Security Affairs

FEBRUARY 6, 2024

China-linked APT group breached the Dutch Ministry of Defence last year and installed malware on compromised systems. Dutch Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) published a joint report warning that a China-linked APT group breached the Dutch Ministry of Defence last year.

Malware 105

Malware Firmware VPN Backups 105

Security Affairs

DECEMBER 1, 2023

The Black Basta ransomware gang infected over 300 victims accumulating ransom payments exceeding $100 million since early 2022. The Black Basta ransomware group has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. ” reads the Elliptic’s report.

Ransomware 84

Ransomware Retail Malware Insurance 84

Security Boulevard

OCTOBER 5, 2022

The post BSidesLV 2022 Lucky13 GroundFloor – Uriel Kosayev’s ‘Malware Analysis – Red Team Edition’ appeared first on Security Boulevard. Our sincere thanks to BSidesLV for publishing their outstanding conference videos on the organization's YouTube channel.

Malware 52

Malware Education Information Security Cybersecurity 52

Security Affairs

AUGUST 1, 2023

Threat actors are targeting Italian organizations with a phishing campaign aimed at delivering a new malware called WikiLoader. WikiLoader is a new piece of malware that is employed in a phishing campaign that is targeting Italian organizations. ” reads the post published by Proofpoint. ” continues the report.

Malware 90

Malware Phishing Banking Hacking 90

Security Affairs

JUNE 12, 2022

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134 , affecting Atlassian Confluence Server and Data Center.

Ransomware 125

Ransomware Encryption Malware Hacking 125

Security Affairs

JULY 29, 2022

Threat actors used multiple npm packages to target Discord users with malware designed to steal their payment card data. A malicious campaign targeting Discord users leverages multiple npm packages to deliver malware that steals their payment card information, Kaspersky researchers warn. 2022-07-17 20:28:29 small-sm 4.2.0

Malware 100

Malware Banking Authentication Passwords 100

Security Affairs

NOVEMBER 22, 2022

Researchers warn of threat actors employing a new Go-based malware dubbed Aurora Stealer in attacks in the wild. Aurora Stealer is an info-stealing malware that was first advertised on Russian-speaking underground forums in April 2022. Aurora was offered as Malware-as-a-Service (MaaS) by a threat actor known as Cheshire.

Cybercrime 92

Cybercrime Malware Cryptocurrency Advertising 92

Security Affairs

MAY 3, 2023

Threat actors are using the promise of generative AI like ChatGPT to deliver malware, Facebook parent Meta warned. Threat actors are taking advantage of the huge interest in generative AI like ChatGPT to trick victims into installing malware, Meta warns. ” reads the Meta’s Q1 2023 Security Reports.

Malware 93

Malware Education Accountability Media 93

eSecurity Planet

JUNE 21, 2022

” Also read: Cybersecurity Employment in 2022: Solving the Skills Gap. How to Choose a Security Certification. Thycotic chief security scientist Joseph Carson told eSecurity Planet that choosing a certification should ultimately be about deciding which skillset or professional direction you want to focus on.

Cybersecurity 119

Cybersecurity Penetration Testing System Administration Cyber Attacks 119

Security Affairs

MARCH 17, 2024

RisePro is a C++ info-stealer that has been active since at least 2022, it allows to gathering sensitive data from the infected system. The malware exfiltrates gathered data to two Telegram channels. “The malware collects a variety of valuable information.

Malware 104

Malware Passwords Software Hacking 104

Security Affairs

JUNE 12, 2023

Researchers detailed a fully undetectable (FUD) malware obfuscation engine named BatCloak that is used by threat actors. Researchers from Trend Micro have analyzed the BatCloak, a fully undetectable (FUD) malware obfuscation engine used by threat actors to stealthily deliver their malware since September 2022.

Engineering 85

Engineering Malware Encryption Hacking 85

Security Boulevard

JULY 20, 2022

Our sincere thanks to Security BSides San Francisco for publishing their outstanding conference videos on the organization's YouTube channel. The post BSidesSF 2022 – Amol Sarwate’s ‘Threat Hunting: Using MITRE ATT&CK Against Carbanak Malware’ appeared first on Security Boulevard.

