Information theft | Breaking Cybersecurity News | The Hacker News

The persistent threat actors behind the  SolarMarker  information-stealing malware have established a multi-tiered infrastructure to complicate law enforcement takedown efforts, new findings from Recorded Future show. "The core of SolarMarker's operations is its layered infrastructure, which consists of at least two clusters: a primary one for active operations and a secondary one likely used for testing new strategies or targeting specific regions or industries," the company  said  in a report published last week. "This separation enhances the malware's ability to adapt and respond to countermeasures, making it particularly difficult to eradicate." SolarMarker , known by the names Deimos, Jupyter Infostealer, Polazert, and Yellow Cockatoo, is a sophisticated threat that has  exhibited a continuous evolution  since its emergence in September 2020. It has the capability to steal data from several web browsers and cryptocurrency wallets, as well as target

The Android banking trojan known as Vultur has resurfaced with a suite of new features and improved anti-analysis and detection evasion techniques, enabling its operators to remotely interact with a mobile device and harvest sensitive data. "Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that are decrypted on the fly, and using the guise of legitimate applications to carry out its malicious actions," NCC Group researcher Joshua Kamp  said  in a report published last week. Vultur was  first disclosed  in early 2021, with the malware capable of leveraging Android's accessibility services APIs to execute its malicious actions. The malware has been observed to be  distributed via trojanized dropper apps  on the Google Play Store, masquerading as authenticator and productivity apps to trick unwitting users into installing them. These dropper apps are offered as part of a dropper-as-a

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

A new Go-based information stealer malware called  JaskaGO  has emerged as the latest cross-platform threat to infiltrate both Windows and Apple macOS systems. AT&T Alien Labs, which made the discovery,  said  the malware is "equipped with an extensive array of commands from its command-and-control (C&C) server." Artifacts designed for macOS were first observed in July 2023, impersonating installers for legitimate software such as CapCut. Other variants of the malware have masqueraded as AnyConnect and security tools.  Upon installation, JaskaGO runs checks to determine if it is executing within a virtual machine (VM) environment, and if so, executes a harmless task like pinging Google or printing a random number in a likely effort to fly under the radar. In other scenarios, JaskaGO proceeds to harvest information from the victim system and establishes a connection to its C&C for receiving further instructions, including executing shell commands, enumerating