Huntress uncovered a complex cyberattack by North Korean threat actor TA444, involving a fake Zoom extension, AppleScript abuse, and a custom macOS malware suite to steal cryptocurrency. The attack used social engineering, deepfake impersonations, and sophisticated macOS techniques, targeting organizations in the crypto and fintech sectors. #TA444 #BlueNoroff #macOSmalware #cryptosecurity…
Tag: MACOS
The article analyzes a targeted intrusion by the North Korean BlueNoroff threat group against a Web3 organization, focusing on phishing lures disguised as Zoom extensions and extensive infrastructure pivoting using DNS, host, and registration data. Nearly 200 related malicious domains and numerous IP addresses linked to DPRK activity were identified to enable proactive threat tracking. #BlueNoroff #APT38 #LazarusGroup #ZoomExtension #Validin
Microsoft is investigating a search malfunction in OneDrive affecting Windows, Android, iOS, and web users, with files still accessible despite no search results. Additionally, a separate issue causing slow-motion videos on iOS devices has been reported, and Microsoft is actively working to identify the root causes.
#OneDriveSearchBug #iOSSlowMotionVideos
DuckDuckGo has expanded its Scam Blocker to protect users from a wider array of online scams, including fake e-commerce, crypto sites, and scareware. The privacy-centric browser offers enhanced security features without compromising user anonymity. #DuckDuckGo #ScamBlocker #CryptoScams #FakeStores
North Korean threat actor BlueNoroff has been exploiting remote workers in the Web3 sector through sophisticated deepfake Zoom calls to deliver malware onto macOS devices. The group is known for targeting cryptocurrency organizations and evolving its attack methods with multi-stage payloads. #BlueNoroff #APT38 #CryptoTraitor #GolamagGhost #TraderTraitor…
Meta Platforms is introducing support for passkeys on Facebook, enhancing login security and user convenience across devices. The feature, supported by the FIDO Alliance, aims to be available soon on Android, iOS, and Messenger, with additional rollout plans for WhatsApp and potentially Instagram. #Passkeys #MetaPlatforms…
North Korean hackers, specifically the group “Famous Chollima,” are targeting job applicants in the cryptocurrency and blockchain sector to infect devices and steal data. Their campaigns involve fake employer websites, skill tests, and malware like PylangGhost and INLETDRIFT to manipulate victims into unwittingly installing malicious software. #NorthKoreanHackers #FamousChollima #CryptocurrencyTheft #Malware #CyberEspionage…
North Korean hacking group BlueNoroff is using deepfake video calls and fake Zoom links to trick Mac users into installing malware, primarily targeting cryptocurrency theft. Their sophisticated attack techniques include deploying custom malware on macOS devices, highlighting the growing threat to Apple systems. #BlueNoroff #Deepfake #CryptoTheft
Cisco Talos uncovered a new Python-based remote access trojan (RAT) named PylangGhost, used exclusively by the North Korean-aligned threat actor Famous Chollima to target Windows users in cryptocurrency and blockchain sectors. This Python RAT is functionally similar to the GolangGhost RAT, which targets MacOS, and both are deployed via fake job…
Threat actors are actively exploiting a two-year-old security vulnerability in discontinued TP-Link routers, specifically models like TL-WR940N, TL-WR841N, and TL-WR740N. CISA has warned users to cease using these outdated devices and has added the CVE-2023-33538 vulnerability to its KEV list due to active exploitation. #CISA #TPLinkVulnerability…
![Cybersecurity News | Daily Recap [16 Jun 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [16 Jun 2025]")
Dark Web law enforcement actions succeeded in dismantling the Archetyp Market, a significant darknet drug hub, leading to arrests and β¬7.8 million in seized assets. Additionally, notable data breaches impacted Zoomcar and Asheville Eye Associates, while evolving ransomware and malware like Anubis and Predator spyware continue to pose threats. These incidents highlight ongoing challenges in cybersecurity, emphasizing the need for vigilant protection and strategic defenses. #ArchetypMarket #AnubisRansomware #PredatorSpyware #ZoomcarDataBreach #AshevilleEyeBreach
This article highlights how cyber attackers use stealth tactics to stay hidden, making detection challenging. It discusses recent vulnerabilities, threat actor methods, and the importance of vigilance against unnoticed threats. #AppleZeroClick #MicrosoftZeroDay…
Cybersecurity researchers have identified malicious packages on PyPI and npm that target developers by stealing sensitive data, including credentials and environment variables. These threats demonstrate sophisticated multi-stage attack methods and emphasize the importance of vigilant security practices in open-source development environments. #chimera-sandbox-extensions #Pypi #npm #PulsarRAT #slopsquatting…
Denmarkβs government agencies are transitioning from Microsoft products to open-source software like LibreOffice to enhance digital sovereignty and reduce reliance on U.S. tech companies. The move is driven by cost, market dominance concerns, and geopolitical tensions, aligning with a broader European trend toward digital independence. #LibreOffice #DigitalSovereignty…
Ransomware actors have been exploiting a path traversal vulnerability (CVE-2024-57727) in SimpleHelp Remote Monitoring and Management (RMM) version 5.5.7 and earlier to target downstream customers, particularly in the utility billing sector. CISA urges immediate mitigation steps including software upgrades, system isolation, and threat hunting to prevent and respond to these attacks….