Architecture, Information Security and Malware

Network Security Architecture: Best Practices & Tools

eSecurity Planet

APRIL 26, 2024

Network security architecture is a strategy that provides formal processes to design robust and secure networks. Effective implementation improves data throughput, system reliability, and overall security for any organization.

Architecture

Architecture Network Security Firewall Risk

New NKAbuse malware abuses NKN decentralized P2P network protocol

Security Affairs

DECEMBER 15, 2023

Experts uncovered a new Go-based multi-platform malware, tracked as NKAbuse, which is the first malware abusing NKN technology. Researchers from Kaspersky’s Global Emergency Response Team ( GERT ) and GReAT uncovered a new multiplatform malware dubbed NKAbuse. ” reads the report published by Kaspersky.

Malware

Malware Architecture Technology DDOS

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources.

Malware

Malware DNS Authentication Telecommunications

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

New Go-based Redigo malware targets Redis servers

Security Affairs

DECEMBER 1, 2022

Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. ” reads the analysis published by AquaSec. .” Pierluigi Paganini.

Malware

Malware DDOS Architecture Cryptocurrency

Amadey malware spreads via software cracks laced with SmokeLoader

Security Affairs

JULY 25, 2022

Operators behind the Amadey Bot malware use the SmokeLoader to distribute a new variant via software cracks and keygen sites. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows operators to install additional payloads. Then the malware contacts the C2 and sends system information (i.e.

Software

Software Malware Cybercrime VPN

DroidMorph tool generates Android Malware Clones that

Security Affairs

JUNE 22, 2021

Boffins developed a tool dubbed DroidMorph that provides morphing of Android applications (APKs) and allows to create Android apps (malware/benign) clones. The experts demonstrated that using the tool it is possible to bypass the Android anti-malware solutions performing permutations of the malware.

Malware

Malware Architecture Technology Mobile

FiXS, a new ATM malware that is targeting Mexican banks

Security Affairs

MARCH 4, 2023

Researchers at Metabase Q discovered a new ATM malware, dubbed FiXS, that was employed in attacks against Mexican banks since February 2023. Researchers at Metabase Q recently spotted a new ATM malware, dubbed FiXS, that is currently targeting Mexican banks. The name comes from the malware’s code name in the binary.

Banking

Banking Malware Financial Services Architecture

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

A new multifunctional Go-based malware dubbed Chaos is targeting both Windows and Linux systems, experts warn. Researchers from Black Lotus Labs at Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed to target devices based on multiple architectures, including Windows and Linux.

Malware

Malware DDOS Architecture Financial Services

XCSSET malware now targets macOS 11 and M1-based Macs

Security Affairs

APRIL 19, 2021

XCSSET, a Mac malware targeting Xcode developers, was now re-engineered and employed in a campaign aimed at Apple’s new M1 chips. Experts from Trend Micro have uncovered a Mac malware campaign targeting Xcode developers that employed a re-engineered version of the XCSSET malware to support Apple’s new M1 chips.

Malware

Malware Cryptocurrency Architecture Engineering

Experts link AVRecon bot to the malware proxy service SocksEscort

Security Affairs

JULY 31, 2023

The AVrecon malware was written in C to ensure portability and designed to target ARM-embedded devices. The experts discovered that the malicious code had been compiled for different architectures. investigated the botnet and discovered that the bot is the malware engine behind a 12-year-old service called SocksEscort.

Malware

Malware Small Business Advertising Passwords

New modular ModPipe POS Malware targets restaurants and hospitality sectors

Security Affairs

NOVEMBER 12, 2020

Cybersecurity researchers spotted a new modular PoS malware, dubbed ModPipe, that targets PoS restaurant management software from Oracle. ESET has been aware of the existence of modules since the end of 2019 when its experts first spotted the “basic” components of the malware. SecurityAffairs – hacking, PoS malware).

Malware

Malware Architecture Passwords Software

New variant for Mac Malware XCSSET compiled for M1 Chips

Security Affairs

MARCH 13, 2021

Kaspersky researchers spotted a new variant of the XCSSET Mac malware that compiled for devices running on Apple M1 chips. The malware also allows attackers to capture screenshots and exfiltrate stolen documents to the attackers’ server. Recently experts spotted other malware specifically designed to infect Mac running on M1 chips.

Malware

Malware Adware Architecture Antivirus

North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

Security Affairs

APRIL 25, 2023

North Korea-linked APT group BlueNoroff (aka Lazarus) was spotted targeting Mac users with new RustBucket malware. Researchers from security firm Jamf observed the North Korea-linked BlueNoroff APT group using a new macOS malware, dubbed RustBucket, family in recent attacks. The trojan can run on both ARM and x86 architectures.

Malware

Malware Social Engineering Architecture Education

Experts detected a new variant of North Korea-linked RUSTBUCKET macOS malware

Security Affairs

JULY 3, 2023

Researchers spotted a new version of the RustBucket Apple macOS malware that supports enhanced capabilities. Researchers from the Elastic Security Labs have spotted a new variant of the RustBucket Apple macOS malware. The RustBucket malware allows operators to download and execute various payloads.

Malware

Malware Architecture Cryptocurrency Hacking

LLM meets Malware: Starting the Era of Autonomous Threat

Security Affairs

JUNE 13, 2023

Malware researchers analyzed the application of Large Language Models (LLM) to malware automation investigating future abuse in autonomous threats. We explored a potential architecture of an autonomous malware threat based on four main steps: an AI-empowered reconnaissances, reasoning and planning phase, and the AI-assisted execution.

Malware

Malware Architecture Hacking Passwords

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

UK and US cybersecurity agencies linked Cyclops Blink malware to Russia’s Sandworm APT. US and UK cybersecurity and law enforcement agencies published a joint security advisory about a new malware, dubbed Cyclops Blink, that has been linked to the Russian-backed Sandworm APT group. appeared first on Security Affairs.

Malware

Malware Firmware Architecture Firewall

North Korea-linked Lazarus continues to target job seekers with macOS malware

Security Affairs

SEPTEMBER 28, 2022

North Korea-linked Lazarus APT group continues to target macOS with a malware campaign using job opportunities as a lure. The SentinelOne investigation is based on a previous one conducted by ESET in August , when Lazarus APT has been observed targeting job seekers with macOS malware working also on Intel and M1 chipsets.

Malware

Malware Cryptocurrency Architecture Advertising

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware

Malware Encryption Advertising Passwords

Silver Sparrow, a new malware infects Mac systems using Apple M1 chip

Security Affairs

FEBRUARY 20, 2021

Experts warn of new malware, dubbed Silver Sparrow, that is infecting Mac systems using the latest Apple M1 chip across the world. Malware researchers at Red Canary uncovered a new malware, dubbed Silver Sparrow, that is infecting Mac systems using the latest Apple M1 chip across the world. continue the researchers.

Malware

Malware Adware Antivirus DDOS

Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web

Security Affairs

DECEMBER 5, 2022

Resecurity has identified a new underground marketplace in the Dark Web oriented towards mobile malware developers and operators. This trend comes from the “Man in The Browser” (MiTB) attacks and WEB-injects designed for traditional PC-based malware such as Zeus, Gozi and SpyEye.

Mobile

Mobile Malware Banking Retail

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Security Affairs

APRIL 27, 2023

Iran-linked APT group Charming Kitten employed a new malware dubbed BellaCiao in attacks against victims in the U.S., The Charming Kitten used a new custom malware, dubbed BellaCiao, that is tailored to suit individual targets and is very sophisticated. Europe, the Middle East and India. Israel, Iraq, and Saudi Arabia.

Malware

Malware DNS Media Architecture

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. Experts pointed out that the malware is being actively developed. The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” Upon installing the threat, the bot drops a file in /tmp/.pwned

Malware

Malware DDOS IoT Cybercrime

Cyberium malware-hosting domain employed in multiple Mirai variants campaigns

Security Affairs

JUNE 15, 2021

The botnet was linked to a new malware hosting domain that has been serving Mirai variants for several different botnets over the past year. This payload contains the logic to change the execution path to a temporary location, wget a file from a malware hosting page, provide execution permissions, and execute it.”

Malware

Malware Internet Internet DDOS

Erbium info-stealing malware, a new option in the threat landscape

Security Affairs

SEPTEMBER 27, 2022

Threat actors behind the new ‘Erbium’ information-stealing malware are distributing it as fake cracks and cheats for popular video games to steal victims’ credentials and cryptocurrency wallets. The Erbium info-stealing malware was first spotted by researchers at threat intelligence firm Cluster25 on July 21, 2022.

Malware

Malware Password Management Authentication Passwords

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

The used lure is in Russian is called “ Information security memo ” which provide security practices for passwords, confidential information, etc. The threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat: Debug Information.

Malware

Malware Encryption Antivirus Architecture

IDAT Loader used to infect a Ukraine entity in Finland with Remcos RAT

Security Affairs

FEBRUARY 27, 2024

A new malware campaign is targeting a Ukraine entity in Finland with Remcos RAT distributed via a loader called IDAT Loader. Morphisec Threat Labs researchers observed a new malware campaign targeting a Ukraine entity in Finland with Remcos RAT distributed via a loader called IDAT Loader.

Malware

Malware Architecture Phishing Hacking

New Go-written GobRAT RAT targets Linux Routers in Japan

Security Affairs

MAY 29, 2023

Threat actors are targeting Linux routers with publicly exposed WEBUI to execute malicious scripts to deploy the GobRAT malware. The researchers observed samples for multiple architectures, including ARM, MIPS, x86, and x86-64. ” reads the alert published by the JPCERT Coordination Center (JPCERT/CC). ssh/authorized_keys.

Architecture

Architecture Malware Firewall Hacking

New P2PInfect bot targets routers and IoT devices

Security Affairs

DECEMBER 4, 2023

Researchers at Cado Security Labs discovered a new variant of the P2Pinfect botnet that targets routers, IoT devices, and other embedded devices. This variant has been compiled for the Microprocessor without Interlocked Pipelined Stages (MIPS) architecture. ” reads the report published by Cado Security.

