hacking Archives

TrendTechie

August 16, 2025

Labubu-охота на криптопользователей, опасные торренты с фильмами и другие события кибербезопасности

- A user lost 140 ETH (approximately ,500) on August 15 due to crypto address "poisoning," resulting in a total loss of over .6 million from similar incidents within a week. - Labubu fans in Russia fell victim to a cryptocurrency theft scheme involving a counterfeit marketplace that prompted users to connect their crypto wallets. - The Efimer Trojan malware, distributed through compromised WordPress sites and torrents, has been identified as a method for stealing cryptocurrency by replacing wallet addresses in the clipboard. - Pro-Russian hackers gained control of a dam in Norway, opening discharge valves and allowing over 7.2 million liters of water to pass through before being stopped. - A cybersecurity researcher discovered a vulnerability in a car dealer's online portal that allowed remote access to customer data and vehicle control. - Tajikistan reportedly lost over million due to illegal mining activities. - BtcTurk suspended withdrawals amid suspicious transactions totaling million. - Hackers extracted million in Bitcoin from the Odin.fun platform, and KYC data leaks have led to increased attacks on crypto investors.

Tech Optimizer

August 15, 2025

Another devious antivirus killer tool has been found – so make sure you’re protected

The Crypto24 ransomware group, identified in September 2024, employs advanced tactics to disable antivirus protections before launching attacks. They use a custom variant of the open-source tool RealBlindingEDR.malware to neutralize AV defenses, sometimes uninstalling antivirus programs entirely. After gaining access to a target system, they deploy a keylogger and an encryptor, exfiltrating data to Google Drive with a specialized tool. The group has targeted large organizations in the U.S., Europe, and Asia, focusing on sectors like finance, manufacturing, technology, and entertainment. Cybersecurity experts recommend a layered defense strategy, including reputable antivirus solutions with tamper protection, real-time monitoring, firewalls, and additional anti-malware tools to mitigate risks.

Winsage

August 8, 2025

Warning: Windows Hello Security Bypassed Using Other People’s Faces

A vulnerability in the Windows Hello facial recognition sign-in system was demonstrated at the Black Hat hacking conference by Dr. Baptiste David and Tillmann Osswald from ERNW Research. They showed that an individual with local admin credentials could bypass the security mechanism by injecting biometric information, allowing the system to recognize any face or fingerprint. This issue stems from the architecture of Windows Hello, which uses a cryptographic key stored in a database linked to the Windows Biometric Service. Although Microsoft's Enhanced Sign-in Security feature could help mitigate such attacks, it is often disabled due to hardware requirements. Researchers suggest that fixing the vulnerability would require significant code changes by Microsoft and recommend users disable biometric authentication in favor of a traditional PIN for better security.

Winsage

August 5, 2025

North Korean Cyberattackers Conceal Malicious Software Inside JPEG Images

North Korean state-sponsored hackers, part of the APT37 group, are using advanced steganography techniques to embed malicious software within JPEG image files. The RoKRAT malware variant employs a two-stage encryption process, starting with the creation of large malicious shortcut files disguised as legitimate documents. These .lnk files download JPEG images from cloud storage services, which appear to contain valid image headers but actually conceal encrypted malware code. The malware is revealed through multiple XOR decryption operations. Security researchers have identified the steganographic payload at offset 0x4201 within the images. The malware generates temporary files in the %LOCALAPPDATA% directory and executes through rundll32.exe, complicating detection. APT37 also uses fileless attack strategies, injecting shellcode into legitimate Windows processes and exploiting cloud services for command and control operations. Recent attacks have targeted South Korean organizations using social engineering tactics. Traditional antivirus solutions are inadequate against these techniques, prompting experts to recommend Endpoint Detection and Response (EDR) systems for real-time monitoring of anomalous activities.

Tech Optimizer

August 4, 2025

Zero-Day Flaw in PostgreSQL Exploited to Target BeyondTrust Systems

A significant PostgreSQL vulnerability, CVE-2025–1094, was identified during the investigation of another vulnerability, CVE-2024–12356, which was exploited in the BeyondTrust breach in December 2024. The breach involved unauthorized access to BeyondTrust's systems and was linked to the state-sponsored hacking group Silk Typhoon from China. The U.S. Treasury Department confirmed its network was compromised through a stolen BeyondTrust API key. CVE-2025–1094 is an SQL injection vulnerability that allows attackers to execute arbitrary SQL commands due to improper handling of invalid UTF-8 byte sequences. Rapid7 found that CVE-2024–12356's exploitation relied on CVE-2025–1094, and that CVE-2025–1094 could be exploited independently. BeyondTrust issued patches for these vulnerabilities, but the patch for CVE-2024–12356 did not directly address the underlying cause of CVE-2025–1094. The exploitation of these vulnerabilities underscores the need for timely patching and proactive security measures in organizations using PostgreSQL.

