Security News

GoTo is warning customers that threat actors who breached its development environment in November 2022 stole encrypted backups containing customer information and an encryption key for a portion of that data. "Our investigation to date has determined that a threat actor exfiltrated encrypted backups related to Central and Pro from a third-party cloud storage facility," reads the notice to customers.

The U.S. Federal Bureau of Investigation on Monday confirmed that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge in June 2022. The law enforcement agency attributed the hack to the Lazarus Group and APT38, the latter of which is a North Korean state-sponsored threat group that specializes in financial cyber operations.

A Chinese-speaking hacking group tracked as 'DragonSpark' was observed employing Golang source code interpretation to evade detection while launching espionage attacks against organizations in East Asia. What makes the campaign stand out is the use of Golang source code iterpretation to execute code from Go scripts embedded in the malware binaries.

Threat actors now use OneNote attachments in phishing emails that infect victims with remote access malware which can be used to install further malware, steal passwords, or even cryptocurrency wallets. This comes after attackers have been distributing malware in emails using malicious Word and Excel attachments that launch macros to download and install malware for years.

Threat actors now use OneNote attachments in phishing emails that infect victims with remote access malware which can be used to install further malware, steal passwords, or even cryptocurrency wallets. This comes after attackers have been distributing malware in emails using malicious Word and Excel attachments that launch macros to download and install malware for years.

Publisher's Weekly reviewed A Hacker's Mind-and it's a starred review! "Hacking is something that the rich and powerful do, something that reinforces existing power structures," contends security technologist Schneier in this excellent survey of exploitation.

A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider located in Africa. The intrusion vector in question relates to the exploitation of CVE-2022-42475, a heap-based buffer overflow vulnerability in FortiOS SSL-VPN that could result in unauthenticated remote code execution via specifically crafted requests.

A new Android malware named 'Hook' is being sold by cybercriminals, boasting it can remotely take over mobile devices in real-time using VNC. The new malware is promoted by the creator of Ermac, an Android banking trojan selling for $5,000/month that helps threat actors steal credentials from over 467 banking and crypto apps via overlaid login pages. While the author of Hook claims the new malware was written from scratch, and despite having several additional features compared to Ermac, researchers at ThreatFabric dispute these claims and report seeing extensive code overlaps between the two families.

Cybercriminals are increasingly leveraging malicious LNK files as an initial access method to download and execute payloads such as Bumblebee, IcedID, and Qakbot. A recent study by cybersecurity experts has shown that it is possible to identify relationships between different threat actors by analyzing the metadata of malicious LNK files, uncovering information such as the specific tools and techniques used by different groups of cybercriminals, as well as potential links between seemingly unrelated attacks.

The Computer Emergency Response Team of Ukraine has linked a destructive malware attack targeting the country's National News Agency of Ukraine to Sandworm Russian military hackers. "According to preliminary data, provided by CERT-UA specialists, the attack have caused certain destructive effects on the agency's information infrastructure, but the threat has been swiftly localized nonetheless," the State Service of Special Communications and Information Protection of Ukraine said.