The North Korean state-sponsored hacking group tracked as ‘Andariel’ has been linked to the Play ransomware operation, using the RaaS to work behind the scenes and evade sanctions. […]
North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack
Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations.
The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces, which is also known as Andariel, APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet (formerly Plutonium), Operation Troy,
The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces, which is also known as Andariel, APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet (formerly Plutonium), Operation Troy,
Data Loss Prevention Startup MIND Emerges From Stealth With $11M in Funding
MIND has emerged from stealth mode with a data loss prevention (DLP) solution and $11 million in seed funding.
The post Data Loss Prevention Startup MIND Emerges From Stealth With $11M in Funding appeared first on SecurityWeek.
Android malware “FakeCall” now reroutes bank calls to attackers
A new version of the FakeCall malware for Android hijacks outgoing calls from a user to their bank, redirecting them to the attacker’s phone number instead. […]
Hackers steal 15,000 cloud credentials from exposed Git config files
A global large-scale dubbed “EmeraldWhale” exploited misconfigured Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories. […]
FBI: Upcoming U.S. general election fuel multiple fraud schemes
The Federal Bureau of Investigation (FBI) is warning of multiple schemes taking advantage of the upcoming U.S. general election to scam people out of their money or personal data. […]
Microsoft Warns of Russian Spear-Phishing Attacks Targeting Over 100 Organizations
Microsoft says a new spear-phishing campaign by Russia’s Midnight Blizzard uses RDP files, a new vector for this threat group.
The post Microsoft Warns of Russian Spear-Phishing Attacks Targeting Over 100 Organizations appeared first on SecurityWeek.
Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information
A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs.
The attack, codenamed CrossBarking, could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and account hijacking, Guardio Labs said.
To demonstrate the issue, the company said it managed to publish a
The attack, codenamed CrossBarking, could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and account hijacking, Guardio Labs said.
To demonstrate the issue, the company said it managed to publish a
Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware
Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta’s advertising platform and hijacked Facebook accounts to distribute information known as SYS01stealer.
“The hackers behind the campaign use trusted brands to expand their reach,” Bitdefender Labs said in a report shared with The Hacker News.
“The malvertising campaign leverages nearly a hundred malicious
“The hackers behind the campaign use trusted brands to expand their reach,” Bitdefender Labs said in a report shared with The Hacker News.
“The malvertising campaign leverages nearly a hundred malicious
FakeCall Android Trojan Evolves with New Evasion Tactics and Expanded Espionage Capabilities
The FakeCall Android banking trojan now employs advanced evasion tactics and expanded surveillance capabilities, posing heightened risks for banks and enterprises.
The post FakeCall Android Trojan Evolves with New Evasion Tactics and Expanded Espionage Capabilities appeared first on SecurityWeek.