‘CryptoRom’ Crypto Scam Abusing iPhone Features to Target Mobile Users

‘CryptoRom’ Crypto Scam Abusing iPhone Features to Target Mobile Users

,

Social engineering attacks leveraging a combination of romantic lures and cryptocurrency fraud have been luring unsuspecting victims into installing fake apps by taking advantage of legitimate iOS features like TestFlight and Web Clips.
Cybersecurity company Sophos, which has named the organized crime campaign « CryptoRom, » characterized it as a wide-ranging global scam.
« This style of

,

Social engineering attacks leveraging a combination of romantic lures and cryptocurrency fraud have been luring unsuspecting victims into installing fake apps by taking advantage of legitimate iOS features like TestFlight and Web Clips.
Cybersecurity company Sophos, which has named the organized crime campaign « CryptoRom, » characterized it as a wide-ranging global scam.
« This style of

, ,
https://thehackernews.com/2022/03/cryptorom-crypto-scam-abusing-iphone.html

South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau

South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau,

Luxury hotels in the Chinese special administrative region of Macau were the target of a malicious spear-phishing campaign from the second half of November 2021 and through mid-January 2022.
Cybersecurity firm Trellix attributed the campaign with moderate confidence to a suspected South Korean advanced persistent threat (APT) tracked as DarkHotel, building on research previously published by 

,

Luxury hotels in the Chinese special administrative region of Macau were the target of a malicious spear-phishing campaign from the second half of November 2021 and through mid-January 2022.
Cybersecurity firm Trellix attributed the campaign with moderate confidence to a suspected South Korean advanced persistent threat (APT) tracked as DarkHotel, building on research previously published by 

, ,
https://thehackernews.com/2022/03/south-korean-darkhotel-hackers-targeted.html

Lapsus$ : retour sur l’irrésistible ascension d’un groupe de pirates sud-américains

Lapsus$ : retour sur l’irrésistible ascension d’un groupe de pirates sud-américains

,

Relativement inconnus il y a encore quelques semaines, les membres de ce groupe d’extorsion font trembler les grandes entreprises. Après Nvidia et Samsung, ça a été au tour de Vodafone. Qui sont ces mystérieux hackers ?

,

Relativement inconnus il y a encore quelques semaines, les membres de ce groupe d’extorsion font trembler les grandes entreprises. Après Nvidia et Samsung, ça a été au tour de Vodafone. Qui sont ces mystérieux hackers ?

, ,
https://www.01net.com/actualites/lapsusdollar-retour-sur-l-irresistible-ascension-d-un-groupe-de-pirates-sud-americains-2055532.html

Des cybercriminels ont trouvé de nouveaux moyens d’installer des applis malveillantes sur iOS

Des cybercriminels ont trouvé de nouveaux moyens d’installer des applis malveillantes sur iOS

,

Des groupes de cybercriminels, spécialisés dans les arnaques à la cryptomonnaie, utilisent le service TestFlight et la technologie WebClip d’Apple pour abuser leurs victimes.

,

Des groupes de cybercriminels, spécialisés dans les arnaques à la cryptomonnaie, utilisent le service TestFlight et la technologie WebClip d’Apple pour abuser leurs victimes.

, ,
https://www.01net.com/actualites/des-cybercriminels-ont-trouve-de-nouveaux-moyens-d-installer-des-applis-malveillantes-sur-ios-2055560.html

Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines

Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines,

A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards.
Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker

,

A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards.
Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker

, ,
https://thehackernews.com/2022/03/hackers-target-bank-networks-with-new.html

Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware

Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware,

An analysis of two ransomware attacks has identified overlaps in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, indicating a strong connection between the two groups.
While it’s typical of ransomware groups to rebrand their operations in response to increased visibility into their attacks, BlackCat (aka Alphv) marks a new frontier in that the cyber crime cartel

,

An analysis of two ransomware attacks has identified overlaps in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, indicating a strong connection between the two groups.
While it’s typical of ransomware groups to rebrand their operations in response to increased visibility into their attacks, BlackCat (aka Alphv) marks a new frontier in that the cyber crime cartel

, ,
https://thehackernews.com/2022/03/experts-find-some-affiliates-of.html

Google Uncovers ‘Initial Access Broker’ Working with Conti Ransomware Gang

Google Uncovers ‘Initial Access Broker’ Working with Conti Ransomware Gang

,

Google’s Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations.
Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML platform (CVE-2021-40444) as part of

,

Google’s Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations.
Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML platform (CVE-2021-40444) as part of

, ,
https://thehackernews.com/2022/03/google-uncovers-initial-access-broker.html

New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers

New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers,

ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks.
According to a new report published by Trend Micro, the botnet’s « main purpose is to build an infrastructure for further attacks on high-value targets, » given that

,

ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks.
According to a new report published by Trend Micro, the botnet’s « main purpose is to build an infrastructure for further attacks on high-value targets, » given that

, ,
https://thehackernews.com/2022/03/new-variant-of-russian-cyclops-blink.html

Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion

Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion,

In what’s yet another act of sabotage, the developer behind the popular « node-ipc » NPM package shipped a new version to protest Russia’s invasion of Ukraine, raising concerns about security in the open-source and the software supply chain.
Affecting versions 10.1.1 and 10.1.2 of the library, the changes introduced undesirable behavior by its maintainer RIAEvangelist, targeting users with IP

,

In what’s yet another act of sabotage, the developer behind the popular « node-ipc » NPM package shipped a new version to protest Russia’s invasion of Ukraine, raising concerns about security in the open-source and the software supply chain.
Affecting versions 10.1.1 and 10.1.2 of the library, the changes introduced undesirable behavior by its maintainer RIAEvangelist, targeting users with IP

, ,
https://thehackernews.com/2022/03/popular-npm-package-updated-to-wipe.html

DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly

DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly,

The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found.
« The worming module targets older well-known vulnerabilities, e.g., EternalBlue and Hot Potato Windows privilege escalation, » Avast researcher Martin Chlumecký said in a report published Wednesday.
« One worm

,

The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found.
« The worming module targets older well-known vulnerabilities, e.g., EternalBlue and Hot Potato Windows privilege escalation, » Avast researcher Martin Chlumecký said in a report published Wednesday.
« One worm

, ,
https://thehackernews.com/2022/03/dirtymoe-botnet-gains-new-exploits-in.html