Apr 03, 2023Ravie LakshmananUnited States A piece of new information-stealing malware called OpcJacker has been spotted in the wild since the second half of 2022 as part of a malvertising campaign. "OpcJacker's main functions include keylogging, taking screenshots, stealing sensitive data from browsers, loading additional modules, and replacing cryptocurrency addresses in … [Read more...] about Crypto-Stealing OpcJacker Malware Targets Users with Fake VPN Service
the hacker news
Microsoft Fixes New Azure AD Vulnerability Impacting Bing Search and Major Apps
Apr 01, 2023Ravie LakshmananAzure / Active Directory Microsoft has patched a misconfiguration issue impacting the Azure Active Directory (AAD) identity and access management service that exposed several "high-impact" applications to unauthorized access. "One of these apps is a content management system (CMS) that powers Bing.com and allowed us to not only modify search … [Read more...] about Microsoft Fixes New Azure AD Vulnerability Impacting Bing Search and Major Apps
Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation
Apr 01, 2023Ravie LakshmananCyber Attack / Vulnerability Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems. This entails the abuse of CVE-2022-46169 (CVSS score: 9.8) and CVE-2021-35394 (CVSS score: 9.8) to deliver MooBot and ShellBot (aka PerlBot), Fortinet FortiGuard Labs said … [Read more...] about Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation
Researchers Detail Severe “Super FabriXss” Vulnerability in Microsoft Azure SFX
Mar 30, 2023Ravie LakshmananCloud Security / Vulnerability Details have emerged about a now-patched vulnerability in Azure Service Fabric Explorer (SFX) that could lead to unauthenticated remote code execution. Tracked as CVE-2023-23383 (CVSS score: 8.2), the issue has been dubbed "Super FabriXss" by Orca Security, a nod to the FabriXss flaw (CVE-2022-35829, CVSS score: 6.2) … [Read more...] about Researchers Detail Severe “Super FabriXss” Vulnerability in Microsoft Azure SFX
3CX Desktop App Supply Chain Attack Leaves Millions at Risk
Mar 30, 2023Ravie LakshmananSupply Chain / Software Security 3CX said it's working on a software update for its desktop app after multiple cybersecurity vendors sounded the alarm on what appears to be an active supply chain attack that's using digitally signed and rigged installers of the popular voice and video conferencing software to target downstream customers. "The … [Read more...] about 3CX Desktop App Supply Chain Attack Leaves Millions at Risk
Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware
Mar 29, 2023Ravie LakshmananCryptocurrency / Malware Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with clipper malware designed to siphon cryptocurrencies since September 2022. "Clipboard injectors [...] can be silent for years, show no network activity or any other signs of presence until the disastrous day … [Read more...] about Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware
Stealthy DBatLoader Malware Loader Spreading Remcos RAT and Formbook in Europe
Mar 28, 2023Ravie LakshmananMalware Attack / Hacking A new phishing campaign has set its sights on European entities to distribute Remcos RAT and Formbook via a malware loader dubbed DBatLoader. "The malware payload is distributed through WordPress websites that have authorized SSL certificates, which is a common tactic used by threat actors to evade detection engines," … [Read more...] about Stealthy DBatLoader Malware Loader Spreading Remcos RAT and Formbook in Europe
Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools
Mar 27, 2023Ravie LakshmananPrivacy / Windows Security Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. The issue, dubbed aCropalypse, could enable malicious actors to recover edited portions of screenshots, potentially revealing sensitive information that may have been cropped … [Read more...] about Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools
U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals
Mar 25, 2023Ravie LakshmananCyber Crime / DDoS Attack In what's a case of setting a thief to catch a thief, the U.K. National Crime Agency (NCA) revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground. "All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to … [Read more...] about U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals
Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers
Mar 25, 2023Ravie LakshmananEnterprise Security / Microsoft Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) … [Read more...] about Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers