Latest Cybersecurity News and Articles


Google's New Restore Credentials Tool Simplifies App Login After Android Migration

25 November 2024
Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a new Android device. Part of Android's Credential Manager API, the feature aims to reduce the hassle of re-entering the login credentials for every app during the handset replacement. "With Restore Credentials, apps can seamlessly onboard

PyPI Python Library "aiocpa" Found Exfiltrating Crypto Keys via Telegram Bot

25 November 2024
The administrators of the Python Package Index (PyPI) repository have quarantined the package "aiocpa" following a new update that included malicious code to exfiltrate private keys via Telegram. The package in question is described as a synchronous and asynchronous Crypto Pay API client. The package, originally released in September 2024, has been downloaded 12,100 times to date. By putting the

Flying Under the Radar - Security Evasion Techniques

25 November 2024
Dive into the evolution of phishing and malware evasion techniques and understand how attackers are using increasingly sophisticated methods to bypass security measures. The Evolution of Phishing Attacks “I really like the saying that ‘This is out of scope’ said no hacker ever. Whether it’s tricks, techniques or technologies, hackers will do anything to evade detection and make sure their

Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks

25 November 2024
Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code (IaC) and policy-as-code (PaC) tools like HashiCorp's Terraform and Open Policy Agent (OPA) that leverage dedicated, domain-specific languages (DSLs) to breach cloud platforms and exfiltrate data. "Since these are hardened languages with limited capabilities, they're supposed to be more secure than

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 18 - Nov 24)

25 November 2024
We hear terms like “state-sponsored attacks” and “critical vulnerabilities” all the time, but what’s really going on behind those words? This week’s cybersecurity news isn’t just about hackers and headlines—it’s about how digital risks shape our lives in ways we might not even realize. For instance, telecom networks being breached isn’t just about stolen data—it’s about power. Hackers are

Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections

25 November 2024
Cybersecurity researchers have uncovered a new malicious campaign that leverages a technique called Bring Your Own Vulnerable Driver (BYOVD) to disarm security protections and ultimately gain access to the infected system. "This malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda," Trellix

Cyber agencies reveal top 15 routinely exploited vulnerabilities

25 November 2024
Cybersecurity agencies from five countries collaborated on an advisory regarding Common Vulnerabilities and Exposures (CVEs) routinely exploited in 2023. 

Passwords are giving way to better security methods – until those are hacked too, that is

24 November 2024
Passwords are giving way to better security methods – until those are hacked too, that is It’s a war that will never end. But for small-business owners, it’s all about managing risk while reaping rewardsWe humans are simply too dumb to use passwords. A recent study from password manager NordPass found that “secret” was the most commonly used password in 2024. That was followed by “123456” and “password”. So let’s all give praise that the password is dying.Yes, we know that we should be using 20-letter passwords with weird symbols and numbers, but our minds can’t cope. We use the same password for many accounts, be it for a newsletter subscription or our life savings. We all have too many passwords. So we opt for the easiest to remember – and steal. Continue reading...

Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites

23 November 2024
Government agencies and non-governmental organizations in the United States have become the target of a nascent China state threat actor known as Storm-2077. The adversary, believed to be active since at least January 2024, has also conducted cyber attacks against the Defense Industrial Base (DIB), aviation, telecommunications, and financial and legal services across the world, Microsoft said.

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

23 November 2024
The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period. These findings come from Microsoft, which said that multiple threat activity clusters with ties to the country have been observed creating fake profiles on LinkedIn, posing as both

APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware

22 November 2024
The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell. The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis published today. Mysterious Elephant, which is also known as

China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign

22 November 2024
A China-linked nation-state group called TAG-112 compromised Tibetan media and university websites in a new cyber espionage campaign designed to facilitate the delivery of the Cobalt Strike post-exploitation toolkit for follow-on information collection. "The attackers embedded malicious JavaScript in these sites, which spoofed a TLS certificate error to trick visitors into downloading a

Wire cutters: how the world’s vital undersea data cables are being targeted

22 November 2024
Wire cutters: how the world’s vital undersea data cables are being targeted Carrying 99% of the world’s international telecommunications, the vulnerable lines are drawing nefarious interestThe lead-clad telegraphic cable seemed to weigh tons, according to Lt Cameron Winslow of the US navy, and the weather wasn’t helping their attempts to lift it up from the seabed and sever it. “The rough water knocked the heavy boats together, breaking and almost crushing in their planking,” he wrote.Eventually, Winslow’s men managed to cut the cable with hacksaws and disrupt the enemy’s communications by slicing off a 46-metre (150ft) section. Continue reading...

Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia

22 November 2024
Threat actors with ties to Russia have been linked to a cyber espionage campaign aimed at organizations in Central Asia, East Asia, and Europe. Recorded Future's Insikt Group, which has assigned the activity cluster the name TAG-110, said it overlaps with a threat group tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0063, which, in turn, overlaps with APT28. The

Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

22 November 2024
Google Workspace has quickly become the productivity backbone for businesses worldwide, offering an all-in-one suite with email, cloud storage and collaboration tools. This single-platform approach makes it easy for teams to connect and work efficiently, no matter where they are, enabling seamless digital transformation that’s both scalable and adaptable. As companies shift from traditional,

Microsoft, Meta, and DOJ Disrupt Global Cybercrime and Fraudulent Networks

22 November 2024
Meta Platforms, Microsoft, and the U.S. Department of Justice (DoJ) have announced independent actions to tackle cybercrime and disrupt services that enable scams, fraud, and phishing attacks. To that end, Microsoft's Digital Crimes Unit (DCU) said it seized 240 fraudulent websites associated with an Egypt-based cybercrime facilitator named Abanoub Nady (aka MRxC0DER and mrxc0derii), who

PyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries

22 November 2024
Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that impersonated popular artificial intelligence (AI) models like OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer. The packages, named gptplus and claudeai-eng, were uploaded by a user named "Xeroline" in November 2023, attracting

Feds Charge Five Men in ‘Scattered Spider’ Roundup

21 November 2024
Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio.

Warning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign

21 November 2024
As many as 2,000 Palo Alto Networks devices are estimated to have been compromised as part of a campaign abusing the newly disclosed security flaws that have come under active exploitation in the wild. According to statistics shared by the Shadowserver Foundation, a majority of the infections have been reported in the U.S. (554) and India (461), followed by Thailand (80), Mexico (48), Indonesia

Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

21 November 2024
The China-aligned advanced persistent threat (APT) actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia. That's according to findings from cybersecurity firm ESET based on multiple Linux samples uploaded to the VirusTotal platform from Taiwan, the Philippines, and Singapore in March 2023.