A naukri.com initiative
Hacking News
Hackingblogs
3w
212
Image Credit: Hackingblogs
Russian hackers used Windows 0-Days & Firefox to create a backdoor in a major cyberattack
- Russian hacker group RomCom has exploited two zero-day vulnerabilities in Windows and Firefox to create a backdoor.
- The vulnerabilities allowed unauthorized access to compromised systems, enabling hackers to monitor, steal data, and control the affected devices.
- The first vulnerability (CVE-2024-9680) affected Firefox's animation function and was fixed within 24 hours after being reported to Mozilla.
- The second vulnerability (CVE-2024-49039) affected Microsoft Windows, allowing the hackers to bypass security features and gain complete control over the system.
Read Full Article
12 Likes
Securelist
3w
243
Image Credit: Securelist
IT threat evolution in Q3 2024. Non-mobile statistics
- In Q3 2024, Kaspersky solutions successfully blocked more than 652 million cyberattacks originating from various online resources.
- Ransomhub was the most prolific ransomware gang, which accounted for 17.75% of all victims.
- Kaspersky security solutions successfully defended 90,423 individual users from ransomware attacks from July through September 2024.
- PolyRansom/VirLock was among the top ten most common families of ransomware Trojans.
- In Q3 2024, Kaspersky solutions detected 15,472 new miner variants, or twice fewer than in Q2.
- We observed a 12% decline in miner-related attacks during the third quarter.
- Password stealers were the third quarter’s most noteworthy findings associated with attacks on macOS users.
- In Q3 2024, Kaspersky solutions blocked 652,004,741 attacks from online resources located around the world.
- Kaspersky File Anti-Virus detected 23,196,497 malicious and potentially unwanted objects.
- Overall, 13.53% of user computers globally faced at least one Malware-type local threat during Q3.
Read Full Article
14 Likes
Securelist
3w
176
Image Credit: Securelist
IT threat evolution in Q3 2024. Mobile statistics
- In Q3 2024, over 6.7 million attacks including malware, adware and potentially unwanted apps were prevented on mobile devices by Kaspersky Security Network.
- 36% of threats were adware, while 17,822 out of 222,000 installation packages were linked to mobile banking Trojans, and 1576 packages were mobile ransomware Trojans.
- There was a 13% drop in mobile attacks from the previous quarter. The adware AdWare.AndroidOS.HiddenAd was the main cause of the decline.
- In Q3 we detected xHelper Trojan which installs various apps on your phone unbeknownst to the user. Many apps were infected with the Necro Trojan which performs any action on the compromised device.
- The number of detected Android malware and potentially unwanted app samples also decreased in Q3 to 222,444.
- Adware (36.28%) and riskware classified as RiskTool (23.90%) dominated the landscape of installed software packages.
- Compared to the previous quarter, there was a significant decrease in the number of installation packages for the BrowserAd.
- The generalized cloud verdict of DangerousObject.Multi.Generic took the top spot, followed by WhatsApp mods with embedded Triada modules and the Fakemoney phishing app.
- Trojan-Banker.AndroidOS.UdangaSteal.f was the 6th most hazardous mobile banking Trojan in Q3, attacking users in Indonesia.
- Mobile banking Trojans installation packages reached 17,822 in Q3, with the majority belonging to the Mamont family.
Read Full Article
10 Likes
Securelist
3w
92
Image Credit: Securelist
IT threat evolution Q3 2024
- In Q3 2024, a new APT malware called CloudSorcerer was discovered targeting Russian government organizations. CloudSorcerer functions as separate modules – for communication and data collection, but executes from a single executable.
- In August, Blind Eagle, a threat actor targeting government, finance, energy, oil and gas and other sectors in Latin America, launched a new campaign using DLL side-loading.
- Tropic Trooper, active since 2011, initiated a series of persistent campaigns targeting a government body in the Middle East in June 2023.
- The Twelve and BlackJack groups emerged as hacktivist groups targeting Russian government organizations and institutions in late 2023 and 2024 with overlapping TTPs.
- Cybercriminals boosting the business of ransomware can find leaked ransomware variants online, buy ransomware on the dark web, or become an affiliate of a ransomware group.
- In June, a macOS version of the HZ Rat backdoor was discovered, being used to target users of the enterprise messenger DingTalk and the social networking and messaging platform WeChat.
- The Kaspersky Global Emergency Response Team (GERT) identified a complex campaign consisting of multiple sub-campaigns orchestrated by Russian-speaking cybercriminals called Tusk.
- A new RAT called SambaSpy was discovered in May, exclusively targeting victims in Italy, using phishing emails disguised as messages from a real estate agency.
