Security Affairs

DECEMBER 26, 2023

Researchers at NCC Group reported that in November they observed the return of the infamous banking malware Carbanak in ransomware attacks. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks. ” reads the report published by NCC Group.

Malware 113

Malware Ransomware Banking Healthcare 113

Security Boulevard

DECEMBER 13, 2022

Therefore, data breaches provide key insights into the methods and tactics of hackers—since they will do whatever it takes to gain illegal access into their target’s network—using the plethora of advertised malware and hacking services available on illicit marketplaces.

Malware 97

Malware Data breaches Advertising Hacking 97

Security Affairs

APRIL 22, 2024

Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028. The vulnerability CVE-2022-38028 was reported by the U.S.

Government 111

Government Education Phishing Malware 111

Krebs on Security

SEPTEMBER 14, 2022

Worst in terms of outright scariness is CVE-2022-37969 , which is a “privilege escalation” weakness in the Windows Common Log File System Driver that allows attackers to gain SYSTEM-level privileges on a vulnerable host. .” CVE-2022-32984 is a problem in the deepest recesses of the operating system (the kernel).

Spyware 182

Spyware Cyber threats Security Defenses Cyber Attacks 182

Security Affairs

DECEMBER 1, 2022

Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. In March 2022, the U.S. ” reads the analysis published by AquaSec.

Malware 141

Malware DDOS Architecture Cryptocurrency 141

SecureList

JUNE 15, 2023

Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercriminal community. A MaaS operator is typically a team consisting of several people with distinct roles.

Malware 128

Malware Ransomware Cybercrime Hacking 128

CyberSecurity Insiders

JANUARY 3, 2023

Guardian’s servers were hacked and a file encrypting malware was introduced into the daily computer network in the first week of December 2022. Christmas 2022 proved unfortunate to the IT staff of the daily newspaper, as they had to work 24/7 to bring back the network to normal operations.

Ransomware 121

Ransomware Media Malware Cyber Attacks 121

Bleeping Computer

JANUARY 19, 2023

Starting in September 2022, the 'Roaming Mantis' credential theft and malware distribution campaign was observed using a new version of the Wroba.o/XLoader XLoader Android malware that incorporates a function for detecting specific WiFi routers and changing their DNS. [.]

DNS 97

DNS Malware Hacking Mobile 97

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. NerbianRAT for Windows was first spotted in 2022, however the Linux variant employed by Magnet Goblin has been in circulation since May 2022. 4 Run a Linux command in a separate thread.

Malware 98

Malware VPN Encryption Hacking 98

Krebs on Security

AUGUST 2, 2022

With the recent demise of several popular “proxy” services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet. com , a malware-based proxy network that has been in existence since at least 2010. Image: Spur.us.

Malware 256

Malware Cybercrime Internet Internet 256

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware 203

Malware VPN Internet Internet 203

Security Affairs

OCTOBER 30, 2023

A sophisticated malware tracked as StripedFly remained undetected for five years and infected approximately one million devices. Researchers from Kaspersky discovered a sophisticated malware, dubbed StripedFly, that remained under the radar for five years masquerading as a cryptocurrency miner. “What was the real purpose?

Malware 117

Malware Cryptocurrency Ransomware Hacking 117

Security Affairs

FEBRUARY 6, 2024

China-linked APT group breached the Dutch Ministry of Defence last year and installed malware on compromised systems. The RAT is used as second-stage malware, the experts pointed out that it doesn’t exploit a new vulnerability. COATHANGER is a stealthy malware that hooks system calls that could reveal its presence.

Malware 105

Malware Firmware VPN Backups 105

Security Boulevard

MARCH 11, 2022

On February 24, 2022, Russian President Vladimir Putin approved troops to begin moving into Ukraine-controlled territory. The post IronNet’s March Threat Intelligence Brief 2022 appeared first on Security Boulevard. IronNet is continuously monitoring the Russian-Ukraine conflict and tracking the updates here. .

