Security Affairs

OCTOBER 15, 2024

North Korea-linked actors deploy a new Linux variant of FASTCash malware to target financial systems, researcher HaxRob revealed. The cybersecurity researcher HaxRob analyzed a new variant of the FASTCash “payment switch” malware which targets Linux systems. post-April 2022. LTS distributions.

Malware 140

Malware Banking Hacking Accountability 140

Penetration Testing

MAY 14, 2025

First spotted in 2022 and actively developed ever since, DarkCloud Stealer has reemerged with a sophisticated new variant The post DarkCloud Stealer Returns: AutoIt-Powered Malware Strikes with New Stealth Tactics appeared first on Daily CyberSecurity.

Malware 114

Malware Cybersecurity Phishing 114

Krebs on Security

JANUARY 11, 2022

Nine of the vulnerabilities fixed in this month’s Patch Tuesday received Microsoft’s “critical” rating, meaning malware or miscreants can exploit them to gain remote access to vulnerable Windows systems through no help from the user. “Test and deploy this patch quickly.” ” Quickly indeed.

Social Engineering 296

Social Engineering Backups Malware Engineering 296

Krebs on Security

JULY 12, 2022

The company said it would roll out the changes in stages between April and June 2022. The zero-day Windows vulnerability already seeing active attacks is CVE-2022-22047 , which is an elevation of privilege vulnerability in all supported versions of Windows.

Internet 279

Internet Internet Cyber threats Software 279

Krebs on Security

NOVEMBER 8, 2022

Let’s face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. November’s patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.

Internet 264

Internet Internet Cyber threats Engineering 264

SecureList

MAY 28, 2025

Introduction Zanubis is a banking Trojan for Android that emerged in mid-2022. Once these permissions are granted, the malware gains extensive capabilities that allow its operators to steal the user’s banking data and credentials, as well as perform remote actions and control the device without the user’s knowledge.

Banking 111

Banking Malware Energy and Utilities Encryption 111

Security Affairs

JUNE 6, 2025

The Play ransomware group has been active since June 2022, the list of victims includes the City of Oakland , the Cloud services provider Rackspace , and the Dutch maritime logistics company Royal Dirkzwager. By stealing credentials with Mimikatz and escalating privileges with WinPEAS, they spread malware via Group Policy Objects.

Ransomware 97

Ransomware Encryption Antivirus Malware 97

Schneier on Security

MAY 9, 2023

Another nation-state malware , Russian in origin: In the early stages of the war in Ukraine in 2022, PIPEDREAM, a known malware was quietly on the brink of wiping out a handful of critical U.S. electric and liquid natural gas sites. CISA advisory. Wired article.

Malware 268

Malware Cybersecurity 268

Krebs on Security

JUNE 15, 2022

Three of the bugs tackled this month earned Microsoft’s most dire “critical” label, meaning they can be exploited remotely by malware or miscreants to seize complete control over a vulnerable system. that earned a CVSS score of 9.8 (10 10 being the worst).

Architecture 301

Architecture Internet Internet Software 301

Krebs on Security

DECEMBER 14, 2022

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The bug already seeing exploitation is CVE-2022-44698 , which allows attackers to bypass the Windows SmartScreen security feature.

Social Engineering 255

Social Engineering Ransomware Software Engineering 255

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims.

Malware 342

Malware Identity Theft Cybercrime Accountability 342

Schneier on Security

MARCH 8, 2023

Researchers have discovered malware that “can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows.” ” Dubbed BlackLotus, the malware is what’s known as a UEFI bootkit.

Malware 284

Malware Firmware Software Hacking 284

Krebs on Security

DECEMBER 4, 2024

In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “ Wazawaka ,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies.

Cybercrime 254

Cybercrime Ransomware Cryptocurrency Government 254

Krebs on Security

AUGUST 2, 2022

Compounding the problem, several remaining malware-based proxy services have chosen to block new registrations to avoid swamping their networks with a sudden influx of customers. com , a malware-based proxy network that has been in existence since at least 2010. July 28, 2022: Breach Exposes Users of Microleaves Proxy Service.

Malware 325

Malware Cybercrime Internet Internet 325

Security Affairs

MAY 1, 2025

Hive0117 targets Russian firms in multiple sectors with phishing attacks using a modified version of the DarkWatchman malware. A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6.

Malware 98

Malware Phishing Telecommunications Retail 98

Krebs on Security

FEBRUARY 8, 2022

But it does fix four dozen flaws, including several that Microsoft says will likely soon be exploited by malware or malcontents. Among those is CVE-2022-22005 , a weakness in Microsoft’s Sharepoint Server versions 2013-2019 that could be exploited by any authenticated user.

Authentication 251

Authentication Internet Internet System Administration 251

Tech Republic Security

OCTOBER 27, 2022

SonicWall’s mid-year report update has been released with new information on malware, ransomware, cryptojacking and more. The post 2022 cyber threat report details growing trends appeared first on TechRepublic.

Threat Reports 210

Threat Reports Cyber threats Ransomware Malware 210

Krebs on Security

SEPTEMBER 14, 2022

Worst in terms of outright scariness is CVE-2022-37969 , which is a “privilege escalation” weakness in the Windows Common Log File System Driver that allows attackers to gain SYSTEM-level privileges on a vulnerable host. .” CVE-2022-32984 is a problem in the deepest recesses of the operating system (the kernel).

Spyware 238

Spyware Cyber threats Security Defenses Cyber Attacks 238

Krebs on Security

NOVEMBER 16, 2022

The Disneyland Team’s Web interface, which allows them to interact with malware victims in real time to phish their login credentials using phony bank websites. For example, one domain the gang has used since March 2022 is ushank[.]com The Disneyland Team uses common misspellings for top bank brands in its domains.

