Hackers Using Website’s Contact Forms to Deliver IcedID Malware – Tempemail

Microsoft has warned organizations of a “unique” attack campaign that abuses contact forms published on websites to deliver malicious links to businesses via emails containing fake legal threats, in what’s yet another instance of adversaries abusing legitimate infrastructure to mount evasive campaigns that bypass security protections. “The emails instruct recipients Continue Reading

Hackers Tampered With APKPure Store to Distribute Malware Apps – Tempemail

APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices. In an incident that’s similar to that of German telecommunications equipment manufacturer Gigaset, the APKPure client version 3.17.18 is said to Continue Reading

Hackers Exploit Unpatched VPNs to Install Ransomware on Industrial Targets – Tempemail

Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called “Cring” inside corporate networks. At least one of the hacking incidents led to the temporary shutdown of a production site, said cybersecurity firm Kaspersky in Continue Reading

Hackers From China Target Vietnamese Military and Government – Tempemail

A hacking group related to a Chinese-speaking threat actor has been linked to an advanced cyberespionage campaign targeting government and military organizations in Vietnam. The attacks have been attributed with low confidence to the advanced persistent threat (APT) called Cycldek (or Goblin Panda, Hellsing, APT 27, and Conimes), which is Continue Reading

Hackers Targeting professionals With ‘more_eggs’ Malware via LinkedIn Job Offers – Tempemail

A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called “more_eggs.” To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of Continue Reading

Details from 500 million Facebook users found on website for hackers | Facebook

Details from more than 500 million Facebook users have been found available on a website for hackers. The information appears to be several years old but it is another example of the vast amount of information collected by Facebook and other social media sites and the limits to how secure Continue Reading

Hackers Using a Windows OS Feature to Evade Firewall and Gain Persistence – Tempemail

A novel technique adopted by attackers finds ways to use Microsoft’s Background Intelligent Transfer Service (BITS) so as to deploy malicious payloads on Windows machines stealthily. In 2020, hospitals, retirement communities, and medical centers bore the brunt of an ever-shifting phishing campaign that distributed custom backdoors such as KEGTAP, which Continue Reading

Hackers Set Up a Fake Cybersecurity Firm to Target Real Security Experts – Tempemail

A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineering attack. In an update shared on Wednesday, Google’s Threat Analysis Group said the attackers behind the operation set up a fake security company called SecuriElite Continue Reading

Hackers are implanting multiple backdoors at industrial targets in Japan – Tempemail

Cybersecurity researchers on Tuesday disclosed details of a sophisticated campaign that deploys malicious backdoors for the purpose of exfiltrating information from a number of industry sectors located in Japan. Dubbed “A41APT” by Kaspersky researchers, the findings delve into a new slew of attacks undertaken by APT10 (aka Stone Panda or Continue Reading

New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems – Tempemail

Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory. Discovered by Piotr Krysiuk of Symantec’s Threat Hunter team, the flaws — tracked as CVE-2020-27170 and Continue Reading