DDOS 104

DDOS Cyber Attacks Phishing Malware 104

Security Affairs

DECEMBER 1, 2023

The Black Basta ransomware gang infected over 300 victims accumulating ransom payments exceeding $100 million since early 2022. The Black Basta ransomware group has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. ” reads the Elliptic’s report.

Ransomware 84

Ransomware Retail Malware Insurance 84

Security Affairs

JUNE 12, 2022

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134 , affecting Atlassian Confluence Server and Data Center.

Ransomware 125

Ransomware Encryption Malware Hacking 125

Krebs on Security

FEBRUARY 9, 2023

Initially a stealthy trojan horse program delivered via email and used to steal passwords, Trickbot evolved into “a highly modular malware suite that provides the Trickbot Group with the ability to conduct a variety of illegal cyber activities, including ransomware attacks,” the Treasury Department said. The Forbes.ru

Hacking 193

Hacking Cybercrime Ransomware Government 193

Security Affairs

AUGUST 1, 2023

Threat actors are targeting Italian organizations with a phishing campaign aimed at delivering a new malware called WikiLoader. WikiLoader is a new piece of malware that is employed in a phishing campaign that is targeting Italian organizations. ” reads the post published by Proofpoint. ” continues the report.

Malware 90

Malware Phishing Banking Hacking 90

Security Affairs

JULY 29, 2022

Threat actors used multiple npm packages to target Discord users with malware designed to steal their payment card data. A malicious campaign targeting Discord users leverages multiple npm packages to deliver malware that steals their payment card information, Kaspersky researchers warn. 2022-07-17 20:28:29 small-sm 4.2.0

Malware 100

Malware Banking Authentication Passwords 100

CyberSecurity Insiders

NOVEMBER 28, 2022

Every year, we hear something or the other about WhatsApp data breach and following this course is this news that is currently trending on various social media platforms and community forums at the end of this year, i.e. November 2022. The post Latest WhatsApp Data Leak 2022 details are here appeared first on Cybersecurity Insiders.

Data breaches 116

Data breaches Mobile Media Phishing 116

Security Affairs

NOVEMBER 22, 2022

Researchers warn of threat actors employing a new Go-based malware dubbed Aurora Stealer in attacks in the wild. Aurora Stealer is an info-stealing malware that was first advertised on Russian-speaking underground forums in April 2022. Aurora was offered as Malware-as-a-Service (MaaS) by a threat actor known as Cheshire.

Cybercrime 92

Cybercrime Malware Cryptocurrency Advertising 92

Security Affairs

DECEMBER 12, 2023

The North Korea-linked APT group Lazarus is behind a new hacking campaign that exploits Log4j vulnerabilities to deploy previously undocumented remote access trojans (RATs). Cisco Talos researchers tracked the campaign as Operation Blacksmith, the nation-state actors are employing at least three new DLang -based malware families.

Malware 99

Malware Data collection Manufacturing Healthcare 99

Security Affairs

MARCH 17, 2024

RisePro is a C++ info-stealer that has been active since at least 2022, it allows to gathering sensitive data from the infected system. The malware exfiltrates gathered data to two Telegram channels. “The malware collects a variety of valuable information. All unique passwords are stored in a file named “brute.txt”. .

Malware 104

Malware Passwords Software Hacking 104

The Hacker News

APRIL 4, 2023

The threat actor known as Arid Viper has been observed using refreshed variants of its malware toolkit in its attacks targeting Palestinian entities since September 2022. Also known by the names APT-C-23 and Desert

Cyber Attacks 77

Cyber Attacks Malware Hacking 77

Security Affairs

JANUARY 23, 2024

The Black Basta ransomware gang claimed to have hacked the UK water utility Southern Water, a major player in the UK water industry. The Black Basta ransomware group has been active since April 2022 , like other ransomware operations, it implements a double-extortion attack model. continues the researchers.

Hacking 114

Hacking Encryption Ransomware Insurance 114

Security Affairs

JUNE 12, 2023

Researchers detailed a fully undetectable (FUD) malware obfuscation engine named BatCloak that is used by threat actors. Researchers from Trend Micro have analyzed the BatCloak, a fully undetectable (FUD) malware obfuscation engine used by threat actors to stealthily deliver their malware since September 2022.

