Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detection

Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detection,

Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the radar and evade detection.
Palo Alto Networks Unit 42 said a malware sample uploaded to the VirusTotal database on May 19, 2022, contained a payload associated with Brute Ratel C4, a relatively new sophisticated toolkit « designed to avoid detection by endpoint

,

Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the radar and evade detection.
Palo Alto Networks Unit 42 said a malware sample uploaded to the VirusTotal database on May 19, 2022, contained a payload associated with Brute Ratel C4, a relatively new sophisticated toolkit « designed to avoid detection by endpoint

, ,
https://thehackernews.com/2022/07/hackers-abusing-brc4-red-team.html

The End of False Positives for Web and API Security Scanning?

The End of False Positives for Web and API Security Scanning?,

July may positively disrupt and adrenalize the old-fashioned Dynamic Application Security Scanning (DAST) market, despite the coming holiday season. The pathbreaking innovation comes from ImmuniWeb, a global application security company, well known for, among other things, its free Community Edition that processes over 100,000 daily security scans of web and mobile apps. 
Today, ImmuniWeb

,

July may positively disrupt and adrenalize the old-fashioned Dynamic Application Security Scanning (DAST) market, despite the coming holiday season. The pathbreaking innovation comes from ImmuniWeb, a global application security company, well known for, among other things, its free Community Edition that processes over 100,000 daily security scans of web and mobile apps. 
Today, ImmuniWeb

, ,
https://thehackernews.com/2022/07/the-end-of-false-positives-for-web-and.html

Bitter APT Hackers Continue to Target Bangladesh Military Entities

Bitter APT Hackers Continue to Target Bangladesh Military Entities,

Military entities located in Bangladesh continue to be at the receiving end of sustained cyberattacks by an advanced persistent threat tracked as Bitter.
« Through malicious document files and intermediate malware stages the threat actors conduct espionage by deploying Remote Access Trojans, » cybersecurity firm SECUINFRA said in a new write-up published on July 5.
The findings from the

,

Military entities located in Bangladesh continue to be at the receiving end of sustained cyberattacks by an advanced persistent threat tracked as Bitter.
« Through malicious document files and intermediate malware stages the threat actors conduct espionage by deploying Remote Access Trojans, » cybersecurity firm SECUINFRA said in a new write-up published on July 5.
The findings from the

, ,
https://thehackernews.com/2022/07/bitter-apt-hackers-continue-to-target.html

Hive Ransomware Upgrades to Rust for More Sophisticated Encryption Method

Hive Ransomware Upgrades to Rust for More Sophisticated Encryption Method,

The operators of the Hive ransomware-as-a-service (RaaS) scheme have overhauled their file-encrypting software to fully migrate to Rust and adopt a more sophisticated encryption method.
« With its latest variant carrying several major upgrades, Hive also proves it’s one of the fastest evolving ransomware families, exemplifying the continuously changing ransomware ecosystem, » Microsoft Threat

,

The operators of the Hive ransomware-as-a-service (RaaS) scheme have overhauled their file-encrypting software to fully migrate to Rust and adopt a more sophisticated encryption method.
« With its latest variant carrying several major upgrades, Hive also proves it’s one of the fastest evolving ransomware families, exemplifying the continuously changing ransomware ecosystem, » Microsoft Threat

, ,
https://thehackernews.com/2022/07/hive-ransomware-upgrades-to-rust-for.html

Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms

Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms,

A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them.
The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two dozen NPM packages that include obfuscated JavaScript, which comes with malicious code to harvest

,

A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them.
The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two dozen NPM packages that include obfuscated JavaScript, which comes with malicious code to harvest

, ,
https://thehackernews.com/2022/07/researchers-uncover-malicious-npm.html

Pro-China Group Uses Dragonbridge Campaign to Target Rare Earth Mining Companies

Pro-China Group Uses Dragonbridge Campaign to Target Rare Earth Mining Companies,

A pro-China influence campaign singled out rare earth mining companies in Australia, Canada, and the U.S. with negative messaging in an unsuccessful attempt to manipulate public discourse to China’s benefit.
Targeted firms included Australia’s Lynas Rare Earths Ltd, Canada’s Appia Rare Earths & Uranium Corp, and the American company USA Rare Earth, threat intelligence firm Mandiant said in a

,

A pro-China influence campaign singled out rare earth mining companies in Australia, Canada, and the U.S. with negative messaging in an unsuccessful attempt to manipulate public discourse to China’s benefit.
Targeted firms included Australia’s Lynas Rare Earths Ltd, Canada’s Appia Rare Earths & Uranium Corp, and the American company USA Rare Earth, threat intelligence firm Mandiant said in a

, ,
https://thehackernews.com/2022/07/pro-china-group-uses-dragonbridge.html

Microsoft confirme la présence d’un ver se propageant par clé USB sur des centaines de réseaux d’entreprises

Microsoft confirme la présence d’un ver se propageant par clé USB sur des centaines de réseaux d’entreprises,

,

virus malware pc

Raspberry Robin, un malware Windows identifié il y a déjà plusieurs mois, continue de se propager sur les réseaux d’entreprises par l’intermédiaire de clé USB infectées.

L’article Microsoft confirme la présence d’un ver se propageant par clé USB sur des centaines de réseaux d’entreprises est à retrouver sur 01net.com.

, ,
https://www.01net.com/actualites/microsoft-decouvre-un-ver-se-propageant-sur-des-centaines-de-reseaux-dentreprises.html

As New Clues Emerges, Experts Wonder: Is REvil Back?

As New Clues Emerges, Experts Wonder: Is REvil Back?,

Change is a part of life, and nothing stays the same for too long, even with hacking groups, which are at their most dangerous when working in complete silence. The notorious REvil ransomware gang, linked to the infamous JBS and Kaseya, has resurfaced three months after the arrest of its members in Russia.
The Russian domestic intelligence service, the FSB, had caught 14 people from the gang. In

,

Change is a part of life, and nothing stays the same for too long, even with hacking groups, which are at their most dangerous when working in complete silence. The notorious REvil ransomware gang, linked to the infamous JBS and Kaseya, has resurfaced three months after the arrest of its members in Russia.
The Russian domestic intelligence service, the FSB, had caught 14 people from the gang. In

, ,
https://thehackernews.com/2022/07/as-new-clues-emerges-experts-wonder-is.html

Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web

Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web,

Cybersecurity researchers have detailed the various measures ransomware actors have taken to obscure their true identity online as well as the hosting location of their web server infrastructure.
« Most ransomware operators use hosting providers outside their country of origin (such as Sweden, Germany, and Singapore) to host their ransomware operations sites, » Cisco Talos researcher Paul Eubanks 

,

Cybersecurity researchers have detailed the various measures ransomware actors have taken to obscure their true identity online as well as the hosting location of their web server infrastructure.
« Most ransomware operators use hosting providers outside their country of origin (such as Sweden, Germany, and Singapore) to host their ransomware operations sites, » Cisco Talos researcher Paul Eubanks 

, ,
https://thehackernews.com/2022/07/researchers-share-techniques-to-uncover.html

Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild

Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild,

Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild.
The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native

,

Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild.
The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native

, ,
https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html