The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. The scheme eventually acts as an entry point to conduct financial fraud or the delivery of next-stage payloads such as ransomware, cybersecurity company Trellix said in a report published last week. Primary targets … [Read more...] about BazarCall Callback Phishing Attacks Constantly Evolving Its Social Engineering Tactics
data breach
Researchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky
A new piece of research has detailed the increasingly sophisticated nature of the malware toolset employed by an advanced persistent threat (APT) group named Earth Aughisky. "Over the last decade, the group has continued to make adjustments in the tools and malware deployments on specific targets located in Taiwan and, more recently, Japan," Trend Micro disclosed in a technical … [Read more...] about Researchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky
Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite
A severe remote code execution vulnerability in Zimbra's enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue. The shortcoming, assigned CVE-2022-41352, carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions … [Read more...] about Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite
Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities
Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from ".*autodiscover\.json.*Powershell.*" to "(?=.*autodiscover\.json)(?=.*powershell)." The … [Read more...] about Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities
Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy
Fortinet has privately warned its customers of a security flaw affecting FortiGate firewalls and FortiProxy web proxies that could potentially allow an attacker to perform unauthorized actions on susceptible devices. Tracked as CVE-2022-40684, the high-severity flaw relates to an authentication bypass vulnerability that could permit an unauthenticated adversary to perform … [Read more...] about Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy
Eternity Group Hackers Offering New LilithBot Malware as a Service to Cybercriminals
The threat actor behind the malware-as-a-service (MaaS) called Eternity has been linked to new piece of malware called LilithBot. "It has advanced capabilities to be used as a miner, stealer, and a clipper along with its persistence mechanisms," Zscaler ThreatLabz researchers Shatak Jain and Aditya Sharma said in a Wednesday report. "The group has been continuously enhancing … [Read more...] about Eternity Group Hackers Offering New LilithBot Malware as a Service to Cybercriminals
Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices
A novel Android malware called RatMilad has been observed targeting a Middle Eastern enterprise mobile device by concealing itself as a VPN and phone number spoofing app. The mobile trojan functions as advanced spyware with capabilities that receives and executes commands to collect and exfiltrate a wide variety of data from the infected mobile endpoint, Zimperium said in a … [Read more...] about Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices
Russian Hacker Arrested in India for Reportedly Helping Students Cheat in JEE-Main Exam
India's Central Bureau of Investigation (CBI) on Monday disclosed that it has detained a Russian national for allegedly hacking into a software platform used to conduct engineering entrance assessments in the country in 2021. "The said accused was detained by the Bureau of Immigration at Indira Gandhi International Airport, Delhi while arriving in India from Almaty, … [Read more...] about Russian Hacker Arrested in India for Reportedly Helping Students Cheat in JEE-Main Exam
Pay What You Want for This Collection of White Hat Hacking Courses
Whether you relish a mental challenge or fancy a six-figure paycheck, there are many good reasons to get into white hat hacking. That said, picking up the necessary knowledge to build a new career can seem like a daunting task. There is a lot to learn, after all. To help you get started, The Hacker News Deals is currently running an eye-catching offer: pay what you want for one … [Read more...] about Pay What You Want for This Collection of White Hat Hacking Courses
State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organizations
Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks aimed at less than 10 organizations globally. "These attacks installed the Chopper web shell to facilitate hands-on-keyboard access, which the attackers used to perform … [Read more...] about State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organizations