Researchers Discover Intrusive ‘HotPage’ Malware with Microsoft-Signed Driver

Category: Cybersecurity

HotPage.exe, a software installer initially detected as adware, has been found to deploy a Microsoft-signed driver that injects code into system processes and intercepts browser traffic. Developed by Hubei Dunwang Network Technology Co., Ltd., the software falsely claims to enhance web browsing while actually displaying intrusive ads and collecting user data. The malware's kernel-level access allows for further exploitation, raising significant privacy and security concerns. The Microsoft Security Response Center was notified, leading to the driver’s removal from the Windows Server Catalog.

Keywords: HotPage.exe, malware, Microsoft-signed driver

Source: The Cyber Express

Update At: 7/19/2024

Related Sources

Russian hacker prosecuted in Georgia among prisoners swapped by U.S.

In November 2008, hackers led by Seleznev accessed 45.5 million debit card numbers from WorldPay, resulting in over $9.4 million stolen from ATMs worldwide. Seleznev, a key figure in the cyberattack, was later prosecuted and ordered to pay significant restitution. He was arrested in 2014 while on vacation and is linked to a larger identity theft organization.

AJC.com

Iran’s Internet Attacked—‘Reported Collapse’ As Israeli Hackers Strike

An Israeli hacking group, WeRedEvils, claimed responsibility for attacks on Iranian internet providers, leading to reported internet outages in parts of Iran. They announced their actions on Telegram, stating they had infiltrated Iranian communications and gathered intelligence. The situation remains unclear, with reports of a potential retaliation from Iran following a recent attack attributed to Israel's military.

Forbes

Israeli hacker group takes responsibility for reported collapse of Wi-Fi in Iran

The Israeli hacker group 'We Red Evils Original' claimed responsibility for WiFi outages in Iran, announcing their intent to attack internet systems. Reports indicate internet blackouts in parts of Iran, particularly Tehran. The group has previously hacked into Iran's oil infrastructure and blocked communication for the Hadid family. They also claimed to have disrupted internet access in Yemen in response to Houthi missile launches.

The Jerusalem Post

Iranian Internet Attacked by Israeli Hacktivist Group: Reports

WeRedEvils, an Israeli hacktivist group, claimed responsibility for a cyberattack that disrupted internet access in parts of Iran, including Tehran. The group announced the attack via Telegram, stating they successfully infiltrated Iranian communications and gathered sensitive information. This incident follows heightened tensions after the assassination of Hamas leader Ismail Haniyeh by Israeli forces, with Iran reportedly preparing a retaliatory response. WeRedEvils has a history of cyberattacks against Iranian infrastructure, including previous disruptions to oil systems and the electrical grid.

Security Boulevard

Israeli hacktivist group claims it took down Iran's internet

Israel-based hacktivist group WeRedEvils claims responsibility for an internet outage in Iran, asserting they infiltrated Iranian computer systems and stole data. They announced their intentions to attack Iranian systems via Telegram, citing the success of their operations, including the shutdown of government websites. The group has a history of cyber attacks against Iran, including a previous assault on the electricity grid.

The Register

Now and next for cybersecurity managed services

The cybersecurity managed services market is projected to grow by 15% in 2024, driven by increased demand for security measures and the evolving MSP model. The report analyzes factors such as the impact of recent outages, enterprise spending patterns, and the influence of major players like Palo Alto Networks and Google. It highlights the transition to comprehensive service offerings, the risks of vendor concentration, and the role of AI in enhancing cybersecurity services.

Canalys

MSPs expected to manage cybersecurity infrastructure, finds report

A survey reveals that 65% of MSP customers expect their providers to manage cybersecurity alongside IT infrastructure. This shift reflects a growing demand for security capabilities, with 73% of MSPs noting increased interest in security during business meetings. Many MSPs are responding by increasing budgets for security and regulatory capabilities, indicating a significant change in their operational focus.

Comms Business

Trust and proactive investment crucial for MSPs amid cybersecurity regulation hurdles

MSPs at an eSentire roundtable emphasized the importance of trust with clients, proactive security investments, and the impact of cloud migration on cybersecurity. They also discussed challenges related to cyber insurance and the necessity of remediation services and ongoing education for effective cybersecurity practices.

IT Europa

MSP market turns to providing security solutions

New research indicates that managed service providers (MSPs) are increasingly expected to manage cybersecurity alongside IT infrastructure, with 65% of customers demanding this dual role. The study highlights a significant gap in in-house cybersecurity roles among customers, prompting MSPs to enhance their security services. Additionally, 33% of MSPs have increased their security budgets, and 28% have made specialist hires in cybersecurity and regulatory areas.

BetaNews

Cybersecurity in the spotlight at 14th UK Managed Services Summit

Cybersecurity will be a key focus at the 14th annual UK Managed Services Summit in London, featuring discussions on the complexities of the threat landscape, innovative technologies for defense against cybercrime, and the integration of compliance and AI in cybersecurity services. Key presentations from industry leaders will provide insights into effective strategies for Managed Service Providers.

IT Europa