#data-exfiltration

[ follow ]
Information security
fromThe Hacker News
5 hours ago

Russian APT28 Deploys "NotDoor" Outlook Backdoor Against Companies in NATO Countries

APT28 deployed an Outlook VBA backdoor called NotDoor that monitors emails for a trigger to exfiltrate data, upload files, execute commands, and persist via DLL side-loading.
fromIT Pro
13 hours ago

Cybersecurity experts issue urgent warning amid surge in Stealerium malware attacks

Stealerium infostealer has surged, exfiltrating credentials, crypto wallets, Wi‑Fi and VPN data via multiple channels and leveraging social‑engineering lures for global campaigns.
#ransomware
more#ransomware
Information security
fromThe Hacker News
1 week ago

Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks

Storm-0501 performs cloud-native data exfiltration, destroys backups, and extorts victims without traditional malware, targeting hybrid cloud and multi-tenant environments to escalate privileges and evade detection.
fromThe Hacker News
1 week ago

ShadowSilk Hits 36 Government Targets in Central Asia and APAC Using Telegram Bots

ShadowSilk conducts spear-phishing campaigns to exfiltrate data from government organizations across Central Asia and APAC, leveraging YoroTrooper-related tooling and bilingual operators.
Information security
fromThe Hacker News
1 week ago

Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data

Hackers breached Salesloft to steal Drift OAuth and refresh tokens, enabling exfiltration of Salesforce data and credentials from multiple corporate instances.
fromTheregister
2 weeks ago

'Screenshot-grabbing' Chrome VPN extension still available

A popular Chrome VPN extension secretly captured page screenshots and transmitted them to a remote server despite verified status and Chrome Web Store safeguards.
fromTheregister
2 weeks ago

Perplexity's Comet browser faced prompt injection vuln

To the surprise of no one in the security industry, processing untrusted, unvalidated input is a bad idea. Until about a week ago, Perplexity's AI-based Comet browser did just that - asked to summarize a web page, the AI-powered browser would ingest the text on the page, no questions asked, and process it. And if the page text - visible or hidden - happened to include malicious instructions, Comet would attempt to comply, carrying out what's known as an indirect prompt injection attack.
Information security
#cybersecurity
Information security
fromHackernoon
2 months ago

In the Blink of an LED, Secrets Slip Away: The Rise of Optical Data Theft | HackerNoon

Optical data exfiltration makes air-gapped systems vulnerable, relying on LEDs to transmit sensitive information covertly.
Growth hacking
fromThe Hacker News
2 months ago

Water Curse Hijacks 76 GitHub Accounts to Deliver Multi-Stage Malware Campaign

Introduction of a new threat actor, Water Curse, utilizing GitHub for malware distribution, targeting data exfiltration and persistent access.
fromHackernoon
2 months ago
Information security

In the Blink of an LED, Secrets Slip Away: The Rise of Optical Data Theft | HackerNoon

more#cybersecurity
fromIT Pro
1 month ago

Developers face a torrent of malware threats as malicious open source packages surge 188%

"Attackers are no longer simply experimenting with open source. The numbers are telling us that threat actors have identified data as the most profitable target, and developers as the easiest way in."
Privacy technologies
Node JS
fromThe Hacker News
4 months ago

Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers

A malicious campaign utilizes Node.js to distribute payloads that enable data theft, masquerading as cryptocurrency trading software.
fromTheregister
4 months ago

Whistleblower describes how DOGE tore through NLRB IT system

Whistleblower claims serious security breaches at NLRB due to DOGE's unrestricted data access.
[ Load more ]