domain hosting | Breaking Cybersecurity News | The Hacker News

Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a cryptocurrency miner on affected Linux devices. The three harmful packages, named modularseven, driftme, and catme, attracted a total of 431 downloads over the past month before they were taken down. "These packages, upon initial use, deploy a CoinMiner executable on Linux devices," Fortinet FortiGuard Labs researcher Gabby Xiong  said , adding the activity shares overlaps with a  prior campaign  that involved the use of a package called culturestreak to deploy a crypto miner. The malicious code resides in the __init__.py file, which decodes and retrieves the first stage from a remote server, a shell script ("unmi.sh") that fetches a configuration file for the mining activity as well as the CoinMiner file  hosted on GitLab . The  ELF binary  file is then executed in the background using the  nohup command , thus ensuring that the process contin

As people increasingly work from home and online communication platforms such as Zoom explode in popularity in the wake of coronavirus outbreak, cybercriminals are taking advantage of the spike in usage by registering new fake "Zoom" domains and malicious "Zoom" executable files in an attempt to trick people into downloading malware on their devices. According to a report published by Check Point and shared with The Hacker News, over 1,700 new "Zoom" domains have been registered since the onset of the pandemic, with 25 percent of the domains registered in the past seven days alone. "We see a sharp rise in the number of 'Zoom' domains being registered, especially in the last week," said Omer Dembinsky, Manager of Cyber Research at Check Point . "The recent, staggering increase means that hackers have taken notice of the work-from-home paradigm shift that COVID-19 has forced, and they see it as an opportunity to deceive, lure,

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

As the world comes to grips with the coronavirus pandemic , the situation has proven to be a blessing in disguise for threat actors, who've taken advantage of the opportunity to target victims with scams or malware campaigns. Now, according to a new report published by Check Point Research today and shared with The Hacker News, hackers are exploiting the COVID-19 outbreak to spread their own infections, including registering malicious Coronavirus-related domains and selling discounted off-the-shelf malware in the dark web. "Special offers by different hackers promoting their 'goods' — usually malicious malware or exploit tools — are being sold over the darknet under special offers with 'COVID19' or 'coronavirus' as discount codes, targeting wannabe cyber-attackers," the cybersecurity firm said. COVID-19 Discounts: Exploit Tools for Sale The report comes following an uptick in the number of malicious coronavirus-related domains that hav

Besides Timehop , another data breach was discovered last week that affects users of one of the largest web hosting companies in Germany, DomainFactory, owned by GoDaddy. The breach initially happened back in last January this year and just emerged last Tuesday when an unknown attacker himself posted a breach note on the DomainFactory support forum. It turns out that the attacker breached company servers to obtain the data of one of its customers who apparently owes him a seven-figure amount, according to Heise . Later the attacker tried to report DomainFactory about the potential vulnerability using which he broke into its servers, but the hosting provider did not respond, and neither disclosed the breach to its customers. In that situation, the attacker head on to the company's support forum and broke the news with sample data of a few customers as proof, which forced DomainFactory to immediately shut down the forum website and initiate an investigation. Attacker G