The Hacker News’s Tweets

Researchers have identified a new #phishing-as-a-service (PhaaS) called "EvilProxy" that is being promoted in the dark web as a way for cybercriminals to bypass security measures employed by online services. Read: thehackernews.com/2022/09/new-ev #infosec #cybersecurity #hacking

New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security

Researchers have identified a new phishing-as-a-service (PhaaS) called EvilProxy that is being promoted in the dark web as a way for cybercriminals.

4

119

185

Researchers uncover "TeslaGun," a previously undocumented software control panel used by the financially motivated cybercrime group TA505 to manage its "ServHelper" backdoor #malware attacks. Read details: thehackernews.com/2022/09/ta505- #infosec #cybersecurity #hacking

TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks

Researchers detail TeslaGun, a previously undocumented software control panel used by the financially motivated cybercrime group TA505.

46

68

Researchers uncover targeted #cyberattacks by the "Worok" espionage #hacking group against high-profile Asian companies and local governments. Read details: thehackernews.com/2022/09/worok- #infosec #cybersecurity #technology

Worok Hackers Target High-Profile Asian Companies and Governments

Researchers uncover targeted attacks by cyber espionage hacking group Worok against high-profile Asian companies and governments.

1

39

70

7h

#Google found that some former members of the Conti #cybercrime group repurposed their hacking techniques to target Ukraine in financially and politically motivated attacks. Read: thehackernews.com/2022/09/some-m #infosec #hacking #malware #technews #cybersecurity

Some Members of Conti Group Targeting Ukraine in Financially Motivated Attacks

Google found that some former members of the Conti cybercrime group repurposed their hacking techniques to target Ukraine in financial attacks.

1

42

54

9h

Law enforcement authorities have dismantled WT1SHOP online #cybercrime marketplace for selling stolen login credentials, credit cards and other personal information. Read details: thehackernews.com/2022/09/author #infosec #cybersecurity #hacking #technology

Authorities Shut Down WT1SHOP Site for Selling Stolen Credentials and Credit Cards

U.S. Authorities Shut Down WT1SHOP Cybercrime Market for Selling Stolen Credentials and Credit Cards

3

23

27

Topics to follow

Sign up to get Tweets about the Topics you follow in your Home timeline.

Carousel

9h

Researchers discover a new stealthy #malware, dubbed Shikitega, that targets #Linux-based systems and #IoT devices via a multi-stage infection chain and uses polymorphic encoders to evade detection. Details: thehackernews.com/2022/09/new-st #infosec #cybersecurity #hacking #technews

New Stealthy Shikitega Malware Targeting Linux Systems and IoT Devices

Researchers discover a new stealthy malware, dubbed Shikitega, that targets Linux-based systems and IoT devices via a multi-stage infection chain.

54

74

9h

North Korean hacker group Lazarus has been spotted deploying a new remote access trojan, dubbed "MagicRAT," in targeted campaigns exploiting #VMware Horizon platforms. Read details: thehackernews.com/2022/09/north- #infosec #cybersecurity #hacking #malware

North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns

Lazarus hackers have been spotted deploying a new remote access trojan (RAT), dubbed "MagicRAT," in targeted campaigns exploiting VMware Horizon.

1

48

80

15h

MooBot, a new variant of the Mirai #botnet, has been spotted exploiting unpatched D-Link devices to include them in its army of denial-of-service bots. Read: thehackernews.com/2022/09/mirai- #infosec #hacking #cyberattack

Mirai Variant MooBot Botnet Exploiting D-Link Router Vulnerabilities

MooBot, a new variant of the Mirai botnet, has been spotted exploiting unpatched D-Link devices to include them in its army of denial-of-service bots.

55

65

16h

A new critical remote code execution #vulnerability (CVE-2022-34747) has been found in #Zyxel network-attached storage (NAS) devices — Firmware patch update released. Read: thehackernews.com/2022/09/critic #infosec #cybersecurity #hacking #technews

Critical RCE Vulnerability Affects Zyxel NAS Devices — Firmware Patch Released

A new critical remote code execution vulnerability (CVE-2022-34747) has been found in Zyxel network-attached storage (NAS) devices.

46

60

Researchers discover a backdoor in the "Prynt information stealing #malware" that its creator added to secretly steal a copy of victims' data exfiltrated by other cybercriminals. Read details: thehackernews.com/2022/09/prynt- #infosec #cybersecurity #hacking #privacy #technews

Prynt Stealer Contains a Backdoor to Steal Victims' Data Stolen by Other Cybercriminals

Researchers discovered a backdoor in the "Prynt information stealing malware" that the developer added to secretly steal a copy of victims' data.

1

58

73

A new version of the notorious SharkBot #Android banking trojan has once again made its way into the #Google Play Store by disguising itself as an #antivirus and cleaner app. Read details: thehackernews.com/2022/09/fake-a #infosec #cybersecurity #hacking #malware

Fake Antivirus and Cleaner Apps Caught Installing SharkBot Android Banking Trojan

A new version of the notorious SharkBot Android banking trojan has once again made its way into the Google Play Store.

