hackers
US charges five linked to Scattered Spider cybercrime gang
The U.S. Justice Department has charged five suspects believed to be part of the financially motivated Scattered Spider cybercrime gang with conspiracy to commit wire fraud. Between September 2021 and April 2023, they were able to steal millions from cryptocurrency wallets using victims’ credentials stolen in SMS phishing attacks targeting dozens of targets, including both individuals […]
Hackers now use ZIP file concatenation to evade detection
Hackers are targeting Windows machines using the ZIP file concatenation technique to deliver malicious payloads in compressed archives without security solutions detecting them. The technique exploits the different methods ZIP parsers and archive managers handle concatenated ZIP files. This new trend was spotted by Perception Point, who discovered a a concatentated ZIP archive hiding a trojan while […]
Unpatched Mazda Connect bugs let hackers install persistent malware
Attackers could exploit several vulnerabilities in the Mazda Connect infotainment unit, present in multiple car models including Mazda 3 (2014-2021), to execute arbitrary code with root permission. The security issues remain unpatched and some of them are command injection flaws that could be leveraged to obtain unrestricted access to vehicle networks, potentially impacting the car’s […]
North Korean hackers use new macOS malware against crypto firms
North Korean threat actor BlueNoroff has been targeting crypto-related businesses with a new multi-stage malware for macOS systems. Researchers are calling the campaign Hidden Risk and say that it lures victims with emails that share fake news about the latest activity in the cryptocurrency sector. The malware deployed in these attacks relies on a novel […]
Hackers increasingly use Winos4.0 post-exploitation kit in attacks
Hackers are increasingly targeting Windows users with the malicious Winos4.0 framework, distributed via seemingly benign game-related apps. The toolkit is the equivalent of Sliver and Cobalt Strike post-exploitation frameworks and it was documented by Trend Micro this summer in a report on attacks against Chinese users. At the time, a threat actor tracked as Void Arachne/Silver Fox lured victims […]
Cisco bug lets hackers run commands as root on UWRB access points
Cisco has fixed a maximum severity vulnerability that allows attackers to run commands with root privileges on vulnerable Ultra-Reliable Wireless Backhaul (URWB) access points that provide connectivity for industrial wireless automation. Tracked as CVE-2024-20418, this security flaw was found in Cisco’s Unified Industrial Wireless Software’s web-based management interface. Unauthenticated threat actors can exploit it in low-complexity […]
LiteSpeed Cache WordPress plugin bug lets hackers get admin access
The free version of the popular WordPress plugin LiteSpeed Cache has fixed a dangerous privilege elevation flaw on its latest release that could allow unauthenticated site visitors to gain admin rights. LiteSpeed Cache is a caching plugin used by over six million WordPress sites, helping to speed up and improve user browsing experience. The newly discovered high-severity flaw […]
Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day
The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. Kaspersky discovered the attacks on May 13, 2024, and reported the Chrome zero-day flaw to Google. Google issued a fix for CVE-2024-4947 on May 25, with Chrome version 125.0.6422.60/.61. Lazarus tank games […]
New FASTCash malware Linux variant helps steal money from ATMs
North Korean hackers are using a new Linux variant of the FASTCash malware to infect the payment switch systems of financial institutions and perform unauthorized cash withdrawals. Previous variants of FASTCash targeted Windows and IBM AIX (Unix) systems, but a new report by security researcher HaxRob reveals a previously undetected Linux version that targets Ubuntu […]
CISA: Hackers abuse F5 BIG-IP cookies to map internal servers
CISA is warning that threat actors have been observed abusing unencrypted persistent F5 BIG-IP cookies to identify and target other internal devices on the targeted network. By mapping out internal devices, threat actors can potentially identify vulnerable devices on the network as part of the planning stages in cyberattacks. “CISA has observed cyber threat actors leveraging […]