Worok Hackers Target High-Profile Asian Companies and Governments

Worok Hackers Target High-Profile Asian Companies and Governments,

High-profile companies and local governments located primarily in Asia are the subjects of targeted attacks by a previously undocumented espionage group dubbed Worok that has been active since late 2020.
« Worok’s toolset includes a C++ loader CLRLoad, a PowerShell backdoor PowHeartBeat, and a C# loader PNGLoad that uses steganography to extract hidden malicious payloads from PNG files, » ESET

,

High-profile companies and local governments located primarily in Asia are the subjects of targeted attacks by a previously undocumented espionage group dubbed Worok that has been active since late 2020.
« Worok’s toolset includes a C++ loader CLRLoad, a PowerShell backdoor PowHeartBeat, and a C# loader PNGLoad that uses steganography to extract hidden malicious payloads from PNG files, » ESET

, ,
https://thehackernews.com/2022/09/worok-hackers-target-high-profile-asian.html

TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks

TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks,

Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505.
« The group frequently changes its malware attack strategies in response to global cybercrime trends, » Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. « It opportunistically adopts new technologies in order

,

Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505.
« The group frequently changes its malware attack strategies in response to global cybercrime trends, » Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. « It opportunistically adopts new technologies in order

, ,
https://thehackernews.com/2022/09/ta505-hackers-using-teslagun-panel-to.html

Integrating Live Patching in SecDevOps Workflows

Integrating Live Patching in SecDevOps Workflows,

SecDevOps is, just like DevOps, a transformational change that organizations undergo at some point during their lifetime. Just like many other big changes, SecDevOps is commonly adopted after a reality check of some kind: a big damaging cybersecurity incident, for example.
A major security breach or, say, consistent problems in achieving development goals signals to organizations that the

,

SecDevOps is, just like DevOps, a transformational change that organizations undergo at some point during their lifetime. Just like many other big changes, SecDevOps is commonly adopted after a reality check of some kind: a big damaging cybersecurity incident, for example.
A major security breach or, say, consistent problems in achieving development goals signals to organizations that the

, ,
https://thehackernews.com/2022/09/integrating-live-patching-in-secdevops.html

New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security

New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security,

A new phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy is being advertised on the criminal underground as a means for threat actors to bypass two-factor authentication (2FA) protections employed against online services.
« EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA authentication – proxifying victim’s session, » Resecurity researchers said in a Monday

,

A new phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy is being advertised on the criminal underground as a means for threat actors to bypass two-factor authentication (2FA) protections employed against online services.
« EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA authentication – proxifying victim’s session, » Resecurity researchers said in a Monday

, ,
https://thehackernews.com/2022/09/new-evilproxy-phishing-service-allowing.html

Researchers Find New Android Spyware Campaign Targeting Uyghur Community

Researchers Find New Android Spyware Campaign Targeting Uyghur Community,

A previously undocumented strain of Android spyware with extensive information gathering capabilities has been found disguised as a book likely designed to target the Uyghur community in China.
The malware comes under the guise of a book titled « The China Freedom Trap, » a biography written by the exiled Uyghur leader Dolkun Isa.

« In light of the ongoing conflict between the

,

A previously undocumented strain of Android spyware with extensive information gathering capabilities has been found disguised as a book likely designed to target the Uyghur community in China.
The malware comes under the guise of a book titled « The China Freedom Trap, » a biography written by the exiled Uyghur leader Dolkun Isa.

« In light of the ongoing conflict between the

, ,
https://thehackernews.com/2022/09/researchers-find-new-android-spyware.html

QNAP Warns of New DeadBolt Ransomware Attacks Exploiting Photo Station Flaw

QNAP Warns of New DeadBolt Ransomware Attacks Exploiting Photo Station Flaw,

QNAP has issued a new advisory urging users of its network-attached storage (NAS) devices to upgrade to the latest version of Photo Station following yet another wave of DeadBolt ransomware attacks in the wild by exploiting a zero-day flaw in the software.
The Taiwanese company said it detected the attacks on September 3 and that « the campaign appears to target QNAP NAS devices running Photo

,

QNAP has issued a new advisory urging users of its network-attached storage (NAS) devices to upgrade to the latest version of Photo Station following yet another wave of DeadBolt ransomware attacks in the wild by exploiting a zero-day flaw in the software.
The Taiwanese company said it detected the attacks on September 3 and that « the campaign appears to target QNAP NAS devices running Photo

, ,
https://thehackernews.com/2022/09/qnap-warns-of-new-deadbolt-ransomware.html

Des milliards de données TikTok en libre accès sur le web, faut-il s’en inquiéter ?

Des milliards de données TikTok en libre accès sur le web, faut-il s’en inquiéter ?,

,

tiktok

Des hacktivistes revendique le siphonnage d’une énorme masse de données TikTok. Mais il s’agirait en fait de données en accès libre qui ont probablement été collectées par un tiers.

L’article Des milliards de données TikTok en libre accès sur le web, faut-il s’en inquiéter ? est à retrouver sur 01net.com.

, ,
https://www.01net.com/actualites/des-donnees-tiktok-dans-la-nature-mais-lediteur-refute-tout-piratage.html

Android : n’utilisez pas cet antivirus, c’est un cheval de Troie bancaire

Android : n’utilisez pas cet antivirus, c’est un cheval de Troie bancaire,

,

Android malware virus

Des chercheurs ont trouvé un antivirus et un logiciel d’optimisation sur Google Play qui installent en douce le logiciel malveillant SharkBot. Ils ont été téléchargés plus de 50 000 fois.

L’article Android : n’utilisez pas cet antivirus, c’est un cheval de Troie bancaire est à retrouver sur 01net.com.

, ,
https://www.01net.com/actualites/android-nutilisez-pas-cet-antivirus-cest-un-cheval-de-troie-bancaire.html

Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus

Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus,

A vulnerable anti-cheat driver for the Genshin Impact video game has been leveraged by a cybercrime actor to disable antivirus programs to facilitate the deployment of ransomware, according to findings from Trend Micro.
The ransomware infection, which was triggered in the last week of July 2022, banked on the fact that the driver in question (« mhyprot2.sys ») is signed with a valid certificate,

,

A vulnerable anti-cheat driver for the Genshin Impact video game has been leveraged by a cybercrime actor to disable antivirus programs to facilitate the deployment of ransomware, according to findings from Trend Micro.
The ransomware infection, which was triggered in the last week of July 2022, banked on the fact that the driver in question (« mhyprot2.sys ») is signed with a valid certificate,

, ,
https://thehackernews.com/2022/09/ransomware-attackers-abuse-genshin.html

Le pape du web chiffré, Peter Eckersley, est mort

Le pape du web chiffré, Peter Eckersley, est mort,

,

Peter Eckersley

Si le web est chiffré à plus de 80 %, c’est notamment grâce à ce chercheur en sécurité et son projet Let’s Encrypt, qui a facilité le déploiement de certificats TLS.

L’article Le pape du web chiffré, Peter Eckersley, est mort est à retrouver sur 01net.com.

, ,
https://www.01net.com/actualites/le-pape-du-web-chiffre-peter-eckersley-est-mort.html