Search results for Zeus | Breaking Cybersecurity News | The Hacker News

In a first-of-its-kind coordinated action, the U.K. and U.S. governments on Thursday levied sanctions against seven Russian nationals for their affiliation to the TrickBot, Ryuk, and Conti cybercrime operation. The individuals  designated  under sanctions are Vitaly Kovalev (aka Alex Konor, Bentley, or Bergen), Maksim Mikhailov (aka Baget), Valentin Karyagin (aka Globus), Mikhail Iskritskiy (aka Tropa), Dmitry Pleshevskiy (aka Iseldor), Ivan Vakhromeyev (aka Mushroom), and Valery Sedletski (aka Strix). "Current members of the TrickBot group are associated with Russian Intelligence Services," the U.S. Treasury Department  noted . "The TrickBot group's preparations in 2020 aligned them to Russian state objectives and targeting previously conducted by Russian Intelligence Services." TrickBot, which is attributed to a threat actor named ITG23, Gold Blackburn, and Wizard Spider, emerged in 2016 as a derivative of the Dyre banking trojan and evolved into a  highly

Businesses can leave themselves vulnerable to date theft and other online threats; particularly as security and IT budgets are under pressure as businesses look to save money. Although money is tight, it is important companies stay protected online, as on average, the total cost of security breaches including lost business in the UK last year was $2,565,702 (US dollars). Data theft and other online threats presently represent a significant danger for businesses in the UK. Compounding this problem is the economic downturn, which is leading many executives to cancel, defer or downsize security budgets. To highlight the risks facing companies today, Astaro has compiled the following list detailing the five most serious internet security holes. 1. Browser vulnerabilities No provider is immune to the security holes that keep appearing in web browsers. A recent example is the CSS bug that affected Internet Explorer versions 6, 7, and 8 (CVE-2010-3962). This bug targ

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Shylock, a financial malware platform discovered by Trusteer in 2011, is a non-Zeus-based information-stealing trojan that improved methodology for injecting code into additional browser processes to take control of a computer, and an improved evasion technique to prevent malware scanners from detecting its presence. Why this Name ?  Shylock named after the ruthless money lender in Shakespeare's The Merchant of Venice, also deletes its installation files, runs solely in memory, and begins the process again once the infected machine reboots. Shylock has gained a new trick: The ability to detect whether it's running in a virtual machine (VM) that is being analyzed by malware researchers. What New ?  Latest Shylock dropper detects a remote desktop environment by feeding invalid data into a certain routine and then observing the error code returned. It uses this return code to differentiate between normal desktops and other "lab" environments. In particular, when execu

The French Ministry of Finance was hit by an unprecedented cyber attack in December, with over 150 computers compromised, according to reports. Hackers got their hands on documents related to the current French presidency of the G20 and international economic affairs, Paris Match reported. Patrick Pailloux, the executive director of l'ANSSI (Agence Nationale de la Securite des Systemes d'Information), said it was the first time the French state had been targeted by an attack of this scale. Pailloux also revealed other French Government departments had been targeted. The hackers used a Trojan to infiltrate systems, having sent emails to French Government workers, using what appeared to be standard social engineering tactics. Pailloux said an operation had been carried out to improve defences at the Government department. There have been rumblings the attack came from China, although no solid proof has emerged. "I can say that we know of hacker groups in China specialising in this sort

A new botnet emerged from underground and is menacing payment world, the cyber threat dubbed vSkimmer come from Russia according revelation of McAfee security firm .  The security expert Chintan Shah wrote on a blog post that during monitoring of Russian underground forum found a discussion about a Trojan for sale that can steal credit card information from Windows PC for financial transactions and credit card payments.  vSkimmer agent is able to detect card readers on the victim's machine and gather all the information from the Windows machines sending it to a remote control server encrypting it (Base64). The malware collects the following information from the infected machine and sends it to the control server: Machine GUID from the Registry Locale info Username Hostname OS version The vSkimmer malware indicated as the successor of the popular Dexter, a financial malware that targeted Point-of-Sale systems to grab card data as it transmitted during sales flow. Dexter

