of the marketplace was announced today by the German Federal Criminal Police Office (Bundeskriminalamt, BKA) and the German Central Cybercrime Office...

Trojan Alert – Borat RAT – Experts are worried about the it’s functionalities

A new Trojan that provides operators with remote access (RAT) has appeared on darknet marketplaces. According to the description, the Borat malware is extremely easy to use and allows attackers to easily launch DDoS attacks, bypass User Account Control (UAC), and deploy ransomware on the victim's network. In addition, cybercriminals armed with Borat can gain full control over the...

Password thief BlackGuard gaining popularity on hacker forums

The attention of information security specialists was attracted by a new malicious software for stealing information, BlackGuard. The malware is sold on numerous marketplaces and dark web forums for $700 for a lifetime license or $200 per month. Analysts at Zscaler  have already studied the malware that became popular after the unexpected shutdown of competing malware Raccoon Stealer. In turn, Bleeping Computer reports that BlackGuard was...

Critical bug in GitLab allows you to take over other people’s accounts

GitLab has fixed a critical vulnerability that allowed remote attackers to gain access to user accounts using hard-coded passwords. CVE-2022-1162  affected both GitLab Community Edition (CE) and Enterprise Edition (EE). The developers explain that static passwords were erroneously set during OmniAuth-based registration with GitLab CE/EE. "Accounts registered using OmniAuth (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 to 14.7.7, 14.8 to 14.8.5, and 14.9 to...

New Ransomware Attacks Jupyter Notebook Environments

Because Jupyter Notebook is used for data analysis, an attack can do a lot of damage in the absence of backups. New ransomware written in the Python programming language attacks environments where Jupyter Notebook is used. Jupyter Notebook is an open source web framework for data virtualization. Modular software is used for data modeling in science, computing and machine learning. The project supports...

Okta: Lapsus$ tried to hack into a support engineer’s laptop in January

The hackers dispute Okta's claim that the hack was unsuccessful. Approximately 375 customers (2.5%) of Okta were allegedly affected by a cyber attack by the Lapsus$ ransomware group. An Okta spokesperson confirmed that in January of this year, hackers tried to break into the laptop of one of the support engineers. As the results of the investigation of the cyber incident showed, the attackers had access...

More than 45 million medical scans are in the public domain

A study by CybelAngel, a risk management services company, helped identify a massive leak of confidential information . The aim of the study was...

Egregor ransomware forces printers to print a ransom note

Ransomware operators have found a new way to put pressure on the management of the attacked enterprises. Egregor ransomware operators use an innovative approach to...

German authorities shut down Hydra Market darknet marketplace and confiscated $25 million in bitcoin

Law enforcement officials announced the liquidation of Hydra Market, the largest Russian-language trading platform on the darknet. During the operation, the German authorities were able...

Exploit for 0-day vulnerability in Windows MSHTML published

Researchers warn that cybercriminals are already sharing tutorials and exploits for the CVE-2021-40444 vulnerability on hacker forums, allowing more hackers to exploit the new...

Critical bug fixed in Apache OFBiz

The developers of the Apache Software Foundation have fixed a vulnerability in Apache OFBiz that could allow an unauthenticated attacker to remotely take control...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT infrastructure (Operational Technology) were practically impossible, since everything works in a special network, separate from...

CISA adds 95 new CVEs to its list of exploited vulnerabilities

CISA called for bug fixes in software from Cisco, Microsoft, Adobe, Oracle, and other companies. The US Cybersecurity and Infrastructure Security Agency (CISA) has added 95 new...

Tripoli; New Ransomware In the wild

This crypto ransomware encrypts user data with AES + RSA and then demands a 0.1 BTC ransom to get the files back. Original title:...