freeware | Breaking Cybersecurity News | The Hacker News

A variant of a ransomware strain known as DJVU has been observed to be distributed in the form of cracked software. "While this attack pattern is not new, incidents involving a DJVU variant that appends the .xaro extension to affected files and demanding ransom for a decryptor have been observed infecting systems alongside a host of various commodity loaders and infostealers," Cybereason security researcher Ralph Villanueva  said . The new variant has been codenamed Xaro by the American cybersecurity firm. DJVU, in itself, is a  variant of the STOP ransomware , typically arrives on the scene masquerading as legitimate services or applications. It's also delivered as a payload of  SmokeLoader . A significant aspect of DJVU attacks is the deployment of additional malware, such as information stealers (e.g., RedLine Stealer and Vidar), making them more damaging in nature. In the latest attack chain documented by Cybereason, Xaro is propagated as an archive file from a

Chinese authorities have recently initiated a crackdown on the operators of a massive adware campaign that infected around 250 Million computers , including Windows and Mac OS, across the world earlier this year. The adware campaign was uncovered by security researchers at Check Point last month after it already infected over 25 million computers in India, 24 million in Brazil, 16 million in Mexico, 13 million in Indonesia and 5.5 million in the United States. Dubbed Fireball , the infamous adware comes bundled with other free legitimate software that you download off the Internet. Once installed, the malware installs browser plug-ins to manipulate the victim's web browser configurations and replace their default search engines and home pages with fake search engines. Far from legitimate purposes, Fireball has the ability to spy on victim's web traffic, execute malicious code on the infected computers, install plugins, and even perform efficient malware dropping, cr

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or