Xopero Security Center: Dark-Nexus, xHelper, bugs and stealers

Welcome to our newest security review. There is a new botnet which has gone through a very fast development process. Dark-Nexus is probably the most sophisticated IoT botnet malware spotted in the wild right now.

Monday, 6 April 2020

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner (Source)
Zoom Blow as Thousands of Users Videos Are Found Online (Source)
Russian telco hijacks internet traffic for Google, AWS, Cloudflare, and others (Source)
This Map Shows the Global Spread of Zero-Day Hacking Techniques (Source)

Tuesday, 7 April 2020

Italian email provider Email.it hacked, data of 600k users available for sale (Source)
Thousands of Android apps contain undocumented backdoors, study finds (Source)
Atlassian issues advice on how to keep your IT service desk secure… after hundreds of portals found facing the internet amid virus lockdown (Source)
Elasticsearch Database with 42 Million Records of Iranian Citizen Found Exposed Online (Source)
Cybercriminals Hide Malware & Phishing Sites Under SSL Certificates (Source)
Login details of verified Zoom accounts posted on Dark Web (Source)
Serious Exchange Flaw Still Plagues 350K Servers (Source)
A New Ultrasonic Hack Can Exploit Your Siri (Source)
Microsoft Buys Corp.com So Bad Guys Can’t (Source)

Wednesday, 8 April 2020

Hackers Are Bundling Cryptominer With a Seemingly Legit Zoom Installer on Unofficial Websites (Source)
New IoT botnet launches stealthy DDoS attacks, spreads malware (Source)
This is why the vicious xHelper malware resists factory wipes and reboots (Source)
Researchers use 3D-printed fingerprints to unlock an iPhone8, laptops (Source)
After Adopting COVID-19 Lures, Sophisticated Groups Target Remote Workers (Source)

Thursday, 9 April 2020

7 ways hackers and scammers are exploiting coronavirus pandemic (Source)
Google removes Android VPN with ‘critical vulnerability’ from Play Store (Source)
Serious  vulnerabilities patched in Chrome, Firefox (Source)
Cloudflare dumps reCAPTCHA as Google intends to charge for its use  (Source)
Unique P2P Architecture Gives DDG Botnet ‘Unstoppable’ Status (Source)
Copycat Site Serves Up Raccoon Stealer (Source)

Friday, 10 April 2020

Large email extortion campaign underway, DON’T PANIC! (Source)
Ransomware scumbags leak Boeing, Lockheed Martin, SpaceX documents after contractor refuses to pay (Source)