The Hacker News
GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack
May 22^nd 2024 at 08:57

GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack

By: Newsroom

Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what's called a Bring Your Own Vulnerable Driver (BYOVD) attack. Elastic Security Labs is tracking the campaign under the name REF4578 and the primary payload as GHOSTENGINE. Previous research from Chinese

The Hacker News
Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking
May 17^th 2024 at 17:20

Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

By: Newsroom

The cryptojacking group known as Kinsing has demonstrated an ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to the exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which described the threat actor as actively orchestrating illicit cryptocurrency mining

The Hacker News
Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing
April 9^th 2024 at 07:24

Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing

By: Newsroom

Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked, activate the infection sequence, Fortinet

The Hacker News
From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware
April 5^th 2024 at 09:40

From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware

By: Newsroom

Bogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan. The starting point of the attack is a PDF file written in Portuguese that, when opened, shows a blurred image and asks the victim to click on a link to download the Reader application to view the content. According to Fortinet FortiGuard Labs, clicking the URL

The Hacker News
WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites
February 27^th 2024 at 05:43

WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites

By: Newsroom

A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. The vulnerability, tracked as CVE-2024-1071, carries a CVSS score of 9.8 out of a maximum of 10. Security researcher Christiaan Swiers has been credited with discovering and reporting the flaw. In an advisory published last week, WordPress

FreshRSS

GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack

Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing

From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware

WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites