Cybersecurity

Anonymous Claims it Hacked Russia’s Central Bank and will Soon Release Thousands of Files

A Twitter account claiming to be connected with the activist collective Anonymous announced this week that it hacked Russia’s central bank, and it is planning to release 35,000 documents over the next 48 hours detailing “secret agreements.” The Central Bank of the…

UK Police Arrest 7 People in Connection with Lapsus$ Hacks

Police in the United Kingdom have arrested seven people over suspected connections to the Lapsus$ hacking group, which has in recent weeks targeted tech giants including Samsung, Nvidia, Microsoft and Okta. In a statement given to TechCrunch, Detective Inspector…

Phishing Kits Constantly Evolve to Evade Security Software

Modern phishing kits sold on cybercrime forums as off-the-shelve packages feature multiple, sophisticated detection avoidance and traffic filtering systems to ensure that internet security solutions won’t mark them as a threat. Fake websites that mimic well-known brands are…

Morgan Stanley Client Accounts Breached in Social Engineering Attacks

Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised in social engineering attacks. The account breaches were the result of vishing (aka voice phishing), a social…

Western Digital My Cloud OS Update Fixes Critical Vulnerability

Western Digital has released new My Cloud OS firmware to fix a vulnerability exploited by bug hunters during the Pwn2Own 2021 hacking competition to achieve remote code execution. The flaw, tracked as CVE-2022-23121, was exploited by the NCC Group’s EDG…

Malicious Microsoft Excel Add-Ins Used to Deliver RAT Malware

Researchers report a new version of the JSSLoader remote access trojan being distributed malicious Microsoft Excel addins. The particular RAT (remote access trojan) has been circulated in the wild since December 2020, linked to the financially-motivated Russian…

Microsoft Help Files Disguise Vidar Malware

Attackers are hiding interesting malware in a boring place, hoping victims won’t bother to look. Where’s the last place you’d expect to find malware? In an email from your mother? Embedded in software you trust and use everyday (actually, that’s probably the first place…

Microsoft Azure Developers Awash in PII-Stealing npm Packages

A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes. Researchers have found hundreds of malicious packages in the npm repository of open-source JavaScript code, designed to steal…

Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection

Mustang Panda’s already sophisticated cyberespionage campaign has matured even further with the introduction of a brand-new PlugX RAT variant. The Chinese advanced persistent threat (APT) Mustang Panda (a.k.a. Temp.Hex, HoneyMyte, TA416 or RedDelta) has…

North Korea Gov Hackers Caught Sharing Chrome Zero-Day

Malware hunters at Google have spotted signs that North Korean government hackers are sharing zero-day browser exploits for use in waves of targeted attacks hitting U.S. news media, crypto-banks and IT organizations. According to new data published by Google’s TAG…