Security News
The open-source, cross-platform kit called Sliver is becoming an attractive alternative. A report from Microsoft notes that hackers, from state-sponsored groups to cybercrime gangs, are more and more using in attacks the Go-based Sliver security testing tool developed by researchers at BishopFox cybersecurity company.
The open-source, cross-platform kit called Sliver is becoming an attractive alternative. A report from Microsoft notes that hackers, from state-sponsored groups to cybercrime gangs, are more and more using in attacks the Go-based Sliver security testing tool developed by researchers at BishopFox cybersecurity company.
A new business email compromise campaign has been discovered combining sophisticated spear-phishing with Adversary-in-The-Middle tactics to hack corporate executives' Microsoft 365 accounts, even those protected by MFA. By accessing accounts of high-ranking employees like CEOs or CFOs of large organizations, the threat actors can monitor communications and respond to emails at the right moment to divert a large transaction to their bank accounts. The phishing emails sent in these attacks tell the target that the corporate bank account they usually send payments to has been frozen due to a financial audit, enclosing new payment instructions that switch to the account of an alleged subsidiary.
WordPress sites are being hacked to display fraudulent Cloudflare DDoS protection pages that lead to the delivery of malware such as NetSupport RAT and Raccoon Stealer. "A recent surge in JavaScript injections targeting WordPress sites has resulted in fake DDoS prevent prompts which lead victims to download remote access trojan malware," Sucuri's Ben Martin said in a write-up published last week.
The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts. Dubbed HYPERSCRAPE by Google Threat Analysis Group, the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the oldest known sample dating back to 2020.
A suspected Iranian threat activity cluster has been linked to attacks aimed at Israeli shipping, government, energy, and healthcare organizations as part of an espionage-focused campaign that commenced in late 2020. Cybersecurity firm Mandiant is tracking the group under its uncategorized moniker UNC3890, which is believed to conduct operations that align with Iranian interests.
State-sponsored Iranian hacking group Charming Kitten has been using a new tool to download email messages from targeted Gmail, Yahoo, and Microsoft Outlook accounts. Google TAG attributes the tool to Charming Kitten, an Iranian-backed group that is also known as APT35 and Phosphorus, and says that the earliest sample they found dates from 2020.
Bitcoin ATM manufacturer General Bytes confirmed that it was a victim of a cyberattack that exploited a previously unknown flaw in its software to plunder cryptocurrency from its users. "This vulnerability has been present in CAS software since version 2020-12-08.".
A hacker tracked as TA558 has upped their activity this year, running phishing campaigns that target multiple hotels and firms in the hospitality and travel space. The threat actor uses a set of 15 distinct malware families, usually remote access trojans, to gain access to the target systems, perform surveillance, steal key data, and eventually siphon money from customers.
Hackers have exploited a zero-day vulnerability in General Bytes Bitcoin ATM servers to steal cryptocurrency from customers. General Bytes is the manufacturer of Bitcoin ATMs that, depending on the product, allow people to purchase or sell over 40 different cryptocurrencies.