Cyware Alerts - Hacker News
Enhanced Legion Credential Harvester Targets SSH Servers and AWS Credentials
/https://cyware-ent.s3.amazonaws.com/image_bank/0763_shutterstock_2188717701.jpg "Enhanced Legion Credential Harvester Targets SSH Servers and AWS Credentials - Cybersecurity news")
An updated version of the Python-based, cloud-focused hack tool called Legion—which can extract credentials from vulnerable web servers—has surfaced. The updated variant incorporates the Paramiko module to exploit SSH servers. Furthermore, it can now retrieve specific AWS credentials associated wit ... Read More
Tortoiseshell Eyes Israeli Logistics Industry
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_283834994.jpg "Tortoiseshell Eyes Israeli Logistics Industry - Cybersecurity news")
Alleged Iranian nation-state hacker group Tortoiseshell performed a watering hole attack on several shipping and logistics websites in Israel to collect information about their users. Attackers stay hidden by impersonating the genuine jQuery JavaScript framework. Organizations are urged to raise aw ... Read More
WinTapix Attack Campaign Targets Middle East Nations
/https://cyware-ent.s3.amazonaws.com/image_bank/8368_shutterstock_2252599749.jpg "WinTapix Attack Campaign Targets Middle East Nations - Cybersecurity news")
An unidentified threat actor group has been observed employing a malicious Windows kernel driver in targeted attacks, primarily focusing on the Middle East region. Fortinet security experts have dubbed the artifact as WINTAPIX (WinTapix.sys). To stay protected, users are suggested to immediately im ... Read More
North Korea Actor Kimsuky Updates its Reconnaissance Malware RandomQuery
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_330037622.jpg "North Korea Actor Kimsuky Updates its Reconnaissance Malware RandomQuery - Cybersecurity news")
Kimsuky, the North Korean APT group, is actively distributing a variant of custom malware known as RandomQuery as part of its reconnaissance campaigns. The malware has been specifically designed to perform two primary functions: file enumeration and data exfiltration. A real-time threat intelligenc ... Read More
Trojanized App Infects Over 50,000 with AhRAt Trojan
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_513302842.jpg "Trojanized App Infects Over 50,000 with AhRAt Trojan - Cybersecurity news")
AhRAT is a newly discovered threat by ESET researchers on the Google Play Store that disguises itself as a screen recording application, which witnessed tens of thousands of installations. Threat actors added malicious functionality at a later stage of its release in August 2022. Organizations must ... Read More
Spying Campaign Targets Ukraine, Israel, and Others - Warns CERT-UA
/https://cyware-ent.s3.amazonaws.com/image_bank/e430_Shutterstock_148033442_1.jpg "Spying Campaign Targets Ukraine, Israel, and Others - Warns CERT-UA - Cybersecurity news")
CERT-UA warned against a cyberespionage campaign by the UAC-0063 threat group targeting Ukraine, Mongolia, Kazakhstan, Kyrgyzstan, Israel, and India. To complicate investigation efforts and hinder attribution, the hackers employed the PyArmor and Themida software tools. Organizations are advised to ... Read More
Scammers Use Residential IP Addresses to Launch BEC Attacks
/https://cyware-ent.s3.amazonaws.com/image_bank/0a5b_shutterstock_1901338339.jpg "Scammers Use Residential IP Addresses to Launch BEC Attacks - Cybersecurity news")
The Cyber Signals report revealed that Microsoft detected 35 million BEC attempts with an average of 156,000 attempts daily between April 2022 and April 2023. Microsoft also noticed a pattern in which attackers used a phishing-as-a-service platform, BulletProftLink, to obtain login credentials. To ... Read More
Windows Kernel Drivers Used in BlackCat Attacks
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_444597916.jpg "Windows Kernel Drivers Used in BlackCat Attacks - Cybersecurity news")
Trend Micro revealed that the BlackCat ransomware group is using a signed kernel driver for evasion tactics. The driver was utilized in conjunction with a separate user client executable, with the intention of manipulating, pausing, and terminating specific processes associated with the security on ... Read More
'Inferno Drainer' Swindles $6 million in Four Months
/https://cyware-ent.s3.amazonaws.com/image_bank/d92d_shutterstock_1069415450.jpg "'Inferno Drainer' Swindles $6 million in Four Months - Cybersecurity news")
Security analysts at Scam Sniffer exposed a crypto phishing and scam service Inferno Drainer that swindled about $5.9 million worth of cryptocurrencies from 4,888 victims. It reportedly crafted over 689 counterfeit websites since March 27, 2023. Deploy a real-time anti-scam protection solutio ... Read More
New DarkCloud Campaign Leverages Spam Emails
/https://cyware-ent.s3.amazonaws.com/image_bank/7e21_shutterstock_1934000921.jpg "New DarkCloud Campaign Leverages Spam Emails - Cybersecurity news")
ASEC’s AhnLab discovered a spam email campaign that distributes the DarkCloud info-stealer malware. The email contents urge recipients to review the attached payment statement, which purportedly pertains to their company account. Additionally, the threat actor installs ClipBanker on infected device ... Read More
Defend Against Threats with Cyber Fusion
Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.
Learn More
Trending Tags
