- Details
- The Hacker News
September 11, 2023 The Hacker News published A new cyber-attack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium.
The activity has been codenamed Steal-It by Zscaler ThreatLabz. Read More..
- Details
- BleepingComputer
September 11, 2023 BleepingComputer published Hackers use a massive network of fake and compromised Facebook accounts to send out millions of Messenger phishing messages to target Facebook business accounts with password-stealing malware.
The attackers trick the targets into downloading a RAR/ZIP archive containing a downloader for an evasive Python-based stealer that grabs cookies and passwords stored in the victim's browser. Read More..
- Details
- BleepingComputer
September 09, 2023 BleepingComputer published The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies today to patch security vulnerabilities abused as part of a zero-click iMessage exploit chain to infect iPhones with NSO Group's Pegasus spyware.
This warning comes after Citizen Lab disclosed that the two flaws were used to compromise fully-patched iPhones belonging to a Washington DC-based civil society organization using an exploit chain named BLASTPASS that worked via PassKit attachments containing malicious images. Read More..
- Details
- BleepingComputer
September 09, 2023 BleepingComputer published A new phishing campaign is abusing Microsoft Teams messages to send malicious attachments that install the DarkGate Loader malware.
The campaign started in late August 2023, when Microsoft Teams phishing messages were seen being sent by two compromised external Office 365 accounts to other organizations.
These accounts were used to trick other Microsoft Teams users into downloading and opening a ZIP file named "Changes to the vacation schedule." Read More..
- Details
- BleepingComputer
BleepingComputer published A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website's source code.
An examination of the text input fields in web browsers revealed that the coarse-grained permission model underpinning Chrome extensions violates the principles of least privilege and complete mediation.
Additionally, the researchers found that numerous websites with millions of visitors, including some Google and Cloudflare portals, store passwords in plaintext within the HTML source code of their web pages, allowing extensions to retrieve them. Read More..
- Exploit Released for Critical VMware SSH Auth Bypass Vulnerability
- Hackers Can Exploit Windows Container Isolation Framework to Bypass Endpoint Security
- Trojanized Signal and Telegram Apps on Google Play Delivered Spyware
- Earth Estries' Espionage Campaign Targets Governments and Tech Titans Across Continents
- Hacking Campaign Bruteforces Cisco VPNs to Breach Networks