While accessing your Bank account online, Have you ever thought… ...there could be a Hacker, somewhere in the World, who is after your Money? Maybe NO . Because, you believe that your bank offers Secure banking solution, Right? At The Hacker News, we have reported many incidents of cyber attacks , which proves that Banks are more often being targeted by Hackers, despite robust Banking Security mechanisms. Today we are going to talk about security of one of the  Denmark's Largest Bank , reviewed by Sijmen Ruwhof , an Ethical Hacker, and IT Security Consultant. Ruwhof recently published a blog post, " How I could Hack Internet Bank accounts of Danish Largest Bank in a few minutes ". His In-depth technical post explains the extent to which Danske Bank , one of the largest Danish Bank, is vulnerable to hacking. In August, Ruwhof got intrigued with the idea of testing Bank's security while interacting with a group of Danish hackers at the Chaos Communica

How do you know whether an attacker has infiltrated your network? Can you really rely on an Endpoint Detection and Response (EDR) solution to be your go-to technology for identifying security breaches? Endpoint detection and response (EDR) platform has been an important technology to detect cybersecurity incidents, but it provides only the view of endpoints, just a portion of the big picture. Since hackers can explore and exploit anything within reach, not just a few monitored endpoints, many security professionals are reaching the realization that the actual attack surface of their organizations is significantly wider than only endpoints. In an ideal and more effective approach to security, a broader set of attack vectors and activity data should be examined to get a more complete view of the attack operation. On top of the endpoint, security solutions must also include cloud, threat intelligence, network data, and logging information, among others. If you haven't already,

Impassioned Framework Download - Another Crimeware Available for Free ! Russo is the creator of Impassioned Framework - Browser Exploitation Kit , a subscription-based software vulnerability exploit service. He is 23 year old the young hacker, This toolkits designed to be stitched into a Web site and probe visitor PCs for security holes that can be used to surreptitiously install malicious software. Impassioned Framework Recent Attack : Security weaknesses in the hugely popular file-sharing Web site thepiratebay.org have exposed the user names, e-mail and Internet addresses of more than 4 million Pirate Bay users using this Kit. Browsers Affected : - Chrome - Firefox - Msie 6 - Msie 7 - Msie 8 - Opera - Safari Os Affected : - Windows x - Unix and OS X NON AFFECTED Best exploits currently available: - MS09_002 - MS09_043 - MS Dshow - iepeers.dll - Firefox escape - Firefox CompareTo - Java Calendar - Adobe Reader Lib - Adobe Reader newPlayer - Adobe Fla

A data-stealing Trojan affecting Android devices has emerged in China. The Geinimi Trojan sends location co-ordinates, unique device identifiers, and a list of installed apps on the infected device to a remote server. Additionally, it can independently download applications and prompts the user to install them, mobile security company Lookout said on Wednesday. "Geinimi's author(s) have raised the sophistication bar significantly over and above previously observed Android malware by employing techniques to obfuscate its activities," Lookout said in a blog post on Wednesday. "In addition to using an off-the-shelf bytecode obfuscator, significant chunks of command-and-control data are encrypted. While the techniques were easily identified and failed to thwart analysis, they did substantially increase the level of effort required to analyse the malware." When an application containing the Trojan is launched on an Android device, the Trojan will run in the backgro

It sounds like an air traveler's nightmare, Researchers at Trusteer recently uncovered a variant of the Citadel Trojan targeting the virtual private network (VPN) credentials used by employees at a major airport.The firm would not disclose the name of the airport because the situation is being investigated by law enforcement. Many businesses use VPNs to provide outside workers with access to secure data. Incursions on these networks often involve advanced "Man in the Browser" malware such as the Citadel, Zeus, and SpyEye programs. The man-in-the-browser (MITB) assault first used form-grabbing malware, which steals data entered into web forms before it is passed over the internet, to steal the airport employees' VPN usernames and passwords, Amit Klein, Trusteer's chief technology officer, said in a blog post. "This was potentially very dangerous, but we don't know whether the attacker group was targeting the financial system of the airport for economic gain or if the attack wa

Organizations in Italy are the target of a new phishing campaign that leverages a new strain of malware called  WikiLoader  with an ultimate aim to install a banking trojan, stealer, and spyware referred to as  Ursnif  (aka Gozi). "It is a sophisticated downloader with the objective of installing a second malware payload," Proofpoint  said  in a technical report. "The malware uses multiple mechanisms to evade detection and was likely developed as a malware that can be rented out to select cybercriminal threat actors." WikiLoader is so named due to the malware making a request to Wikipedia and checking that the response has the string "The Free." The enterprise security firm said it first detected the malware in the wild on December 27, 2022, in connection with an intrusion set mounted by a threat actor it tracks as  TA544 , which is also known as Bamboo Spider and Zeus Panda. The campaigns are centered around the use of emails containing either Micro

