Security News
FIN7 hacking group returns with new methods and members, what should you look out for? A report from Mandiant details the resurfacing of the FIN7 hacking group and the collective's use of new hacking tools along with an expanding roster of attackers.
"Denys Iarmak, a Ukrainian member and a"pen tester for the FIN7 financially-motivated hacking group, was sentenced on Thursday to 5 years in prison for breaching victims' networks and stealing credit card information for roughly two years, between November 2016 and November 2018. Iarmak is the third FIN7 member sentenced in the US after Fedir Hladyr received ten years in prison on April 16, 2021, and Andrii Kolpakov got seven years on June 24, 2021, following their 2018 arrest.
A previously undocumented "Sophisticated" information-stealing malware named BlackGuard is being advertised for sale on Russian underground forums for a monthly subscription of $200. "BlackGuard has the capability to steal all types of information related to Crypto wallets, VPN, Messengers, FTP credentials, saved browser credentials, and email clients," Zscaler ThreatLabz researchers Mitesh Wani and Kaivalya Khursale said in a report published last week. Also sold for a lifetime price of $700, BlackGuard is designed as a.NET-based malware that's actively under development, boasting of a number of anti-analysis, anti-debugging, and anti-evasion features that allows it to kill processes related to antivirus engines and bypass string-based detection.
Two teenagers from the UK charged with helping the Lapsus$ extortion gang have been released on bail after appearing in the Highbury Corner Magistrates Court court on Friday morning. According to a statement from Detective Inspector Michael O'Sullivan of the City of London Police, a 16-year-old and a 17-year-old were charged following an international investigation into members of a hacking group.
The Chinese hacking group Deep Panda is targeting VMware Horizon servers with the Log4Shell exploit to deploy a novel rootkit named 'Fire Chili. In a recent Deep Panda campaign discovered by Fortinet, the hacking group is deploying the new 'Fire Chili' rootkit to evade detection on compromised systems.
For anyone with interest in cybersecurity, learning Python is a must. The language is used extensively in white hat hacking, and professionals use Python scripts to automate tests.
A threat actor of likely Pakistani origin has been attributed to yet another campaign designed to backdoor targets of interest with a Windows-based remote access trojan named CrimsonRAT since at least June 2021. "Their primary targets have been government and military personnel in Afghanistan and India. This campaign furthers this targeting and their central goal of establishing long term access for espionage."
A Chinese-speaking threat actor called Scarab has been linked to a custom backdoor dubbed HeaderTip as part of a campaign targeting Ukraine since Russia embarked on an invasion last month, making it the second China-based hacking group after Mustang Panda to capitalize on the conflict. "The malicious activity represents one of the first public examples of a Chinese threat actor targeting Ukraine since the invasion began," SentinelOne researcher Tom Hegel said in a report published this week.
A] large-scale social engineering and extortion campaign against multiple organizations, with some seeing evidence of destructive elements. More recent campaigns have expanded to include organizations globally spanning a variety of sectors.
Learn ethical hacking for less than $50 with this online training We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. If you want to break into the lucrative industry of ethical hacking, now is a good time to do it because The Complete 2022 PenTest & Ethical Hacking Bundle is on sale now for only $49. This six-course bundle is curated by iCollege and covers some of the most important topics in pen-testing and ethical hacking today.