Official Website HackMag
HackMag publishes high-quality translated content about information security, cyber security, hacking, malware and devops.
29 May
More than 60 malicious NPM packages are stealing user data
Socket’s Threat Research Team discovered an active campaign involving dozens of malicious npm packages that collect and leak information from victims’ systems. Over the past two weeks, unknown cybercriminals have published 60 malicious packages under three npm accounts: (…)
28 May
MathWorks affected by ransomware attack
MathWorks, Inc., an American corporation specializing in mathematical computing software, was affected by a ransomware attack resulting in service interruptions. Founded in 1984, MathWorks is headquartered in Massachusetts and has more than 34 offices worldwide with more than (…)
27 May
Many notorious hacker groups (e.g. North Korea’s Lazarus) use the BYOVD attack to gain access to kernel space and implement complex advanced persistent threats (APTs). The same technique is employed by the creators of the Terminator tool and various encryptor operators. This (…)
26 May
Packages intentionally destroying data discovered in NPM
Socket experts discovered in npm (node package manager) eight malicious packages that were downloaded from the repository more than 6,200 times over the last two years. All these packages could destroy data on users’ workstations. The malicious packages used typosquatting to (…)
23 May
Chrome will change compromised user passwords automatically
Google developers announced a new feature in the Chrome browser enabling its built-in password manager to change compromised credentials automatically. “When Chrome detects a compromised password during sign in, Google Password Manager prompts the user with an option to fix (…)
23 May
Chinese hackers use zero-day vulnerability in Trimble Cityworks to attack US Government networks
According to Cisco Talos, Chinese-speaking threat actors used a zero-day vulnerability in the Trimble Cityworks software to attack local governing bodies across the United States. Trimble Cityworks is a GIS-centric asset lifecycle management system used by local authorities, (…)
22 May
More than 100 dual-function Chrome extensions hijack sessions and steal user credentials
According to DomainTools Intelligence (DTI), more than 100 malicious Chrome browser extensions disguised as VPN services, AI assistants, crypto utilities, etc. are used to steal cookies and covertly execute remote scripts. Unknown cybercriminals have been have been (…)
21 May
IP cameras in pentesting. Improper use of security cameras
In the course of a pentesting audit, you can capture an image from a security camera and attach it to your report – just to please the customer. No doubt, such pictures are impressive, but what can be the real impact of attacks targeting cameras? Today I will show how to run (…)
20 May
Defendnot utility disables Microsoft Defender in Windows
A new tool called Defendnot can disable Microsoft Defender protection on Windows devices even if no real antiviruses are installed in the system. Defendnot has been developed by an IT researcher known as Arsenii es3n1n. The utility abuses an undocumented WSC API by (…)
19 May
Malware contained in NPM hides itself using Unicode-based steganography
A malicious package discovered in npm (node package manager) hides its code using invisible Unicode characters and uses Google Calendar links for communication with its C&C servers. According to Veracode, since the beginning of May, the malicious os-info-checker-es6 (…)
