A new wave of GoBruteforcer botnet malware attacks is targeting databases of cryptocurrency and blockchain projects on exposed servers believed to be configured using AI-generated examples.
GoBrutforcer is also known as GoBrut. It is a Golang-based botnet that typically targets exposed FTP, MySQL, PostgreSQL, and phpMyAdmin services.
The malware often relies on compromised Linux servers to scan random public IPs and carry out brute-force login attacks.
A team of researchers at the University of Waterloo have made a breakthrough in quantum computing that elegantly bypasses the fundamental “no cloning” problem. The research, “Encrypted Qubits can be Cloned,” appears in Physical Review Letters.
Quantum computing is an exciting technological frontier, where information is stored and processed in tiny units—called qubits. Qubits can be stored, for example, in individual electrons, photons (particles of light), atoms, ions or tiny currents.
Universities, industry, and governments around the world are spending billions of dollars to perfect the technology for controlling these qubits so that they can be combined into large, reliable quantum computers. This technology will have powerful applications, including in cybersecurity, materials science, medical research and optimization.
A new PHALT#BLYX campaign targets European hotels using fake Booking.com emails, ClickFix lures, PowerShell, and MSBuild to deploy DCRat malware.
The Kimwolf botnet, an Android variant of the Aisuru malware, has grown to more than two million hosts, most of them infected by exploiting vulnerabilities in residential proxy networks to target devices on internal networks.
Researchers observed increased activity for the malware since last August. Over the past month, Kimwolf has intensified its scanning of proxy networks, searching for devices with exposed Android Debug Bridge (ADB) services.
Common targets are Android-based TV boxes and streaming devices that allow unauthenticated access over ADB. Compromised devices are primarily used in distributed denial-of-service (DDoS) attacks, proxy resale, and monetizing app installations via third-party SDKs like Plainproxies Byteconnect.
A threat actor known as Zestix has been offering to sell corporate data stolen from dozens of companies likely after breaching their ShareFile, Nextcloud, and OwnCloud instances.
According to cybercrime intelligence company Hudson Rock, initial access may have been obtained through credentials collected by info-stealing malware such as RedLine, Lumma, and Vidar deployed on employee devices.
The three infostealers are usually distributed through malvertising campaigns or ClickFix attacks. This type of malware commonly targets data stored by web browsers (credentials, credit cards, personal info), messaging apps, and cryptocurrency wallets.
NordVPN denied allegations that its internal Salesforce development servers were breached, saying that cybercriminals obtained “dummy data” from a trial account on a third-party automated testing platform.
The company’s statement comes after a threat actor (using the 1,011 handle) claimed on a hacking forum over the weekend that they stole more than 10 databases containing sensitive information like Salesforce API keys and Jira tokens, following a brute-force attack against a NordVPN development server.
“Today i am leaking +10 DB’s source codes from a nordvpn development server. This information was acquired by bruteforcing a misconfigured server of Nordypn, which has salesforce and jira information stored. Compromissed information: SalesForce api keys, jira tokens and more,” the threat actor said.
A new ClickFix social engineering campaign is targeting the hospitality sector in Europe, using fake Windows Blue Screen of Death (BSOD) screens to trick users into manually compiling and executing malware on their systems.
A BSOD is a Windows crash screen displayed when the operating system encounters a fatal, unrecoverable error that causes it to halt.
In a new campaign first spotted in December and tracked by researchers at Securonix as “PHALT#BLYX,” phishing emails impersonating Booking.com led to a ClickFix social engineering attack that deployed malware.
The TOI Tech Desk is a dedicated team of journalists committed to delivering the latest and most relevant news from the world of technology to readers of The Times of India. TOI Tech Desk’s news coverage spans a wide spectrum across gadget launches, gadget reviews, trends, in-depth analysis, exclusive reports and breaking stories that impact technology and the digital universe. Be it how-tos or the latest happenings in AI, cybersecurity, personal gadgets, platforms like WhatsApp, Instagram, Facebook and more; TOI Tech Desk brings the news with accuracy and authenticity.
The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts.
“The campaign employs deceptive delivery techniques, including a weaponized Windows shortcut (LNK) file masquerading as a legitimate PDF document and embedded with full PDF content to evade user suspicion,” CYFIRMA said in a technical report.
Transparent Tribe, also called APT36, is a hacking group that’s known for mounting cyber espionage campaigns against Indian organizations. Assessed to be of Indian origin, the state-sponsored adversary has been active since at least 2013.