A naukri.com initiative
Hacking News
Securityaffairs
1M
343
Image Credit: Securityaffairs
Ymir ransomware, a new stealthy ransomware grow in the wild
- Kaspersky researchers discovered a new ransomware family called Ymir ransomware.
- Ymir ransomware was deployed after breaching systems via PowerShell commands.
- The ransomware uses the stream cipher ChaCha20 algorithm to encrypt files.
- The attack involved the use of RustyStealer malware as a precursor to weaken defenses.
Read Full Article
20 Likes
NullTX
1M
189
Image Credit: NullTX
DeltaPrime DeFi Suffers $4.8M Exploit Across Arbitrum And Avalanche Networks
- DeltaPrime DeFi has suffered a $4.8 million exploit across Arbitrum and Avalanche networks.
- The attack was caused by a lack of input validation during the claiming of rewards.
- The attacker manipulated the system to substitute collateral with a reward and withdrew the initial funds, leaving the debt unpaid.
- This is the second security breach for DeltaPrime, following a $6 million loss in September 2024.
Read Full Article
11 Likes
Medium
1M
1.2k
Image Credit: Medium
Amazon Confirms Data Breach: What It Means for Employee Security and Penetration Testing
- Amazon confirms a data breach involving employee information caused by a vendor hack.
- Over 2.8 million lines of Amazon employee data were leaked, but sensitive data was not compromised.
- The breach highlights the risks associated with third-party service providers and the importance of penetration testing.
- Wire Tor offers a 50% discount on penetration testing services to protect businesses from cyberattacks.
Read Full Article
17 Likes
Securityaffairs
1M
67
Image Credit: Securityaffairs
Amazon discloses employee data breach after May 2023 MOVEit attacks
- Amazon disclosed a data breach exposing employee data, with information allegedly stolen in the May 2023 MOVEit attacks.
- The data breach occurred through a third-party vendor and the exact number of impacted employees was not disclosed.
- Over 2.8 million records containing employee data were leaked by a threat actor named Nam3L3ss on BreachForums.
- The compromised data includes names, contact information, building locations, and email addresses, but did not include SSNs or financial information.
Read Full Article
4 Likes
Medium
1M
379
Image Credit: Medium
FBI Warns of Cybercriminals Exploiting Fake Emergency Data Requests (EDRs)! ️
- The FBI has warned about cybercriminals exploiting fake emergency data requests (EDRs).
- These fraudulent requests allow threat actors to access sensitive information under the guise of urgency.
- The FBI reports a significant increase in cybercrime forums discussing the misuse of EDRs to target US-based organizations.
- Organizations need to prioritize data protection and take necessary steps to prevent risks from fake EDRs.
Read Full Article
22 Likes
Hackingblogs
1M
180
Image Credit: Hackingblogs
Zip Concatenation: Your Windows System Can Be Easily Hacked Using This New Technique
- A new technique called Zip Concatenation has been developed by hackers to take advantage of the Windows systems.
- Zip is frequently used to compress and bundle several files into one, which is crucial for file size reduction and simplifying transfers.
- The technique is simple to set up and invisible to the naked eye.
- The hack uses the structural flexibility of zip files which makes it an ideal delivery method for evasive viruses.
- This technique uses a lot of compression and zip-making tools.
- There are three parts in a zip file structure- File Entries, Central Directory, and End of Central Directory.
- Open-source 7zip, Winrar, and Windows File Explorer are some of the widely used zip archive readers.
- Zip concatenation is done by using Linux commands to produce multiple Zip files and combining them into a new zip file.
- However, 7zip only displays one file and hides the others, which can be extracted during the extraction process.
- Threat actors are using this technique to deliver their payload unnoticed that can harm the target users.
Read Full Article
10 Likes
Tech Story
1M
18
How to Hide Messages on Discord
- Discord users can conceal content for reasons of privacy or organization by hiding or muting messages.
- Discord provides spoiler tags that enable users to hide the content of a message until clicked.
- Muting a direct message or channel can prevent message previews and interruption from notifications.
- Organizing channels into categories and setting category permissions will help manage visibility.
- Creating private channels is a robust method to govern who can view messages.
- Users can hide excessive channels and reduce clutter by collapsing them.
- Discord bots can be used to manage message visibility and implement timers for messages to self-destruct.
- Read receipt features can be disabled for enhanced privacy, but Discord currently lacks this functionality.
- Discord allows users to manage what they view and who can see their messages, making it an adaptable platform for both open dialogue and private communication.
Read Full Article
1 Like
Securityaffairs
1M
190
A new fileless variant of Remcos RAT observed in the wild
- Fortinet researchers discovered a new phishing campaign spreading a variant of the commercial malware Remcos RAT.
- The phishing messages contain a malicious Excel document disguised as an order file to trick the recipient into opening the document. Upon opening the file, the RCE vulnerability CVE-2017-0199 is exploited.
- The HTA file is wrapped in multiple layers using different script languages and encoding methods to evade detection.
- The malicious code downloads an encrypted Remcos RAT file from a remote server, executes it as a fileless version directly into memory, allowing attackers to remotely control the infected system.
