Category: Security News

New PowerExchange malware backdoors Microsoft Exchange servers

May 25, 2023

Bleeping computer reports* that A new PowerShell-based malware dubbed PowerExchange was used in attacks linked to APT34 Iranian state hackers to backdoor on-premise Microsoft Exchange servers. After infiltrating the mail server via a phishing email containing an archived malicious executable, the threat actors deployed a web shell named ExchangeLeech (first observed by the Digital14 Incident … More New PowerExchange malware backdoors Microsoft Exchange servers

ESET Research reveals new analysis of AceCryptor: used by crimeware, it hits computers 10,000 times every month

May 25, 2023

ESET researchers revealed today details about a prevalent cryptor malware, AceCryptor, which operates as a cryptor-as-a-service used by tens of malware families. This threat has been around since 2016, and has been distributed worldwide, with multiple threat actors actively using it to spread packed malware in their campaigns. During 2021 and 2022, ESET telemetry detected … More ESET Research reveals new analysis of AceCryptor: used by crimeware, it hits computers 10,000 times every month

Ireland fines Facebook owner Meta €1.2bn for mishandling user information

May 24, 2023

Facebook’s owner, Meta, has been fined a record €1.2bn (£1bn) and ordered to suspend the transfer of user data from the EU to the US by Ireland’s Data Protection Commission. The €1.2bn fine imposed by Ireland’s Data Protection Commission (DPC), which regulates Meta across the EU, is a record for a breach of the bloc’s … More Ireland fines Facebook owner Meta €1.2bn for mishandling user information

Legitimate Android app iRecorder turns malicious within a year, spies on its users, ESET Research discovers

May 23, 2023

As a Google App Defense Alliance partner, ESET detected a trojanized app available on the Google Play Store and named the AhMyth-based malware it contained AhRat. ESET researchers have discovered a trojanized Android app named iRecorder – Screen Recorder. It was available on Google Play as a legitimate app in September 2021, with malicious functionality … More Legitimate Android app iRecorder turns malicious within a year, spies on its users, ESET Research discovers

Android phones are vulnerable to fingerprint brute-force attacks

May 22, 2023

Bleeping computer reports* that Researchers at Tencent Labs and Zhejiang University have presented a new attack called ‘BrutePrint,’ which brute-forces fingerprints on modern smartphones to bypass user authentication and take control of the device. Brute-force attacks rely on many trial-and-error attempts to crack a code, key, or password and gain unauthorized access to accounts, systems, … More Android phones are vulnerable to fingerprint brute-force attacks