The VanHelsing ransomware-as-a-service operation published the source code for its affiliate panel, data leak blog, and Windows encryptor builder after an old developer tried to sell it on the RAMP cybercrime forum. […]
SK Telecom says malware breach lasted 3 years, impacted 27 million numbers
SK Telecom says that a recently disclosed cybersecurity incident in April, first occurred all the way back in 2022, ultimately exposing the USIM data of 27 million subscribers. […]
Hazy Hawk gang exploits DNS misconfigs to hijack trusted domains
A threat actor named ‘Hazy Hawk’ has been using DNS CNAME hijacking to hijack abandoned cloud endpoints of domains belonging to trusted organizations and incorporate them in large-scale scam delivery and traffic distribution systems (TDS). […]
Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery
A threat actor known as Hazy Hawk has been observed hijacking abandoned cloud resources of high-profile organizations, including Amazon S3 buckets and Microsoft Azure endpoints, by leveraging misconfigurations in the Domain Name System (DNS) records.
The hijacked domains are then used to host URLs that direct users to scams and malware via traffic distribution systems (TDSes), according to
The hijacked domains are then used to host URLs that direct users to scams and malware via traffic distribution systems (TDSes), according to
100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads
An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code.
“The actor creates websites that masquerade as legitimate services, productivity tools, ad and media creation or analysis
“The actor creates websites that masquerade as legitimate services, productivity tools, ad and media creation or analysis
RVTools hit in supply chain attack to deliver Bumblebee malware
The official website for the RVTools VMware management tool was taken offline in what appears to be a supply chain attack that distributed a trojanized installer to drop the Bumblebee malware loader on users’ machines. […]
Service desks are under attack: What can you do about it?
Service desks are on the front lines of defense—and attackers know it. Attackers are using social engineering attacks to trick agents into changing passwords, disabling MFA, and granting access. Learn more from Specops Software on how to secure your service desk. […]
NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch
VMware patches flaws that expose users to data leakage, command execution and denial-of-service attacks. No temporary workarounds available.
The post NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch appeared first on SecurityWeek.
South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware
High-level government institutions in Sri Lanka, Bangladesh, and Pakistan have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder.
“The attackers used spear phishing emails paired with geofenced payloads to ensure that only victims in specific countries received the malicious content,” Acronis researchers Santiago Pontiroli, Jozsef Gegeny, and Prakas
“The attackers used spear phishing emails paired with geofenced payloads to ensure that only victims in specific countries received the malicious content,” Acronis researchers Santiago Pontiroli, Jozsef Gegeny, and Prakas
AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation
Cybersecurity researchers have discovered risky default identity and access management (IAM) roles impacting Amazon Web Services that could open the door for attackers to escalate privileges, manipulate other AWS services, and, in some cases, even fully compromise AWS accounts.
“These roles, often created automatically or recommended during setup, grant overly broad permissions, such as full S3
“These roles, often created automatically or recommended during setup, grant overly broad permissions, such as full S3