Penetration Testing

APRIL 8, 2025

Vidar Stealer, a notorious information-stealing malware that first emerged in 2018, continues to pose a significant threat by employing new distribution methods and evasion techniques. G DATA Security Lab’s analysis has uncovered a recent instance where Vidar Stealer was disguised within a legitimate system information tool.

Malware 116

Malware Cybersecurity 116

Krebs on Security

NOVEMBER 13, 2019

In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT , a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme.

Malware 243

Malware Advertising Marketing System Administration 243

Krebs on Security

APRIL 19, 2019

Marcus Hutchins, a 24-year-old blogger and malware researcher arrested in 2017 for allegedly authoring and selling malware designed to steal online banking credentials, has pleaded guilty to criminal charges of conspiracy and to making, selling or advertising illegal wiretapping devices. The government says between July 2012 and Sept.

Banking 236

Banking Malware Advertising Government 236

Malwarebytes

OCTOBER 18, 2024

The vulnerability, tracked as CVE-2024-44133 was fixed in the September 16 update for Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later).

Adware 145

Adware Spyware Mobile Technology 145

Security Affairs

APRIL 2, 2025

The malware was discovered on counterfeit Android devices mimicking popular smartphone models. “The malware has broad functionality and gives attackers almost unlimited control over the gadget” The malware, embedded in the system framework, provides attackers full control over the device. 231 banking malware.

Malware 125

Malware Cryptocurrency Mobile Firmware 125

Schneier on Security

MARCH 28, 2019

The attack took place between June and November 2018 and according to our telemetry, it affected a large number of users. [.]. Kaspersky Labs is reporting on a new supply chain attack they call "Shadowhammer.". In January 2019, we discovered a sophisticated supply chain attack involving the ASUS Live Update Utility.

Hacking 277

Hacking Malware 277

Krebs on Security

AUGUST 16, 2020

A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem. In fact, CVE-2020-1464 was first spotted in attacks used in the wild back in August 2018.

Antivirus 363

Antivirus Malware Software 363

Krebs on Security

FEBRUARY 17, 2021

million in a 2018 ATM cash out scheme targeting a Pakistani bank; and a total of $112 million in virtual currencies stolen between 2017 and 2020 from cryptocurrency companies in Slovenia, Indonesia and New York. Park was previously charged in 2018 in connection with the WannaCry and Sony Pictures attacks. Image: CISA.

Cryptocurrency 346

Cryptocurrency Financial Services Banking Government 346

eSecurity Planet

MAY 5, 2025

Cybersecurity analysts at Recorded Futures Insikt Group have identified the fresh threats as TerraStealerV2 and TerraLogger, two malware strains believed to be the latest additions to Golden Chickens growing Malware-as-a-Service (MaaS) arsenal. A familiar name behind major hacks Golden Chickens has been active since at least 2018.

Passwords 67

Passwords Malware Cryptocurrency Cybercrime 67

Krebs on Security

JANUARY 2, 2019

The company says its systems were hit by the Ryuk ransomware, the same malware strain that crippled printing and delivery operations for multiple major U.S. 29, 2018, the attackers broke in through a compromised login account on Christmas Eve and quickly began infecting servers with the Ryuk ransomware strain.

Ransomware 262

Ransomware Malware Backups Accountability 262

Security Affairs

MARCH 20, 2025

The archive contains a fake PDF report and DarkTortilla malware, which acts as a launcher for the Dark Crystal RAT ( DCRat ). DCRat first appeared in the threat landscape in 2018, but a year later it was redesigned and relaunched. In March 2025, threat actors distributed archived messages through Signal.

Computers and Electronics 111

Computers and Electronics Telecommunications Malware Surveillance 111

Digital Shadows

MARCH 17, 2025

Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. CVE-2018-13379: The Eternal Exploit What is CVE-2018-13379?

VPN 133

VPN Authentication Ransomware Risk 133

Krebs on Security

AUGUST 25, 2021

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for using a clever piece of digital clipboard-stealing malware that let them siphon his crypto holdings.

Cryptocurrency 362

Cryptocurrency Malware Mobile Accountability 362

Security Affairs

NOVEMBER 1, 2024

ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants. The experts noticed that a portion of the CVE-2018-4404 exploit is likely borrowed from the Metasploit framework.

Spyware 143

Spyware Media Hacking Malware 143

Security Affairs

DECEMBER 17, 2024

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. The Federal Bureau of Investigation (FBI) released a Private Industry Notification (PIN) to warn of HiatusRAT malware campaigns targeting Chinese-branded web cameras and DVRs. ” reads the PIN report.

Architecture 112

Architecture Internet Internet Malware 112

Security Affairs

NOVEMBER 2, 2024

Since 2018, Sophos has faced increasingly aggressive campaigns, including the India-based Sophos subsidiary Cyberoam, where attackers exploited a wall-mounted display for initial access. The threat actors exploited vulnerabilities in networking devices used by businesses to gain a foothold by installing custom malware.

Firmware 125

Firmware Government Firewall Malware 125

SecureList

JUNE 15, 2023

Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercriminal community. A MaaS operator is typically a team consisting of several people with distinct roles.

Malware 144

Malware Ransomware Cybercrime Hacking 144

The Last Watchdog

APRIL 21, 2021

At the time, in the spring of 2018, only 25 percent of commercial websites used HTTPS; today adoption is at 98 percent and rising. Attackers are taking advantage of TLS-protected web and cloud services, for malware delivery and for command-and-control, right under the noses of IT security teams and most security technologies.”.

Malware 214

Malware Firewall Encryption Data breaches 214

The Hacker News

JUNE 13, 2024

Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least 2018.