Malware 52

Malware Education Information Security Cybersecurity 52

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. The new variant of the bot includes exploits for the following security issues: CVE-2022-22954 : Critical RCE flaw in VMware Workspace ONE Access and VMware Identity Manager. CVE-2022-22947 : RCE flaw in Spring. LFI CVE-2018-16763 Fuel CMS 1.4.1

Malware 141

Malware DDOS IoT Cybercrime 141

Security Affairs

OCTOBER 16, 2022

Threat actors have compromised hundreds of servers exploiting critical flaw CVE-2022-41352 in Zimbra Collaboration Suite (ZCS). Last week, researchers from Rapid7 warned of the exploitation of unpatched zero-day remote code execution vulnerability, tracked as CVE-2022-41352 , in the Zimbra Collaboration Suite. reported Rapid7. “We

Hacking 116

Hacking Antivirus Telecommunications Engineering 116

Security Affairs

FEBRUARY 24, 2023

Experts warn of threat actors actively exploiting the critical CVE-2022-47966 (CVSS score: 9.8) Multiple threat actors are actively exploiting the Zoho ManageEngine CVE-2022-47966 (CVSS score: 9.8) Attackers used built-in tools like certutil.exe, bitsadmin.exe, powershell.exe, or curl.exe to drop the malware.

Penetration Testing 97

Penetration Testing Password Management Passwords Internet 97

Security Affairs

JANUARY 12, 2023

Fortinet researchers reported how threat actors exploited the recently patched FortiOS SSL-VPN vulnerability ( CVE-2022-42475 ) in attacks against government organizations and government-related targets. The CVE-2022-42475 flaw is a heap-based buffer overflow issue that resides in FortiOS sslvpnd. “A Versions range from 6.0.5

VPN 87

VPN Malware Engineering Government 87

Security Affairs

SEPTEMBER 26, 2023

A new campaign is spreading Xenomorph malware to Android users in the United States, Spain, Portugal, Italy, Canada, and Belgium. Researchers from ThreatFabric uncovered a new campaign spreading Xenomorph malware to Android users in the United States and all over the world. that was significantly improved. ” concludes the report.

Malware 109

Malware Banking Phishing Engineering 109

Security Affairs

DECEMBER 12, 2023

Cisco Talos researchers tracked the campaign as Operation Blacksmith, the nation-state actors are employing at least three new DLang -based malware families. Two of these malware strains are remote access trojans (RATs), respectively tracked as NineRAT and “DLRAT” The former relies on Telegram bots and channels for C2 communications.

Malware 99

Malware Data collection Manufacturing Healthcare 99

Security Affairs

SEPTEMBER 15, 2023

The Russian national Dariy Pankov (28), aka dpxaker, is the author of the NLBrute malware. The NLBrute malware allows operators to compromise protected computers by decrypting login credentials. The powerful malware was capable of compromising protected computers by decrypting login credentials, such as passwords.

Malware 93

Malware Marketing Passwords Hacking 93

Security Affairs

SEPTEMBER 14, 2023

Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than three years. Researchers from Kaspersky discovered a free download manager site that has been compromised to serve Linux malware. org domain and they were not containing any malware. org subdomain.

Malware 115

Malware Software Cryptocurrency Passwords 115

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. The experts noticed that the threat actors have rewritten many functions of the malware to run on Linux systems. Additional analysis led to the discovery of a previously unknown Linux backdoor tracked as SprySOCKS.

Malware 100

Malware Encryption Telecommunications Authentication 100

Security Affairs

MAY 31, 2023

Recently disclosed zero-day flaw in Barracusa Email Security Gateway (ESG) appliances had been actively exploited by attackers since October 2022. As per the vendor’s statement, the flaw has been exploited in real-world scenarios, with incidents dating back to October 2022 at the very least.

Malware 90

Malware Hacking Network Security Cybersecurity 90

Security Affairs

MARCH 11, 2023

Researchers observed threat actors deploying PlugX malware by exploiting flaws in Chinese remote control programs Sunlogin and Awesun. Researchers at ASEC (AhnLab Security Emergency response Center) observed threat actors deploying the PlugX malware by exploiting vulnerabilities in the Chinese remote control software Sunlogin and Awesun.

Malware 84

Malware Software Hacking Information Security 84

Security Boulevard

JANUARY 29, 2022

Additionally, the Security BSides Dublin organization has slated their eponymous Security BSides Dublin 2022 confab at the The Convention Centre Dublin ( CCD ) on 2022/03/19. Just a month and a half away.

Malware 131

Malware Education InfoSec Information Security 131

Security Affairs

JANUARY 14, 2022

A weakness in the Microsoft Defender antivirus can allow attackers to retrieve information to use to avoid detection. Threat actors can leverage a weakness in Microsoft Defender antivirus to determine in which folders plant malware to avoid the AV scanning. SecurityAffairs – hacking, malware). Pierluigi Paganini.

