The cryptojacking group known as Kinsing has demonstrated an ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to the exploit arsenal and expand its botnet.
The findings come from cloud security firm Aqua, which described the threat actor as actively orchestrating illicit cryptocurrency mining
The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea's Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations.
The backdoor, codenamed Gomir, is "structurally almost identical to GoBear, with extensive sharing of code between
Law enforcement agencies have officially seized control of the notorious BreachForums platform, an online bazaar known for peddling stolen data, for the second time within a year.
The website ("breachforums[.]st") has been replaced by a seizure banner stating the clearnet cybercrime forum is under the control of the U.S. Federal Bureau of Investigation (FBI).
The operation is the
Multiple security flaws have been disclosed in VMware Workstation and Fusion products that could be exploited by threat actors to access sensitive information, trigger a denial-of-service (DoS) condition, and execute code under certain circumstances.
The four vulnerabilities impact Workstation versions 17.x and Fusion versions 13.x, with fixes available in version 17.5.2 and
Google on Monday announced that it's simplifying the process of enabling two-factor authentication (2FA) for users with personal and Workspace accounts.
Also called 2-Step Verification (2SV), it aims to add an extra layer of security to users' accounts to prevent takeover attacks in case the passwords are stolen.
The new change entails adding a second step method, such as an
The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys.
Dubbed ArcaneDoor, the activity is said to have commenced around July 2023, with the first confirmed attack against an unnamed victim
Threat actors have been exploiting the newly disclosed zero-day flaw in Palo
Alto Networks PAN-OS software dating back to March 26, 2024, nearly three
weeks before it came to light yesterday.
The network security company's Unit 42 division is tracking the activity under the name Operation MidnightEclipse, attributing it as the work of a single threat actor of
A threat group of suspected Romanian origin called RUBYCARP has been observed maintaining a long-running botnet for carrying out crypto mining, distributed denial-of-service (DDoS), and phishing attacks.
The group, believed to be active for at least 10 years, employs the botnet for financial gain, Sysdig said in a report shared with The Hacker News.
"Its primary method of operation
The U.S. Department of Justice (DoJ) on Monday unsealed indictments against seven Chinese nationals for their involvement in a hacking group that targeted U.S. and foreign critics, journalists, businesses, and political officials for about 14 years.
The defendants include Ni Gaobin (εͺι«ε½¬), Weng Ming (ηΏζ), Cheng Feng (η¨ι), Peng Yaowen (ε½θζ), Sun Xiaohui (εε°θΎ), Xiong Wang (ηζΊ), and Zhao Guangzong (
The Cyber Police of Ukraine has arrested three individuals on suspicion of hijacking more than 100 million emails and Instagram accounts from users across the world.
The suspects, aged between 20 and 40, are said to be part of an organized criminal group living in different parts of the country. If convicted, they face up to 15 years in prison.
The accounts, authorities said, were
A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane as part of a cyber attack that was first detected in March 2023.
Singapore-headquartered Group-IB described the hacking outfit as an advanced persistent threat group that's believed to have been active since at least 2022.
The exact specifics of the infection chain remain unknown
A recently open-sourced network mapping tool called SSH-Snake has been repurposed by threat actors to conduct malicious activities.
"SSH-Snake is a self-modifying worm that leverages SSH credentials discovered on a compromised system to start spreading itself throughout the network," Sysdig researcher Miguel HernΓ‘ndez said.
"The worm automatically searches through known credential
Login
FreshRSS