Cybersecurity researcher Wladimir Palant analyzed the PDF Toolbox extension (2 million downloads) available from Chrome Web Store and found that it included code that was disguised as a legitimate extension API wrapper.
“TrueBot is a downloader trojan botnet that uses command and control servers to collect information on compromised systems and uses that compromised system as a launching point for further attacks,” VMware’s Fae Carlisle said.
Trend Micro examined and uncovered “an extremely high degree of similarity” between the recently surfaced BlackSuit group and the Royal ransomware group. They share approximately 98% similarity in functions, 99.5% similarity in code blocks, and 98.9% similarity in jump instructions, as witnessed on BinDiff, a comparison tool for binary files. Experts also found eerie similarities […]
Researchers shed light on evolving objectives of the Void Rabisu hacking group as they uncovered a campaign that used a fake version of the Ukrainian army’s Delta situational awareness website to lure targets into installing the RomCom backdoor. While their previous operations were centered on data exfiltration and intelligence collection, the latest campaign suggests their […]
A new Android malware threat was discovered targeting users primarily located in India. Named DogeRAT, the malware is distributed through social media and messaging platforms disguised as Opera Mini, OpenAI ChatGPT, and premium versions of Netflix and YouTube. It can gain unauthorized access to a user’s sensitive data, including contacts, messages, and banking credentials.
Barracuda has disclosed information about a recent attack campaign that exploits a zero-day vulnerability in its ESG appliances to deploy three different malware strains. The CISA added the flaw to its KEV catalog last week, urging federal agencies to apply the patches by June 16.
Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say.
U.S. and South Korean intelligence agencies have issued a new alert warning of North Korean cyber actors’ use of social engineering tactics to strike think tanks, academia, and news media sectors.
Leading snowboard maker Burton Snowboards confirmed notified customers of a data breach after some of their sensitive information was “potentially” accessed or stolen during what the company described in February as a “cyber incident.”
The most severe of these is CVE-2023-32707, a privilege escalation issue that allows low-privileged users with the ‘edit_user’ capability to escalate privileges to administrator, via a specially crafted web request.