May 03, 2024NewsroomCloud Security / Threat Intelligence Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of Broadcom, said in a … [Read more...] about Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications
Hackers
Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites
Apr 06, 2024NewsroomSkimmer / Threat Intelligence Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way for arbitrary code … [Read more...] about Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites
Vietnam-Based Hackers Steal Financial Data Across Asia with Malware
A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May 2023. Cisco Talos is tracking the cluster under the name CoralRaider, describing it as financially motivated. Targets of the campaign include India, China, South Korea, Bangladesh, … [Read more...] about Vietnam-Based Hackers Steal Financial Data Across Asia with Malware
Hackers disrupt Apex Legends esports tournament
The esports industry is booming: prize pools for top tournaments have long surpassed $10 million, with peak online viewership exceeding one million. This naturally attracts hackers, who typically either steal game source-code or target individual gamers. Recently, cyberattacks have gone beyond the pale: hackers disrupted a major Apex Legends tournament. This post explores why … [Read more...] about Hackers disrupt Apex Legends esports tournament
U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers
Apr 03, 2024NewsroomData Breach / Incident Response The U.S. Cyber Safety Review Board (CSRB) has criticized Microsoft for a series of security lapses that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based nation-state group called Storm-0558 last year. The findings, released by the Department of Homeland Security (DHS) on Tuesday, … [Read more...] about U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers
Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware
Mar 30, 2024NewsroomMalware / Cryptocurrency Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims' Macs, but operate with the end goal of stealing sensitive data, … [Read more...] about Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware
Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite
Mar 27, 2024NewsroomCyber Espionage / Data Breach Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate sensitive information in some cases by using Slack as command-and-control (C2). "The information stealer was … [Read more...] about Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite
Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others
Mar 25, 2024NewsroomSupply Chain Attack / Cryptocurrency Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organization account associated with Top.gg, a Discord bot discovery site. "The threat actors used multiple TTPs in this attack, including account takeover via stolen browser … [Read more...] about Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others
Russian Hackers Use ‘WINELOADER’ Malware to Target German Political Parties
Mar 23, 2024NewsroomCyber Espionage / Cyber Warfare The WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has been attributed as the handiwork of a hacking group with links to Russia's Foreign Intelligence Service (SVR), which was responsible for breaching SolarWinds and Microsoft. The findings come from Mandiant, … [Read more...] about Russian Hackers Use ‘WINELOADER’ Malware to Target German Political Parties
Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer
Mar 16, 2024NewsroomMalware / Cybercrime Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer called RisePro. The campaign, codenamed gitgub, includes 17 repositories associated with 11 different accounts, according to G DATA. The repositories in question have since been taken down by … [Read more...] about Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer