AceCryptor: Cybercriminals’ Powerful Weapon, Detected in 240K+ Attacks

AceCryptor: Cybercriminals’ Powerful Weapon, Detected in 240K+ Attacks

,

A crypter (alternatively spelled cryptor) malware dubbed AceCryptor has been used to pack numerous strains of malware since 2016.
Slovak cybersecurity firm ESET said it identified over 240,000 detections of the crypter in its telemetry in 2021 and 2022. This amounts to more than 10,000 hits per month.
Some of the prominent malware families contained within AceCryptor are SmokeLoader, RedLine

,

A crypter (alternatively spelled cryptor) malware dubbed AceCryptor has been used to pack numerous strains of malware since 2016.
Slovak cybersecurity firm ESET said it identified over 240,000 detections of the crypter in its telemetry in 2021 and 2022. This amounts to more than 10,000 hits per month.
Some of the prominent malware families contained within AceCryptor are SmokeLoader, RedLine

, ,
https://thehackernews.com/2023/05/acecryptor-cybercriminals-powerful.html

3 Challenges in Building a Continuous Threat Exposure Management (CTEM) Program and How to Beat Them

3 Challenges in Building a Continuous Threat Exposure Management (CTEM) Program and How to Beat Them,

If you’re a cybersecurity professional, you’re likely familiar with the sea of acronyms our industry is obsessed with. From CNAPP, to CWPP, to CIEM and all of the myriad others, there seems to be a new initialism born each day.
In this article, we’ll look at another trending acronym – CTEM, which stands for Continuous Threat Exposure Management – and the often-surprising challenges that come

,

If you’re a cybersecurity professional, you’re likely familiar with the sea of acronyms our industry is obsessed with. From CNAPP, to CWPP, to CIEM and all of the myriad others, there seems to be a new initialism born each day.
In this article, we’ll look at another trending acronym – CTEM, which stands for Continuous Threat Exposure Management – and the often-surprising challenges that come

, ,
https://thehackernews.com/2023/05/3-challenges-in-building-continuous.html

New GobRAT Remote Access Trojan Targeting Linux Routers in Japan

New GobRAT Remote Access Trojan Targeting Linux Routers in Japan,

Linux routers in Japan are the target of a new Golang remote access trojan (RAT) called GobRAT.
« Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT, » the JPCERT Coordination Center (JPCERT/CC) said in a report published today.
The compromise of an internet-exposed router is followed by the

,

Linux routers in Japan are the target of a new Golang remote access trojan (RAT) called GobRAT.
« Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT, » the JPCERT Coordination Center (JPCERT/CC) said in a report published today.
The compromise of an internet-exposed router is followed by the

, ,
https://thehackernews.com/2023/05/new-gobrat-remote-access-trojan.html

Don’t Click That ZIP File! Phishers Weaponizing .ZIP Domains to Trick Victims

Don’t Click That ZIP File! Phishers Weaponizing .ZIP Domains to Trick Victims

,

A new phishing technique called « file archiver in the browser » can be leveraged to « emulate » a file archiver software in a web browser when a victim visits a .ZIP domain.
« With this phishing attack, you simulate a file archiver software (e.g., WinRAR) in the browser and use a .zip domain to make it appear more legitimate, » security researcher mr.d0x disclosed last week.
Threat actors, in a

,

A new phishing technique called « file archiver in the browser » can be leveraged to « emulate » a file archiver software in a web browser when a victim visits a .ZIP domain.
« With this phishing attack, you simulate a file archiver software (e.g., WinRAR) in the browser and use a .zip domain to make it appear more legitimate, » security researcher mr.d0x disclosed last week.
Threat actors, in a

