HackDig : Dig high-quality web security articles

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

The U.S. CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. The U.S. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js. The popular lib
Publish At:2021-10-23 11:45 | Read:89 | Comments:0 | Tags:Breaking News Malware Cryptocurrency miner Cybersecurity cyb

Groove ransomware group calls on other ransomware gangs to hit US public sector

Groove ransomware operators call on other ransomware groups to stop competing and join the forces to fight against the US. The Groove ransomware gang is calling on other ransomware groups to attack US public sector after a an operation of of law enforcement shut down the infrastructure of the REvil gang. “The ransomware group REvil was itself hacked a
Publish At:2021-10-22 19:37 | Read:33 | Comments:0 | Tags:Breaking News Cyber Crime Malware Groove ransomware Hacking

DarkSide ransomware operators move 6.8M worth of Bitcoin after REvil shutdown

Darkside and BlackMatter ransomware operators have moved a large amount of their Bitcoin reserves after the recent shutdown of REvil’s infrastructure. The gangs behind the Darkside and BlackMatter ransomware operations have moved 107 BTC ($6.8 million) after the news of the recent shutdown of REvil’s infrastructure by law enforcement agencies
Publish At:2021-10-22 11:45 | Read:143 | Comments:0 | Tags:Breaking News Cyber Crime Malware Bitcoin Cybersecurity cybe

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

FIN7 hacking group created fake cybersecurity companies to hire experts and involve them in ransomware attacks tricking them of conducting a pentest. The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting technique. The gang space creates fake cybersecurity companies that hire experts requesting them
Publish At:2021-10-22 07:49 | Read:123 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Cybercrime FIN7 ha

FiveSys, a new digitally-signed rootkit spotted by Bitdefender experts

Bitdefender researchers discovered a new Rootkit named FiveSys that abuses Microsoft-Issued Digital Signature signature to evade detection. FiveSys is a new rootkit discovered by researchers from Bitdefender, it is able to evade detection by abusing a Microsoft-issued digital signature. Driver packages that pass Windows Hardware Lab Kit (HLK
Publish At:2021-10-22 03:53 | Read:66 | Comments:0 | Tags:Breaking News Cyber Crime Malware FiveSys rootkit Hacking ha

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. Bleeping Computer, citing Emsisoft CTO Fabian Wosar, reported that the Macaw Lock
Publish At:2021-10-21 19:36 | Read:138 | Comments:0 | Tags:Breaking News Cyber Crime Malware Cybercrime Evil Corp Hacki

A flaw in WinRAR could lead to remote code execution

A vulnerability in the WinRAR is a trialware file archiver utility for Windows could be exploited by a remote attacker to hack a system. Positive Technologies researcher Igor Sak-Sakovskiy discovered a remote code execution vulnerability, tracked as CVE-2021-35052, in the popular WinRAR trialware file archiver utility for Windows. The vulnerability af
Publish At:2021-10-21 16:14 | Read:109 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

Administrators of bulletproof hosting sentenced to prison in the US

The United States Department of Justice sentenced two individuals that were providing bulletproof hosting to various malware operations. The United States Department of Justice sentenced to prison two individuals involved in providing bulletproof hosting to various malware operations, including Citadel, SpyEye, Zeus, and the Blackhole exploit kit. Th
Publish At:2021-10-21 11:44 | Read:77 | Comments:0 | Tags:Breaking News Cyber Crime bulletproof hosting Cybercrime Hac

Top 5 Attack Vectors to Look Out For in 2022

Threat actors are continually looking for better ways to target organizations, here are the top five attack vectors to look out for in 2022. Malicious actors are continually looking for better ways to carry out successful cyber attacks. Whether motivated by a potential payday or the ability to access confidential information, cybercriminals have plenty o
Publish At:2021-10-21 03:52 | Read:159 | Comments:0 | Tags:Breaking News Security attack vectors Hacking hacking news i

US Bureau of Industry and Security bans export of hacking tools to authoritarian regimes

The Commerce Department’s Bureau of Industry and Security (BIS) would ban U.S. firms from selling hacking tools to authoritarian regimes. The Commerce Department’s Bureau of Industry and Security (BIS) would introduce a new export control rule aimed at banning the export or resale of hacking tools to authoritarian regimes.  The rule an
Publish At:2021-10-21 03:52 | Read:150 | Comments:0 | Tags:Laws and regulations Security Hacking hacking news informati

YouTube creators’ accounts hijacked with cookie-stealing malware

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, t
Publish At:2021-10-20 19:36 | Read:140 | Comments:0 | Tags:Breaking News Hacking account hijacking Cybersecurity hackin

PurpleFox botnet variant uses WebSockets for more secure C2 communication

Researchers warn of a new evolution of the PurpleFox botnet, operators included exploits and leverage WebSockets for C2 communication. Researchers from TrendMicro have documented a recent evolution of the PurpleFox botnet, the experts discovered a new .NET backdoor, dubbed FoxSocket, that is highly associated with the PurpleFox operation. Its operator
Publish At:2021-10-20 18:20 | Read:103 | Comments:0 | Tags:Breaking News Malware Cybersecurity cybersecurity news Hacki

China-linked LightBasin group accessed calling records from telcos worldwide

China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. A China-linked hacking group, tracked as LightBasin (aka UNC1945), hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunicati
Publish At:2021-10-20 11:44 | Read:200 | Comments:0 | Tags:APT Breaking News Cyber warfare Hacking Intelligence Malware

Acer suffers a second data breach in a week

Tech giant Acer was hacked again in a few days, after the compromise of the servers in India, threat actors also breached some of its systems in Taiwan. Tech giant Acer was hacked twice in a week, the same threat actor (Desorden) initially breached some of its servers in India, now it is claiming to have also breached some systems in Taiwan. Last wee
Publish At:2021-10-20 11:44 | Read:153 | Comments:0 | Tags:Breaking News Data Breach Acer Cybercrime Hacking hacking ne

Zerodium is looking for zero-day exploits in ExpressVPN, NordVPN, and Surfshark Windows VPN clients

Zero-day exploit broker Zerodium announced it is looking for zero-day vulnerabilities in the Windows clients of ExpressVPN, NordVPN, and Surfshark. Zerodium is looking to pay for zero-day exploits for vulnerabilities in the Windows clients of three virtual private network (VPN) service providers, ExpressVPN, NordVPN, and Surfshark. The company announc
Publish At:2021-10-20 03:52 | Read:232 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Keywords