A naukri.com initiative
Cyber Crime News
Socprime
1M
291
Image Credit: Socprime
Gamaredon Campaign Detection: russia-backed APT Group Targets Ukraine Using LNK Files to Spread Remcos Backdoor
- The Gamaredon APT, a Russia-linked group, is actively targeting Ukraine through the deployment of the Remcos backdoor via malicious LNK files disguised as war-related lures.
- Security experts recommend utilizing the SOC Prime Platform for AI-powered detection engineering and advanced threat hunting to identify Gamaredon Group attacks early on.
- Cisco Talos has identified an ongoing Gamaredon campaign using spear-phishing tactics to distribute weaponized LNK files posing as Office documents to deliver the Remcos backdoor.
- The Remcos RAT, utilized in the campaign, is a common tool for cybercriminals and has been previously employed by other Russia-backed hacking groups targeting Ukraine.
- Gamaredon's phishing campaigns exploit the theme of the Ukraine invasion, distributing malicious LNK files within ZIP archives under invasion-related filenames.
- The campaign employs obfuscated PowerShell scripts within the LNK files to download and execute the Remcos backdoor stealthily, using methods to avoid detection.
- The use of advanced techniques such as DLL sideloading and geo-fenced servers indicates Gamaredon's persistence in targeting Ukraine amidst geopolitical tensions.
- Organizations are advised to enhance their defenses against APT attacks, with tools like SOC Prime Platform offering advanced capabilities for collective cyber defense.
- Security professionals can leverage Uncoder AI for threat-informed detection engineering and language code analysis to strengthen their detection strategies.
- Gamaredon's continuous cyber-espionage campaigns against Ukraine underscore the need for proactive threat detection measures and staying updated on evolving adversary tactics.
Read Full Article
17 Likes
Securityaffairs
1M
113
Image Credit: Securityaffairs
Hiding WordPress malware in the mu-plugins directory to avoid detection
- Threat actors are hiding WordPress malware in the mu-plugins directory to evade detection and maintain persistence.
- Unlike regular plugins, mu-plugins automatically load on every page load, making them an ideal location for backdoors.
- Attackers are using obfuscated PHP to execute hidden payloads from the mu-plugins directory, enabling them to manipulate website behavior.
- The malware found in the mu-plugins directory includes fake update redirects, webshells, and JavaScript injectors for various malicious purposes.
Read Full Article
6 Likes
TechJuice
1M
309
Oracle Cloud Data Breach Claims Surface Despite Company Denials
- Evidence suggests Oracle's federated Single Sign-On (SSO) system may have been infiltrated.
- A hacker known as 'rose87168' claims to have access to Oracle Cloud login infrastructure and credentials of nearly six million users.
- Leaked files contain encrypted passwords, LDAP records, and domains of affected organizations.
- Oracle denies a breach, but independent sources confirm the leaked data is legitimate.
Read Full Article
18 Likes
Cybersecurity-Insiders
1M
296
Image Credit: Cybersecurity-Insiders
Over 1.5m personal photos from dating apps leak online
- Over 1.5 million personal photos have been leaked online due to a human error.
- The leaked images include intimate verification images, previously rejected photos, and private pictures.
- The breach is traced back to a cloud platform operated by MAD Mobile.
- The vulnerability leading to the breach has been patched, but concerns about data misuse remain.
Read Full Article
17 Likes
Medium
1M
0
Image Credit: Medium
5 Things You Should Never Tell ChatGPT (Or Any AI Chatbot!)
- OpenAI, Google, and Microsoft warn users not to share sensitive data, but people still drop personal details, medical records, and even company secrets into their AI chats.
- The golden rule? If you wouldn’t post it on a public forum, don’t type it into ChatGPT.
- Even though AI companies say they minimize personal data collection, it’s still a risk. In 2023, a bug exposed user conversations — imagine if your identity details had been in one of those chats.
- Pro Tip: Never share anything that could be used for identity theft.
Read Full Article
Like
TechCrunch
1M
383
Image Credit: TechCrunch
Oracle under fire for its handling of separate security incidents
- Tech giant Oracle is facing criticism for how it’s handling two seemingly separate data breaches.
- One breach involves patient data under Oracle Health, a subsidiary of Oracle. Hackers accessed Oracle servers and stole patient data, with a hacker now trying to extort affected hospitals.
- The other breach relates to Oracle Cloud servers, with a hacker offering the data of six million Oracle Cloud customers.
- Oracle denies both breaches, but evidence suggests otherwise, leading to concerns about trust and responsibility.