Malware 137

Malware Antivirus Hacking Information Security 137

Security Affairs

FEBRUARY 24, 2022

Cybersecurity experts discovered a new data wiper malware that was used in attacks against hundreds of machines in Ukraine. Researchers from cybersecurity firms ESET and Broadcom’s Symantec discovered a new data wiper malware that was employed in a recent wave of attacks that hit hundreds of machines in Ukraine.

Malware 115

Malware DDOS Banking Government 115

Security Affairs

JUNE 9, 2022

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. “Symbiote is a malware that is highly evasive. ” concludes the report.

Malware 144

Malware DNS Antivirus Passwords 144

Security Affairs

JUNE 27, 2022

The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. The script will download and run the.NET bootloader “MSCommondll.exe,” which in turn will download and run the malware DarkCrystal RAT.

Telecommunications 120

Telecommunications Malware Media Passwords 120

Security Affairs

SEPTEMBER 22, 2022

Trend Micro researchers warn of an ongoing crypto mining campaign targeting Atlassian Confluence servers affected by the CVE-2022-26134 vulnerability. “We observed the active exploitation of CVE-2022-26134 , an unauthenticated remote code execution (RCE) vulnerability with a critical rating of 9.8 ” concludes the report.

Cryptocurrency 110

Cryptocurrency Firewall Malware Hacking 110

Security Affairs

AUGUST 31, 2023

Russia-linked threat actors have been targeting Android devices of the Ukrainian military with a new malware dubbed Infamous Chisel. The GCHQ’s National Cyber Security Centre (NCSC) and agencies in the United States, Australia, Canada, and New Zealand have published an analysis of the Android malware.

Malware 107

Malware Authentication Threat Detection Government 107

Security Affairs

FEBRUARY 10, 2023

A recently discovered threat actor, tracked as TA886 by security firm Proofpoint, is targeting organizations in the United States and Germany with new malware dubbed Screenshotter. The experts first spotted the attacks attributed to this threat actor in October 2022, they believe that the group is financially motivated.

Malware 81

Malware Phishing Spyware Cybercrime 81

Security Affairs

MAY 5, 2023

Fleckpe is a new Android subscription Trojan that was discovered in the Google Play Store, totaling more than 620,000 downloads since 2022. Fleckpe is a new Android subscription Trojan that spreads via Google Play, the malware discovered by Kaspersky is hidden in photo editing apps, smartphone wallpaper packs, and other general-purpose apps.

Malware 76

Malware Mobile Antivirus Hacking 76

Security Affairs

AUGUST 17, 2022

The North Korea-linked Lazarus Group has been observed targeting job seekers with macOS malware working also on Intel and M1 chipsets. The malicious code was uploaded to VirusTotal from Brazil on August 11, 2022. pkalnai @dbreitenbacher 1/7 pic.twitter.com/dXg89el5VT — ESET research (@ESETresearch) August 16, 2022.

Malware 81

Malware Engineering Hacking Information Security 81

Security Affairs

MARCH 22, 2023

The report covers incidents in aviation, maritime, railway, and road transport industries between January 2021 and October 2022. During the reporting period, ransomware was the most prominent threat against the sector in 2022. The researchers pointed out that the ransomware attacks doubled compared to the previous year.

Ransomware 82

Ransomware DDOS Cyber threats Phishing 82

Security Affairs

DECEMBER 4, 2022

The North Korea-linked Lazarus APT spreads fake cryptocurrency apps under the fake brand BloxHolder to install the AppleJeus malware. Volexity researchers warn of a new malware campaign conducted by the North Korea-linked Lazarus APT against cryptocurrency users. In this campaign, the threat actors used the “bloxholder[.]com”

Cryptocurrency 88

Cryptocurrency Malware Hacking Information Security 88

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Researchers from Elastic Security Labs spotted a new remote access trojan dubbed LOBSHOT was being distributed through Google Ads. ” reads the report published by Elastic Security Labs.

Malware 86

Malware Cybercrime Banking Software 86

Security Affairs

JULY 29, 2022

Microsoft linked the recently discovered Raspberry Robin Windows malware to the notorious Evil Corp operation. On July 26, 2022, Microsoft researchers discovered that the FakeUpdates malware was being distributed via Raspberry Robin malware. The malware uses TOR exit nodes as a backup C2 infrastructure.

Malware 106

Malware Backups Manufacturing Accountability 106