Security researchers at Palo Alto Networks have uncovered a new variant of the notorious Bifrost malware, now targeting Linux systems with a cunning twist. This latest iteration employs a deceptive domain, download.vmfare[.]com, to masquerade as a legitimate VMware site, thereby bypassing security measures and compromising unsuspecting users.
North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD (Bring Your Own Vulnerable Driver) techniques.
This activity was detected by Avast analysts, who promptly reported it to Microsoft, leading to a fix for the flaw, now tracked as CVE-2024-21338, as part of the February 2024 Patch Tuesday. However, Microsoft has not marked the flaw as being exploited as a zero-day.
A newly discovered threat actor is running an investment scam through a cleverly designed traffic distribution system (TDS), which takes advantage of the Domain Name System (DNS) to keep its malicious domains ever-changing and resistant to takedowns.
"Savvy Seahorse" impersonates major brand names like Meta and Tesla — and, through Facebook ads in nine languages, lures victims into creating accounts on a fake investing platform. Once victims fund their accounts, the money is funneled to a presumably attacker-controlled account at a Russian state-owned bank.
GitHub is struggling to contain an ongoing attack that’s flooding the site with millions of code repositories. These repositories contain obfuscated malware that steals passwords and cryptocurrency from developer devices, researchers said.
The FBI and partners from 10 other countries are urging owners of Ubiquiti EdgeRouters to check their gear for signs they’ve been hacked and are being used to conceal ongoing malicious operations by Russian state hackers.
Microsoft is already testing Windows 11 24H2, this fall's big new Windows release. The company has already demonstrated a few new features, like 80Gbps USB4 support and Sudo for Windows, and the new version could also give a significant refresh to the Windows installer for the first time since the Windows Vista days.
One of the reasons many people pick one of the best iPhones over their Android counterparts is due to security. However, that could be changing as the first ever banking trojan designed to target iPhone users has been spotted in the wild.
According to a new report from Group-IB, the Android trojan GoldDigger has now been modified with new capabilities that make it easier for this malware to drain victims’ bank accounts. First discovered last October, the trojan's new variation has been dubbed GoldPickaxe, with versions specifically designed for both Android and iOS devices.
The US Justice Department said Wednesday that the FBI surreptitiously sent commands to hundreds of infected small office and home office routers to remove malware China state-sponsored hackers were using to wage attacks on critical infrastructure.
The hackers who recently broke into Microsoft’s network and monitored top executives’ email for two months did so by gaining access to an aging test account with administrative privileges, a major gaffe on the company's part, a researcher said.
Russia-state hackers exploited a weak password to compromise Microsoft’s corporate network and accessed emails and documents that belonged to senior executives and employees working in security and legal teams, Microsoft said late Friday.
The attack, which Microsoft attributed to a Kremlin-backed hacking group it tracks as Midnight Blizzard, is at least the second time in as many years that failures to follow basic security hygiene has resulted in a breach that has the potential to harm customers.
