3CX Desktop App Supply Chain Attack Leaves Millions at Risk - Urgent Update on the Way!

3CX said it's working on a software update for its desktop app after multiple cybersecurity vendors sounded the alarm on what appears to be an active supply chain attack that's using digitally signed and rigged installers of the popular voice and video conferencing software to target downstream customers. "The trojanized 3CX desktop app is the first stage in a multi-stage attack chain that pulls
https://thehackernews.com/2023/03/3cx-desktop-app-targeted-in-supply.html?utm_source=dlvr.it&utm_medium=blogger

Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware

Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with clipper malware designed to siphon cryptocurrencies since September 2022. "Clipboard injectors [...] can be silent for years, show no network activity or any other signs of presence until the disastrous day when they replace a crypto wallet address," Vitaly Kamluk, director of
https://thehackernews.com/2023/03/trojanized-tor-browser-installers.html?utm_source=dlvr.it&utm_medium=blogger

President Biden Signs Executive Order Restricting Use of Commercial Spyware

U.S. President Joe Biden on Monday signed an executive order that restricts the use of commercial spyware by federal government agencies. The order said the spyware ecosystem "poses significant counterintelligence or security risks to the United States Government or significant risks of improper use by a foreign government or foreign person." It also seeks to ensure that the government's use of
https://thehackernews.com/2023/03/president-biden-signs-executive-order.html?utm_source=dlvr.it&utm_medium=blogger

Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools

Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. The issue, dubbed aCropalypse, could enable malicious actors to recover edited portions of screenshots, potentially revealing sensitive information that may have been cropped out. Tracked as CVE-2023-28303, the vulnerability is rated 3.3 on the CVSS
https://thehackernews.com/2023/03/microsoft-issues-patch-for-acropalypse.html?utm_source=dlvr.it&utm_medium=blogger

6 Best Free Malware Analysis Tools to Break Down the Malware Samples – 2023

The malware analysis tools simply allow us to know in a quick and effective way, what actions a threat makes in the system. In this way, you can easily collect all the information about the created files, network connections, changes in the registry, etc. Hence, to achieve this goal, there are a lot of resources […] The post 6 Best Free Malware Analysis Tools to Break Down the Malware Samples – 2023 appeared first on Cyber Security News.
https://cybersecuritynews.com/malware-analysis-tools/?utm_source=dlvr.it&utm_medium=blogger

U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals

In what's a case of setting a thief to catch a thief, the U.K. National Crime Agency (NCA) revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground. "All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to
https://thehackernews.com/2023/03/uk-national-crime-agency-sets-up-fake.html?utm_source=dlvr.it&utm_medium=blogger

Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers

Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) hashes and stage a relay attack without requiring any user interaction. "External
https://thehackernews.com/2023/03/microsoft-warns-of-stealthy-outlook.html?utm_source=dlvr.it&utm_medium=blogger

Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites

Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisory on March 23, 2023. It impacts versions 4.8.0 through 5.6.1. Put differently, the issue could permit
https://thehackernews.com/2023/03/critical-woocommerce-payments-plugin.html?utm_source=dlvr.it&utm_medium=blogger

German and South Korean Agencies Warn of Kimsuky's Expanding Cyber Attack Tactics

German and South Korean government agencies have warned about cyber attacks mounted by a threat actor tracked as Kimsuky using rogue browser extensions to steal users' Gmail inboxes. The joint advisory comes from Germany's domestic intelligence apparatus, the Federal Office for the Protection of the Constitution (BfV), and South Korea's National Intelligence Service of the Republic of Korea (NIS
https://thehackernews.com/2023/03/german-and-south-korean-agencies-warn.html?utm_source=dlvr.it&utm_medium=blogger

NAPLISTENER: New Malware in REF2924 Group's Arsenal for Bypassing Detection

The threat group tracked as REF2924 has been observed deploying previously unseen malware in its attacks aimed at entities in South and Southeast Asia. The malware, dubbed NAPLISTENER by Elastic Security Labs, is an HTTP listener programmed in C# and is designed to evade "network-based forms of detection." REF2924 is the moniker assigned to an activity cluster linked to attacks against an entity
https://thehackernews.com/2023/03/new-naplistener-malware-used-by-ref2924.html?utm_source=dlvr.it&utm_medium=blogger

Hackers Steal Over $1.6 Million in Crypto from General Bytes Bitcoin ATMs Using Zero-Day Flaw

Bitcoin ATM maker General Bytes disclosed that unidentified threat actors stole cryptocurrency from hot wallets by exploiting a zero-day security flaw in its software. "The attacker was able to upload his own java application remotely via the master service interface used by terminals to upload videos and run it using 'batm' user privileges," the company said in an advisory published over the
https://thehackernews.com/2023/03/hackers-steal-over-16-million-in-crypto.html?utm_source=dlvr.it&utm_medium=blogger

Researchers Shed Light on CatB Ransomware's Evasion Techniques

The threat actors behind the CatB ransomware operation have been observed using a technique called DLL search order hijacking to evade detection and launch the payload. CatB, also referred to as CatB99 and Baxtoy, emerged late last year and is said to be an "evolution or direct rebrand" of another ransomware strain known as Pandora based on code-level similarities. It's worth noting that the use
https://thehackernews.com/2023/03/researchers-shed-light-on-catb.html?utm_source=dlvr.it&utm_medium=blogger