Malware 339

Malware Banking Phishing DDOS 339

Security Affairs

FEBRUARY 17, 2025

Microsoft Threat Intelligence discovered a new variant of the macOS malware XCSSET in attacks in the wild. XCSSET is a sophisticated modular macOS malware that targets users by infecting Xcode projects, it has been active since at least 2022. Microsoft observed that the malware was employed in limited attacks.

Malware 82

Malware Hacking Software 82

Security Affairs

DECEMBER 27, 2024

North Korea-linked threat actors were spotted using new malware called OtterCookie as part of the Contagious Interview campaign that targets software developer community with fake job offers. Since November 2024, threat actors employed the malware OtterCookie, alongside BeaverTail and InvisibleFerret, in the campaign.

Malware 94

Malware Cryptocurrency Software Hacking 94

Tech Republic Security

JANUARY 18, 2023

The volume of cloud-based malware tripled in 2022 over the prior year, says Netskope, with 30% of the malicious downloads coming from Microsoft OneDrive. The post Rise of cloud-delivered malware poses key security challenges appeared first on TechRepublic.

Malware 211

Malware Cybersecurity 211

Security Affairs

JUNE 6, 2025

offers up to $10M for info on state hackers linked to RedLine malware and its creator, Maxim Rudometov, tied to attacks on U.S. “Maxim Alexandrovich Rudometov (Максим Александрович Рудомётов), born in 1999 in the Luhansk region of Ukraine, developed and has sold “information stealer” malware known as RedLine.”

Malware 81

Malware Passwords Identity Theft Accountability 81

Krebs on Security

NOVEMBER 14, 2024

Shefel asserts he and his team were responsible for developing the card-stealing malware that Golubov’s hackers installed on Target and Home Depot payment terminals, and that at the time he was technical director of a long-running Russian cybercrime community called Lampeduza. “I’m also godfather of his second son.”

Retail 277

Retail Advertising Cryptocurrency Cybercrime 277

Security Affairs

OCTOBER 19, 2024

The researchers pointed out that despite IE’s end of support in June 2022, the vulnerability still impacted certain Windows applications. Microsoft ended its support for IE in June 2022. APT37 exploited this flaw to trick victims into downloading malware on their desktops with the toast ad program installed.

Internet 144

Internet Internet Engineering Malware 144

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware 315

Malware Cybercrime Software Accountability 315

Schneier on Security

APRIL 13, 2022

Key points: ESET researchers collaborated with CERT-UA to analyze the attack against the Ukrainian energy company The destructive actions were scheduled for 2022-04-08 but artifacts suggest that the attack had been planned for at least two weeks The attack used ICS-capable malware and regular disk wipers for Windows, Linux and Solaris operating systems (..)

Malware 333

Malware 333

Tech Republic Security

OCTOBER 7, 2022

The post 2022 State of the Threat: Ransomware is still hitting companies hard appeared first on TechRepublic. SecureWorks found that business email compromise still generates huge revenues for cybercriminals, while cyberespionage activities tend not to change so much.

Ransomware 217

Ransomware Malware Cybersecurity 217

Security Affairs

OCTOBER 27, 2024

They were convicted of illegal payment handling, with Puzyrevsky and Khansvyarov also found guilty of malware use and distribution. They were found guilty of illegal payment handling, while Puzyrevsky and Khansvyarov were also convicted of using and distributing malware. in March 2022. “On Friday, October 25, the St.

Ransomware 144

Ransomware Hacking Malware Cybercrime 144

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware 245

Malware VPN Internet Internet 245

Krebs on Security

JUNE 8, 2023

But experts say that is exactly what transpired this week with Barracuda Networks , as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes. Campbell, Calif.

Firmware 340

Firmware Malware Software Ransomware 340

Krebs on Security

NOVEMBER 28, 2022

But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan , malware designed to surreptitiously intercept and forward text messages from Android mobile devices. ” wherein Shmakov acknowledged writing the malware as a freelance project.

Mobile 291

Mobile Malware Technology Government 291

Security Affairs

DECEMBER 22, 2024

Panev and other developers were tasked to create and maintain the malware and infrastructure, while affiliates executed attacks and extorted ransoms, splitting the proceeds. Panev received over $230,000 in laundered cryptocurrency from Khoroshev between 2022 and 2024. ” reads the press release published by DoJ.

Ransomware 132

Ransomware Small Business Antivirus Malware 132

Security Affairs

MARCH 20, 2025

The archive contains a fake PDF report and DarkTortilla malware, which acts as a launcher for the Dark Crystal RAT ( DCRat ). The modular architecture of the malware allows to extend its functionalities for multiple malicious purposes, including surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution.

Computers and Electronics 120

Computers and Electronics Telecommunications Malware Surveillance 120

Security Affairs

MAY 24, 2025

Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware spreads via malspam campaigns, it inserts replies in active email threads. Gallyamov began developing Qakbot in 2008, building a team that expanded its capabilities over the time. . and abroad.

Cybercrime 131

Cybercrime Cryptocurrency Ransomware Malware 131

Malwarebytes

JANUARY 22, 2025

The MotW is what triggers warnings that opening or running such files could lead to potentially dangerous behavior, including installing malware on their devices. 7-Zip added support for MotW in June 2022. Always be careful when opening archived files that you downloaded from the internet.

Internet 142

Internet Internet Malware Risk 142

Security Affairs

DECEMBER 17, 2024

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. The Federal Bureau of Investigation (FBI) released a Private Industry Notification (PIN) to warn of HiatusRAT malware campaigns targeting Chinese-branded web cameras and DVRs. ” reads the PIN report.

Architecture 121

Architecture Internet Internet Malware 121