Read Full Article
11 Likes
Securelist
1M
362
Image Credit: Securelist
Ymir: new stealthy ransomware in the wild
- A new ransomware family named “Ymir” has been discovered in active use by hackers. The malware uses tactics such as encryption and PowerShell remote-control to achieve its goals.
- The attackers gained control via PowerShell remote control commands, and successfully reduced system security before deploying Ymir.
- Ymir performs a range of operations in memory using malloc, memmove, and memcmp function calls. It also uses CryptoPP functions to encrypt files.
- Static analysis shows the binary has suspicious API calls to functions such as CryptAcquireContextA, CryptReleaseContext, CryptGenRandom, TerminateProcess and WinExec.
- The malware also contains a hardcoded list of file name extensions to exclude from encryption.
- Dynamic analysis reveals hundreds of calls to the memmove function, which are used to load small pieces of instructions into memory for performing malicious functions.
- The artifact uses the stream cipher ChaCha20 algorithm to encrypt files and appends the extension '.6C5oy2dVr6' for each encrypted file.
- The article also describes the RustyStealer threat used by the hackers for controlling the affected machines, and their use of PowerShell remote-control capabilities and SystemBC scripts.
- Various Ymir TTP techniques have been identified, including Command and Scripting Interpreter: PowerShell and Data Encrypted for Impact.
- Kaspersky products detect this new threat as Trojan-Ransom.Win64.Ymir.gen.
Read Full Article
21 Likes
Securityaffairs
1M
235
Image Credit: Securityaffairs
A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine
- South Korea claims Pro-Russia actors intensified cyberattacks on national sites after it decided to monitor North Korean troops in Ukraine.
- South Korea reports over 10,000 North Korean troops deployed in Russia to support the war in Ukraine, raising concerns of escalating conflict.
- South Korean government actively countering DDoS attacks from pro-Russian hacktivist groups targeting public and private websites.
- South Korea plans to enhance cyber threat preparedness through monitoring and collaboration among relevant agencies.
Read Full Article
14 Likes
Medium
1M
22
Image Credit: Medium
Malicious PyPI Package Steals AWS Keys
- A malicious PyPI package called 'fabrice' has been stealing AWS keys from unsuspecting developers.
- With over 37,000 downloads, this package poses a significant risk to businesses and developers relying on PyPI.
- The attack utilizes typosquatting to trick users into downloading the malicious package.
- The stolen AWS credentials are sent to a VPN server in Paris, making detection and tracing difficult.
Read Full Article
1 Like
Hackingblogs
1M
321
Image Credit: Hackingblogs
Thousand Of Call Of Duty Player Were Mysteriously Banned By An Unknown Hacker
- An unknown hacker named Vizor banned hundreds of Call of Duty players by exploiting a weakness in the Ricochet anti-cheat system.
- Vizor discovered that Ricochet anti-cheat system was scanning players' devices for specific strings to detect cheaters, leading to false positives.
- The hacker was able to send private messages containing these strings, triggering bans for the targeted players.
- Activision claimed to have resolved the flaw in the anti-cheat system and restored all banned accounts, but some players remain frustrated and disappointed.
Read Full Article
19 Likes
Securityaffairs
1M
208
Image Credit: Securityaffairs
Security Affairs newsletter Round 497 by Pierluigi Paganini – INTERNATIONAL EDITION
- Mazda Connect flaws allow to hack some Mazda vehicles
- Veeam Backup & Replication exploit reused in new Frag ransomware attack
- Texas oilfield supplier Newpark Resources suffered a ransomware attack
- Palo Alto Networks warns of potential RCE in PAN-OS management interface
Read Full Article
12 Likes
Securityaffairs
1M
163
Image Credit: Securityaffairs
U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers
- The US government's Consumer Financial Protection Bureau (CFPB) advises employees to avoid using cellphones for work after China-linked APT group Salt Typhoon hackers breached major telecom providers.
- The agency has issued a directive to employees to reduce the use of their phones and invite them to use Microsoft Teams and Cisco WebEx for their meetings and conversations that involve nonpublic data.
- China-linked threat actors have breached several U.S. internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon.
- Intelligence and cybersecurity experts warn that Chinese nation-state actors have shifted from stealing secrets to infiltrate critical U.S. infrastructure, suggesting that they are now targeting the core of America's digital networks.
Read Full Article
9 Likes
Securityaffairs
1M
299
Image Credit: Securityaffairs
Mazda Connect flaws allow to hack some Mazda vehicles
- Multiple vulnerabilities in the Mazda Connect infotainment system could allow attackers to execute arbitrary code with root access.
- The vulnerabilities are caused by improper input sanitization in the Mazda Connect CMU, allowing attackers with physical access to exploit the system using a crafted USB device.
- The vulnerabilities impact the Mazda Connect CMU system installed in Mazda 3 models from 2014 to 2021.
- The vulnerabilities could result in arbitrary code execution, command injections, and unauthorized firmware uploads, potentially affecting vehicle functions and safety.
Read Full Article
17 Likes
For uninterrupted reading, download the app