The gaming industry went into full gear during the pandemic, as many people took up online gaming as their new hobby to escape the socially-distanced reality. Since then, the industry has never stopped growing. According to the analytical agency Newzoo, in 2022, the global gaming market will exceed $ 200 billion, with 3 billion players globally. Such an engaged, solvent and eager-to-win audience becomes a tidbit for cybercriminals, who always find ways to fool their victims. One of the most outstanding examples involves $2 million‘s worth of CS:GO skins stolen from a user’s account, which means that losses can get truly grave. Besides stealing personal credentials and funds, hackers can affect the performance of gaming computers, infecting these with unsolicited miner files.

AT&T Alien Labs has discovered a new malware targeting endpoints and IoT devices that are running Linux operating systems. Shikitega is delivered in a multistage infection chain where each module responds to a part of the payload and downloads and executes the next one. An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist.

Attackers are leveraging known vulnerabilities in D-Link devices to deliver MooBot, a Mirai variant, potentially leading to further DDoS attacks.

The Record by Recorded Future gives exclusive, behind-the-scenes access to leaders, policymakers, researchers, and the shadows of the cyber underground.

Dubbed CodeRAT, the new RAT is used in attacks targeting Farsi-speaking code developers using a Microsoft Dynamic Data Exchange (DDE) exploit.

Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505. "The group frequently changes its malware attack strategies in response to global cybercrime trends," Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. "It opportunistically adopts new technologies in order to gain leverage over victims before the wider cybersecurity industry catches on."

Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate advanced phishing campaigns targeting users worldwide. Resecurity has recently identified a new Phishing-as-a-Service (PhaaS) called EvilProxy advertised in the Dark Web. On some sources the alternative name is Moloch, which has some connection to a phishing-kit developed by several notable underground actors who targeted the financial institutions and e-commerce sector before.

A few months ago, we blogged about malicious extensions redirecting users to phishing sites and inserting affiliate IDs into cookies of eCommerce sites. Since that time, we have investigated several other malicious extensions and discovered 5 extensions with a total install base of over 1,400,000 "...the extensions also track the user’s browsing activity."

Authored by Alberto Segura (main author) and Mike Stokkel (co-author) Introduction After we discovered in February 2022 the SharkBotDropper in Google Play posing as a fake Android antivirus and cleaner, now we have detected a new version of this dropper active in the Google Play and dropping a new version of Sharkbot.This new dropper doesn't…

Attackers attempted to disrupt ride-hailing app service on Thursday, the company confirmed.

A new threat actor is spreading infostealer malware through targeted attacks on developers and fraudulent cryptotrading applications.

Local law enforcement agencies from suburban Southern California to rural North Carolina have been using an obscure cellphone tracking tool, at times without search warrants, that gives them the power to follow people’s movements months back in time, according to public records and internal emails obtained by The Associated Press.

A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, Spotify and many others

Hundreds of millions use Zimbra, an all-in-one business productivity suite for micro, small, medium & enterprise in-office and remote work teams. The Zimbra Inc company was acquired by Synacor Inc

Traffers are responsible for redirecting user traffic to malicious content (malware, fraud, phishing, scam) exploited by other threat actors.

When people seek medical care or visit other sensitive locations, they may think their presence is confidential.

We have no evidence that this incident involved any access to customer data or encrypted password vaults. Our products and services are operating normally.

Twilio recently identified unauthorized access to information related to 163 Twilio customers, including Okta.

Kimsuky is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

An Italian surveillance company is tracking people all over the world on a grand scale on behalf of its clients – including in countries with a recent history of corruption and human rights abuses. Its powerful spyware was recently found in Kazakhstan and Romania. Europe’s parliamentarians voice growing concern about an out-of-control surveillance industry and call for it to be regulated.

On March 2nd, I reported several security vulnerabilities to VMWare impacting their Identity Access Management (IAM) solution. In this blog post I will discu...

Editor’s Note: Last April, a ransomware group threatened to expose police informants and other sensitive information if the Washington, D.C. Metropolitan Police Department did not pay a demand. The brazen attack was the work of a gang known as Babuk, which in early 2021 gained a reputation for posting stolen databases on its website from victims that refused to pay a ransom. Just days after it tried to extort the Metropolitan Police Department, Babuk announced it was closing its ransomware affiliate program, and would focus on data theft and extortion instead.

Netfilter is a framework in the Linux kernel for implementing various networking-related tasks with user-defined handlers. Netfilter provides various functions for packet filtering, network address translation and port translation, and packet logging. Netfilter represents a set of hooks that allow other kernel modules to register callback functions in the kernel’s networking stack.

Over 130 organizations have been compromised in a sophisticated attack using simple phishing kits

Threat actors evade detection by adopting the Sliver command-and-control (C2) framework in intrusion campaigns.

Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments.

Platform-abuse phishing is on the rise. We analyze how attackers use services such as website builders to host phishing pages.

New domains and new behavioral indicators, but malware authors stick to tried and tested architecture despite Apple’s updates.

Operating system access controls, that constrain which programs can open which files, have existed for almost as long as computers themselves. Access controls are still widely used and are more flexible and efficient when compared to cryptographically protecting files. Despite the long history, ther

In February 2022, Microsoft patched the vulnerability I used in TianfuCup 2021 for escaping Adobe Reader sandbox, assigned CVE-2022-22715. The vulnerability existed in Named Pipe File System nearly 10 years since the AppContainer was born. We called it "Windows Dirty Pipe". In this article, I will share the root cause and exploitation of Windows Dirty Pipe. So let's start our journey.