Security News

The inner workings of a cybercriminal group known as the Wizard Spider have been exposed, shedding light on its organizational structure and motivations. The TrickBot operators have also extensively cooperated with Conti, another Russia-linked cybercrime group notorious for offering ransomware-as-a-service packages to its affiliates.

An unidentified threat actor has been linked to an actively in-development malware toolkit called the "Eternity Project" that lets professional and amateur cybercriminals buy stealers, clippers, worms, miners, ransomware, and a distributed denial-of-service bot. What makes this malware-as-a-service stand out is that besides using a Telegram channel to communicate updates about the latest features, it also employs a Telegram Bot that enables the purchasers to build the binary.

A first-of-its-kind security analysis of iOS Find My function has demonstrated a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that's executed while an iPhone is "Off." Current devices with Ultra-wideband support include iPhone 11, iPhone 12, and iPhone 13.

A previously undocumented remote access trojan written in the Go programming language has been spotted disproportionately targeting entities in Italy, Spain, and the U.K. Called Nerbian RAT by enterprise security firm Proofpoint, the novel malware leverages COVID-19-themed lures to propagate as part of a low volume email-borne phishing campaign that started on April 26, 2022. "The newly identified Nerbian RAT leverages multiple anti-analysis components spread across several stages, including multiple open-source libraries," Proofpoint researchers said in a report shared with The Hacker News.

Security researchers have devised a tool that detects flaws in the way apps like Microsoft Word and Adobe Acrobat process JavaScript, and it's proven so effective they've found 134 bugs - 59 of them considered worthy of a fix by vendors, 33 assigned a CVE number, and 17 producing bug bounty payments totaling $22,000. Making that happen requires the PDF both to define native PDF objects and to parse JavaScript code.

Researchers have discovered several URL spoofing bugs in Box, Zoom and Google Docs that would allow phishers to generate links to malicious content and make it look like it's hosted by an organization's SaaS account. The vulnerabilities arise for a lack of validation of so-called vanity URLs, and they allow attackers with their own SaaS accounts to change the URL of the pages hosting malicious files, forms and landing pages, as to maximize their potential to trick users.

Dubbed as Dark Crystal RAT, the malware is being peddled online to hackers in Russian by a lone rookie malware writer with a penchant for cut-rate pricing. "DCRat is one of the cheapest commercial RATs we've ever come across. The price for this backdoor starts at for a two-month subscription, and occasionally dips even lower during special promotions," according to BlackBerry researchers who published their findings on Monday.

Days after F5 released patches for a critical remote code execution vulnerability affecting its BIG-IP family of products, security researchers are warning that they were able to create an exploit for the shortcoming. The critical security vulnerability impacts the following versions of BIG-IP products -.

Cybersecurity researchers have discovered a new Windows malware with worm-like capabilities and is propagated by means of removable USB devices. Attributing the malware to a cluster named "Raspberry Robin," Red Canary researchers noted that the worm "Leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.".

Two high-severity security vulnerabilities, which went undetected for several years, have been discovered in a legitimate driver that's part of Avast and AVG antivirus solutions. "These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded," SentinelOne researcher Kasif Dekel said in a report shared with The Hacker News.