FISA

Source: The Hacker News A new wave of malicious Chrome extensions is putting millions of users at risk by masquerading as trusted tools like Fortinet VPN, YouTube utilities, and productivity boosters. Despite their appearance, these add-ons are anything but helpful. Once installed, they silently exfiltrate browser cookies, act as proxies for remote servers, and give attackers direct control over a user’s online traffic. Researchers at DomainTools uncovered that many of these extensions—some of which remained available on the Chrome Web Store until recently—were built to appear benign while executing advanced data theft operations behind the scenes. The fake “fortivpn” extension, for example, compressed and encrypted all browser session cookies and transmitted them to a command-and-control server, a tactic more commonly associated with advanced persistent threat actors [1]. The distribution campaign is unusually sophisticated. Threat actors have registered more than 100 convincing domai...

  Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross-site scripting (XSS) vulnerabilities in Roundcube webmail servers to target over 80 organizations. These entities are primarily located in Georgia, Poland, and Ukraine, according to Recorded Future, which attributed the intrusion set to a threat actor known as Winter Vivern, which is also known as TA473 and UAC0114. The cybersecurity firm is  tracking  the hacking outfit under the moniker Threat Activity Group 70 (TAG-70). Winter Vivern's exploitation of security flaws in Roundcube and software was previously highlighted by ESET in October 2023, joining other Russia-linked threat actor groups such as APT28, APT29, and Sandworm that are known to target email software. The adversary, which has been active since at least December 2020, has also been linked to the abuse of a now-patched vulnerability in Zimbr...

Every morning at roughly the same time, a Russian hacker group known as NoName057(16) carries out distributed denial-of-service (DDoS) attacks on European financial institutions, government websites or transportation services. Last week, the group claimed responsibility for disrupting the websites of several banks and financial institutions in the Czech Republic and Poland, which it considers hostile to the Russian state because of its support to Ukraine. Like other pro-Kremlin hacktivist gangs, including Killnet or the Cyber Army of Russia, NoName057(16) orchestrates relatively simple and short-lived DDoS incidents with the help of hundreds of volunteers. The goal is to disrupt daily life, even for a few minutes. But there are some things that set this group apart, researchers say. In the Russian cybercrime landscape, NoName057(16) is a "lone wolf," according to Pascal Geenens, the director of cyberthreat intelligence at the cybersecurity firm Radware. The group doesn't ...