- Head Mare, a hacktivist group targeting organizations in Russia and Belarus, maintains a public account on a social network, posting information about its victims. The group also deploys LockBit and Babuk ransomware.
- Loki, a previously unknown backdoor, was discovered in July, being used in a series of targeted attacks against Russian companies in various industries.
Read Full Article
5 Likes
Coinpedia
3w
22
Image Credit: Coinpedia
Crypto Loses in November 2024: A 79% Drop in Losses Compared to Last Year
- Crypto loses in November 2024 dropped significantly, with a 79% decrease from last year, highlighting improvements in crypto security efforts.
- DeFi platforms accounted for all losses in November 2024, with BNB Chain and Ethereum suffering the most.
- There were 26 hacking and rug pull incidents in November 2024, leading to a total of $71,021,500 in losses.
- More security measures and regulations are needed to create a secure cryptocurrency environment in the future.
Read Full Article
1 Like
Securityaffairs
3w
35
Image Credit: Securityaffairs
Zello urges users to reset passwords following a cyber attack
- Zello urges customers to reset passwords following a potential security breach.
- Zello is a tech software company known for the Zello app with over 150 million users globally.
- Users received a security notice to reset their password for accounts created before November 2, 2024.
- In August 2020, Zello disclosed a data breach, exposing email addresses and hashed passwords.
Read Full Article
2 Likes
Bitcoinik
3w
318
Image Credit: Bitcoinik
XT Exchange hacked! Suspends all crypto assets withdrawal services
- XT crypto exchange faced a cyber incident & lost an undisclosed amount of funds.
- Following the incident, the exchange suspended withdrawal services.
- The exchange lost around $1.7 million worth of cryptocurrencies in the hack.
- XT exchange confirmed that services will resume on November 29th.
Read Full Article
19 Likes
TechCrunch
3w
345
Image Credit: TechCrunch
North Korean hackers have stolen billions in crypto by posing as VCs, recruiters and IT workers
- Security researchers warned at Cyberwarcon, a conference focused on threats in cyberspace, of North Korea’s sustained attempt to steal cryptocurrency and secrets by posing as prospective employees of multinational corporations.
- One of the tactics used by North Korean hackers is to create false identities and masks to hide their IP addresses, disguise their real locations and continue to operate discreetly across the world.
- The cyber attack method used by North Koreans was to create a falsified LinkedIn profile, a GitHub page combined with AI-generated facial and voice-deep learning technology, then link a fake identity with genuine employment credentials.
- Infiltration into remote working at US companies was enabled by home addresses in America run by facilitators that set up farms of company-issued laptops, which include remote access software to allow commands to give the impression that hackers are located in America.
- North Korean groups can extort money from or blackmail companies by threatening to release skimmed sensitive information, establish multiple artificial accounts or backdoor accounts that can evade crucial access controls or dupe banks into laundering Bitcoins.
- Infiltration into industries such as aerospace and defense allowed knowledge necessary to advance further development in the laser-guided missile industry.
- North Korean hackers masqueraded as venture capitalists and recruiters to steal cryptocurrency via malware using an illusory meeting trick to encourage the victim to download ransom-demanding malware.
- Microsoft reported that the North Korean hackers stole $10m in cryptocurrency over a six-month period alone.
- Researchers have called for better background checking of possible employees by companies and recommended companies should introduce two-step verification and should manage company data via cloud-based systems.
- The dangers posed by North Koreans despite sanctions and US-imposed fines have prompted the FBI to warn of the threat while the US government has levied sanctions against North Korean-linked organisations.
Read Full Article
20 Likes
Securelist
3w
92
Image Credit: Securelist
APT trends report Q3 2024
- Kaspersky's Global Research and Analysis Team (GReAT) has released its quarterly summary of advanced persistent threat (APT) activity for Q3 2024.
- The P8 framework was discovered by Kaspersky during the second half of 2022. In 2023, there were further attacks conducted using new malicious tools called Spectral Viper.
- The Awaken Likho APT campaign first emerged in July 2021, targeting government organizations and contractors. The group has readjusted its tactics on two occasions in 2024.
- Epeius is a commercial spyware tool developed by an Italian company and turned to by law enforcement agencies. Kaspersky has discovered a DEX file attributed to Epeius malware, which it analyzed last year.
- MuddyWater continues to use PowerShell executions in its attacks. Recently we uncovered the implants used in its intrusions, which are still active and span numerous government and telecoms entities in Egypt, the UAE and other countries.
- Kimsuky groups use the ServiceChanger malware in its attacks and creates backdoor accounts to use RDP connections under the names 'Guest' and 'IIS_USER', borrowing code from UACME.
- Dragon Breath primarily targets online gaming and gambling industries. Judging by the nature of the infection vector, Kaspersky cannot yet determine the target audience for recent attacks.
