GwisinLocker is a new ransomware family targeting South Korean industrial and pharmaceutical companies. Capable of compromising both Windows and Linux systems, GwisinLocker has been coded by a relatively unknown threat actor, called Gwisin (meaning ghost or spirit in Korean). Security…
VMware recently released another set of patches addressing a number of vulnerabilities in several products. The vulnerabilities (CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31662, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665) were reported privately. The severity scores of the flaws vary from 4.7 to…
The well-known LockBit ransomware has been receiving significant updates, as evident by the reports of several cybersecurity vendors. New Version of LockBit Observed in the Wild According to SentinelLabs, a new iteration of the ransomware has been deployed in the…
New auto-starting malware on the Google Play Store has been identified. HiddenAds Android Malware The malware is propagated with the help of malicious apps masquerading themselves as cleaner and optimization apps for device management. The Android apps were distributed on…
Security researchers recently uncovered a large network of fake investment scamming sites targeting specific European countries and North America. Fake Investment Phishing Sites Targeting European Countries The network consists of at least 11,000 domains that target the United Kingdom, Belgium,…
Security researchers share a new trend in phishing campaigns which now utilize the so-called IPFS URLs as payload. The discovery comes from TrustWave researchers who came across a site called the Chameleon Phishing page. Websites like this one can change…
Security researchers detail a new phishing-as-a-service (Phaas) platform in a recently released report. The platform is an example of how initial access brokers gain a foothold in organizations’ networks. Robin Banks is the name of a new PhaaS platform which,…
Unsecured wi-fi networks have proven to be a gateway to many attacks. More particularly, poorly configured access point encryption (or services that allow data to be sent without being encrypted) has been outlined as one of the biggest threats to…
Security researchers detailed the discovery of a new, previously undetected malware sample specifically designed to target the Linux environment. The malware showcases sophisticated capabilities and is “an intricate framework developed for targeting Linux systems,” Intezer researchers said in their technical…
Security researchers reported the discovery of a new cross-platform ransomware strain coded to target Windows, Linux, and ESXi systems. Meet the New Cross-Platform Luna Ransomware Discovered by Kaspersky’s Darknet Threat Intelligence monitoring system, the so-called Luna ransomware is advertised on…
Apple has released fixes addressing 37 software vulnerabilities in its operating systems iOS, iPadOS, macOS, tvOS, and watchOS. The flaws affect different parts of iOS and macOS and could be used for escalation of privilege, arbitrary code execution, information disclosure…
A new macOS backdoor is making rounds in the wild in targeted attacks aiming to steal sensitive information. CloudMensis macOS Backdoor: What’s Known So Far The backdoor, called CloudMensis, is exclusively using public cloud storage services to communicate with the…
Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center (MSTIC) detailed a large-scale phishing campaign that utilized the so-called adversary-in-the-middle (AiTM) phishing sites. The sites were deployed to harvest passwords, hijack sign-in sessions, and skip authentication processes, including MFA…
Microsoft recently disclosed a macOS vulnerability, identified as CVE-2022-26706, that could allow specially crafted codes to escape the App Sandbox and run unrestricted. The findings have been shared with Apple via the Coordinated Vulnerability Disclosure and Microsoft Security Vulnerability Research…
CVE-2021-22048 is a high-severity privilege escalation vulnerability in the VMware vCenter Server IWA mechanism, which also affects the Cloud Foundation hybrid platform. Eight months after the vulnerability was disclosed, the company released a patch for one of the affected versions.…
Axie Infinity is a popular blockchain gaming platform which was involved in a large hacking incident resulting in the loss of $540 million in cryptocurrency. The platform is a non-fungible token-based online video game developed by Vietnamese studio Sky Mavis,…
CVE-2022-34265 is a new high severity vulnerability in the Django project, an open-source Python-based web framework. The vulnerability has been reported by Takuto Yoshikai from Aeye Security Lab. CVE-2022-34265: Short Technical Overview The vulnerability has been fixed in Django 4.0.6…
YTStealer is a new malware designed to steal YouTube authentication cookies. Discovered by Intezer researchers, the malware, which is based on the Chacal open-source GitHub project, operates as a typical stealer. Once installed, its first goal is performing environment checks…
Security researchers discovered a new sandbox evasion technique. Called API hammering, the technique involves the use of a large number of calls to Windows APIs to achieve an extended sleep condition. The latter helps to evade detection in sandbox environments.…
Cybersecurity researchers detected a new malware tool that helps threat actors build malicious Windows shortcut files, known as .LNK files. Quantum LNK Builder and the Use of .lnk Files Dubbed Quantum Lnk Builder, the tool is currently being offered for…
