Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. Crooks use lures masquerading as tax documentation sent by a client. Ahead of the U.S.

Accountability 93

Accountability Phishing Financial Services Surveillance 93

Malwarebytes

JANUARY 22, 2024

The group uses social engineering techniques to persuade their targets to open documents or download malware. In December 2023, the US charged two Russians believed to be members of this group, for their role in a campaign that hacked government accounts. It is mainly in use by security researchers to classify malware.

Social Engineering 93

Social Engineering Government Media DNS 93

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. The experts noticed that the threat actors have rewritten many functions of the malware to run on Linux systems. Additional analysis led to the discovery of a previously unknown Linux backdoor tracked as SprySOCKS.

Malware 107

Malware Encryption Telecommunications Authentication 107

Security Affairs

SEPTEMBER 4, 2022

The author of the remote access trojan (RAT) CodeRAT has leaked the source code of its malware on GitHub. The development team behind the remote access trojan (RAT) CodeRAT has leaked the source code of its malware on GitHub after the. Experts believe that the malware is a surveillance software used by the Iranian government.

Malware 98

Malware Surveillance Government Hacking 98

Malwarebytes

JANUARY 16, 2024

The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. Together, CWRU and the FBI were able to identify that an IP address with which the malware was communicating had also been used to access the alumni email account of a man called Phillip Durachinsky.

Malware 84

Malware Passwords Identity Theft Data collection 84

Security Affairs

MAY 21, 2024

pic.twitter.com/5OUODUt3fu — Dominic Alvieri (@AlvieriD) May 20, 2024 The gang claims to have stolen 730GB of data from ATLAS, including Corporate data: Accounts, HR, Finance, Executive, department data, and users and employees’ data. Sunoco is the largest at 8 billion gallons.

Hacking 123

Hacking Ransomware Phishing Malware 123

Security Affairs

MAY 1, 2023

Iranian authorities have been spotted using the BouldSpy Android malware to spy on minorities and traffickers. The researchers are tracking the spyware since March 2020, starting in 2023, multiple security experts [ 1 , 2 ] started monitoring its activity. continues the report.

Surveillance 84

Surveillance Malware Spyware Education 84

Security Affairs

APRIL 25, 2023

North Korea-linked APT group BlueNoroff (aka Lazarus) was spotted targeting Mac users with new RustBucket malware. Researchers from security firm Jamf observed the North Korea-linked BlueNoroff APT group using a new macOS malware, dubbed RustBucket, family in recent attacks. ” reads the anal ysis published by Jamf.

Malware 88

Malware Social Engineering Architecture Education 88

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking 110

Banking Accountability Mobile Cryptocurrency 110

Security Affairs

FEBRUARY 23, 2020

Cisco Talos researchers discovered a new malware, tracked as ObliqueRAT, that was employed targeted attacks against organizations in Southeast Asia. Experts from Cisco Talos discovered a new malware, tracked as ObliqueRAT, that appears a custom malware developed by a threat actor focused on government and diplomatic targets. .

Government 120

Government Malware Advertising Passwords 120

Security Affairs

DECEMBER 20, 2023

The Kingdom Market was established in March 2021, the offer of the dark web marketplace included drugs, malware, stolen data, and forged documents. Kingdom Market boasted tens of thousands of customer accounts and several hundred registered sellers, featuring a listing that comprised 42,000 items.

Marketing 111

Marketing Cryptocurrency Accountability Banking 111

Security Affairs

APRIL 13, 2023

Security experts warn that a Kyocera Android printing app is vulnerable to improper intent handling and can be abused to drop malware. An improper intent handling issue affecting the Kyocera Android printing app can allow malicious applications to drop malware. ” reads the advisory published by the vendor.

Malware 97

Malware Mobile Education Media 97

Malwarebytes

AUGUST 3, 2022

This advanced custom Rat is mainly the work of a threat actor that targets Russian entities by using lures in archive file format and more recently Office documents leveraging the Follina vulnerability. The earliest versions of this Rat was typically archived into a zip file pretending to be a document specific to a Russian group.

