#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Trustwave | Breaking Cybersecurity News | The Hacker News

Cybercriminals Targeting Latin America with Sophisticated Phishing Scheme

Cybercriminals Targeting Latin America with Sophisticated Phishing Scheme

Apr 08, 2024 Cybersecurity / Malvertising
A new phishing campaign has set its eyes on the Latin American region to deliver malicious payloads to Windows systems. "The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice," Trustwave SpiderLabs researcher Karla Agregado  said . The email message, the company said, originates from an email address format that uses the domain "temporary[.]link" and has Roundcube Webmail listed as the User-Agent string. The HTML file points containing a link ("facturasmex[.]cloud") that displays an error message saying "this account has been suspended," but when visited from an IP address geolocated to Mexico, loads a CAPTCHA verification page that uses Cloudflare Turnstile. This step paves the way for a redirect to another domain from where a malicious RAR file is downloaded. The RAR archive comes with a PowerShell script that gathers system metadata as well
SASE Solutions Fall Short Without Enterprise Browser Extensions, New Report Reveals

SASE Solutions Fall Short Without Enterprise Browser Extensions, New Report Reveals

Mar 27, 2024 Data Protection / Browser Security
As SaaS applications dominate the business landscape, organizations need optimized network speed and robust security measures. Many of them have been turning to SASE, a product category that offers cloud-based network protection while enhancing network infrastructure performance. However, a new report: "Better Together: SASE and Enterprise Browser Extension for the SaaS-First Enterprise" ( Download here ), challenges SASE's ability to deliver comprehensive security against web-borne cyber threats on its own. From phishing attacks to malicious extensions and account takeovers, traditional network traffic analysis and security falls short. The report sheds light on these limitations and introduces the role of secure browser extensions as an essential component in a comprehensive security strategy. SASE Advantages and Limitations SASE takes on a dual role in addressing both infrastructure and security. However, while SASE offers clear advantages in security, it may not e
Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

Mar 27, 2024 Vulnerability / Cybercrime
A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called  Agent Tesla . Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment notification, urging the user to open an archive file attachment. The archive ("Bank Handlowy w Warszawie - dowód wpłaty_pdf.tar.gz") conceals a malicious loader that activates the procedure to deploy Agent Tesla on the compromised host. "This loader then used obfuscation to evade detection and leveraged polymorphic behavior with complex decryption methods," security researcher Bernard Bautista  said  in a Tuesday analysis. "The loader also exhibited the capability to bypass antivirus defenses and retrieved its payload using specific URLs and user agents leveraging proxies to further obfuscate traffic." The tactic of embedding malware within seemingly benign files is
cyber security

Protecting Your Organization From Insider Threats - All You Need to Know

websiteWing SecuritySaaS Security
Get practical insights and strategies to manage inadequate offboarding and insider risks effectively.
What's the Right EDR for You?

What's the Right EDR for You?

May 10, 2024Endpoint Security / Threat Detection
A guide to finding the right endpoint detection and response (EDR) solution for your business' unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as the frontlines of defense, the battleground has shifted to endpoints. This is why endpoint detection and response (EDR) solutions now serve as critical weapons in the fight, empowering you and your organization to detect known and unknown threats, respond to them quickly, and extend the cybersecurity fight across all phases of an attack.  With the growing need to defend your devices from today's cyber threats, however, choosing the right EDR solution can be a daunting task. There are so many options and features to choose from, and not all EDR solutions are made with everyday businesses and IT teams in mind. So how do you pick the best solution for your needs? Why EDR Is a Must Because of
New SkidMap Linux Malware Variant Targeting Vulnerable Redis Servers

New SkidMap Linux Malware Variant Targeting Vulnerable Redis Servers

Aug 07, 2023 Data Security / Linux
Vulnerable  Redis services  have been targeted by a "new, improved, dangerous" variant of a malware called SkidMap that's engineered to target a wide range of Linux distributions. "The malicious nature of this malware is to adapt to the system on which it is executed," Trustwave security researcher Radoslaw Zdonczyk  said  in an analysis published last week. Some of the Linux distribution SkidMap sets its eyes on include Alibaba, Anolis, openEuler, EulerOS, Stream, CentOS, RedHat, and Rocky. SkidMap was  first disclosed  by Trend Micro in September 2019 as a cryptocurrency mining botnet with capabilities to load malicious kernel modules that can obfuscate its activities as well as monitor the miner process. The operators of the malware have also been found camouflaging their backup command-and-control (C2) IP address on the Bitcoin blockchain, evocative of another botnet malware known as  Glupteba . "The technique of fetching real-time data from a de
New Rilide Malware Targeting Chromium-Based Browsers to Steal Cryptocurrency

