Security News > 2023 > April

A novel credential-stealing malware called Zaraza bot is being offered for sale on Telegram while also using the popular messaging service as a command-and-control. "Zaraza bot targets a large number of web browsers and is being actively distributed on a Russian Telegram hacker channel popular with threat actors," cybersecurity company Uptycs said in a report published last week.

With the economy experiencing instability and decline, organizations rely on their technology experts to maintain their innovative edge and generate business value. Despite being instructed to reduce expenses by 65% of the technology team leaders, 72% still intend to boost their investment in technology proficiency development by 2023, according to Pluralsight.

Across all BEC attacks seen over the past year, 57% relied on language as the main attack vector to get them in front of unsuspecting employees, according to Armorblox. Language remains the main attack vector in BEC attacks.

Fraudsters are underestimating the power of AI to detect fake IDs, according to a new report from Ondato. Based on an analysis of millions of ID verifications carried out for its customers in 2022, Ondato found that ID cards were used in 52% of fraudulent verification attempts - far ahead of driving licences and passports.

In brief Google on Friday released an emergency update for Chrome to address a zero-day security flaw.This fix would be the first zero-day in Chrome squashed by Google this year.

The LockBit ransomware gang has created encryptors targeting Macs for the first time, likely becoming the first major ransomware operation to ever specifically target macOS. The new ransomware encryptors were discovered by cybersecurity researcher MalwareHunterTeam who found a ZIP archive on VirusTotal that contained what appears to be all of the available LockBit encryptors. Historically, the LockBit operation uses encryptors designed for attacks on Windows, Linux, and VMware ESXi servers.

The U.S. Cybersecurity and Infrastructure Security Agency warned today of a high-severity Android vulnerability believed to have been exploited by a Chinese e-commerce app Pinduoduo as a zero-day to spy on its users. "Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed," CISA explains.

NCR is suffering an outage on its Aloha point of sale platform after being hit by an ransomware attack claimed by the BlackCat/ALPHV gang. After days of silence, NCR has disclosed today that the outage was caused by a ransomware attack on data centers used to power their Aloha POS platform.

Security researchers are warning that cybercriminals are increasingly using the Action1 remote access software for persistence on compromised networks and to execute commands, scripts, and binaries. Kostas, a member of the volunteer analyst group The DFIR Report, noticed the Action1 RMM platform being abused by multiple threat actors for reconnaissance activity and to execute code with system privileges on network hosts.

A new Android malware named 'Goldoson' has infiltrated Google Play through 60 legitimate apps that collectively have 100 million downloads. The malicious malware component is part of a third-party library used by all sixty apps that the developers unknowingly added to their apps.