June 14, 2022

WiFi Probing Exposes Smartphone Users to Tracking, Info Leaks Researchers at the University of Hamburg in Germany have conducted a field experiment capturing hundreds of thousands of passersby’s WiFi connection probe requests to determine the type of data transmitted without the device owners realizing it. WiFi probing is a standard Read more…

Hello XD Ransomware Now Drops a Backdoor While Encrypting Cybersecurity researchers report increased activity of the Hello XD ransomware, whose operators are now deploying an upgraded sample featuring stronger encryption. First observed in November 2021, the particular family was based on the leaked source code of Babuk and engaged in Read more…

New Vytal Chrome Extension Hides Location Info that your VPN Can’t A new Google Chrome browser extension called Vytal prevents webpages from using programming APIs to find your geographic location leaked, even when using a VPN. Many people use VPNs to hide their location or connect from another country while Read more…

The Week in Ransomware – June 10th 2022 – Targeting Linux It has been relatively quiet this week with many companies and researchers at the RSA conference. However, we still had some interesting ransomware reports released this week. Advanced Intel released a deep dive on BlackCat/AlphV, revealing some of the technical details Read more…

New PACMAN Hardware Attack Targets Macs with Apple M1 CPUs A new hardware attack targeting Pointer Authentication in Apple M1 CPUs with speculative execution enables attackers to gain arbitrary code execution on Mac systems. Pointer Authentication is a security feature that adds a cryptographic signature, known as pointer authentication code Read more…

Iranian Hackers Target Energy Sector with New DNS Backdoor The Iranian Lycaeum APT hacking group uses a new .NET-based DNS backdoor to conduct attacks on companies in the energy and telecommunication sectors. Lyceum is a state-supported APT, also known as Hexane or Spilrin, that has previously targeted communication service providers in the Read more…

Hackers Exploit Recently Patched Confluence Bug for Cryptomining A cryptomining hacking group has been observed exploiting the recently disclosed remote code execution flaw in Atlassian Confluence servers to install miners on vulnerable servers. The vulnerability, tracked as CVE-2022-26134, was discovered as an actively exploited zero-day at the end of May, while the Read more…

Russian Hackers Start Targeting Ukraine with Follina Exploits Ukraine’s Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190. The security issue can be triggered by either opening Read more…

New Syslogk Linux Rootkit Uses Magic Packets to Trigger Backdoor A new Linux rootkit malware named ‘Syslogk’ is being used in attacks to hide malicious processes, using specially crafted “magic packets” to awaken a backdoor laying dormant on the device. The malware is currently under heavy development, and its authors appear Read more…