New Rilide Malware Targeting Chromium-Based Browsers to Steal Cryptocurrency

Apr 04, 2023 Browser Security / Cryptocurrency
Chromium-based web browsers are the target of a new malware called Rilide that masquerades itself as a seemingly legitimate extension to harvest sensitive data and siphon cryptocurrency. "Rilide malware is disguised as a legitimate Google Drive extension and enables threat actors to carry out a broad spectrum of malicious activities, including monitoring browsing history, taking screenshots, and injecting malicious scripts to withdraw funds from various cryptocurrency exchanges," Trustwave SpiderLabs Research said in a report shared with The Hacker News. What's more, the stealer malware can display forged dialogs to deceive users into entering a two-factor authentication code to withdraw digital assets. Trustwave said it identified two different campaigns involving  Ekipa RAT  and  Aurora Stealer  that led to the installation of the malicious browser extension. While Ekipa RAT is distributed via booby-trapped Microsoft Publisher files, rogue Google Ads act as the
Hackers Using SVG Files to Smuggle QBot Malware onto Windows Systems

Hackers Using SVG Files to Smuggle QBot Malware onto Windows Systems

Dec 15, 2022 Email Security / Endpoint Security
Phishing campaigns involving the  Qakbot malware  are using Scalable Vector Graphics ( SVG ) images embedded in HTML email attachments. The new distribution method was spotted by Cisco Talos, which  said  it identified fraudulent email messages featuring HTML attachments with encoded SVG images that incorporate  HTML script tags . HTML smuggling is a  technique  that relies on using legitimate features of HTML and JavaScript to run encoded malicious code contained within the lure attachment and assemble the payload on a victim's machine as opposed to making an HTTP request to fetch the malware from a remote server. In other words, the idea is to evade email gateways by storing a binary in the form of a JavaScript code that's decoded and downloaded when opened via a web browser. The attack chain spotted by the cybersecurity company concerns a JavaScript that's smuggled inside of the SVG image and executed when the unsuspecting email recipient launches the HTML attachme
Emotet Botnet Distributing Self-Unlocking Password-Protected RAR Files to Drop Malware

Emotet Botnet Distributing Self-Unlocking Password-Protected RAR Files to Drop Malware

Oct 21, 2022
The notorious  Emotet botnet  has been linked to a new wave of malspam campaigns that take advantage of password-protected archive files to drop CoinMiner and Quasar RAT on compromised systems. In an  attack chain  detected by Trustwave SpiderLabs researchers, an invoice-themed ZIP file lure was found to contain a nested self-extracting (SFX) archive, the first archive acting as a conduit to launch the second. While phishing attacks like these traditionally require persuading the target into opening the attachment, the cybersecurity company said the campaign sidesteps this hurdle by making use of a batch file to automatically supply the password to unlock the payload. The first SFX archive file further makes use of either a PDF or Excel icon to make it appear legitimate, when, in reality, it contains three components: the password-protected second SFX RAR file, the aforementioned batch script which launches the archive, and a decoy PDF or image. "The execution of the batch f
Researchers Warn of Increase in Phishing Attacks Using Decentralized IPFS Network

Researchers Warn of Increase in Phishing Attacks Using Decentralized IPFS Network

Jul 29, 2022
The decentralized file system solution known as IPFS is becoming the new "hotbed" for hosting phishing sites, researchers have warned. Cybersecurity firm Trustwave SpiderLabs, which disclosed specifics of the spam campaigns, said it identified no less than 3,000 emails containing IPFS phishing URLs as an attack vector in the last three months. IPFS , short for InterPlanetary File System, is a peer-to-peer (P2P) network to store and share files and data using cryptographic hashes, instead of URLs or filenames, as is observed in a traditional client-server approach. Each hash forms the basis for a unique content identifier ( CID ). The idea is to create a resilient distributed file system that allows data to be stored across multiple computers. This would allow information to be accessed without having to rely on third parties such as cloud storage providers, effectively making it resistant to censorship. "Taking down phishing content stored on IPFS can be difficult
Casino Sues Cyber Security Company Over Failure to Stop Hackers

Casino Sues Cyber Security Company Over Failure to Stop Hackers

Jan 16, 2016
IT security firm Trustwave has been sued by a Las Vegas-based casino operator for conducting an allegedly "woefully inadequate" investigation following a network breach of the casino operator's system. Affinity Gaming , an operator of 5 casinos in Nevada and 6 elsewhere in the United States, has questioned Trustwave's investigation for failing to shut down breach that directly resulted in the theft of credit card data, allowing credit card thieves to maintain their foothold during the investigation period. The lawsuit, filed in the US District Court in Nevada, is one of the first cases of its kind where a client challenges a cyber security firm over the quality of its investigation following a hacking attack. Casino Sued an IT Security Firm Affinity Gaming said it hired Trustwave in late 2013 to analyze and clean up computer network intrusions that allowed attackers to obtain its customers' credit card data. It was reported that the details
Cybersecurity
Expert Insights
Cybersecurity Resources