New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable

New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable,

A novel phishing technique called browser-in-the-browser (BitB) attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks.
According to penetration tester and security researcher, who goes by the handle mrd0x_, the method takes advantage of third-party single sign-on (SSO) options

,

A novel phishing technique called browser-in-the-browser (BitB) attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks.
According to penetration tester and security researcher, who goes by the handle mrd0x_, the method takes advantage of third-party single sign-on (SSO) options

, ,
https://thehackernews.com/2022/03/new-browser-in-browser-bitb-attack.html

Ukraine : il a transformé son logiciel open source en wiper pour punir les Russes

Ukraine : il a transformé son logiciel open source en wiper pour punir les Russes,

Un développeur a intégré une fonction malveillante dans un module JavaScript qui ne se déclenche que sur des ordinateurs russes ou biélorusses. Une idée dangereuse qui provoque d’importants dégâts collatéraux.

,

Un développeur a intégré une fonction malveillante dans un module JavaScript qui ne se déclenche que sur des ordinateurs russes ou biélorusses. Une idée dangereuse qui provoque d’importants dégâts collatéraux.

, ,
https://www.01net.com/actualites/ukraine-il-a-transforme-son-logiciel-open-source-en-wiper-pour-punir-les-russes-2055581.html

New Backdoor Targets French Entities via Open-Source Package Installer

New Backdoor Targets French Entities via Open-Source Package Installer,

Researchers have exposed a new targeted email campaign aimed at French entities in the construction, real estate, and government sectors that leverages the Chocolatey Windows package manager to deliver a backdoor called Serpent on compromised systems.
Enterprise security firm Proofpoint attributed the attacks to a likely advanced threat actor based on the tactics and the victimology patterns

,

Researchers have exposed a new targeted email campaign aimed at French entities in the construction, real estate, and government sectors that leverages the Chocolatey Windows package manager to deliver a backdoor called Serpent on compromised systems.
Enterprise security firm Proofpoint attributed the attacks to a likely advanced threat actor based on the tactics and the victimology patterns

, ,
https://thehackernews.com/2022/03/new-backdoor-targets-french-entities.html

‘CryptoRom’ Crypto Scam Abusing iPhone Features to Target Mobile Users

‘CryptoRom’ Crypto Scam Abusing iPhone Features to Target Mobile Users

,

Social engineering attacks leveraging a combination of romantic lures and cryptocurrency fraud have been luring unsuspecting victims into installing fake apps by taking advantage of legitimate iOS features like TestFlight and Web Clips.
Cybersecurity company Sophos, which has named the organized crime campaign « CryptoRom, » characterized it as a wide-ranging global scam.
« This style of

,

Social engineering attacks leveraging a combination of romantic lures and cryptocurrency fraud have been luring unsuspecting victims into installing fake apps by taking advantage of legitimate iOS features like TestFlight and Web Clips.
Cybersecurity company Sophos, which has named the organized crime campaign « CryptoRom, » characterized it as a wide-ranging global scam.
« This style of

, ,
https://thehackernews.com/2022/03/cryptorom-crypto-scam-abusing-iphone.html

South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau

South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau,

Luxury hotels in the Chinese special administrative region of Macau were the target of a malicious spear-phishing campaign from the second half of November 2021 and through mid-January 2022.
Cybersecurity firm Trellix attributed the campaign with moderate confidence to a suspected South Korean advanced persistent threat (APT) tracked as DarkHotel, building on research previously published by 

,

Luxury hotels in the Chinese special administrative region of Macau were the target of a malicious spear-phishing campaign from the second half of November 2021 and through mid-January 2022.
Cybersecurity firm Trellix attributed the campaign with moderate confidence to a suspected South Korean advanced persistent threat (APT) tracked as DarkHotel, building on research previously published by 

, ,
https://thehackernews.com/2022/03/south-korean-darkhotel-hackers-targeted.html

Lapsus$ : retour sur l’irrésistible ascension d’un groupe de pirates sud-américains

Lapsus$ : retour sur l’irrésistible ascension d’un groupe de pirates sud-américains

,

Relativement inconnus il y a encore quelques semaines, les membres de ce groupe d’extorsion font trembler les grandes entreprises. Après Nvidia et Samsung, ça a été au tour de Vodafone. Qui sont ces mystérieux hackers ?

,

Relativement inconnus il y a encore quelques semaines, les membres de ce groupe d’extorsion font trembler les grandes entreprises. Après Nvidia et Samsung, ça a été au tour de Vodafone. Qui sont ces mystérieux hackers ?

, ,
https://www.01net.com/actualites/lapsusdollar-retour-sur-l-irresistible-ascension-d-un-groupe-de-pirates-sud-americains-2055532.html

Des cybercriminels ont trouvé de nouveaux moyens d’installer des applis malveillantes sur iOS

Des cybercriminels ont trouvé de nouveaux moyens d’installer des applis malveillantes sur iOS

,

Des groupes de cybercriminels, spécialisés dans les arnaques à la cryptomonnaie, utilisent le service TestFlight et la technologie WebClip d’Apple pour abuser leurs victimes.

,

Des groupes de cybercriminels, spécialisés dans les arnaques à la cryptomonnaie, utilisent le service TestFlight et la technologie WebClip d’Apple pour abuser leurs victimes.

, ,
https://www.01net.com/actualites/des-cybercriminels-ont-trouve-de-nouveaux-moyens-d-installer-des-applis-malveillantes-sur-ios-2055560.html

Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines

Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines,

A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards.
Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker

,

A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards.
Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker

, ,
https://thehackernews.com/2022/03/hackers-target-bank-networks-with-new.html

Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware

Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware,

An analysis of two ransomware attacks has identified overlaps in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, indicating a strong connection between the two groups.
While it’s typical of ransomware groups to rebrand their operations in response to increased visibility into their attacks, BlackCat (aka Alphv) marks a new frontier in that the cyber crime cartel

,

An analysis of two ransomware attacks has identified overlaps in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, indicating a strong connection between the two groups.
While it’s typical of ransomware groups to rebrand their operations in response to increased visibility into their attacks, BlackCat (aka Alphv) marks a new frontier in that the cyber crime cartel

, ,
https://thehackernews.com/2022/03/experts-find-some-affiliates-of.html

Google Uncovers ‘Initial Access Broker’ Working with Conti Ransomware Gang

Google Uncovers ‘Initial Access Broker’ Working with Conti Ransomware Gang

,

Google’s Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations.
Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML platform (CVE-2021-40444) as part of

,

Google’s Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations.
Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML platform (CVE-2021-40444) as part of

, ,
https://thehackernews.com/2022/03/google-uncovers-initial-access-broker.html