Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems

Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems,

Cybersecurity researchers have detailed a « simple but efficient » persistence mechanism adopted by a relatively nascent malware loader called Colibri, which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign.
« The attack starts with a malicious Word document deploying a Colibri bot that then delivers the Vidar Stealer, » Malwarebytes Labs said in an

,

Cybersecurity researchers have detailed a « simple but efficient » persistence mechanism adopted by a relatively nascent malware loader called Colibri, which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign.
« The attack starts with a malicious Word document deploying a Colibri bot that then delivers the Vidar Stealer, » Malwarebytes Labs said in an

, ,
https://thehackernews.com/2022/04/researchers-uncover-how-colibri-malware.html

FBI Shut Down Russia-linked « Cyclops Blink » Botnet That Infected Thousands of Devices

FBI Shut Down Russia-linked « Cyclops Blink » Botnet That Infected Thousands of Devices

,

The U.S. Department of Justice (DoJ) announced that it neutralized Cyclops Blink, a modular botnet controlled by a threat actor known as Sandworm, which has been attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).
« The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used

,

The U.S. Department of Justice (DoJ) announced that it neutralized Cyclops Blink, a modular botnet controlled by a threat actor known as Sandworm, which has been attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).
« The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used

, ,
https://thehackernews.com/2022/04/fbi-shut-down-russia-linked-cyclops.html

VMware Releases Critical Patches for New Vulnerabilities Affecting Multiple Products

VMware Releases Critical Patches for New Vulnerabilities Affecting Multiple Products,

VMware has released security updates to patch eight vulnerabilities spanning its products, some of which could be exploited to launch remote code execution attacks.
Tracked from CVE-2022-22954 to CVE-2022-22961 (CVSS scores: 5.3 – 9.8), the issues impact VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager

,

VMware has released security updates to patch eight vulnerabilities spanning its products, some of which could be exploited to launch remote code execution attacks.
Tracked from CVE-2022-22954 to CVE-2022-22961 (CVSS scores: 5.3 – 9.8), the issues impact VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager

, ,
https://thehackernews.com/2022/04/vmware-releases-critical-patches-for.html

Borat RAT, le malware ultra-complet… qui ne fera rire personne

Borat RAT, le malware ultra-complet… qui ne fera rire personne,

Ce logiciel malveillant combine les fonctions d’espionnage, d’attaques DDoS et de ransomware. De quoi satisfaire tous les besoins des pirates.

,

Ce logiciel malveillant combine les fonctions d’espionnage, d’attaques DDoS et de ransomware. De quoi satisfaire tous les besoins des pirates.

, ,
https://www.01net.com/actualites/borat-rat-le-malware-ultra-complet-qui-ne-fera-rire-personne-2055770.html

Cyber Security WEBINAR — How to Ace Your InfoSec Board Deck

Cyber Security WEBINAR — How to Ace Your InfoSec Board Deck,

Communication is a vital skill for any leader at an organization, regardless of seniority. For security leaders, this goes double. Communicating clearly works on multiple levels. On the one hand, security leaders and CISOs must be able to communicate strategies clearly – instructions, incident response plans, and security policies. On the other, they must be able to communicate the importance of

,

Communication is a vital skill for any leader at an organization, regardless of seniority. For security leaders, this goes double. Communicating clearly works on multiple levels. On the one hand, security leaders and CISOs must be able to communicate strategies clearly – instructions, incident response plans, and security policies. On the other, they must be able to communicate the importance of

, ,
https://thehackernews.com/2021/10/cyber-security-webinar-how-to-ace-your.html

Hackers Distributing Fake Shopping Apps to Steal Banking Data of Malaysian Users

Hackers Distributing Fake Shopping Apps to Steal Banking Data of Malaysian Users,

Threat actors have been distributing malicious applications under the guise of seemingly harmless shopping apps to target customers of eight Malaysian banks since at least November 2021.
The attacks involved setting up fraudulent but legitimate-looking websites to trick users into downloading the apps, Slovak cybersecurity firm ESET said in a report shared with The Hacker News.
The copycat