Malware 109

Malware Encryption Antivirus Architecture 109

Security Affairs

JUNE 12, 2020

Russia-linked Gamaredon APT use a new module for Microsoft Outlook that creates custom emails with malicious documents and sends them to a victim’s contacts. “One tool, a VBA macro targeting Microsoft Outlook, uses the target’s email account to send spearphishing emails to contacts in the victim’s Microsoft Office address book.”

Malware 109

Malware Phishing Advertising Government 109

Security Affairs

SEPTEMBER 18, 2020

Security researchers discovered Android malware capable of bypassing 2FA that was developed by an Iran-linked group dubbed Rampant Kitten. Security researchers from Check Point discovered an Android malware, developed by an Iran-linked group dubbed Rampant Kitten, that is able to bypass 2FA. Pierluigi Paganini.

Malware 104

Malware Phishing Accountability Advertising 104

Security Affairs

OCTOBER 18, 2020

Multiple members of QQAAZZ multinational cybercriminal gang were charged for providing money-laundering services to high-profile malware operations. According to law enforcement bodies, the gang provides services to multiple malware operations, including Dridex , GozNym , and Trickbot. ” states the DoJ. Pierluigi Paganini.

Malware 112

Malware Banking Cryptocurrency Cybercrime 112

Security Affairs

OCTOBER 19, 2020

Researchers from Kaspersky Lab have spotted new variants of the GravityRAT malware that now can be also used to infect Android and macOS devices. GravityRAT is a malware strain known for checking the CPU temperature of Windows computers to avoid being executed in sandboxes and virtual machines. ” concludes Kaspersky.

Malware 117

Malware Computers and Electronics Spyware Advertising 117

Security Affairs

OCTOBER 3, 2021

TA544 is a financially motivated threat actor that is active at least since 2017, it focuses on attacks on banking users, it leverages banking malware and other payloads to target organizations worldwide, mainly in Italy and Japan. The spam messages use weaponized office documents to drop the Ursnif banking Trojan in the final stage.

Malware 89

Malware Banking Social Engineering Retail 89

Security Affairs

JUNE 11, 2021

Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. Threat actors used custom malware to steal data from 3.2 NordLocker experts speculate the malware campaign leveraged tainted Adobe Photoshop versions, pirated games, and Windows cracking tools.

Malware 115

Malware Computers and Electronics Software Financial Services 115

Krebs on Security

OCTOBER 28, 2020

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. What’s more, Syrén seemed to downplay the severity of the exposure.

Hacking 343

Hacking Ransomware Banking Accountability 343

Security Affairs

APRIL 19, 2021

XCSSET, a Mac malware targeting Xcode developers, was now re-engineered and employed in a campaign aimed at Apple’s new M1 chips. Experts from Trend Micro have uncovered a Mac malware campaign targeting Xcode developers that employed a re-engineered version of the XCSSET malware to support Apple’s new M1 chips.

Malware 116

Malware Cryptocurrency Architecture Engineering 116

Security Affairs

APRIL 17, 2020

Google says that the Gmail malware scanners have blocked around 18 million phishing and malware emails using COVID-19 lures in just one week. Google announced that its anti-malware solutions implemented to defend its Gmail users have blocked around 18 million phishing and malware emails using COVID-19 lures within the last seven days.

Phishing 121

Phishing Malware Government Small Business 121

Security Affairs

MAY 23, 2024

The messages use specially crafted archives containing LNK files disguised as regular documents. Attackers also manipulate local Administrator accounts to maintain persistence, they were spotted enabling the disabled local Administrator account, followed by resetting its password. ” concludes the report.

92

92

Malwarebytes

AUGUST 3, 2022

This advanced custom Rat is mainly the work of a threat actor that targets Russian entities by using lures in archive file format and more recently Office documents leveraging the Follina vulnerability. The earliest versions of this Rat was typically archived into a zip file pretending to be a document specific to a Russian group.

Malware 63

Malware Encryption Antivirus Architecture 63

Security Affairs

JUNE 15, 2022

PrivacyAffairs released the Dark Web Index 2022, the document provides the prices for illegal services/products available in the black marketplaces. The document updates the information provided in the Dark Web Index 2022 report. The huge interest in cryptocurrency is keeping high the price of crypto accounts.

