Details

BleepingComputer

23 June 2024

The RansomHub ransomware operation is using a Linux encryptor designed specifically to encrypt VMware ESXi environments in corporate attacks.

RansomHub is a ransomware-as-a-service (RaaS) operation launched in February 2024, featuring code overlaps and member associations with ALPHV/BlackCat and Knight ransomware, having claimed over 45 victims across 18 countries. Read More..

Details

BleepingComputer

13 June 2024

A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms to steal credentials.

A PWA is a web-based app created using HTML, CSS, and JavaScript that can be installed from a website like a regular desktop application. Once installed, the operating system will create a PWA shortcut and add it to Add or Remove Programs in Windows and under the /Users/<account>/Applications/ folder in macOS.

When launched, a progressive web app will run in the browser you installed it from but be displayed as a desktop application with all the standard browser controls hidden.

Many websites use a PWA to offer a desktop app experience, including X, Instagram, Facebook, and TikTok.Read More..

Details

The Hacker News

13 June 2024

A previously undocumented cross-platform malware codenamed Noodle RAT has been put to use by Chinese-speaking threat actors either for espionage or cybercrime for years.

While this backdoor was previously categorized as a variant of Gh0st RAT and Rekoobe, Trend Micro security researcher Hara Hiroaki said "this backdoor is not merely a variant of existing malware, but is a new type altogether."

Noodle RAT, which also goes by the monikers ANGRYREBEL and Nood RAT, comes in both Windows and Linux flavors, and is believed to have been put to use since at least July 2016.

The remote access tran Gh0st RAT first surfaced in 2008 when a China threat group called the C. Rufus Security Team made its source code publicly available.

Over the years, the malware – alongside other tools like PlugX and ShadowPad – has become a hallmark of Chinese government hackers, who have used it in numerous campaigns and attacks. Read More..

Details

BleepingComputer

13 June 2024

Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day.

Tracked as CVE-2024-32896, this elevation of privilege (EoP) flaw in the Pixel firmware has been rated a high-severity security issue.

"There are indications that CVE-2024-32896 may be under limited, targeted exploitation," the company warned this Tuesday.

"All supported Google devices will receive an update to the 2024-06-05 patch level. We encourage all customers to accept these updates to their devices."

Google tagged 44 other security bugs in this month's Pixel update bulletin, seven of which are privilege escalation vulnerabilities considered critical and impact various subcomponents.

While Pixel devices also run Android, they receive separate security and bug fix updates from the standard monthly patches distributed to all Android OEMs because of their exclusive features and capabilities and the unique hardware platform directly controlled by Google. Read More..