Hacks

Researchers discovered a widespread Iranian malware campaign called Fox Kitten that targeting the several organization networks by exploiting the Vulnerabilities in VPN. The organization its targets are mainly related to IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors around the world. Once the attacker successfully exploited the network, they are gaining the persistence access to the internal system and foothold in the networks of numerous companies. Fox Kitten campaign believed to be originated from Iran, and infamous Iranian offensive group APT34-OilRig are behind this attack also researchers suspected that this campaign has some connection with PT33-Elfin and APT39-Chafer groups. Large infrastructure is used for this campaign to perform a various malicious operation on behalf of the attack including: Develop and maintain access routes to the targeted organizations Steal valuable information from the targeted organizations Maintain ...

Researchers discovered a new wave of Azorult malware campaign that abusing the protonVPN and dropper the malware payload as a fake ProtonVPN installer to infect the Windows System. GBHackers reported  several incidents  involved by the Azorult malware campaign and is one of the well-known malware that often sold in Russian forums for the higher price ($100) since this malware contains a broad range of persistent functionality. In this current attack scenario, Threat actors created a fake ProtonVPN website which is an exact HTTrack copy of the original ProtonVPN website through which they spreading the malware as an installer package to compromised the Windows users. Fake ProtonVPN website The campaign initially started in November 2019 and the attacker register the domain under the name of ProtonVPN{.}store and is Registrar used for this campaign is from Russia. Infection Vectors Attackers handling several infection vectors to spread this malware and infect the v...

Patch Tuesday Microsoft released a security update for February under Patch Tuesday with the fixes for 99 vulnerabilities that affected various Microsoft products, including Actively exploited Internet Explorer zero-day vulnerability. Microsoft recently achieved a big milestone of 1 billion Windows 10 users, and Microsoft issued current security updates for all the Windows 10 users. Microsoft listed 12 vulnerabilities under “Critical” severity, 87 are listed as Important in severity out of 99 vulnerabilities. The February security release consists of security updates for the following software: Microsoft Windows Microsoft Edge (EdgeHTML-based) Microsoft Edge (Chromium-based) ChakraCore Internet Explorer Microsoft Exchange Server Microsoft SQL Server Microsoft Office and Microsoft Office Services and Web Apps Windows Malicious Software Removal Tool Windows Surface Hub This updates fixed one of the notable actively exploited  internet explorer zero-day vuln...

Emotet, the notorious trojan behind a number of botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already infected devices to identify new victims that are connected to nearby Wi-Fi networks. According to  researchers at Binary Defense , the newly discovered  Emotet  sample leverages a "Wi-Fi spreader" module to scan Wi-Fi networks, and then attempts to infect devices that are connected to them. The cybersecurity firm said the Wi-Fi spreader has a timestamp of April 16, 2018, indicating the spreading behavior has been running "unnoticed" for close to two years until it was detected for the first time last month. The development marks an escalation of Emotet's capabilities, as networks in close physical proximity to the original victim are now susceptible to infection. How Does Emotet's Wi-Fi Spreader Module Work? The updated version of the malware works by leveraging an already compromised host to list all the ...