4

105

135

UPDATE — #TikTok reiterated that its security team found no evidence of a #databreach. "We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases." thehackernews.com/2022/09/tiktok

5

65

122

#DevOps &#SecDevOps rely on a wide range of tools & processes. #TuxCare's ePortal neatly integrates into the workflow, providing a holistic approach to securely deploy & teardown systems, protected with live patching during the complete lifecycle. Read:

Integrating Live Patching in SecDevOps Workflows

SecDevOps translates into a more secure environment over the entire lifecycle of a system.

16

38

Shikitega - New stealthy malware targeting Linux cybersecurity.att.com/blogs/labs-res #infosec

2

63

92

Researchers uncover targeted #cyberattacks by the "Worok" espionage #hacking group against high-profile Asian companies and local governments. Read details: thehackernews.com/2022/09/worok- #infosec #cybersecurity #technology

Worok Hackers Target High-Profile Asian Companies and Governments

Researchers uncover targeted attacks by cyber espionage hacking group Worok against high-profile Asian companies and governments.

1

39

70

What Is Your Security Team Profile? Prevention, Detection, or Risk Management thehackernews.com/2022/09/what-i #infosec

What Is Your Security Team Profile? Prevention, Detection, or Risk Management

Most mature enterprises with plenty of resources are also interested in automating, customizing, and scaling up their red team activities.

1

24

36

Researchers uncover "TeslaGun," a previously undocumented software control panel used by the financially motivated cybercrime group TA505 to manage its "ServHelper" backdoor #malware attacks. Read details: thehackernews.com/2022/09/ta505- #infosec #cybersecurity #hacking

TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks

Researchers detail TeslaGun, a previously undocumented software control panel used by the financially motivated cybercrime group TA505.

46

68

Bypassing Voice Biometrics with Deep Fakes | Red Team

Using Deep Fakes to Bypass Voice Biometrics netspi.com/blog/technical #technews

netspi.com

Learn how we utilized deep fakes to bypass the voice biometrics authentication system of a tech support hotline.

1

45

86

#Google has released an urgent update for the #Chrome browser for Windows, Mac, and #Linux systems to patch a newly discovered zero-day #vulnerability that attackers are exploiting in the wild. Read details: thehackernews.com/2022/09/google #infosec #cybersecurity #hacking #technews

Google Release Urgent Chrome Update to Patch New Zero-Day Vulnerability

Google has released an urgent update for the Chrome browser for Windows, Mac, and Linux systems to patch a newly discovered zero-day vulnerability.

4

235

280

Samsung suffered a #databreach that exposed personal information of some of its U.S. customers. Read: thehackernews.com/2022/09/samsun #infosec #cybersecurity

Samsung Admits Data Breach that Exposed Details of Some U.S. Customers

Samsung suffered a data breach that exposed some personal information from its U.S. customers.

3

60

84

Researchers have identified a new #phishing-as-a-service (PhaaS) called "EvilProxy" that is being promoted in the dark web as a way for cybercriminals to bypass security measures employed by online services. Read: thehackernews.com/2022/09/new-ev #infosec #cybersecurity #hacking

New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security

Researchers have identified a new phishing-as-a-service (PhaaS) called EvilProxy that is being promoted in the dark web as a way for cybercriminals.

4

119

185

Researchers have discovered a new #Android #spyware that is capable of collecting extensive information and is distributed under the guise of a book that likely targets the #Uyghur community in China. Details: thehackernews.com/2022/09/resear #cybersecurity #privacy #hacking #malware

Researchers Find New Android Spyware Campaign Targeting Uyghur Community

Researchers have discovered a new Android spyware malware that is capable of collecting extensive information and is distributed under the guise of a

49

62

#QNAP has issued an advisory urging NAS device users to update Photo Station #software to the latest available version after discovering another DeadBolt #ransomware attack exploiting a zero-day #vulnerability. Read details: thehackernews.com/2022/09/qnap-w #infosec #hacking #malware

QNAP Warns of New DeadBolt Ransomware Attacks Exploiting Photo Station Flaw

QNAP has issued an advisory urging NAS device users to update Photo Station software to the latest available version.

54

61

UPDATE — #TikTok reiterated that its security team found no evidence of a #databreach. "We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases." thehackernews.com/2022/09/tiktok

5

65

122

#TikTok has denied reports of a #databreach after a hacker group claimed to have gained access to information on two billion of its users. Read details: thehackernews.com/2022/09/tiktok #infosec #cybersecurity #hacking

TikTok Denies Data Breach Reportedly Exposing Over 2 Billion Users' Information

TikTok has denied reports of a data breach after a hacker group claimed to have gained access to information on two billion of its users.