Emotet Rises Again: Evades Macro Security via OneNote Attachments

The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542, continues to be a potent and resilient threat despite attempts by law enforcement to take it down. A 
https://thehackernews.com/2023/03/emotet-rises-again-evades-macro.html?utm_source=dlvr.it&utm_medium=blogger

Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack

The zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group. Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim
https://thehackernews.com/2023/03/chinese-hackers-exploit-fortinet-zero.html?utm_source=dlvr.it&utm_medium=blogger

Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chips

Google is calling attention to a set of severe security flaws in Samsung's Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction. The 18 zero-day vulnerabilities affect a wide range of Android smartphones from Samsung, Vivo, Google, wearables using the Exynos W920 chipset, and vehicles equipped with the Exynos Auto T5123
https://thehackernews.com/2023/03/google-uncovers-18-severe-security.html?utm_source=dlvr.it&utm_medium=blogger

Multiple Hacker Groups Exploit 3-Year-Old Vulnerability to Breach U.S. Federal Agency

Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The disclosure comes from a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC).
https://thehackernews.com/2023/03/multiple-hacker-groups-exploit-3-year.html?utm_source=dlvr.it&utm_medium=blogger

Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company

A cyberespionage actor known as Tick has been attributed with high confidence to a compromise of an East Asian data-loss prevention (DLP) company that caters to government and military entities. "The attackers compromised the DLP company's internal update servers to deliver malware inside the software developer's network, and trojanized installers of legitimate tools used by the company, which
https://thehackernews.com/2023/03/tick-apt-targeted-high-value-customers.html?utm_source=dlvr.it&utm_medium=blogger

The Prolificacy of LockBit Ransomware

Today, the LockBit ransomware is the most active and successful cybercrime organization in the world. Attributed to a Russian Threat Actor, LockBit has stepped out from the shadows of the Conti ransomware group, who were disbanded in early 2022. LockBit ransomware was first discovered in September 2019 and was previously known as ABCD ransomware because of the ".abcd virus" extension first
https://thehackernews.com/2023/03/the-prolificacy-of-lockbit-ransomware.html?utm_source=dlvr.it&utm_medium=blogger

Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily

An open source adversary-in-the-middle (AiTM) phishing kit has found a number of takers in the cybercrime world for its ability to orchestrate attacks at scale. The Microsoft Threat Intelligence team is tracking the threat actor behind the development of the kit under its emerging moniker DEV-1101. An AiTM phishing attack typically involves a threat actor attempting to steal and intercept a
https://thehackernews.com/2023/03/microsoft-warns-of-large-scale-use-of.html?utm_source=dlvr.it&utm_medium=blogger

Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom

More than a dozen security flaws have been disclosed in E11, a smart intercom product made by Chinese company Akuvox. "The vulnerabilities could allow attackers to execute code remotely in order to activate and control the device's camera and microphone, steal video and images, or gain a network foothold," Claroty security researcher Vera Mens said in a technical write-up. Akuvox E11 is
https://thehackernews.com/2023/03/researchers-uncover-over-dozen-security.html?utm_source=dlvr.it&utm_medium=blogger

KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets

The Dark Pink advanced persistent threat (APT) actor has been linked to a fresh set of attacks targeting government and military entities in Southeast Asian countries with a malware called KamiKakaBot. Dark Pink, also called Saaiwc, was first profiled by Group-IB earlier this year, describing its use of custom tools such as TelePowerBot and KamiKakaBot to run arbitrary commands and exfiltrate
https://thehackernews.com/2023/03/kamikakabot-malware-used-in-latest-dark.html?utm_source=dlvr.it&utm_medium=blogger

BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads

The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif. According to cybersecurity company eSentire, malicious ads are used to spoof a wide range of legitimate apps and services such as Adobe, OpenAPI's ChatGPT, Spotify, Tableau, and Zoom. BATLOADER, as the name suggests, is a loader that's responsible for
https://thehackernews.com/2023/03/batloader-malware-uses-google-ads-to.html?utm_source=dlvr.it&utm_medium=blogger

North Korean UNC2970 Hackers Expands Operations with New Malware Families

A North Korean espionage group tracked as UNC2970 has been observed employing previously undocumented malware families as part of a spear-phishing campaign targeting U.S. and European media and technology organizations since June 2022. Google-owned Mandiant said the threat cluster shares "multiple overlaps" with a long-running operation dubbed "Dream Job" that employs job recruitment lures in
https://thehackernews.com/2023/03/north-korean-unc2970-hackers-expands.html?utm_source=dlvr.it&utm_medium=blogger

New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic

The infamous cryptocurrency miner group called 8220 Gang has been observed using a new crypter called ScrubCrypt to carry out cryptojacking operations. According to Fortinet FortiGuard Labs, the attack chain commences with the successful exploitation of susceptible Oracle WebLogic servers to download a PowerShell script that contains ScrubCrypt. Crypters are a type of software that can encrypt,
https://thehackernews.com/2023/03/new-scrubcrypt-crypter-used-in.html?utm_source=dlvr.it&utm_medium=blogger

Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments

High-profile government entities in Southeast Asia are the target of a cyber espionage campaign undertaken by a Chinese threat actor known as Sharp Panda since late last year. The intrusions are characterized by the use of a new version of the Soul modular framework, marking a departure from the group's attack chains observed in 2021. Israeli cybersecurity company Check Point said the "
https://thehackernews.com/2023/03/sharp-panda-using-new-soul-framework.html?utm_source=dlvr.it&utm_medium=blogger

Why Healthcare Can't Afford to Ignore Digital Identity

Investing in digital identity can improve security, increase clinical productivity, and boost healthcare's bottom line. — by Gus Malezis, CEO of Imprivata Digitalization has created immeasurable opportunities for businesses over the past two decades. But the growth of hybrid work and expansion of Internet of Things (IoT) has outpaced traditional 'castle and moat' cybersecurity, introducing
https://thehackernews.com/2023/03/why-healthcare-cant-afford-to-ignore.html?utm_source=dlvr.it&utm_medium=blogger

Shein's Android App Caught Transmitting Clipboard Data to Remote Servers

An older version of Shein's Android application suffered from a bug that periodically captured and transmitted clipboard contents to a remote server. The Microsoft 365 Defender Research Team said it discovered the problem in version 7.9.2 of the app that was released on December 16, 2021. The issue has since been addressed as of May 2022. Shein, originally named ZZKKO, is a Chinese online fast
https://thehackernews.com/2023/03/sheins-android-app-caught-transmitting.html?utm_source=dlvr.it&utm_medium=blogger

Experts Discover Flaw in U.S. Govt's Chosen Quantum-Resistant Encryption Algorithm

A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year. The exploit relates to "side-channel attacks on up to the fifth-order masked implementations of CRYSTALS-Kyber in ARM Cortex-M4 CPU," Elena Dubrova, Kalle Ngo, and Joel Gärtner of KTH
https://thehackernews.com/2023/03/experts-discover-flaw-in-us-govts.html?utm_source=dlvr.it&utm_medium=blogger

Third party Cybersecurity risks in securing the supply chain

Some of the biggest prevailing challenges in the cybersecurity world over the last year have been those revolving around securing the software supply chain across the enterprise. The software that enterprises build for internal use and external consumption by their… Read more → The post Third party Cybersecurity risks in securing the supply chain first appeared on IT Security News.
https://www.itsecuritynews.info/third-party-cybersecurity-risks-in-securing-the-supply-chain-2/?utm_source=dlvr.it&utm_medium=blogger

New FiXS ATM Malware Targeting Mexican Banks

A new ATM malware strain dubbed FiXS has been observed targeting Mexican banks since the start of February 2023. "The ATM malware is hidden inside another not-malicious-looking program," Latin American cybersecurity firm Metabase Q said in a report shared with The Hacker News. Besides requiring interaction via an external keyboard, the Windows-based ATM malware is also vendor-agnostic and is
https://thehackernews.com/2023/03/new-fixs-atm-malware-targeting-mexican.html?utm_source=dlvr.it&utm_medium=blogger

Chinese Hackers Targeting European Entities with New MQsTTang Backdoor

The China-aligned Mustang Panda actor has been observed using a hitherto unseen custom backdoor called MQsTTang as part of an ongoing social engineering campaign that commenced in January 2023. "Unlike most of the group's malware, MQsTTang doesn't seem to be based on existing families or publicly available projects," ESET researcher Alexandre Côté Cyr said in a new report. Attack chains
https://thehackernews.com/2023/03/chinese-hackers-targeting-european.html?utm_source=dlvr.it&utm_medium=blogger

SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics

The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features designed to evade security software and resist reverse engineering. Cybersecurity company Trend Micro said
https://thehackernews.com/2023/03/sysupdate-malware-strikes-again-with.html?utm_source=dlvr.it&utm_medium=blogger

Gmail and Google Calendar Now Support Client-Side Encryption (CSE) to Boost Data Privacy

Google has announced the general availability of client-side encryption (CSE) for Gmail and Calendar, months after piloting the feature in late 2022. The data privacy controls enable "even more organizations to become arbiters of their own data and the sole party deciding who has access to it," Google's Ganesh Chilakapati and Andy Wen said. To that end, users can send and receive emails or
https://thehackernews.com/2023/03/gmail-and-google-calendar-now-support.html?utm_source=dlvr.it&utm_medium=blogger

APT-C-36 Strikes Again: Blind Eagle Hackers Target Key Industries in Colombia

The threat actor known as Blind Eagle has been linked to a new campaign targeting various key industries in Colombia. The activity, which was detected by the BlackBerry Research and Intelligence Team on February 20, 2023, is also said to encompass Ecuador, Chile, and Spain, suggesting a slow expansion of the hacking group's victimology footprint. Targeted entities include health, financial, law
https://thehackernews.com/2023/02/apt-c-36-strikes-again-blind-eagle.html?utm_source=dlvr.it&utm_medium=blogger