Engineering 85

Engineering Malware Encryption Hacking 85

Security Affairs

MARCH 5, 2022

Anonymous announced to have hacked more than 2,500 websites linked to the Russian and Belarusian governments, state-owned media outlets spreading disinformation, Russian private organizations, banks, hospitals, airports. FckPutin #FreeUkraine pic.twitter.com/NJZiLx5c0d — Anonymous TV (@YourAnonTV) March 3, 2022.

Hacking 144

Hacking Government Banking Media 144

Security Affairs

SEPTEMBER 15, 2023

The Russian national Dariy Pankov (28), aka dpxaker, is the author of the NLBrute malware. The NLBrute malware allows operators to compromise protected computers by decrypting login credentials. The powerful malware was capable of compromising protected computers by decrypting login credentials, such as passwords.

Malware 93

Malware Marketing Passwords Hacking 93

The Hacker News

MARCH 29, 2023

An unknown Chinese state-sponsored hacking group has been linked to a novel piece of malware aimed at Linux servers. French cybersecurity firm ExaTrack, which found three samples of the previously documented malicious software that date back to early 2022, dubbed it Mélofée.

Malware 97

Malware Software Hacking Cybersecurity 97

Security Affairs

DECEMBER 13, 2022

LockBit ransomware gang hacked the California Department of Finance and threatens to leak data stolen from its systems. The images published by the gang as proof of the hack include spreadsheets containing financial data, a contract, 2022 budget details, and more. SecurityAffairs – hacking, California).

Hacking 126

Hacking Ransomware Cybersecurity Technology 126

Security Affairs

FEBRUARY 24, 2023

Experts warn of threat actors actively exploiting the critical CVE-2022-47966 (CVSS score: 9.8) Multiple threat actors are actively exploiting the Zoho ManageEngine CVE-2022-47966 (CVSS score: 9.8) Attackers used built-in tools like certutil.exe, bitsadmin.exe, powershell.exe, or curl.exe to drop the malware.

Penetration Testing 97

Penetration Testing Password Management Passwords Internet 97

Security Affairs

JUNE 27, 2022

The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. The script will download and run the.NET bootloader “MSCommondll.exe,” which in turn will download and run the malware DarkCrystal RAT.

Telecommunications 120

Telecommunications Malware Media Passwords 120

Security Affairs

MARCH 11, 2023

Researchers observed threat actors deploying PlugX malware by exploiting flaws in Chinese remote control programs Sunlogin and Awesun. Researchers at ASEC (AhnLab Security Emergency response Center) observed threat actors deploying the PlugX malware by exploiting vulnerabilities in the Chinese remote control software Sunlogin and Awesun.

Malware 84

Malware Software Hacking Information Security 84

CyberSecurity Insiders

JANUARY 17, 2022

Microsoft has issued an official warning to all IT and not-for-profit organizations, along with some critical government organizations across Ukraine, that their digital infrastructure could be targeted by a dreaded data wiping malware campaign.

Malware 139

Malware Government Technology Authentication 139

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. The new variant of the bot includes exploits for the following security issues: CVE-2022-22954 : Critical RCE flaw in VMware Workspace ONE Access and VMware Identity Manager. CVE-2022-22947 : RCE flaw in Spring. CVE-2022-1388 : Critical RCE flaw in F5 BIG-IP.

Malware 141

Malware DDOS IoT Cybercrime 141

Security Affairs

JANUARY 14, 2022

Threat actors can leverage a weakness in Microsoft Defender antivirus to determine in which folders plant malware to avoid the AV scanning. This means that once inside a compromised network, threat actors can decide were store their malicious tools and malware without being detected. SecurityAffairs – hacking, malware).

Malware 137

Malware Antivirus Hacking Information Security 137

Security Affairs

SEPTEMBER 14, 2023

Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than three years. Researchers from Kaspersky discovered a free download manager site that has been compromised to serve Linux malware. org domain and they were not containing any malware. org subdomain.

Malware 115

Malware Software Cryptocurrency Passwords 115