,

Threat actors have been distributing malicious applications under the guise of seemingly harmless shopping apps to target customers of eight Malaysian banks since at least November 2021.
The attacks involved setting up fraudulent but legitimate-looking websites to trick users into downloading the apps, Slovak cybersecurity firm ESET said in a report shared with The Hacker News.
The copycat

, ,
https://thehackernews.com/2022/04/hackers-distributing-fake-shopping-apps.html

Ukraine Warns of Cyber attack Aiming to Hack Users’ Telegram Messenger Accounts

Ukraine Warns of Cyber attack Aiming to Hack Users’ Telegram Messenger Accounts

,

Ukraine’s technical security and intelligence service is warning of a new wave of cyber attacks that are aimed at gaining access to users’ Telegram accounts.
« The criminals sent messages with malicious links to the Telegram website in order to gain unauthorized access to the records, including the possibility to transfer a one-time code from SMS, » the State Service of Special Communication and

,

Ukraine’s technical security and intelligence service is warning of a new wave of cyber attacks that are aimed at gaining access to users’ Telegram accounts.
« The criminals sent messages with malicious links to the Telegram website in order to gain unauthorized access to the records, including the possibility to transfer a one-time code from SMS, » the State Service of Special Communication and

, ,
https://thehackernews.com/2022/04/ukraine-warns-of-cyber-attack-aiming-to.html

Block Admits Data Breach Involving Cash App Data Accessed by Former Employee

Block Admits Data Breach Involving Cash App Data Accessed by Former Employee,

Block, the company formerly known as Square, has disclosed a data breach that involved a former employee downloading unspecified reports pertaining to its Cash App Investing that contained information about its U.S. customers.
« While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after

,

Block, the company formerly known as Square, has disclosed a data breach that involved a former employee downloading unspecified reports pertaining to its Cash App Investing that contained information about its U.S. customers.
« While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after

, ,
https://thehackernews.com/2022/04/block-admits-data-breach-involving-cash.html

U.S. Treasury Department Sanctions Russia-based Hydra Darknet Marketplace

U.S. Treasury Department Sanctions Russia-based Hydra Darknet Marketplace,

The U.S. Treasury Department on Tuesday sanctioned Hydra, the same day German law enforcement authorities disrupted the world’s largest and longest-running dark web marketplace following a coordinated operation in partnership with U.S. officials.
The sanctions are part of an « international effort to disrupt proliferation of malicious cybercrime services, dangerous drugs, and other illegal

,

The U.S. Treasury Department on Tuesday sanctioned Hydra, the same day German law enforcement authorities disrupted the world’s largest and longest-running dark web marketplace following a coordinated operation in partnership with U.S. officials.
The sanctions are part of an « international effort to disrupt proliferation of malicious cybercrime services, dangerous drugs, and other illegal

, ,
https://thehackernews.com/2022/04/us-treasury-department-sanctions-russia.html

FIN7 Hackers Leveraging Password Reuse and Software Supply Chain Attacks

FIN7 Hackers Leveraging Password Reuse and Software Supply Chain Attacks,

The notorious cybercrime group known as FIN7 has diversified its initial access vectors to incorporate software supply chain compromise and the use of stolen credentials, new research has revealed.
« Data theft extortion or ransomware deployment following FIN7-attributed activity at multiple organizations, as well as technical overlaps, suggests that FIN7 actors have been associated with various

,

The notorious cybercrime group known as FIN7 has diversified its initial access vectors to incorporate software supply chain compromise and the use of stolen credentials, new research has revealed.
« Data theft extortion or ransomware deployment following FIN7-attributed activity at multiple organizations, as well as technical overlaps, suggests that FIN7 actors have been associated with various

, ,
https://thehackernews.com/2022/04/fin7-hackers-leveraging-password-reuse.html