Security News
The Federal Bureau of Investigation has issued an alert about hackers targeting healthcare payment processors to route payments to bank accounts controlled by the attacker. Cybercriminals are combining multiple tactics to obtain login credentials of employees at payment processors in the healthcare industry and to modify payment instructions.
State-backed Chinese hackers have developed a Linux variant for the SideWalk backdoor used against Windows systems belonging to targets in the academic sector. The SideWalk Linux backdoor has been observed in the past, initially being tracked as StageClient by security researchers at cybersecurity company ESET. An early variant of the malware was spotted by researchers at 360 Netlab, the threat intelligence team at Chinese internet security company Qihoo 360, and detailed two years ago in a blog post about the Specter botnet hitting IP cameras.
State-backed Chinese hackers have developed a Linux variant for the SideWalk backdoor used against Windows systems belonging to targets in the academic sector. The SideWalk Linux backdoor has been observed in the past, initially being tracked as StageClient by security researchers at cybersecurity company ESET. An early variant of the malware was spotted by researchers at 360 Netlab, the threat intelligence team at Chinese internet security company Qihoo 360, and detailed two years ago in a blog post about the Specter botnet hitting IP cameras.
A Linux variant of a backdoor known as SideWalk was used to target a Hong Kong university in February 2021, underscoring the cross-platform abilities of the implant. In August 2021, ESET unearthed a new piece of custom Windows malware codenamed SideWalk that was exclusively leveraged by the actor to strike an unnamed computer retail company based in the U.S. Subsequent findings from Symantec, part of Broadcom software, have linked the use of SideWalk to an espionage attack group it tracks under the moniker Grayfly, while pointing out the malware's similarities to that of Crosswalk.
An Iranian-aligned hacking group uses a new, elaborate phishing technique where they use multiple personas and email accounts to lure targets into thinking its a realistic email conversation. The attackers send an email to targets while CCing another email address under their control and then respond from that email, engaging in a fake conversation.
Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads. The intruders took control of FishPig's server infrastructure and added malicious code to the vendor's software to gain access to websites using the products, in what is described as a supply-chain attack.
No matter how hard organizations in Latin America try to stop malicious attackers from infiltrating their IT systems, breaches are inevitable - as recent events demonstrate. Brazil's largest meat processing company, JBS, was the victim of a ransomware attack which shut down its facilities in the US, Canada and Australia, with payments reputedly made using Bitcoin.
Security researchers have developed an implementation of the Sysinternals PsExec utility that allows moving laterally in a network using a single, less monitored port, Windows TCP port 135. While the original PsExec is available in the Sysinternals utility suite, there is also an implementation in the Impacket collection of Python classes for working with network protocols, which has support for SMB and other protocols like IP, UDP, TCP that enable connections for HTTP, LDAP, and Microsoft SQL Server.
Hackers tied to the Iranian government have been targeting individuals specializing in Middle Eastern affairs, nuclear security and genome research as part of a new social engineering campaign designed to hunt for sensitive information. Enterprise security firm attributed the targeted attacks to a threat actor named TA453, which broadly overlaps with cyber activities monitored under the monikers APT42, Charming Kitten, and Phosphorus.
Hackers are launching new attacks to steal Steam credentials using a Browser-in-the-Browser phishing technique that is rising in popularity among threat actors. Today, Group-IB published a new report on the topic, illustrating how a new campaign using the 'Browser-in-the-Browser' method targets Steam users, going after accounts for professional gamers.