#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Zscaler | Breaking Cybersecurity News | The Hacker News

Category — Zscaler
New Grandoreiro Banking Malware Campaign Targeting Spanish Manufacturers

New Grandoreiro Banking Malware Campaign Targeting Spanish Manufacturers

Aug 20, 2022
Organizations in the Spanish-speaking nations of Mexico and Spain are in the crosshairs of a new campaign designed to deliver the  Grandoreiro  banking trojan.  "In this campaign, the threat actors impersonate government officials from the Attorney General's Office of Mexico City and from the Public Ministry in the form of spear-phishing emails in order to lure victims to download and execute 'Grandoreiro,' a prolific banking trojan that has been active since at least 2016, and that specifically targets users in Latin America," Zscaler  said  in a report. The ongoing attacks, which commenced in June 2022, have been observed to target automotive, civil and industrial construction, logistics, and machinery sectors via multiple infection chains in Mexico and chemicals manufacturing industries in Spain. Attack chains entail leveraging spear-phishing emails written in Spanish to trick potential victims into clicking on an embedded link that retrieves a ZIP archive
Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11

Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11

Jul 25, 2022
Microsoft is now taking steps to prevent Remote Desktop Protocol (RDP) brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the  security baseline  to meet the evolving threat landscape. To that end, the default policy for Windows 11 builds – particularly, Insider Preview builds 22528.1000 and newer – will automatically lock accounts for 10 minutes after 10 invalid sign-in attempts. "Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute-force password vectors," David Weston, Microsoft's vice president for OS security and enterprise,  said  in a series of tweets last week. "This technique is very commonly used in Human Operated Ransomware and other attacks -- this control will make brute forcing much harder which is awesome!" It's worth pointing out that while this  account lockout setting  is already incorporated in Windows 10, it's not enabled by default. The f
5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage

5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage

Oct 01, 2024Generative AI / Data Protection
Since its emergence, Generative AI has revolutionized enterprise productivity. GenAI tools enable faster and more effective software development, financial analysis, business planning, and customer engagement. However, this business agility comes with significant risks, particularly the potential for sensitive data leakage. As organizations attempt to balance productivity gains with security concerns, many have been forced to choose between unrestricted GenAI usage to banning it altogether. A new e-guide by LayerX titled 5 Actionable Measures to Prevent Data Leakage Through Generative AI Tools is designed to help organizations navigate the challenges of GenAI usage in the workplace. The guide offers practical steps for security managers to protect sensitive corporate data while still reaping the productivity benefits of GenAI tools like ChatGPT. This approach is intended to allow companies to strike the right balance between innovation and security. Why Worry About ChatGPT? The e
Several New Play Store Apps Spotted Distributing Joker, Facestealer and Coper Malware

Several New Play Store Apps Spotted Distributing Joker, Facestealer and Coper Malware

Jul 19, 2022
Google has taken steps to ax dozens of fraudulent apps from the official Play Store that were spotted propagating Joker, Facestealer, and Coper malware families through the virtual marketplace. While the Android storefront is considered to be a trusted source for discovering and installing apps, bad actors have repeatedly found ways to sneak past security barriers erected by Google in hopes of luring unsuspecting users into downloading malware-laced apps. The latest findings from  Zscaler ThreatLabz  and  Pradeo  are no different. "Joker is one of the most  prominent malware families  targeting Android devices," researchers Viral Gandhi and Himanshu Sharma said in a Monday report. "Despite public awareness of this particular malware, it keeps finding its way into Google's official app store by regularly modifying the malware's trace signatures including updates to the code, execution methods, and payload-retrieving techniques." Categorized as  fleecewa
cyber security

2024 State of SaaS Security Report eBook

websiteWing SecuritySaaS Security / Insider Threat
A research report featuring astonishing statistics on the security risks of third-party SaaS applications.
Researchers Uncover New Attempts by Qakbot Malware to Evade Detection

Researchers Uncover New Attempts by Qakbot Malware to Evade Detection

Jul 13, 2022
The operators behind the Qakbot malware are transforming their delivery vectors in an attempt to sidestep detection. "Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel (XLM) 4.0 to trick victims into downloading malicious attachments that install Qakbot," Zscaler Threatlabz researchers Tarun Dewan and Aditya Sharma  said . Other methods adopted by the group include code obfuscation, introducing new layers in the attack chain from initial compromise to execution, and using multiple URLs as well as unknown file extensions (e.g., .OCX, .ooccxx, .dat, or .gyp) to deliver the payload. Also called QBot, QuackBot, or Pinkslipbot, Qakbot has been a  recurring threat  since late 2007, evolving from its initial days as a banking trojan to a modular information stealer capable of deploying next-stage payloads such as  ransomware . "Qakbot is a flexible post-exploi
Researchers Detail PureCrypter Loader Cyber Criminals Using to Distribute Malware

Researchers Detail PureCrypter Loader Cyber Criminals Using to Distribute Malware

Jun 14, 2022
Cybersecurity researchers have detailed the workings of a fully-featured malware loader dubbed  PureCrypter  that's being purchased by cyber criminals to deliver remote access trojans (RATs) and information stealers. "The loader is a .NET executable obfuscated with SmartAssembly and makes use of compression, encryption, and obfuscation to evade antivirus software products," Zscaler's Romain Dumont  said  in a new report. Some of the malware families distributed using PureCrypter include  Agent Tesla ,  Arkei ,  AsyncRAT ,  AZORult ,  DarkCrystal RAT  (DCRat),  LokiBot ,  NanoCore ,  RedLine Stealer ,  Remcos ,  Snake Keylogger , and  Warzone RAT . Sold for a price of $59 by its developer named "PureCoder" for a one-month plan (and $249 for a one-off lifetime purchase) since at least March 2021, PureCrypter is advertised as the "only crypter in the market that uses offline and online delivery technique." Crypters act as the  first layer of de
Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks

Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks

Jun 13, 2022
The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East. "The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool 'DIG.net,'" Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar  said  in a report published last week. "The malware leverages a DNS attack technique called 'DNS Hijacking' in which an attacker-controlled DNS server manipulates the response of DNS queries and resolves them as per their malicious requirements." DNS hijacking is a  redirection attack  in which DNS queries to genuine websites are intercepted to take an unsuspecting user to fraudulent pages under an adversary's control. Unlike  cache poisoning , DNS hijacking targets the DNS record of the website on the nameserver, rather than a resolver's cache. Lyceum , also known as Hexane, Spirli
Hackers Trick Users with Fake Windows 11 Downloads to Distribute Vidar Malware

Hackers Trick Users with Fake Windows 11 Downloads to Distribute Vidar Malware

May 20, 2022
Fraudulent domains masquerading as Microsoft's Windows 11 download portal are attempting to trick users into deploying trojanized installation files to infect systems with the Vidar information stealer malware. "The spoofed sites were created to distribute malicious ISO files which lead to a Vidar info-stealer infection on the endpoint," Zscaler  said  in a report. "These variants of Vidar malware fetch the C2 configuration from attacker-controlled social media channels hosted on Telegram and Mastodon network." Some of the rogue distribution vector domains, which were registered last month on April 20, consist of ms-win11[.]com, win11-serv[.]com, and win11install[.]com, and ms-teams-app[.]net. In addition, the cybersecurity firm cautioned that the threat actor behind the impersonation campaign is also leveraging backdoored versions of Adobe Photoshop and other legitimate software such as Microsoft Teams to deliver Vidar malware. The ISO file, for its part,
Cybersecurity
Expert Insights / Articles Videos
Cybersecurity Resources