Tag
#The Hacker News
Facebook on Wednesday announced it's open-sourcing Mariana Trench, an Android-focused static analysis platform the company uses to detect and prevent security and privacy bugs in applications created for the mobile operating system at scale. "[Mariana Trench] is designed to be able to scan large mobile codebases and flag potential issues on pull requests before they make it into production," the
A newly discovered "aggressive" mobile campaign has infected north of 10 million users from over 70 countries via seemingly innocuous Android apps that subscribe the individuals to premium services costing €36 (~$42) per month without their knowledge. Zimperium zLabs dubbed the malicious trojan "GriftHorse." The money-making scheme is believed to have been under active development starting from
Chief Information Security Officers (CISOs) are an essential pillar of an organization’s defense, and they must account for a lot. Especially for new CISOs, this can be a daunting task. The first 90 days for a new CISO are crucial in setting up their security team, so there is little time to waste, and much to accomplish. Fortunately. A new guide by XDR provider Cynet (download here) looks to
Two newly discovered malicious Android applications on Google Play Store have been used to target users of Brazil's instant payment ecosystem in a likely attempt to lure victims into fraudulently transferring their entire account balances into another bank account under cybercriminals' control. "The attackers distributed two different variants of banking malware, named PixStealer and MalRhino,
Two newly discovered malicious Android applications on Google Play Store have been used to target users of Brazil's instant payment ecosystem in a likely attempt to lure victims into fraudulently transferring their entire account balances into another bank account under cybercriminals' control. "The attackers distributed two different variants of banking malware, named PixStealer and MalRhino,
Commercially developed FinFisher surveillanceware has been upgraded to infect Windows devices using a UEFI (Unified Extensible Firmware Interface) bootkit using a trojanized Windows Boot Manager, marking a shift in infection vectors that allow it to elude discovery and analysis. Detected in the wild since 2011, FinFisher (aka FinSpy or Wingbird) is a spyware toolset for Windows, macOS, and Linux
Opportunistic threat actors have been found actively exploiting a recently disclosed critical security flaw in Atlassian Confluence deployments across Windows and Linux to deploy web shells that result in the execution of crypto miners on compromised systems. Tracked as CVE-2021-26084 (CVSS score: 9.8), the vulnerability concerns an OGNL (Object-Graph Navigation Language) injection flaw that
Opportunistic threat actors have been found actively exploiting a recently disclosed critical security flaw in Atlassian Confluence deployments across Windows and Linux to deploy web shells that result in the execution of crypto miners on compromised systems. Tracked as CVE-2021-26084 (CVSS score: 9.8), the vulnerability concerns an OGNL (Object-Graph Navigation Language) injection flaw that
A new advanced trojan sold on Russian-speaking underground forums comes with capabilities to steal users' accounts on popular online video game distribution services, including Steam, Epic Games Store, and EA Origin, underscoring a growing threat to the lucrative gaming market. Cybersecurity firm Kaspersky, which coined the malware "BloodyStealer," said it first detected the malicious tool in
Microsoft on Monday revealed new malware deployed by the hacking group behind the SolarWinds supply chain attack last December to deliver additional payloads and steal sensitive information from Active Directory Federation Services (AD FS) servers. The tech giant's Threat Intelligence Center (MSTIC) codenamed the "passive and highly targeted backdoor" FoggyWeb, making it the threat actor tracked