Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users

/in

Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante.

“This malware family is capable of performing keylogging using the Accessibility Service, and is also able to steal PII from its victims using phishing screens posing as different banks,” Dutch security company ThreatFabric said.

“Finally, it can use all this exfiltrated

The Hacker News – ​Read More

City of Columbus Sues Researcher Who Disclosed Impact of Ransomware Attack

/in

The City of Columbus sued a researcher who disclosed the impact of the data breach caused by a recent ransomware attack.

The post City of Columbus Sues Researcher Who Disclosed Impact of Ransomware Attack appeared first on SecurityWeek.

SecurityWeek – ​Read More

The 6 Best Antivirus Software Options for Windows in 2024

/in

Bitdefender GravityZone is best overall when it comes to our top choices for protection from malware like viruses, spyware, trojans, and bots.

Security | TechRepublic – ​Read More

Researchers Find SQL Injection Flaw to Bypass Airport TSA Security Checks

/in

Security researchers discovered a SQL injection vulnerability in FlyCASS, a third-party web service used by airlines to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS).

Cyware News – Latest Cyber News – ​Read More

The US Navy Is Going All In on Starlink

/in

The Navy is testing out the Elon Musk–owned satellite constellation to provide high-speed internet access to sailors at sea. It’s part of a bigger project that’s about more than just getting online.

Security Latest – ​Read More

Intel Responds to SGX Hacking Research

/in

Intel has shared some clarifications on claims made by a researcher regarding the hacking of its SGX security technology.

The post Intel Responds to SGX Hacking Research appeared first on SecurityWeek.

SecurityWeek – ​Read More

North Korea-linked APT Citrine Sleet Exploit Chrome Zero-Day to Deliver FudModule Rootkit

/in

A North Korean APT used a Google Chrome zero-day flaw, CVE-2024-7971, to deploy the FudModule rootkit. Microsoft researchers linked these attacks to Citrine Sleet (AppleJeus, Labyrinth Chollima, UNC4736, or Hidden Cobra) with medium confidence.

Cyware News – Latest Cyber News – ​Read More

Roblox Developers Under Attack by New Malicious NPM Campaign

/in

Roblox developers are being targeted by a new malicious npm campaign. Cybercriminals have created fake Roblox npm packages with the aim of deploying a remote access trojan called Quasar.

Cyware News – Latest Cyber News – ​Read More

Novel Attack on Windows Spotted in Chinese Phishing Campaign

/in

The malicious DLL implant for the Cobalt Strike attack toolkit gets injected into the Windows binary “runonce.exe,” giving total control to the attackers. The campaign further deploys various malicious tools for reconnaissance and data exfiltration.

Cyware News – Latest Cyber News – ​Read More

Secrets Exposed: Why Your CISO Should Worry About Slack

/in

In the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day?
A Single Secret Can Wreak Havoc
Imagine this: It’s a typical Tuesday in June 2024. Your dev team is knee-deep in sprints, Jira tickets are flying, and Slack is

The Hacker News – ​Read More