U.S. Warns Against North Korean Hackers Posing as IT Freelancers

Leave a Comment / Cyber Attacks /

Highly skilled software and mobile app developers from the Democratic People’s Republic of Korea (DPRK) are posing as “non-DPRK nationals” in hopes of landing freelance employment in an attempt to enable the regime’s malicious cyber intrusions. That’s according to a joint advisory from the U.S. Department of State, the Department of the Treasury, and the […]

U.S. Warns Against North Korean Hackers Posing as IT Freelancers Read More »

Researchers Find Potential Way to Run Malware on iPhone Even When it’s OFF

Leave a Comment / Malware /

A first-of-its-kind security analysis of iOS Find My function has identified a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that’s executed while an iPhone is “off.” The mechanism takes advantage of the fact that wireless chips related to Bluetooth, Near-field communication (NFC), and

Researchers Find Potential Way to Run Malware on iPhone Even When it’s OFF Read More »

Web Trackers Caught Intercepting Online Forms Even Before Users Hit Submit

Leave a Comment / Cyber Attacks /

A new research published by academics from KU Leuven, Radboud University, and the University of Lausanne has revealed that users’ email addresses are exfiltrated to tracking, marketing, and analytics domains before such is submitted and without prior consent. The study involved crawling 2.8 million pages from the top 100 websites, and found that as many

Web Trackers Caught Intercepting Online Forms Even Before Users Hit Submit Read More »

Keep an Eye Out! Dockers, AWS, and Alibaba Cloud Are Being Targeted by Cryptocurrency Miners.

Leave a Comment / Cyber Attacks /

As part of an ongoing malware effort, LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux servers. In a new study, CrowdStrike stated, “It operates an anonymous mining operation by using proxy pools, which disguise the wallet addresses.” “It avoids detection by targeting and disabling Alibaba Cloud’s monitoring service.” LemonDuck

Keep an Eye Out! Dockers, AWS, and Alibaba Cloud Are Being Targeted by Cryptocurrency Miners. Read More »

Hackers Infiltrate Resumes Sent to Corporate Hiring Managers With the ‘More Eggs’ CVWARE.

Leave a Comment / Malware /

A year after potential candidates looking for work on LinkedIn were tempted with weaponized job offers, a new series of phishing assaults carrying the more eggs malware has been detected attacking corporate hiring supervisors with false resumes as an infection vector thus making it dubbed ‘the CV-WARE’ by Sly Uduosa, Slytech’s research lead. “This year,

Hackers Infiltrate Resumes Sent to Corporate Hiring Managers With the ‘More Eggs’ CVWARE. Read More »

New SolarMarker Malware Variant Employing Updated Techniques to Avoid Detection

Leave a Comment / Vulnerabilities /

Researchers have revealed an improved version of the SolarMarker virus that includes new features aimed at improving its defensive evasion skills and remaining undetected. “The newest version indicated an advancement from dealing with Windows Portable Executables (EXE files) to working with Windows installation package files (MSI files,” according to a report issued this month by

New SolarMarker Malware Variant Employing Updated Techniques to Avoid Detection Read More »

Vulnerabilities in Lenovo’s UEFI Firmware Affect Millions of Laptops

Leave a Comment / Vulnerabilities /

Three high-impact UEFI security vulnerabilities have been discovered in multiple Lenovo consumer laptop models, allowing malicious actors to deploy and execute firmware implants on the afflicted devices. According to ESET researcher Martin Smolár, the CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972 vulnerabilities “affect firmware drivers originally supposed to be utilised solely during the production process of Lenovo consumer

Vulnerabilities in Lenovo’s UEFI Firmware Affect Millions of Laptops Read More »

The Haskers gang freely distributes ZingoStealer malware to other cybercriminals.

Leave a Comment / Cyber Attacks /

Haskers Gang, a crimeware-related threat actor, has distributed ZingoStealer, an information-stealing malware, for free on the internet, allowing other criminal groups to use it for nefarious purposes. In a study posted with The Hacker News, Cisco Talos researchers Edmund Brumaghin and Vanja Svajcer noted, “It features the capacity to collect personal information from users and

The Haskers gang freely distributes ZingoStealer malware to other cybercriminals. Read More »

The Browser-in-the-Browser (BITB) Attack Enabling Easier Phishing Attack

Leave a Comment / Uncategorized /

New phishing technique called browser-in-the-browser (BitB) attack can be xploited to act like a browser window within the browser in order to spoof a legitimate domain, which makes it possible to stage convincing phishing attacks. The method makes use of the third-party single sign-on (SSO) options embedded on websites such as “Sign in with Google”

The Browser-in-the-Browser (BITB) Attack Enabling Easier Phishing Attack Read More »