#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

Malspam | Breaking Cybersecurity News | The Hacker News

Category — Malspam
Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

Jan 08, 2025 Email Security / Cybercrime
Cybersecurity researchers have found that bad actors are continuing to have success by spoofing sender email addresses as part of various malspam campaigns. Faking the sender address of an email is widely seen as an attempt to make the digital missive more legitimate and get past security mechanisms that could otherwise flag it as malicious. While there are safeguards such as DomainKeys Identified Mail (DKIM), Domain-based Message Authentication, Reporting and Conformance (DMARC), and Sender Policy Framework (SPF) that can be used to prevent spammers from spoofing well-known domains, such measures have increasingly led them to leverage old, neglected domains in their operations. In doing so, the email messages are likely to bypass security checks that rely on the domain age as a means to identify spam. DNS threat intelligence firm Infoblox, in a new analysis shared with The Hacker News, discovered that threat actors, including Muddling Meerkat and others, have abused some of it...
Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer

Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer

Jun 18, 2024 Malware / Cybercrime
Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader , which then deploys an information stealer known as Vidar Stealer . "Adversaries had managed to trick users into downloading password-protected archive files containing trojanized copies of a Cisco Webex Meetings App (ptService.exe)," Trellix security researcher Ale Houspanossian said in a Monday analysis. "When unsuspecting victims extracted and executed a 'Setup.exe' binary file, the Cisco Webex Meetings application covertly loaded a stealthy malware loader, which led to the execution of an information-stealing module." The starting point is a RAR archive file that contains an executable name "Setup.exe," but in reality is a copy of Cisco Webex Meetings's ptService module. What makes the campaign noteworthy is the use of DLL side-loading techniques to stealthily launch Hijack Loader (aka DOI...
Product Walkthrough: How Reco Discovers Shadow AI in SaaS

Future-Ready Trust: Learn How to Manage Certificates Like Never Before

WebinarTrust Management / SSL Certificate
Managing digital trust shouldn't feel impossible. Join us to discover how DigiCert ONE transforms certificate management—streamlining trust operations, ensuring compliance, and future-proofing your digital strategy.
Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites

Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites

Mar 18, 2024 Cryptocurrency / Malspam
Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called  AZORult  in order to facilitate information theft. "It uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website," Netskope Threat Labs researcher Jan Michael Alcantara  said  in a report published last week. The phishing campaign has not been attributed to a specific threat actor or group. The cybersecurity company described it as widespread in nature, carried out with an intent to collect sensitive data for selling them in underground forums. AZORult, also called PuffStealer and Ruzalto, is an  information stealer  first detected around 2016. It's typically distributed via phishing and malspam campaigns, trojanized installers for pirated software or media, and malvertising. Once installed, it's capable of g...
cyber security

Secure Your Azure: Proactive Tips for Cloud Protection

websiteWizCloud Security
Discover how to boost your Azure cloud security with practical steps to help you maintain control and visibility.
DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates

DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates

Aug 29, 2023 Malware / Cyber Threat
A new malspam campaign has been observed deploying an off-the-shelf malware called DarkGate . "The current spike in DarkGate malware activity is plausible given the fact that the developer of the malware has recently started to rent out the malware to a limited number of affiliates," Telekom Security  said  in a report published last week. The latest report builds on  recent findings  from security researcher Igal Lytzki, who detailed a "high volume campaign" that leverages hijacked email threads to trick recipients into downloading the malware. The attack commences with a phishing URL that, when clicked, passes through a traffic direction system ( TDS ) to take the victim to an MSI payload subject to certain conditions. This includes the presence of a refresh header in the HTTP response. Opening the MSI file triggers a multi-stage process that incorporates an AutoIt script to execute shellcode that acts as a conduit to decrypt and launch DarkGate via a crypte...
Expert Insights / Articles Videos
Cybersecurity Resources