Malware 123

Malware 123

SecureList

OCTOBER 29, 2024

Attackers are increasingly distributing malware through a rather unusual method: a fake CAPTCHA as the initial infection vector. As with the previous stage, the victim doesn’t always encounter malware. Known since 2018, Amadey has been the subject of numerous security reports.

Adware 132

Adware Malware Cryptocurrency Password Management 132

Krebs on Security

JULY 8, 2019

But GandCrab far eclipsed the success of competing ransomware affiliate programs largely because its authors worked assiduously to update the malware so that it could evade antivirus and other security defenses. It remains unclear how many individuals were active in the core GandCrab malware development team.

Ransomware 279

Ransomware Accountability Cybercrime Passwords 279

Krebs on Security

DECEMBER 19, 2018

The software giant said it learned about the weakness ( CVE-2018-8653 ) after receiving a report from Google about a new vulnerability being used in targeted attacks. “As the flaw is being actively exploited in the wild, users are urged to update their systems as soon as possible to reduce the risk of compromise,” Narang said. .

Internet 267

Internet Internet Software Engineering 267

Krebs on Security

FEBRUARY 4, 2020

The government says Quantum Stresser had more than 80,000 customer subscriptions, and that during 2018 the service was used to conduct approximately 50,000 actual or attempted attacks targeting people and networks worldwide. and international authorities in December 2018 as part of a coordinated takedown targeting attack-for-hire services.

Internet 347

Internet Internet Government Accountability 347

Security Affairs

OCTOBER 19, 2024

APT37 exploited this flaw to trick victims into downloading malware on their desktops with the toast ad program installed. .” The root cause of the vulnerability is the erroneous treatment of a type of data during the optimization process of IE’s JavaScript engine (jscript9.dll), dll), allowing type confusion to occur.

Internet 144

Internet Internet Engineering Malware 144

Security Affairs

JULY 14, 2024

A Dark Gate malware campaign from March-April 2024 demonstrates how attackers exploit legitimate tools and services to distribute malware. Palo Alto Networks Unit 42 researchers shared details about a DarkGate malware campaign from March-April 2024. The malware is considered a sophisticated threat and is continuously improved.

Malware 137

Malware Cybercrime Software Phishing 137

Security Affairs

DECEMBER 26, 2024

In November 2024, the Akamai Security Intelligence Research Team (SIRT) observed increased activity targeting the URI /cgi-bin/cgi_main.cgi , linked to a Mirai-based malware campaign exploiting an unassigned RCE vulnerability in DVR devices, including DigiEver DS-2105 Pro. ” reads the analysis published by Akamai. in newer ones.

Manufacturing 92

Manufacturing Malware Firmware IoT 92

Adam Levin

JANUARY 25, 2019

Trojan horse-based malware attacks and spyware rose sharply in 2018 as ransomware-based attacks declined, according to a new report published by Malwarebytes. Kaspersky and McAfee Labs both reported a 30% decline in ransomware attacks in 2018. “[T]he

Spyware 212

Spyware Ransomware Malware Banking 212

Penetration Testing

DECEMBER 22, 2024

Malware Vulnerability ChaCha20 CVE-2018-17532 CVE-2023-1389 DigiEver DS-2105 Pro DVR DigiEver DS-2105 Pro DVRs Hail Cock botnet Mirai Mirai malware Tenda HG6 Routers

Security Intelligence 69

Security Intelligence Malware Cybersecurity 69

Malwarebytes

FEBRUARY 19, 2025

These findings come from the 2025 State of Malware report. The threat of info stealers Info stealers are a type of malware that do exactly as they saythey steal information from peoples devices. But the variety of information that these pieces of malware can steal makes them particularly dangerous.

Malware 132

Malware Software Passwords Cryptocurrency 132

Security Affairs

FEBRUARY 26, 2025

ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants. The experts noticed that a portion of the CVE-2018-4404 exploit is likely borrowed from the Metasploit framework.

Data collection 108

Data collection Spyware Media Surveillance 108

CyberSecurity Insiders

APRIL 18, 2022

A malware dubbed MyloBot malware is seen sending extortion emails to victims and demanding a payment of $2,732 in digital currency. This malware that was first detected in 2018 has anti-debugging capabilities and the potential to remove other malware already installed in the system or network.

Malware 135

Malware Firewall Software Ransomware 135

Security Affairs

JULY 25, 2022

Operators behind the Amadey Bot malware use the SmokeLoader to distribute a new variant via software cracks and keygen sites. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows operators to install additional payloads. Then the malware contacts the C2 and sends system information (i.e.

Software 136

Software Malware Cybercrime VPN 136

Security Affairs

FEBRUARY 2, 2024

The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. ” reads the alert published by CERT-UA.

Malware 139

Malware Internet Internet DDOS 139

Krebs on Security

FEBRUARY 4, 2025

The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled , English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. 30, the U.S.

eCommerce 221

eCommerce Cybercrime Accountability Passwords 221

The Hacker News

DECEMBER 27, 2024

The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns targeting "several dozen users" in 2024.

Malware 111

Malware Cyber Attacks Phishing 111

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. LFI CVE-2018-16763 Fuel CMS 1.4.1 LFI CVE-2018-16763 Fuel CMS 1.4.1 The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” ” concludes the report.

Malware 145

Malware DDOS IoT Cybercrime 145

SecureBlitz

MARCH 5, 2024

Security researchers have identified a new and concerning malware threat: a multi-platform framework called “MATA.” ” This framework has been targeting victims globally since at least April 2018.

Malware 105

Malware Cybersecurity Antivirus 105