Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks

Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks,

An analysis of the « evasive and tenacious » malware known as QBot has revealed that 25% of its command-and-control (C2) servers are merely active for a single day.
What’s more, 50% of the servers don’t remain active for more than a week, indicating the use of an adaptable and dynamic C2 infrastructure, Lumen Black Lotus Labs said in a report shared with The Hacker News.
« This botnet has adapted

,

An analysis of the « evasive and tenacious » malware known as QBot has revealed that 25% of its command-and-control (C2) servers are merely active for a single day.
What’s more, 50% of the servers don’t remain active for more than a week, indicating the use of an adaptable and dynamic C2 infrastructure, Lumen Black Lotus Labs said in a report shared with The Hacker News.
« This botnet has adapted

, ,
https://thehackernews.com/2023/06/evasive-qbot-malware-leverages-short.html

New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware

New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware,

A previously unknown advanced persistent threat (APT) is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019.
« The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data, » Kaspersky said.
The Russian

,

A previously unknown advanced persistent threat (APT) is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019.
« The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data, » Kaspersky said.
The Russian

, ,
https://thehackernews.com/2023/06/new-zero-click-hack-targets-ios-users.html

Unmasking XE Group: Experts Reveal Identity of Suspected Cybercrime Kingpin

Unmasking XE Group: Experts Reveal Identity of Suspected Cybercrime Kingpin,

Cybersecurity researchers have unmasked the identity of one of the individuals who is believed to be associated with the e-crime actor known as XE Group.
According to Menlo Security, which pieced together the information from different online sources, « Nguyen Huu Tai, who also goes by the names Joe Nguyen and Thanh Nguyen, has the strongest likelihood of being involved with the XE Group. »
XE

,

Cybersecurity researchers have unmasked the identity of one of the individuals who is believed to be associated with the e-crime actor known as XE Group.
According to Menlo Security, which pieced together the information from different online sources, « Nguyen Huu Tai, who also goes by the names Joe Nguyen and Thanh Nguyen, has the strongest likelihood of being involved with the XE Group. »
XE

, ,
https://thehackernews.com/2023/06/unmasking-xe-group-experts-reveal.html

Malicious PyPI Packages Using Compiled Python Code to Bypass Detection

Malicious PyPI Packages Using Compiled Python Code to Bypass Detection,

Researchers have discovered a novel attack on the Python Package Index (PyPI) repository that employs compiled Python code to sidestep detection by application security tools.
« It may be the first supply chain attack to take advantage of the fact that Python bytecode (PYC) files can be directly executed, » ReversingLabs analyst Karlo Zanki said in a report shared with The Hacker News.
The package

,

Researchers have discovered a novel attack on the Python Package Index (PyPI) repository that employs compiled Python code to sidestep detection by application security tools.
« It may be the first supply chain attack to take advantage of the fact that Python bytecode (PYC) files can be directly executed, » ReversingLabs analyst Karlo Zanki said in a report shared with The Hacker News.
The package

, ,
https://thehackernews.com/2023/06/malicious-pypi-packages-using-compiled.html

How Wazuh Improves IT Hygiene for Cyber Security Resilience

How Wazuh Improves IT Hygiene for Cyber Security Resilience,

IT hygiene is a security best practice that ensures that digital assets in an organization’s environment are secure and running properly. Good IT hygiene includes vulnerability management, security configuration assessments, maintaining asset and system inventories, and comprehensive visibility into the activities occurring in an environment.
As technology advances and the tools used by

,

IT hygiene is a security best practice that ensures that digital assets in an organization’s environment are secure and running properly. Good IT hygiene includes vulnerability management, security configuration assessments, maintaining asset and system inventories, and comprehensive visibility into the activities occurring in an environment.
As technology advances and the tools used by

, ,
https://thehackernews.com/2023/06/how-wazuh-improves-it-hygiene-for-cyber.html

Improved BlackCat Ransomware Strikes with Lightning Speed and Stealthy Tactics

Improved BlackCat Ransomware Strikes with Lightning Speed and Stealthy Tactics,

The threat actors behind BlackCat ransomware have come up with an improved variant that prioritizes speed and stealth in an attempt to bypass security guardrails and achieve their goals.
The new version, dubbed Sphynx and announced in February 2023, packs a « number of updated capabilities that strengthen the group’s efforts to evade detection, » IBM Security X-Force said in a new analysis.
The « 

,

The threat actors behind BlackCat ransomware have come up with an improved variant that prioritizes speed and stealth in an attempt to bypass security guardrails and achieve their goals.
The new version, dubbed Sphynx and announced in February 2023, packs a « number of updated capabilities that strengthen the group’s efforts to evade detection, » IBM Security X-Force said in a new analysis.
The « 

, ,
https://thehackernews.com/2023/06/improved-blackcat-ransomware-strikes.html

N. Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT

N. Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT,

Cybersecurity researchers have offered a closer look at the RokRAT remote access trojan that’s employed by the North Korean state-sponsored actor known as ScarCruft.
« RokRAT is a sophisticated remote access trojan (RAT) that has been observed as a critical component within the attack chain, enabling the threat actors to gain unauthorized access, exfiltrate sensitive information, and potentially

,

Cybersecurity researchers have offered a closer look at the RokRAT remote access trojan that’s employed by the North Korean state-sponsored actor known as ScarCruft.
« RokRAT is a sophisticated remote access trojan (RAT) that has been observed as a critical component within the attack chain, enabling the threat actors to gain unauthorized access, exfiltrate sensitive information, and potentially

, ,
https://thehackernews.com/2023/06/n-korean-scarcruft-hackers-exploit.html

Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks

Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting different firewall models that could enable an unauthenticated attacker

,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting different firewall models that could enable an unauthenticated attacker

, ,
https://thehackernews.com/2023/06/active-mirai-botnet-variant-exploiting.html

Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites

Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites,

WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites.
The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0, which was released in November 2012.
“This vulnerability could be used by authors on a site to manipulate any files in the

,

WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites.
The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0, which was released in November 2012.
“This vulnerability could be used by authors on a site to manipulate any files in the

, ,
https://thehackernews.com/2023/06/urgent-wordpress-update-fixes-critical.html

Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining

Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining,

A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement.
The findings come from the SANS Internet Storm Center (ISC), which detected a spike in HTTP requests for “/nifi” on May 19, 2023.
“Persistence is achieved via timed processors or entries to cron,” said Dr.

,

A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement.
The findings come from the SANS Internet Storm Center (ISC), which detected a spike in HTTP requests for “/nifi” on May 19, 2023.
“Persistence is achieved via timed processors or entries to cron,” said Dr.

, ,
https://thehackernews.com/2023/05/cybercriminals-targeting-apache-nifi.html