Security News

An emerging Python-based credential harvester and a hacking tool named Legion is being marketed via Telegram as a way for threat actors to break into various online services for further exploitation. The malware is suspected to be linked to another malware family called AndroxGh0st that was first documented by cloud security services providerLacework in December 2022.

Car thieves are injecting malicious software into a car’s network through wires in the headlights (or taillights) that fool the car into believing that the electronic key is nearby. News articles.

If your company's security is vulnerable due to the tight job market or affordability concerns, you may want to consider learning or having someone learn about pen testing and ethical hacking. It's probably not as difficult as you think, and The Complete Ethical Hacking Bootcamp 2023: Zero to Mastery Certification Bundle is currently on sale for just $45. This bundle contains 11 courses across more than 150 hours and has modules for all skill levels.

Researchers at Russian cybersecurity firm Kaspersky today revealed that they identified a small number of cryptocurrency-focused firms as at least some of the victims of the 3CX software supply-chain attack that's unfolded over the past week. Kaspersky declined to name any of those victim companies, but it notes that they're based in "Western Asia.".

The threat actor known as Arid Viper has been observed using refreshed variants of its malware toolkit in its attacks targeting Palestinian entities since September 2022. Also known by the names APT-C-23 and Desert Falcon, the hacking group has been linked to attacks aimed at Palestine and the Middle East at least since 2014.

Mandiant analysts who disclosed the activities of APT43 for the first time assess with high confidence that the threat actors are state-sponsored, aligning their operational goals with the North Korean government's geopolitical aims. The researchers have been tracking APT43 since late 2018 but have disclosed more specific details about the threat group only now.

The U.S. Cybersecurity & Infrastructure Security Agency has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments. Known as the 'Untitled Goose Tool' and developed in collaboration with Sandia, a U.S. Department of Energy national laboratory, this Python-based utility can dump telemetry information from Azure Active Directory, Microsoft Azure, and Microsoft 365 environments.

In a sudden turn of events, Baphomet, the current administrator of BreachForums, said in an update on March 21, 2023, that the hacking forum has been officially taken down but emphasized that "It's not the end." "You are allowed to hate me, and disagree with my decision but I promise what is to come will be better for us all," Baphomet noted in a message posted on the BreachForums Telegram channel.

The notorious Breached hacking forum has shut down after the remaining administrator, Baphomet, disclosed that they believe law enforcement has access to the site's servers. Breached was a popular hacking and data leak forum notorious for hosting, leaking, and selling data obtained from breached companies, governments, and various organizations.

The 2023 Complete Cyber Security Ethical Hacking Certification Bundle helps keep you up to date with ten courses on a wide range of cybersecurity skills. All ten courses in the bundle are developed by working cybersecurity professionals such as trainers Joseph Delgadillo and ethical hacker Saad Sarraj to provide practical knowledge in concise lectures.