Security News
Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information. The security breach is said to have occurred two weeks ago, targeting its development environment.
The North Korean 'Kimsuky' threat actors are going to great lengths to ensure that their malicious payloads are only downloaded by valid targets and not on the systems of security researchers. According to a Kaspersky report published today, the threat group has been employing new techniques to filter out invalid download requests since the start of 2022, when the group launched a new campaign against various targets in the Korean peninsula.
Hackers are abusing an anti-cheat system driver for the immensely popular Genshin Impact game to disable antivirus software while conducting ransomware attacks. The driver/module, "Mhypro2.sys," doesn't need the target system to have the game installed, and it can operate independently or even embedded in malware, offering the threat actors a powerful vulnerability that can disable security software.
Hackers responsible for a string of recent cyberattacks, including those on Twilio, MailChimp, Cloudflare, and Klaviyo, compromised over 130 organizations in the same phishing campaign. This phishing campaign utilized a phishing kit codenamed '0ktapus' to steal 9,931 login credentials that the hackers then used to gain access to corporate networks and systems through VPNs and other remote access devices.
The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative compromise of 9,931 accounts. The activity has been condemned 0ktapus by Group-IB because the initial goal of the attacks was to "Obtain Okta identity credentials and two-factor authentication codes from users of the targeted organizations."
The threat actor behind the SolarWinds supply chain attack has been linked to yet another "Highly targeted" post-exploitation malware that could be used to maintain persistent access to compromised environments. "Nobelium remains highly active, executing multiple campaigns in parallel targeting government organizations, non-governmental organizations, intergovernmental organizations, and think tanks across the US, Europe, and Central Asia," Microsoft said.
The open-source, cross-platform kit called Sliver is becoming an attractive alternative. A report from Microsoft notes that hackers, from state-sponsored groups to cybercrime gangs, are more and more using in attacks the Go-based Sliver security testing tool developed by researchers at BishopFox cybersecurity company.
The open-source, cross-platform kit called Sliver is becoming an attractive alternative. A report from Microsoft notes that hackers, from state-sponsored groups to cybercrime gangs, are more and more using in attacks the Go-based Sliver security testing tool developed by researchers at BishopFox cybersecurity company.
A new business email compromise campaign has been discovered combining sophisticated spear-phishing with Adversary-in-The-Middle tactics to hack corporate executives' Microsoft 365 accounts, even those protected by MFA. By accessing accounts of high-ranking employees like CEOs or CFOs of large organizations, the threat actors can monitor communications and respond to emails at the right moment to divert a large transaction to their bank accounts. The phishing emails sent in these attacks tell the target that the corporate bank account they usually send payments to has been frozen due to a financial audit, enclosing new payment instructions that switch to the account of an alleged subsidiary.
WordPress sites are being hacked to display fraudulent Cloudflare DDoS protection pages that lead to the delivery of malware such as NetSupport RAT and Raccoon Stealer. "A recent surge in JavaScript injections targeting WordPress sites has resulted in fake DDoS prevent prompts which lead victims to download remote access trojan malware," Sucuri's Ben Martin said in a write-up published last week.