ESET experts discovered the previously unknown ESPecter UEFI bootkit, which was used for targeted attacks and espionage. So far, experts do not associate ESPecter with any specific hack groups or countries. UEFI attacks are the holy grail for hackers. After all, UEFI is loaded before the operating system and controls all processes at an “early… Continue reading Experts discovered ESPecter UEFI bootkit used for espionage
Tag: Phishing
Users can be lured to a malicious site through a vulnerability in Apple AirTag
Security researcher Bobby Rauch discovered a vulnerability in AirTag key fobs, which Apple advertises as a convenient solution for tracking personal belongings (for example, laptops, phones, car keys, backpacks, and so on). Gadgets are susceptible to a stored XSS vulnerability. Rauch has revealed the issue, although the patch is not yet available, as he was… Continue reading Users can be lured to a malicious site through a vulnerability in Apple AirTag
FlyTrap Android malware compromised over 10,000 Facebook accounts
According to experts from Zimperium, Android malware FlyTrap hijacks Facebook accounts in 140 countries around the world by stealing session cookies. Worse, the researchers found that the stolen information was available to anyone who found the FlyTrap C&C server. Analysts believe the malware has been active since at least this spring. Attackers use decoys distributed… Continue reading FlyTrap Android malware compromised over 10,000 Facebook accounts
Evil Corp Ransomware Posing As PayloadBin Group To Avoid US Sanctions
Operators of new ransomware PayloadBIN, linked to the cybercriminal group Evil Corp, are trying to avoid sanctions imposed by the Office of Foreign Assets Control of the US Treasury Department (OFAC). Members of Evil Corp (also known as Indrik Spider and Dridex) started out as partners with the ZeuS botnet operators. Over time, Evil Corp… Continue reading Evil Corp Ransomware Posing As PayloadBin Group To Avoid US Sanctions
A competition at a hacker forum: $115,000 paid for new attack methods related to cryptocurrency
Intel 471 analysts discovered that at the end of April this year, a competition was announced on an unnamed Russian-speaking hacker forum for the best new hacking methods related to cryptocurrencies. The administration of the resource encouraged everyone to publish articles on unusual ways of stealing private keys and wallets, software for mining cryptocurrencies, smart… Continue reading A competition at a hacker forum: $115,000 paid for new attack methods related to cryptocurrency
Tencent and Chinese police conducted a joint operation against game cheat developers
Chinese police in collaboration with tech giant Tencent have launched a joint operation against cheat developers. 10 developers of 17 different cheating tools in games (including Overwatch and Call of Duty Mobile) were arrested. Law enforcers and Tencent call it the largest anti-cheat operation in history. According to the BBC, a total of 76 million… Continue reading Tencent and Chinese police conducted a joint operation against game cheat developers
Ukrainian cyber police arrested the author of uPanel phishing kit
Ukrainian cyber police have arrested a 39-year-old man who is probably the author of uPanel, one of the most popular phishing kits on the black market. The arrest of the developer of the malicious toolkit was the result of an international investigation. ZDNet’s own sources claim that the phishing toolkit is called uPanel (aka U-Admin).… Continue reading Ukrainian cyber police arrested the author of uPanel phishing kit
LogoKit phishing kit allows creating phishing pages in real time
RiskIQ researchers said that the new LogoKit phishing kit was detected on more than 700 unique domains in the last month alone and on 300 in the last week. Worse, this tool allows hackers to modify logos and text on phishing pages in real-time, tailoring sites for specific purposes. LogoKit relies on sending users phishing… Continue reading LogoKit phishing kit allows creating phishing pages in real time
Hackers majorly use Microsoft and DHL brands in phishing attacks
Hackers majorly use the Microsoft and DHL brands in phishing attacks. In Q4 2020, cybercriminals used more brands from the tech industry, followed by shipping and retail businesses. Information security researchers from the Check Point Software team said that phishers love the Microsoft brand. 43% of all attempts at phishing attacks were associated with it… Continue reading Hackers majorly use Microsoft and DHL brands in phishing attacks
Operators of phishing campaigns increased number of emails allegedly from delivery services
Check Point Research reports that in November, the number of phishing emails written on behalf of delivery services increased by 440% compared to October. The sharpest growth was noted in Europe, with North America and the Asia-Pacific region in second and third places respectively in the number of phishing campaigns. Most often (in 56% of… Continue reading Operators of phishing campaigns increased number of emails allegedly from delivery services