GHDBREVO: APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector

The Hacker News Daily Updates

Moving Past Passwords (At Last!)

7 Key Takeaways to Passwordless Authentication

Download Now

LATEST NEWS

Dec 28, 2022

BitKeep Confirms Cyber Attack, Loses Over $9 Million in Digital Currencies

Decentralized multi-chain crypto wallet BitKeep on Wednesday confirmed a cyberattack that allowed threat actors to distribute fraudulent versions of its Android app with the goal of stealing users' digital currencies. "With maliciously implanted code, the altered APK led to the leak of user's private keys and enabled the hacker to move funds," BitKeep CEO Kevin Como said, describing it as a ...

APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector

Microsoft's decision to block Visual Basic for Applications (VBA) macros by default for Office files downloaded from the internet has led many threat actors to improvise their attack chains in recent months. Now according to Cisco Talos, advanced persistent threat (APT) actors and commodity malware families alike are increasingly using Excel add-in (.XLL) files as an initial intrusion ...

BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection

BlueNoroff, a subcluster of the notorious Lazarus Group, has been observed adopting new techniques into its playbook that enable it to bypass Windows Mark of the Web (MotW) protections. This includes the use of optical disk image (.ISO extension) and virtual hard disk (.VHD extension) file formats as part of a novel infection chain, Kaspersky disclosed in a report published today. ...

Facebook to Pay $725 Million to settle Lawsuit Over Cambridge Analytica Data Leak

Meta Platforms, the parent company of Facebook, Instagram, and WhatsApp, has agreed to pay $725 million to settle a long-running class-action lawsuit filed in 2018. The legal dispute sprang up in response to revelations that the social media giant allowed third-party apps such as those used by Cambridge Analytica to access users' personal information without their consent for ...

GuLoader Malware Utilizing New Techniques to Evade Security Software

Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called GuLoader to evade security software. "New shellcode anti-analysis technique attempts to thwart researchers and hostile environments by scanning entire process memory for any virtual machine (VM)-related strings," CrowdStrike researchers Sarang Sonawane and Donato Onofri said in ...

2022 Top Five Immediate Threats in Geopolitical Context

As we are nearing the end of 2022, looking at the most concerning threats of this turbulent year in terms of testing numbers offers a threat-based perspective on what triggers cybersecurity teams to check how vulnerable they are to specific threats. These are the threats that were most tested to validate resilience with the Cymulate security posture management platform between January 1st ...

PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware

The pay-per-install (PPI) malware downloader service known as PrivateLoader is being used to distribute a previously documented information-stealing malware dubbed RisePro. Flashpoint spotted the newly identified stealer on December 13, 2022, after it discovered "several sets of logs" exfiltrated using the malware on an illicit cybercrime marketplace called Russian Market. A C++-based ...

W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names

Threat actors have published yet another round of malicious packages to Python Package Index (PyPI) with the goal of delivering information-stealing malware on compromised developer machines. Interestingly, while the malware goes by a variety of names like ANGEL Stealer, Celestial Stealer, Fade Stealer, Leaf $tealer, PURE Stealer, Satan Stealer, and @skid Stealer, cybersecurity company ...