Colombian authorities on Wednesday said they have arrested a Romanian hacker who is wanted in the U.S. for distributing a virus that infected more than a million computers from 2007 to 2012. Mihai Ionut Paunescu (aka "Virus"), the individual in question, was detained at the El Dorado airport in Bogotá, the Office of the Attorney General of Colombia  said . Paunescu was  previously charged  by the U.S. Department of Justice (DoJ) in January 2013 for operating a bulletproof hosting service that "enabled cyber criminals to distribute the Gozi Virus, the Zeus Trojan and other notorious malware, and conduct other sophisticated cyber crimes." He was arrested in Romania in December 2012 but managed to avoid extradition to the U.S. "Through this service, Paunescu, like other bulletproof hosts, knowingly provided critical online infrastructure to cyber criminals that allowed them to commit online criminal activity with little fear of detection by law enforcement,&

McAfee is making security predictions for 2011. The firm outlines its top threats for next year in the 2011 Threat Predictions report -- and Android, iPhone, Foursquare, Google TV, and Mac OS X are listed as major cybercrime targets. Politically motivated attacks are also expected to increase, a la WikiLeaks. "We've seen significant advancements in device and social-network adoption, placing a bullseye on the platforms and services users are embracing the most," said Vincent Weafer, senior vice president of McAfee Labs. "These platforms and services have become very popular in a short amount of time, and we're already seeing a significant increase in vulnerabilities, attacks and data loss." Social-Media Threats Social-media threats are nothing new, but expect to see more of them next year. McAfee Labs expects social-media services that use URL shortening will be under attack because its easier for cybercriminals to mask the full URL and direct users to m

Once again Facebook is on The Hacker News ! This time not for any scam or surveillance, but for a different reason.  The social networking giant has managed to take down a Greek botnet that used Facebook to spread malware and infected 250,000 computers to mine crypto-currencies, steal bitcoins, email passwords and banking details. Facebook is always one of the favourite weapon of cyber criminals, cyber thieves and scammers due to its popularity among other social media platforms. This social networking platform, with more than one billion active users, provides special opportunities for people to connect and share information, as well as also serves a great platform for malware developers and scammers. The botnet, dubbed as Lecpetex , was around from December 2013 to last month and compromised around 50,000 Facebook accounts at its peak, under which users would receive spam Facebook messages that would typically like "lol" with a zip archive attachment . O

Tor network offers users browse the Internet anonymously and is mostly used by activists, journalists to conceal their online activities from prying eyes. But it also has the Dark side, as Tor is also a Deep Web friendly tool that allows hackers and cyber criminals to carry out illicit activities by making themselves anonymous. Kaspersky security researcher reported that Tor network is currently being used to hide 900 botnet and other illegal hidden services, through its 5,500 plus nodes i.e. Server relays and 1,000 exit nodes i.e. Servers from which traffic emerges. These days, Cyber criminals are hosting malware's Command-and-control server on an anonymous Tor network to evade detection i.e., difficult to identify or eliminate. Illegal use of the Tor network boosted up after the launch of the most popular underground Drug Market - Silk road  that also offered arms and malware to their users against Bitcoin , one of the popular crypto currency . ChewBacca , a point-

Microsoft and a consortium of cybersecurity companies took legal and technical steps to disrupt the ZLoader botnet , seizing control of 65 domains that were used to control and communicate with the infected hosts. "ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based organized crime gang operating malware as a service that is designed to steal and extort money," Amy Hogan-Burney, general manager of Microsoft's Digital Crimes Unit (DCU),  said . The operation, Microsoft said, was undertaken in collaboration with ESET, Lumen's Black Lotus Labs, Palo Alto Networks Unit 42, Avast, Financial Services Information Sharing and Analysis Center (FS-ISAC), and Health Information Sharing and Analysis Center (H-ISAC). As a result of the disruption, the domains are now redirected to a sinkhole, effectively preventing the botnet's criminal operators from contacting the compromised devices.