AppWizard

July 30, 2025

Tea app hacked: private messages stolen

Messaging capabilities on the women's dating safety app, Tea, have been suspended due to a cybersecurity breach that compromised thousands of images, posts, comments, and direct messages. The company reported that some direct messages were accessed during the incident, which was first disclosed in late July. Tea has 1.6 million users and is investigating the breach, offering free identity protection services to affected users. Some exposed messages contained sensitive discussions, raising concerns about potential risks such as blackmail. The breach involved the hacking of 72,000 images, including those with users' photo IDs, despite the app's claim of immediate deletion after authentication. The incident affects members who registered before February 2024.

TrendTechie

July 23, 2025

Когда Mafia 4 появится на торрентах

On August 8, 2025, Mafia: The Old Country, a prequel in the mafia franchise developed by Hangar 13, will be released. The game is set in early 20th-century Sicily and follows Enzo Favara, a young Sicilian orphan and miner. It features a linear narrative focusing on deep storytelling and atmospheric immersion, departing from the open-world format of previous titles. Mafia: The Old Country will not be officially available for sale in Russia due to publisher Take-Two's policies, but players can use workarounds to acquire it. The game will include Denuvo anti-piracy protection, and it is unlikely to appear on torrent sites before summer 2026. Previous Mafia games were quickly pirated, but current Denuvo protections present a greater challenge, with cracking timelines for Denuvo-protected games averaging between two months to two years.

AppWizard

July 22, 2025

Beware – Iran-linked fake VPN apps found to spy on Android users

Researchers have identified a new spyware campaign targeting Iranian users of Android VPN applications, specifically a revamped version of DCHSpy, which disguises itself as legitimate VPN services like Starlink. This campaign began shortly after the Israel-Iran conflict and coincided with increased VPN usage among Iranians facing internet restrictions. DCHSpy can collect sensitive user data, including WhatsApp messages, contacts, SMS, files, location information, call logs, and has the ability to record audio and capture images. The spyware is maintained by the hacking group MuddyWater, linked to Iran's Ministry of Intelligence and Security, and has been enhanced with new functionalities. Malicious VPN services EarthVPN and ComodoVPN are being used to spread the malware, following the previous use of HideVPN. Experts warn that hackers are distributing malicious APKs through trusted platforms like Telegram, increasing risks for Iranian citizens. Security analyst Azam Jangrevi advises caution when downloading apps, recommending verified app stores and mobile security solutions to detect threats like DCHSpy. For high-risk professionals, she suggests using hardware-based security keys and vetted encrypted messaging applications.

Tech Optimizer

July 21, 2025

How Often Should You Update Your Antivirus Software?

Antivirus software protects devices from various digital threats, including viruses, Trojans, ransomware, and spyware. According to the 2025 Antivirus Statistics and Consumer Report, 75% of users believe their antivirus software effectively safeguards their devices. The effectiveness of antivirus software depends on the last update, as neglecting updates leaves devices vulnerable to emerging threats. Frequent updates are necessary because hackers continuously develop new malware. Failing to update antivirus software increases the risk of hacking and can degrade device performance. It is recommended to check for updates daily, perform manual checks weekly, and expect major updates every 3 to 6 months. Free antivirus software may offer limited protection and fewer updates, requiring users to be proactive in checking for updates.

AppWizard

July 18, 2025

Civilization 6 Platinum Edition goes free to kick off Epic’s 2025 Summer Sale

The Epic Games Store's 2025 Summer Sale has launched, featuring discounted titles and a free giveaway of the Civilization 6 Platinum Edition, which includes the base game, the Rise and Fall and Gathering Storm expansions, and six DLC packs. The Platinum Edition is available for free until July 24, while the sale runs until August 1. Other discounted games include It Takes Two, Star Wars Jedi: Survivor, Alan Wake Remastered, Far Cry 5, Dragon Age: The Veilguard, Homeworld: Deserts of Kharak, and Titanfall 2 Ultimate Edition. The Epic Rewards program allows users to earn rewards on purchases that can be used for future discounts.