12

102

169

#Ransomware hackers are abusing an anti-cheat system driver for the extremely popular game "Genshin Impact" to disable #antivirus software on targeted computers. Read detail: thehackernews.com/2022/09/ransom #infosec #cybersecurity #hacking

Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus

Ransomware hackers are abusing an anti-cheat system driver for the extremely popular game Genshin Impact to disable antivirus software.

5

64

86

Aug 31

Researchers uncover malicious #Chrome browser extensions with a total install base of over 1,400,000 that are masquerading as #Netflix viewers and profiting from retail affiliate programs. Read details: thehackernews.com/2022/08/expert #infosec #cybersecurity #hacking

Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users

Researchers uncover malicious Chrome browser extensions with a total install base of over 1,400,000 that are masquerading as Netflix viewers.

92

110

WATCH OUT! PyPI, #Python Package Index, automatically executes code on the system when developers merely download a package. ⅓ of PyPI packages use the feature. Using it hackers can achieve higher infection rates in supply-chain attacks. thehackernews.com/2022/09/warnin #infosec

Warning: PyPi Feature Executes Code Automatically After Python Package Download

PyPI, the Python Package Index, automatically executes code on the system when developers merely download a package.

88

104

Researchers have identified a new #hacking group "JuiceLedger" behind the first-known #phishing campaign targeting the #Python Package Index. Read details: thehackernews.com/2022/09/juicel #infosec #cybersecurity #PyPI

JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPi Users

Researchers have identified a new hacking group "JuiceLedger" behind the first known phishing campaign targeting the Python Package Index.

55

63

A new version of the notorious SharkBot #Android banking trojan has once again made its way into the #Google Play Store by disguising itself as an #antivirus and cleaner app. Read details: thehackernews.com/2022/09/fake-a #infosec #cybersecurity #hacking #malware

Fake Antivirus and Cleaner Apps Caught Installing SharkBot Android Banking Trojan

A new version of the notorious SharkBot Android banking trojan has once again made its way into the Google Play Store.

4

105

135

#Apple has backported a security patch to older #iPhones, iPads and #iPod touch models to address a critical #vulnerability that has been actively exploited in the wild. Read details — thehackernews.com/2022/09/apple- #infosec #cybersecurity #hacking #malware

Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability

Apple has backported a security patch to older iPhones, iPads and iPod touch models to address a critical vulnerability that has been actively exploit

2

102

134

A newly reported "high severity #vulnerability" in the #TikTok app for #Android could have allowed attackers to take over accounts. Read details: thehackernews.com/2022/09/micros #infosec #cybersecurity #hacking

Microsoft Discover Severe ‘One-Click’ Exploit for TikTok Android App

A newly reported "high severity vulnerability" in the TikTok app for Android could have allowed attackers to take over accounts.

1

97

119

Researchers have found that the attack infrastructure used to hack #Cisco in May 2022 was also used to attack the holding company of an unnamed large workforce management solutions company. Read details: thehackernews.com/2022/09/infra- #cyberattackk #hacking #cybersecurity #malware

Infra Used in Cisco Hack Also Targeted Workforce Management Solution

Researchers have found that the attack infrastructure used to hack Cisco in May 2022 was also used to attack the holding company.

52

64

The Ultimate Security Blind Spot You Don't Know You Have Read details: thehackernews.com/2022/09/the-ul #infosec #cybersecurity #securecoding #coding

The Ultimate Security Blind Spot You Don't Know You Have

Using instructor-led training, e-learning, hands-on labs, and gamification, Cydrill offers a novel and effective way to learn how to code securely.

5

30

65

Samsung suffered a #databreach that exposed personal information of some of its U.S. customers. Read: thehackernews.com/2022/09/samsun #infosec #cybersecurity

Samsung Admits Data Breach that Exposed Details of Some U.S. Customers

Samsung suffered a data breach that exposed some personal information from its U.S. customers.

3

60

84

#Google has released an urgent update for the #Chrome browser for Windows, Mac, and #Linux systems to patch a newly discovered zero-day #vulnerability that attackers are exploiting in the wild. Read details: thehackernews.com/2022/09/google #infosec #cybersecurity #hacking #technews

Google Release Urgent Chrome Update to Patch New Zero-Day Vulnerability

Google has released an urgent update for the Chrome browser for Windows, Mac, and Linux systems to patch a newly discovered zero-day vulnerability.

4

235

280

8 elements of securing Node.js applications | Red Hat Developer

8 elements of securing Node.js applications developers.redhat.com/articles/2022/ #infosec

developers.redhat.com

Making your Node.js applications secure is an essential part of the development of Node.js modules and applications. Security practices apply to both the code itself and your software development...

1

30

60

Researchers have identified over 1,800 apps for #Android and #iOS containing hard-coded #Amazon Web Services (AWS) credentials, posing a major security risk. Read details: thehackernews.com/2022/09/over-1 #infosec #cybersecurity #hacking #databreach #technology