Remove Antivirus Remove Cybercrime Remove DNS Remove Surveillance
article thumbnail

Security Affairs newsletter Round 221 – News of the week

Security Affairs

Firefox finally addressed the Antivirus software TLS Errors. China installs a surveillance app on tourists phones while crossing in the Xinjiang. Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH). After 2 years under the radars, Ratsnif emerges in OceanLotus ops. LooCipher: The New Infernal Ransomware.

Scams 47
article thumbnail

IT threat evolution Q3 2021

SecureList

In June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control – probably achieved by obtaining credentials to the control panel of the victims’ registrar.

Malware 92
article thumbnail

APT trends report Q1 2021

SecureList

Although Lyceum still prefers taking advantage of DNS tunneling, it appears to have replaced the previously documented.NET payload with a new C++ backdoor and a PowerShell script that serve the same purpose. Our telemetry revealed that the threat group’s latest endeavors are focused on going after entities within one country – Tunisia.

Malware 142