, ,
https://thehackernews.com/2023/05/dont-click-that-zip-file-phishers.html

PyPI Implements Mandatory Two-Factor Authentication for Project Owners

PyPI Implements Mandatory Two-Factor Authentication for Project Owners,

The Python Package Index (PyPI) announced last week that every account that maintains a project on the official third-party software repository will be required to turn on two-factor authentication (2FA) by the end of the year.
« Between now and the end of the year, PyPI will begin gating access to certain site functionality based on 2FA usage, » PyPI administrator Donald Stufft said. « In addition

,

The Python Package Index (PyPI) announced last week that every account that maintains a project on the official third-party software repository will be required to turn on two-factor authentication (2FA) by the end of the year.
« Between now and the end of the year, PyPI will begin gating access to certain site functionality based on 2FA usage, » PyPI administrator Donald Stufft said. « In addition

, ,
https://thehackernews.com/2023/05/pypi-implements-mandatory-two-factor.html

Ce nouveau ransomware « Robin des Bois » a une exigence très particulière

Ce nouveau ransomware « Robin des Bois » a une exigence très particulière,

ransomware exigence particulière

Un nouveau ransomware est apparu au cours des derniers mois. Très différent des autres gangs en activité, le groupe de pirates qui l’a conçu a des exigences qui sortent de l’ordinaire.

,

ransomware exigence particulière

Un nouveau ransomware est apparu au cours des derniers mois. Très différent des autres gangs en activité, le groupe de pirates qui l’a conçu a des exigences qui sortent de l’ordinaire.

, ,
https://www.01net.com/actualites/ransomware-exigence-tres-particuliere.html

New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets

New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets,

A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and cryptocurrency wallets. 
« It has the potential to expand to other platforms as Bandit Stealer was developed using the Go programming language, possibly allowing cross-platform compatibility, » Trend Micro said in a Friday report

,

A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and cryptocurrency wallets. 
« It has the potential to expand to other platforms as Bandit Stealer was developed using the Go programming language, possibly allowing cross-platform compatibility, » Trend Micro said in a Friday report

, ,
https://thehackernews.com/2023/05/new-stealthy-bandit-stealer-targeting.html

Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking

Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking,

A critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framework Expo.io.
The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs said the issue rendered services using the framework susceptible to credential leakage, which could

,

A critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framework Expo.io.
The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs said the issue rendered services using the framework susceptible to credential leakage, which could

, ,
https://thehackernews.com/2023/05/critical-oauth-vulnerability-in-expo.html

Severe Flaw in Google Cloud’s Cloud SQL Service Exposed Confidential Data

Severe Flaw in Google Cloud’s Cloud SQL Service Exposed Confidential Data

,

A new security flaw has been disclosed in the Google Cloud Platform’s (GCP) Cloud SQL service that could be potentially exploited to obtain access to confidential data.
« The vulnerability could have enabled a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a container, gaining access to internal GCP data like secrets, sensitive files, passwords, in addition

,

A new security flaw has been disclosed in the Google Cloud Platform’s (GCP) Cloud SQL service that could be potentially exploited to obtain access to confidential data.
« The vulnerability could have enabled a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a container, gaining access to internal GCP data like secrets, sensitive files, passwords, in addition

, ,
https://thehackernews.com/2023/05/severe-flaw-in-google-clouds-cloud-sql.html

Predator Android Spyware: Researchers Uncover New Data Theft Capabilities

Predator Android Spyware: Researchers Uncover New Data Theft Capabilities,

Security researchers have shared a deep dive into the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa (previously Cytrox).
Predator was first documented by Google’s Threat Analysis Group (TAG) in May 2022 as part of attacks leveraging five different zero-day flaws in the Chrome web browser and Android.
The spyware, which is delivered by means of

,

Security researchers have shared a deep dive into the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa (previously Cytrox).
Predator was first documented by Google’s Threat Analysis Group (TAG) in May 2022 as part of attacks leveraging five different zero-day flaws in the Chrome web browser and Android.
The spyware, which is delivered by means of

, ,
https://thehackernews.com/2023/05/predator-android-spyware-researchers.html