Researchers have encounter a replacement malware variant, dubbed Vizom, that’s being actively utilized in a lively campaign across Brazil. The malware is currently being used to compromise bank accounts via online financial services. It impersonate itself as a video-conferencing application and evades security checks.
Hackers have started using project management solution Basecamp to spread malware or acquire login credentials. In one instance, the service was used to distribute BazarLoader executables. By abusing trusted services such as Basecamp to stored and host malicious files and phishing pages, users can be tricked into a false sense of trust and open files that they normally would not.
Cisco has issued a new warning about the active exploitation of a new high-severity vulnerability, CVE-2020-3118. It affects carrier-grade routers that run the Cisco IOS XR. The National Security Agency (NSA) has included the flaw among the top 25 security vulnerabilities actively being targeted by Chinese state-sponsored threat actors.
Security Researchers have found variants of a new downloader, named PowGoop, in a cyber espionage attack launched by the threat actor group MuddyWater. The attack is being carried out against government agencies in the Middle East . The new malware downloader is a part of MuddyWater’s suite of tools for compromising targets and extending their infiltration into networks.
It has been discovered that a black hat hacker is selling personally identifiable information (PII) of over 200 million Americans on the dark web. This also includes the voter registration information of 186 million Americans. Researchers are concerned that the data will be used by threat actors for disinformation campaigns (and other malicious activities).