The APT campaign employs a modular framework called CloudWizard. This framework is capable of taking screenshots, keylogging, and recording audio from the microphone. The CloudWizard framework comprises nine modules that enable a variety of hacking capabilities.
Check Point took the wraps off of three malicious Microsoft Visual Studio extensions on May 4, 2023, aimed at exploiting VSCode Marketplace visitors. These extensions named Theme Darcula dark, python-vscode, and prettiest java, were downloaded by Windows developers nearly 46,000 times. Actors could pilfer credentials, collect system information, and establish a remote shell on the […]
Security experts are warning of surging threat actor interest in voice cloning-as-a-service (VCaaS) offerings on the dark web, designed to streamline deepfake-based fraud.
Long-running cybercrime cartel FIN7, which has made use of ransomware variants developed by groups including REvil and Maze, has added another strain to its arsenal. This time, its the Cl0p ransomware.
MalasLocker emerged as a new ransomware operation, since the end of March, targeting Zimbra servers. The group gains access to servers by exploiting vulnerabilities in Zimbra software. Instead of demanding a ransom payment, MalasLocker demands a donation to a charity to provide a decryptor and prevent data leakage. The group’s data leak site has three […]
BulletProofLink, also referred to as BulletProftLink or Anthrax, sells access to phishing kits, email templates, hosting, and automated series “at a relatively low cost”.
Financially-motivated UNC3944 gang was found using phishing and SIM swapping attacks to hijack Microsoft Azure admin accounts and gain access to virtual machines to steal data from victim organizations. The threat actor gains initial access to an Azure administrator’s account by using stolen credentials obtained through SMS phishing. Experts recommend organizations should restrict access to […]
The vulnerability, tracked as CVE-2023-21492, impacts Samsung mobile devices running Android 11, 12, and 13 and is due to an insertion of sensitive information into log files.
European foreign affairs organizations are being targeted by a Chinese state-sponsored Camaro Dragon hacking group with a custom malware variant. This group has been found infecting residential TP-Link routers with a specialized malware called Horse Shell. Attackers can execute arbitrary commands, steal files, and even leverage the malware as a SOCKS proxy to facilitate communication […]
There is a growing trend in utilizing Geacon (a Golang implementation of the Cobalt Strike beacon), to target macOS devices, revealed SentinelOne. The package appeared specifically crafted to first verify its execution on a macOS system and subsequently retrieve an unsigned ‘Geacon Plus’ payload from a C2 server in China.