#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

Volexity | Breaking Cybersecurity News | The Hacker News

Category — Volexity
Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials

Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials

Nov 16, 2024 Vulnerability / VPN Security
A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet's FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA . Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind DEEPDATA, DEEPPOST, and LightSpy . "DEEPDATA is a modular post-exploitation tool for the Windows operating system that is used to gather a wide range of information from target devices," security researchers Callum Roxan, Charlie Gardner, and Paul Rascagneres said in a technical report. The malware first came to light earlier this week, when BlackBerry detailed the Windows-based surveillance framework as used by the China-linked APT41 threat actor to harvest data from WhatsApp, Telegram, Signal, WeChat, LINE, QQ, Skype, Microsoft Outlook, DingDing, Feishu, KeePass, as well as applic...
Unmasking XE Group: Experts Reveal Identity of Suspected Cybercrime Kingpin

Unmasking XE Group: Experts Reveal Identity of Suspected Cybercrime Kingpin

Jun 01, 2023 Cybercrime / Malware
Cybersecurity researchers have unmasked the identity of one of the individuals who is believed to be associated with the e-crime actor known as  XE Group . According to  Menlo Security , which pieced together the information from different online sources, "Nguyen Huu Tai, who also goes by the names Joe Nguyen and Thanh Nguyen, has the strongest likelihood of being involved with the XE Group." XE Group (aka XeThanh), previously documented by  Malwarebytes  and  Volexity , has a history of carrying out cyber criminal activities since at least 2013. It's suspected to be a threat actor of Vietnamese origin. Some of the entities targeted by the threat actor span government agencies, construction organizations, and healthcare sectors. It's known to compromise internet-exposed servers with known exploits and monetize the intrusions by installing password theft or  credit card skimming code  for online services. "As far back as 2014, the threat actor wa...
Watch Out For These 8 Cloud Security Shifts in 2025

Watch Out For These 8 Cloud Security Shifts in 2025

Feb 04, 2025Threat Detection / Cloud Security
As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let's take a look… #1: Increased Threat Landscape Encourages Market Consolidation Cyberattacks targeting cloud environments are becoming more sophisticated, emphasizing the need for security solutions that go beyond detection. Organizations will need proactive defense mechanisms to prevent risks from reaching production. Because of this need, the market will favor vendors offering comprehensive, end-to-end security platforms that streamline risk mitigation and enhance operational efficiency. #2: Cloud Security Unifies with SOC Priorities Security operations centers (SOC) and cloud security functions are c...
Microsoft Alerts Cryptocurrency Industry of Targeted Cyberattacks

Microsoft Alerts Cryptocurrency Industry of Targeted Cyberattacks

Dec 07, 2022 Cryptocurrency / Threat Intelligence
Cryptocurrency investment companies are the target of a developing threat cluster that uses Telegram groups to seek out potential victims. Microsoft's Security Threat Intelligence Center (MSTIC) is tracking the activity under the name  DEV-0139 , and builds upon a recent report from Volexity that attributed the same set of attacks to North Korea's  Lazarus Group . "DEV-0139 joined Telegram groups used to facilitate communication between VIP clients and cryptocurrency exchange platforms and identified their target from among the members," the tech giant  said . The adversary subsequently impersonated another cryptocurrency investment company and invited the victim to join a different Telegram chat group under the pretext of asking for feedback on the trading fee structure used by exchange platforms across VIP tiers. It's worth pointing out that the  VIP program  is  designed  to  reward   high-volume traders  with exclusive trading ...
cyber security

Webinar: 5 Ways New AI Agents Can Automate Identity Attacks | Register Now

websitePush SecurityAI Agents / Identity Security
Watch how Computer-Using Agents can be used by attackers to automate account takeover and exploitation.
North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts

North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts

Jul 30, 2022
A threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers that's capable of stealing email content from Gmail and AOL. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls  SharpTongue , which is said to share overlaps with an  adversarial collective  publicly referred to under the name  Kimsuky . SharpTongue has a history of singling out individuals working for organizations in the U.S., Europe, and South Korea who "work on topics involving North Korea, nuclear issues, weapons systems, and other matters of strategic interest to North Korea," researchers Paul Rascagneres and Thomas Lancaster  said . Kimsuky 's use of rogue extensions in attacks is not new. In 2018, the actor was seen utilizing a Chrome plugin as part of a campaign called  Stolen Pencil  to infect victims and steal browser cookies and passwords. But the latest espionag...
Expert Insights / Articles Videos
Cybersecurity Resources