- PhantomNet has changed its persistence mechanism so that the payload is now stored in an encrypted manner in the Windows registry, alongside an associated loader to retrieve the payload from the registry.
- Kaspersky also discovered new malware via an investigation into a cyberattack on the Brazilian education and government sectors that occurred in April.
- Threat actors have broadened their targeting, in terms of both verticals and geography this quarter.
Read Full Article
5 Likes
Coinpedia
3w
371
Image Credit: Coinpedia
Crypto Scam Alert: Serpent, Ex-Fortnite Star, Defrauds $3.5M in Rug Pull
- A former Fortnite professional player known as 'Serpent' has been accused of defrauding $3.5 million in a crypto scam.
- Serpent was involved in the creation of the NFT project DAPE and another project called ERROR, both of which were rug pulls.
- An on-chain investigator traced the funds and found that Serpent used a specific address for the scams and gambling proceeds.
- Serpent's involvement in multiple account takeovers and his attempts to remove incriminating evidence suggest the need for caution in the crypto space.
Read Full Article
22 Likes
Securityaffairs
4w
226
Image Credit: Securityaffairs
Bootkitty is the first UEFI Bootkit designed for Linux systems
- ESET discovered the first Unified Extensible Firmware Interface (UEFI) bootkit specifically designed for Linux systems, named Bootkitty.
- Bootkitty allows attackers to disable the kernel’s signature verification feature and preload two unknown ELF binaries via the Linux init process.
- The bootkit, named bootkit.efi, is a UEFI application that can bypass UEFI Secure Boot by patching integrity verification functions in memory.
- Bootkitty marks an advancement in the UEFI threat landscape for Linux systems, emphasizing the importance of enabling UEFI Secure Boot and keeping system firmware and OS up-to-date.
Read Full Article
13 Likes
Securityaffairs
4w
359
Image Credit: Securityaffairs
VMware fixed five vulnerabilities in Aria Operations product
- VMware has addressed multiple vulnerabilities in its Aria Operations product.
- The vulnerabilities could lead to privilege escalation and cross-site scripting (XSS) attacks.
- The vulnerabilities include local privilege escalation and stored cross-site scripting vulnerabilities.
- VMware has released security updates to fix these vulnerabilities.
Read Full Article
21 Likes
Securityaffairs
4w
261
Image Credit: Securityaffairs
Operation Serengeti: INTERPOL arrested 1,006 suspects in 19 African countries
- Operation Serengeti, a joint law enforcement operation between INTERPOL and AFRIPOL, resulted in the arrest of 1,006 suspects across 19 African countries.
- During the operation, 134,089 malicious infrastructures and networks were dismantled.
- The operation targeted ransomware, business email compromise (BEC), digital extortion, and online scams.
- The total financial losses caused by these cybercrimes amounted to USD 193 million.
Read Full Article
15 Likes
Hackingblogs
4w
13
Image Credit: Hackingblogs
World’s Biggest Hacker Bounty Ever: Win a $4.5M Bugatti Chiron Pur Sport!
- MetaWin.com was hacked, $4.5 million worth of SOL and ETH were stolen.
- Owner offering a $4.5 million Bugatti Chiron Pur Sport as a reward for hacker's capture and return of stolen money.
- MetaWin determined to make cryptocurrency industry safer, will not back down.
- The owner is tokenizing the Bugatti to make the bounty more flexible.
Read Full Article
Like
Securelist
4w
252
Image Credit: Securelist
Consumer and privacy predictions for 2025
- Kaspersky's Security Bulletin 2024 identified key consumer cyberthreats and trends shaped by global events, technological advances and evolving user behaviour.
- Last year, we suggested charity-related scams would increase globally, but the anticipated boost could not be confirmed.
- In line with our expectations, VPN and proxy service usage surged across various countries. Cybercriminals are exploiting popularity by spreading malicious applications disguised as legitimate VPN tools.
- Our prediction that play-to-earn (P2E) gaming platforms would attract cybercriminals was confirmed, with multiple cases highlighting the sector’s vulnerabilities.
- AI's ubiquity will transform it from a novelty into an indispensable part of moder life, with opportunities and risks becoming more pronounced.
- Cybercriminals are expected to capitalize on the excitement surrounding major gaming, console and film releases.
- A significant uptick in fraud related to fake subscription offerings is anticipated.
- Australia is considering legislation to ban children under 16 from using social media platforms like Facebook, Instagram, TikTok and X.
- Political polarization is expected to fuel a rise in cyberbullying exacerbated by the global reach of social media platforms.
- Privacy regulations in 2025 are set to hand users more control over their personal data than ever before.
Read Full Article
15 Likes
For uninterrupted reading, download the app