Security News

The Brute Ratel post-exploitation toolkit has been cracked and is now being shared for free across Russian-speaking and English-speaking hacking communities. Things are about to change, as cyber threat intelligence researcher Will Thomas has reported that a cracked copy of Brute Ratel is now circulating widely among threat actors in online hacking forums.

Fast Company took its website offline after it was hacked to display stories and push out Apple News notifications containing obscene and racist comments. Today, the hacker shared how they allegedly breached the site.

Security researchers have discovered a new campaign targeting multiple military contractors involved in weapon manufacturing, including an F-35 Lightning II fighter aircraft components supplier. The campaign stands out for its secure C2 infrastructure and multiple layers of obfuscation in the PowerShell stagers.

Four vulnerabilities in the widely adopted 'Stacked VLAN' Ethernet feature allows attackers to perform denial-of-service or man-in-the-middle attacks against network targets using custom-crafted packets. Stacked VLANs, also known as VLAN Stacking, is a feature in modern routers and switches that allows companies to encapsulate multiple VLAN IDs into a single VLAN connection shared with an upstream provider.

The Russian state-sponsored threat actor known as APT28 has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware. "The code execution runs a PowerShell script that downloads and executes a dropper from OneDrive."

The North Korean Lazarus hacking group is now using fake 'Crypto.com' job offers to hack developers and artists in the crypto space, likely with a long-term goal of stealing digital assets and cryptocurrency. In August 2022, Lazarus was seen targeting IT workers with malicious job offers that impersonated Coinbase and targeted users with Windows malware or macOS malware.

The hacker who claimed to have breached Optus and stolen the data of 11 million customers has withdrawn their extortion demands after facing increased attention by law enforcement. On September 23, 2022, a hacker using the alias "Optusdata" published a small sample of the stolen data on the Breached hacking forum and demanded that the firm pay a $1,000,000 ransom or the data for 11,000,000 customers would be publicly leaked.

The infamous Lazarus Group has continued its pattern of leveraging unsolicited job opportunities to deploy malware targeting Apple's macOS operating system. In the latest variant of the campaign observed by cybersecurity company SentinelOne last week, decoy documents advertising positions for the Singapore-based cryptocurrency exchange firm Crypto.com.

The Australian Federal Police on Monday disclosed it's working to gather "Crucial evidence" and that it's collaborating with overseas law enforcement authorities following the hack of telecom provider Optus. "Operation Hurricane has been launched to identify the criminals behind the alleged breach and to help shield Australians from identity fraud," the AFP said in a statement.

Hackers believed to work for Russia have started using a new code execution technique that relies on mouse movement in Microsoft PowerPoint presentations to trigger a malicious PowerShell script. A report from threat intelligence company Cluster25 says that APT28, a threat group attributed to the Russian GRU, have used the new technique to deliver the Graphite malware as recently as September 9.