New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails
By Deeba Ahmed The backdoors used in this campaign are never-before-seen malware strains called CommonMagic and PowerMagic. This is a post from HackRead.com Read the original post: New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails
Hackers Inject Weaponized JavaScript (JS) on 51,000 Websites
Researchers from Unit 42 have been monitoring a widespread campaign of harmful JavaScript (JS) injections. The campaign aims to redirect unsuspecting victims to dangerous content, including adware and fraudulent pages. Websites continue to be infected by this threat in 2023,...
U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals
In what’s a case of setting a thief to catch a thief, the U.K. National Crime Agency (NCA) revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground. “All of the NCA-run sites,...
Understanding metrics to measure SOC effectiveness
The security operations center (SOC) plays a critical role in protecting an organization’s assets and reputation by identifying, analyzing, and responding to cyberthreats in a timely and effective manner. Additionally, SOCs also help to improve overall security posture by providing...
North Korean hackers infiltrate individuals and corporations using sophisticated hacking attacks
North Korean hackers are notorious for infiltrating individuals and corporations through sophisticated hacking attacks. The German Federal Office for the Protection of the Constitution and the National Intelligence Service of the Republic of Korea (NIS) have issued a statement that...
Resolving prioritization issues faced by modern AppSec teams with EASM
The post Resolving prioritization issues faced by modern AppSec teams with EASM appeared first on Detectify Blog.
Applying Strategic Thinking in Your Pentesting Program
The Synack Platform & Five Pillars of Strategic Pentesting Why You Need to Think Strategically It’s no great revelation that tactics, techniques, and procedures utilized by nefarious hackers hacking activities are evolving on a daily basis. In 2022, 18,828 common...
Hackers Abusing Microsoft Dynamics 365 Customer Voice to Steal Credentials
Check Point Software company Avanan has shared details of how hackers are trying to abuse Dynamics 365 Customer Voice in their recent findings. According to Avanan’s research, threat actors abuse authentic-looking links from Microsoft notifications to deliver credential-stealing pages. The...
Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer
Cybersecurity researchers have uncovered 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming language, that aim to infect developers’ machines with a malware called W4SP Stealer. “The main attack seems to have started...
Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities
Microsoft is warning of an uptick among nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments. The tech giant, in its 114-page Digital Defense Report, said it has “observed a reduction in the time between the...
DDoS Attack From Killnet Threat Group Frustrated By The US Treasury
Posted on November 5, 2022 at 6:02 AM The US Treasury Department stated recently that it blocked a distributed denial of service (DDoS) attack linked to the Russian hacktivist group Killnet. The same group claimed responsibility for hitting on over...