Identity Theft 96

Identity Theft Accountability DDOS Cybercrime 96

Security Affairs

MAY 28, 2023

Bandit Stealer is a new stealthy information stealer malware that targets numerous web browsers and cryptocurrency wallets. Trend Micro researchers discovered a new info-stealing malware, dubbed Bandit Stealer, which is written in the Go language and targets multiple browsers and cryptocurrency wallets.

Cryptocurrency 97

Cryptocurrency Malware Advertising Phishing 97

Security Affairs

DECEMBER 1, 2022

ScarCruft has been active since at least 2012, it made the headlines in early February 2018 when researchers revealed that the APT group leveraged a zero-day vulnerability in Adobe Flash Player to deliver malware to South Korean users. Kaspersky first documented the operations of the group in 2016. ” continues the report.

Accountability 116

Accountability Malware Cyber Attacks Media 116

Security Affairs

JULY 15, 2023

The cyberspies often use accounts that have been previously compromised. HTM, HTA, and LNK files) disguised as Office documents. Once the document is opened by the target, it will take between 30 and 50 minutes to steal data from the infected system. ” states the alert published by CART-UA.

Social Engineering 98

Social Engineering DNS Accountability Malware 98

SecureList

OCTOBER 18, 2023

In early September 2022, we discovered several new malware samples belonging to the MATA cluster. The actors behind the attack used spear-phishing mails to target several victims, some were infected with Windows executable malware by downloading files through an internet browser.

Malware 103

Malware Phishing Internet Internet 103

Security Affairs

SEPTEMBER 20, 2019

Agent Tesla is a fully customizable password info-stealer offered as malware-as-a-service , many cyber criminals are choosing it as their preferred recognition tool. . Nowadays the Malware-As-A-Service is one of the criminal favorite ways to breach security perimeter. Agent Tesla is one of these “ commodity malware ”.

Malware 82

Malware Advertising Accountability Passwords 82

Security Affairs

OCTOBER 27, 2023

The document provides details about the tactics, techniques and procedures (TTP) associated with threar actors since the second half of 2021. The document also includes a series of recommendations to protect against this type of attack. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Government 113

Government Phishing Accountability Hacking 113

Security Affairs

MAY 31, 2019

Security experts at Intezer have discovered a new Linux malware tracked as ‘HiddenWasp’ that borrows from Mirai, Azazel malicious codes. HiddenWasp is a new sophisticated Linux malware still undetected by the majority of anti-virus solutions. According to the experts at Intezer, the malware was involved in targeted attacks. .

Malware 97

Malware Advertising DDOS Architecture 97

SecureList

DECEMBER 12, 2023

” In the course of this research, we found out that the prevalent posts revolved around the sale of compromised accounts, internal databases, and documents, along with access to corporate infrastructures. Data breaches A data breach exposes confidential, sensitive information and can cause major problems.

Data breaches 85

Data breaches Accountability Telecommunications Malware 85

Security Affairs

JULY 8, 2022

Experts documented the evolution of the LockBit ransomware that leverages multiple techniques to infect targets and evade detection. The Cybereason Global Security Operations Center (GSOC) Team published the Cybereason Threat Analysis Reports that investigates the threat landscape and provides recommendations to mitigate their attacks.

Ransomware 100

Ransomware Accountability Malware Firewall 100

Security Affairs

MAY 8, 2023

Ukraine’s CERT-UA warns of an ongoing phishing campaign aimed at distributing the SmokeLoader malware in the form of a polyglot file. CERT-UA warns of an ongoing phishing campaign that is distributing the SmokeLoader malware in the form of a polyglot file. ” reads the alert published by Ukraine’s CERT.

Malware 96

Malware Phishing VPN Accountability 96

Security Affairs

MAY 22, 2024

As proof of the data breach, the extortion group published data samples, including passport images, NDAs, contracts, and other documents. The ransomware identifies user accounts by viewing successful logins in Windows Event Viewer, it also uses a modified variant of the open-source PSnmap Tool.

Data breaches 86

Data breaches Ransomware Manufacturing Encryption 86

Security Affairs

OCTOBER 1, 2020

Emotet is a malware infection that spreads through spam emails containing malicious Word or Excel documents. In the middle-August, the malware was employed in fresh COVID19-themed spam campaign. A REAL SENDER suggests that the computer using this email account has been compromised and used to send out spam messages.

Malware 137

Malware Advertising Banking Passwords 137