"FakeCall Android Trojan Evolves with New Evasion Tactics and Expanded Espionage Capabilities"

"FakeCall Android Trojan Evolves with New Evasion Tactics and Expanded Espionage Capabilities"

New research shows that the "FakeCall" Android banking trojan, also known as "Fakecalls," has grown more sophisticated in evasion and espionage. The attack chain begins with traditional phishing to trick the target into downloading an APK file that serves as a dropper for the FakeCall malware. This article continues to discuss the advanced evasion tactics and expanded surveillance capabilities now employed by the FakeCall Android banking trojan.

Submitted by Gregory Rigby on

"Malware Operators Use Copyright Notices to Lure in Businesses"

"Malware Operators Use Copyright Notices to Lure in Businesses"

Cisco Talos researchers have observed threat actors using copyright infringement claims to trick targets and deploy infostealers. According to the researchers, the ongoing attack in Taiwan is being spread through phishing emails containing malware attachments. The emails pose as legal notices from copyright holders or legal representatives of companies making copyright claims. This article continues to discuss malware operators tricking targets using the threat of a copyright infringement claim.

Submitted by Gregory Rigby on

Securities Enforcement Forum D.C.

"Securities Enforcement Forum D.C. is a unique, one-day conference that brings together current and former senior SEC officials, securities enforcement and white-collar attorneys, in-house counsel and compliance executives, and other top professionals in the field. Held annually in Washington, D.C. since 2012, this year’s conference will be held on Wednesday, November 6 at the historic Mayflower Hotel in Washington, D.C., and will also be available for attendees to view live online.

"Colorado Accidentally Put Voting System Passwords Online, but Officials Say Election Is Secure"

"Colorado Accidentally Put Voting System Passwords Online, but Officials Say Election Is Secure"

Colorado state election officials recently announced that voting system passwords were mistakenly put on the Colorado Secretary of State's website for several months before being spotted and taken down.  The state election officials said the lapse did not pose an immediate threat to the upcoming election.  It was noted that the passwords were only one of two needed to access any component of Colorado's voting systems and are just one part of a layered security system.  The two passwords are "kept in separate places and held by different parties." 

 

Submitted by Adam Ekwall on

"Microsoft: Chinese Hackers Use Qaud7 Botnet to Steal Credentials"

"Microsoft: Chinese Hackers Use Qaud7 Botnet to Steal Credentials"

Microsoft warns that Chinese threat actors are using the "Quad7" botnet, built with hacked Small Office/Home Office (SOHO) routers, to steal credentials in password-spray attacks. A security researcher named "Gi7w0rm" first discovered the Quad7 botnet. According to later reports by researchers at Sekoia and Team Cymru, the threat actors behind the botnet are targeting devices from TP-Link, ASUS, and more. When the devices are compromised, the threat actors launch custom malware that enables remote access to the devices over Telnet.

Submitted by Gregory Rigby on

"Sophos Used Custom Implants to Surveil Chinese Hackers Targeting Firewall Zero-Days"

"Sophos Used Custom Implants to Surveil Chinese Hackers Targeting Firewall Zero-Days"

Sophos has detailed a years-long battle with Chinese government-backed hacking teams and admitted to using its own custom implants to track the hackers' tools, movements, and tactics. The company said it has fought multiple zero-day attacks on its enterprise products since 2018, with each attack growing more sophisticated and aggressive. This article continues to discuss Sophos' years-long "cat-and-mouse" game with sophisticated Chinese government-backed hackers.

Submitted by Gregory Rigby on

"New Xiu Gou Phishing Kit Targets US, Other Countries with Mascot"

"New Xiu Gou Phishing Kit Targets US, Other Countries with Mascot"

Since at least September 2024, users in the US, UK, Spain, Australia, and Japan have been targeted by a new phishing kit named "Xiu Gou," which was designed to deploy phishing attacks globally. The kit, discovered by the cybersecurity firm Netcraft, features a "doggo" mascot and has over 2,000 phishing websites targeting individuals in the public sector, postal services, digital services, and banking. This article continues to discuss findings regarding the Xiu Gou phishing kit.

Submitted by Gregory Rigby on

"New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics"

"New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics"

According to researchers at ThreatFabric, "LightSpy," an Apple iOS spyware, now has an improved version with destructive capabilities to prevent the compromised device from booting up. LightSpy, which was first documented in 2020 as targeting users in Hong Kong, is a modular implant that uses a plugin-based architecture to capture a wide range of sensitive from infected devices. This article continues to discuss findings regarding the new version of LightSpy.

Submitted by Gregory Rigby on

"Hackers Target Critical Zero-Day Vulnerability in PTZ Cameras"

"Hackers Target Critical Zero-Day Vulnerability in PTZ Cameras"

Hackers are targeting two zero-day vulnerabilities in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras used in industrial, healthcare, government, and courtroom settings. Researchers at GreyNoise discovered the flaws in April 2024 after its Artificial Intelligence (AI)-powered threat detection tool called "Sift" detected unusual honeypot network activity that did not match established threats. This article continues to discuss the targeting of zero-day vulnerabilities in PTZ cameras.

Submitted by Gregory Rigby on

"Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware"

"Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware"

Researchers at Bitdefender Labs have discovered a malvertising campaign that abuses Meta's advertising platform and hijacks Facebook accounts to distribute the "SYS01stealer" infostealer. According to the researchers, the campaign uses about 100 malicious domains to distribute the malware and conduct live Command-and-Control (C2) operations. This article continues to discuss findings regarding the malvertising campaign aimed at spreading SYS01stealer.

Submitted by Gregory Rigby on
Subscribe to