Security News > 2021

A hacking group related to a Chinese-speaking threat actor has been linked to an advanced cyberespionage campaign targeting government and military organizations in Vietnam. According to researchers from Kaspersky, the offensive, which was observed between June 2020 and January 2021, leverages a method called DLL side-loading to execute shellcode that decrypts a final payload dubbed "FoundCore."

A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called "More eggs." To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims' job titles taken from their LinkedIn profiles.

After a shared Google Drive was posted online containing the private videos and images from hundreds of OnlyFans accounts, a researcher has created a tool allowing content creators to check if they are part of the leak. While OnlyFans is promoted as a way for celebrities and social influencers to share their content, it is also heavily used to share adult-themed content with fans who pay to access it.

China-linked cyber-espionage group Cycldek is showing increasing sophistication in a series of recent attacks targeting government and military entities in Vietnam, according to a report from anti-malware vendor Kaspersky. The more recent attacks, Kaspersky says, show further increase in sophistication.

Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim's customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up. Several gigabytes of the company's files - including employee tax and financial records - have been posted to the victim shaming site for the Clop ransomware gang.

The publicly released Facebook user data is believed to be part of a 2019 "Add Friend" Facebook security bug exploited by hackers at the time. The types of data include Facebook user mobile phone numbers, their Facebook ID, name and gender information.

Reams of personal data - including phone numbers, email addresses, and birthdays - obtained from 533 million Facebook accounts was offered to all for free on a cyber-crime forum over the weekend. The information - which also includes people's names, marital status, occupation, and location - was siphoned from Facebook in 2019 via a security weakness in the platform.

Reams of personal data - including phone numbers, email addresses, and birthdays - obtained from 533 million Facebook accounts was offered to all for free on a cyber-crime forum over the weekend. The information - which also includes people's names, marital status, occupation, and location - was siphoned from Facebook in 2019 via a security weakness in the platform.

An advanced cyberespionage campaign targeting government and military entities in Vietnam has been discovered that delivered a remote-access tool for carrying out espionage operations, researchers said. Further analysis suggested that this campaign was conducted by a group related to a Chinese-speaking advanced persistent threat known as Cycldek, according to Kaspersky researchers, who added that the group has been active since at least 2013.

The new Chromium-based Microsoft Edge browser has grown by over 1,300% in the past 12 months, while the Firefox browser is slowly losing its market share. In January 2020, Microsoft released the first stable version of the new Chromium-based Microsoft Edge browser and announced that they would slowly release it to Windows 10 users.