admin

Chameleon Android Banking Trojan Variant Bypasses Biometric Authentication

[ad_1] Dec 21, 2023NewsroomMobile Security / Banking Trojan Cybersecurity researchers have discovered an updated version of an Android banking malware called Chameleon that has expanded its targeting to include users in the U.K. and Italy. “Representing a restructured and enhanced iteration of its predecessor, this evolved Chameleon variant excels in executing Device Takeover (DTO) using…

Read More

Microsoft Warns of New ‘FalseFont’ Backdoor Targeting the Defense Sector

[ad_1] Dec 22, 2023NewsroomThreat Intelligence / Supply Chain Attack Organizations in the Defense Industrial Base (DIB) sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont. The findings come from Microsoft, which is tracking the activity under its weather-themed moniker Peach Sandstorm…

Read More

UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware

[ad_1] Dec 22, 2023NewsroomMalware / Cyber Attack The threat actor known as UAC-0099 has been linked to continued attacks aimed at Ukraine, some of which leverage a high-severity flaw in the WinRAR software to deliver a malware strain called LONEPAGE. “The threat actor targets Ukrainian employees working for companies outside of Ukraine,” cybersecurity firm Deep…

Read More

Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware

[ad_1] Dec 22, 2023NewsroomSocial Engineering / Malware Analysis A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language. “Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers’ unfamiliarity can hamper their investigation,” Netskope researchers…

Read More

Rust-Based Malware Targets Indian Government Entities

[ad_1] Dec 22, 2023NewsroomMalware / Cyber Threat Indian government entities and the defense sector have been targeted by a phishing campaign that’s engineered to drop Rust-based malware for intelligence gathering. The activity, first detected in October 2023, has been codenamed Operation RusticWeb by enterprise security firm SEQRITE. “New Rust-based payloads and encrypted PowerShell commands have…

Read More

Rogue WordPress Plugin Exposes E-Commerce Sites to Credit Card Theft

[ad_1] Dec 22, 2023NewsroomSkimming / Web Security Threat hunters have discovered a rogue WordPress plugin that’s capable of creating bogus administrator users and injecting malicious JavaScript code to steal credit card information. The skimming activity is part of a Magecart campaign targeting e-commerce websites, according to Sucuri. “As with many other malicious or fake WordPress…

Read More