Read Full Article
23 Likes
TechCrunch
1M
273
Image Credit: TechCrunch
API testing firm APIsec exposed customer data during security lapse
- API testing firm APIsec confirmed securing an exposed internal database containing customer data.
- The exposed database stored records dating back to 2018, including names and email addresses of customers' employees and users.
- UpGuard, the security research firm that found the database, informed APIsec about the security lapse.
- APIsec claimed that the exposed data was 'test data' and not customer data, but evidence suggests otherwise.
Read Full Article
16 Likes
Securityaffairs
1M
332
Image Credit: Securityaffairs
Russia-linked Gamaredon targets Ukraine with Remcos RAT
- Russia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader.
- Talos researchers warn that Gamaredon is behind the spear-phishing attacks targeting Ukrainian entities since 2014.
- The campaign, active since November 2024, involves distributing LNK files disguised as Office documents.
- Gamaredon uses PowerShell downloader and DLL sideloading to execute the Remcos backdoor payload.
Read Full Article
20 Likes
Securityaffairs
1M
337
Image Credit: Securityaffairs
CoffeeLoader uses a GPU-based packer to evade detection
- CoffeeLoader is a sophisticated malware that uses numerous techniques to bypass security solutions.
- It implements advanced evasion techniques including call stack spoofing, sleep obfuscation, and Windows fibers.
- The malware is being used to deploy Rhadamanthys info-stealer and is distributed via SmokeLoader.
- There are similarities between CoffeeLoader and SmokeLoader, indicating a possible connection between the two malware.
Read Full Article
20 Likes
Securityaffairs
1M
410
Image Credit: Securityaffairs
Morphing Meerkat phishing kits exploit DNS MX records
- Morphing Meerkat phishing kits exploit DNS MX records to deliver spoofed login pages, targeting over 100 brands.
- A new phishing-as-a-service (PhaaS) platform called Morphing Meerkat has been discovered, which generates multiple phishing kits using DNS mail exchange (MX) records.
- Threat actors use MX records to serve dynamically tailored fake login pages, abusing open redirects and compromised domains.
- Morphing Meerkat enables large-scale phishing campaigns, using obfuscated code and dynamic translations, and distributing stolen credentials via email and chat.
Read Full Article
24 Likes
Silicon
1M
255
Image Credit: Silicon
NHS Software Provider Fined £3m Over Breach
- NHS software services provider Advanced Computer Software Group has been fined £3.07 million by the Information Commissioner’s Office due to security lapses.
- The ransomware attack on Advanced's health and care subsidiary resulted in the personal data of 79,404 people being at risk.
- Hackers gained access to patients' phone numbers, medical records, and details of 890 people receiving home care.
- The Information Commissioner's Office criticized Advanced for insufficient security measures and lack of complete multi-factor authentication coverage.
Read Full Article
15 Likes
Medium
1M
214
Image Credit: Medium
The Modern Mugging
- A personal account of the emotional impact of smartphone theft and the global operation behind it.
- The stolen phones are added to a system, turning them into inventory.
- The trauma lingers for victims, with anxiety and fear affecting daily life.
- The need for better platforms, systems, and policies to address the issue of smartphone theft.
Read Full Article
12 Likes
Securityaffairs
1M
196
Image Credit: Securityaffairs
Security Affairs newsletter Round 517 by Pierluigi Paganini – INTERNATIONAL EDITION
- FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme
- Experts warn of the new sophisticate Crocodilus mobile banking Trojan
- Russian authorities arrest three suspects behind Mamont Android banking trojan
- Mozilla fixed critical Firefox vulnerability CVE-2025-2857
Read Full Article
11 Likes
Securityaffairs
1M
159
Image Credit: Securityaffairs
Sam’s Club Investigates Alleged Cl0p Ransomware Breach
- Sam's Club, a Walmart-owned membership warehouse club chain, is investigating the alleged Cl0p ransomware security breach.
- The Cl0p ransomware group listed Sam's Club among its victims, accusing the company of ignoring security.
- Sam's Club announced that it is actively investigating the matter, but has seen no evidence of a breach.
- In December 2024, the Cl0p ransomware group claimed to have breached multiple companies through the Cleo file transfer software vulnerability.
Read Full Article
9 Likes
Securityaffairs
1M
383
Image Credit: Securityaffairs
FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme
- The U.S. DOJ seized over $8.2 million in USDT stolen through ‘romance baiting’ scams.
- Fraudsters tricked victims into fake investments promising high returns.
- The FBI used blockchain intelligence to trace the flow of funds through various platforms and networks.
- The seizure provides restitution for victims as the FBI traces additional addresses.
Read Full Article
23 Likes
For uninterrupted reading, download the app