Month: August 2022
European Spyware Vendor Offering Android and iOS Device Exploits
Intellexa is a spyware firm based and regulated in Europe. The company has six offices and R&D Labs spread across the EU. It has emerged as the rival of NSO Group, the company behind the infamous Pegasus spyware since, reportedly,...
Building Trust with a Vetted Team of Security Researchers
It’s natural to wonder who makes up the Synack Red Team (SRT), our dedicated team of 1,500+ security researchers, and how they ended up finding vulnerabilities in our customers’ IT systems (with permission, of course). Companies want assurance they’re not...
1.4 Million Times Installed Chrome Extensions Steal Browsing Data
Earlier, a report from security firm McAfee detailed the malicious extensions redirecting users to phishing sites and inserting affiliate IDs into cookies of eCommerce sites. At present, after the investigation, McAfee found 5 extensions that assure to boost your browser...
5 Google Chrome Malicious Extensions With 1.4 Million Downloads Discovered
Posted on August 31, 2022 at 3:01 PM Security researchers at McAfee have discovered five Google Chrome extensions that track users’ browsing history and activities. According to the report, the extensions have been collectively downloaded over 1.4 million times. The...
Cybercriminals Released Mini Stealer’s Builder & Panel for Free on a Cybercrime Forum
A threat actor has recently released MiniStealer’s builder and panel for free on a cybercrime forum. Cyble Research and Intelligence Labs (CRIL) security analysts discovered this exploit during a routine threat hunting exercise carried out recently. Threat actors can easily...
Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users
Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users’ browsing activity and profit of retail affiliate programs. “The extensions offer various functions such as enabling users to watch...
Nitrokod Crypto Miner Hiding in Fake Microsoft and Google Translate Apps
Check Point researchers have shared details of a new campaign in which the cybercriminals are distributing cryptocurrency-mining malware. This malware is hard to detect by unsuspecting users because it is distributed through fake and malicious Google Translate and other popular...
New Malware Campaign Disguised as Google Translate Distribute Cryptocurrency Miner
Cryptocurrency mining malware has been found recently in an ongoing campaign in 11 countries disguised as Google Translate and MP3 downloaders. In order to distribute fake applications, legitimate sites which offer free software are distributing them to their users. In...
Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers
As many as three disparate but related campaigns between March and Jun 2022 have been found to deliver a variety of malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners onto compromised systems. “The actors use PowerShell, .NET assemblies, and HTA...
Google Mitigates DDoS Attack With 24 million RPS, The Largest To Date
Posted on August 30, 2022 at 6:43 AM Google said it recently blocked the largest distributed denial-of-service (DDoS) attack reported to date. According to the tech giant, the attack over the HTTPS protocol reached 46 million requests per second (RPS)....
Iranian state-sponsored Actors Exploiting Log4j 2 Flaws in Unpatched Systems
As far as exploiting unpatched Log4j systems to target Israeli entities are concerned, the Iranian state-sponsored threat actors leave no stone unturned to exploit these vulnerabilities, indicating that there is still a long tail for fixing this vulnerability. It is...
Splunk and Synack Partner to Bring Both a Defense and Offensive Strategy
In the cyber realm, organizations are often running their defensive and offensive security operations with little coordination. Defensive security techniques, such as firewalls, endpoint detection and response, network access control, intrusion prevention and security information event management, detect and stop...
