Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore

Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco Talos.

The program in question is a payload generation framework called MacroPack, which is used to generate Office documents, Visual Basic scripts, Windows shortcuts, and other formats for penetration testing and social engineering assessments. It was developed

The Hacker News – ​Read More

US Targets Russian Election Influence Operation With Charges, Sanctions, Domain Seizures

The US has cracked down on an influence operation sponsored by the Russian government, announcing charges, sanctions and domain seizures.

The post US Targets Russian Election Influence Operation With Charges, Sanctions, Domain Seizures appeared first on SecurityWeek.

SecurityWeek – ​Read More

FBI Warns Crypto Firms of Aggressive Social Engineering Attacks

The FBI issued a warning about aggressive social engineering attacks by North Korean hacking groups targeting cryptocurrency firms. The attacks involve deploying malware to steal crypto assets through highly targeted tactics that are hard to detect.

Cyware News – Latest Cyber News – ​Read More

New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm

The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber attack targeting an unnamed trading company based in China.

The previously unreported malware is written in Golang, and thus is a cross-platform weapon capable of targeting both Microsoft Windows and Linux systems.

“KTLVdoor is a highly obfuscated malware that

The Hacker News – ​Read More

Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks

Cisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow unauthenticated, remote attackers to elevate their privileges or access sensitive information.
A brief description of the two vulnerabilities is below –

CVE-2024-20439 (CVSS score: 9.8) – The presence of an undocumented static user credential for an administrative account

The Hacker News – ​Read More

Indian Army Propaganda Spread by 1.4K AI-Powered Social Media Accounts

For three years now, more than a thousand social media accounts have been reposting the same pro-India, anti-Pakistan content on Facebook and X.

darkreading – ​Read More

New Supply Chain Attack “Revival Hijack” Risks Massive PyPI Takeovers

JFrog’s cybersecurity researchers have identified a new PyPI attack technique called “Revival Hijack,” which exploits package deletion policies. Over 22,000 packages are at risk, potentially impacting thousands of users. Stay informed!

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

‘Revival Hijack’ on PyPI Disguises Malware with Legitimate File Names

Adversaries reusing abandoned package names sneak malware into organizations in a sort of software shell game.

darkreading – ​Read More

US Government Isn’t Ready for Cyber Chaos in the Food and Agriculture Sector

The industry remains largely unscathed by cyber threats, but recent events like the JBS ransomware attack highlight vulnerabilities. The sector’s increased automation makes it a target for hackers, posing risks to the US food supply.

Cyware News – Latest Cyber News – ​Read More

Travelers Targeted in New Booking.com Phishing Scam

The attack involves compromising hotel managers’ accounts to access customer reservation systems, ultimately tricking hotel guests via the Booking.com app. The scheme utilizes a fake domain to deceive users and harvest sensitive data.

Cyware News – Latest Cyber News – ​Read More