Technology

A new phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy is being advertised on the criminal underground as a means for threat actors to bypass two-factor authentication (2FA) protections employed against online services. “EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA authentication – proxifying victim’s session,” Resecurity researchers said in a Monday

SecDevOps is, just like DevOps, a transformational change that organizations undergo at some point during their lifetime. Just like many other big changes, SecDevOps is commonly adopted after a reality check of some kind: a big damaging cybersecurity incident, for example. A major security breach or, say, consistent problems in achieving development goals signals to

Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505. “The group frequently changes its malware attack strategies in response to global cybercrime trends,” Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. “It opportunistically adopts new technologies in order

High-profile companies and local governments located primarily in Asia are the subjects of targeted attacks by a previously undocumented espionage group dubbed Worok that has been active since late 2020. “Worok’s toolset includes a C++ loader CLRLoad, a PowerShell backdoor PowHeartBeat, and a C# loader PNGLoad that uses steganography to extract hidden malicious payloads from PNG files,”

A vulnerable anti-cheat driver for the Genshin Impact video game has been leveraged by a cybercrime actor to disable antivirus programs to facilitate the deployment of ransomware, according to findings from Trend Micro. The ransomware infection, which was triggered in the last week of July 2022, banked on the fact that the driver in question

The notorious Android banking trojan known as SharkBot has once again made an appearance on the Google Play Store by masquerading as antivirus and cleaner apps. “This new dropper doesn’t rely on Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware,” NCC Group’s Fox-IT said in a report. “Instead, this new version asks the victim to

Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validating in Mojo, which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication

South Korean chaebol Samsung on Friday said it experienced a cybersecurity incident that resulted in the unauthorized access of some customer information, the second time this year it has reported such a breach. “In late July 2022, an unauthorized third-party acquired information from some of Samsung’s U.S. systems,” the company disclosed in a notice. “On or around

Researchers discovered a private Telegram channel-based backdoor in the information stealing malware, dubbed Prynt Stealer, which its developer added with the intention of secretly stealing a copy of victims’ exfiltrated data when used by other cybercriminals. “While this untrustworthy behavior is nothing new in the world of cybercrime, the victims’ data end up in the

Researchers have identified functional similarities between a malicious component used in the Raspberry Robin infection chain and a Dridex malware loader, further strengthening the operators’ connections to the Russia-based Evil Corp group. The findings suggest that “Evil Corp is likely using Raspberry Robin infrastructure to carry out its attacks,” IBM Security X-Force researcher Kevin Henson