IoT

IoT Architecture Malware Hacking

Experts found a macOS version of the sophisticated LightSpy spyware

Security Affairs

MAY 30, 2024

The malware also grants attackers access to the device’s system, enabling them to retrieve user KeyChain data, device lists, and execute shell commands, potentially gaining full control over the device. ” The plugins for the macOS version are different from those for other platforms, reflecting the architecture of the target systems.

Spyware

Spyware Malware Surveillance Mobile

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” reads the report published by CyberArk.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Crooks leverage Zoom’s popularity in Coronavirus outbreak to serve malware

Security Affairs

MARCH 30, 2020

com to deliver malware. Prevent zero-day attacks with a holistic, end to end cyber architecture. The post Crooks leverage Zoom’s popularity in Coronavirus outbreak to serve malware appeared first on Security Affairs. Threat actors registered malicious domains like googloclassroom[.]com com and googieclassroom[.]com

Malware

Malware Advertising Retail Architecture

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware

Malware Encryption Advertising Passwords

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

Security Affairs

FEBRUARY 10, 2024

The malware impersonates a Visual Studio update and was designed to support Intel and Arm architectures. The malware has been active since at least November 2023, but it was fist spotted on February 2 nd 2024. RustDoor is written in Rust language and supports multiple features.

Ransomware

Ransomware Architecture Malware Passwords

New Redis miner Migo uses novel system weakening techniques

Security Affairs

FEBRUARY 21, 2024

A new malware campaign targets Redis servers to deploy the mining crypto miner Migo on compromised Linux hosts. Caro Security researchers have observed a new malware campaign targeting Redis servers with a crypto miner dubbed Migo. This ELF file can target x86_64 architecture. ” The main Migo payload (/tmp/.migo)

Malware

Malware Architecture Marketing Engineering

Silex malware bricks thousands of IoT devices in a few hours

Security Affairs

JUNE 26, 2019

Security experts warn of a new piece of the Silex malware that is bricking thousands of IoT devices, and the situation could rapidly go worse. Cashdollar explained that the Silex malware trashes the storage of the infected devices, drops firewall rules and wipe network configurations before halting the system.

IoT

IoT Malware Advertising Firmware

Alien Android banking Trojan, the powerful successor of the Cerberus malware

Security Affairs

SEPTEMBER 24, 2020

Security researchers spotted a new strain of Android malware, dubbed Alien, that implements multiple features allowing it to steal credentials from 226 apps. Alien first appeared in the threat landscape early this year, its model of sale is Malware-as-a-Service (MaaS) and is advertised on several underground hacking forums.

Banking

Banking Malware Advertising Architecture

HiddenWasp, a sophisticated Linux malware borroes from Mirai and Azazel

Security Affairs

MAY 31, 2019

Security experts at Intezer have discovered a new Linux malware tracked as ‘HiddenWasp’ that borrows from Mirai, Azazel malicious codes. HiddenWasp is a new sophisticated Linux malware still undetected by the majority of anti-virus solutions. According to the experts at Intezer, the malware was involved in targeted attacks. .

Malware

Malware Advertising DDOS Architecture

USENIX Security ’23 – Black-box Adversarial Example Attack Towards FCG Based Android Malware Detection Under Incomplete Feature Information

Security Boulevard

JANUARY 31, 2024

Permalink The post USENIX Security ’23 – Black-box Adversarial Example Attack Towards FCG Based Android Malware Detection Under Incomplete Feature Information appeared first on Security Boulevard. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

Malware

Malware Architecture Education Information Security

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

KmsdBot is an evasive Golang-based malware that was first detected by Akamai in November 2022, it infects systems via an SSH connection that uses weak login credentials. The malware was employed in cryptocurrency mining campaigns and to launch denial-of-service (DDoS) attacks.

IoT

IoT DDOS Architecture Internet

Talos wars of customizations of the open-source info stealer SapphireStealer

Security Affairs

SEPTEMBER 1, 2023

SapphireStealer is an open-source information stealer written in.NET, which is available in multiple public malware repositories since its public release in December 2022. The malware is also able to siphon files stored with specific extensions and take screenshots. SapphireStealer allows operators to gather system data (i.e.

Malware

Malware Data collection Architecture Hacking

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. It was this first time that the operators adopted this tactic.

Ransomware

Ransomware Encryption Antivirus VPN

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

The used lure is in Russian is called " Information security memo " which provide security practices for passwords, confidential information, etc. The threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat: Debug Information.

Malware

Malware Encryption Antivirus Architecture

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. Latin American trojans share the same modus operandi and even modules and blocks of code observed during the analysis of several malware samples. Background of Latin American Trojans.

Antivirus

Antivirus Malware Banking Internet

BrandPost: Scary Cyber Threats and Sweet Solutions

CSO Magazine

OCTOBER 26, 2021

These are the names of top malware that could be haunting your programs and email right now! What is even scarier: Not having systems in place to protect against malware and other cyber threats. It's not just malware that poses a threat to an enterprise's systems. They should. Building a cyber defense plan may seem scary.

Cyber threats

Cyber threats Architecture Malware Cybersecurity

Network Security Architecture: Best Practices & Tools

New NKAbuse malware abuses NKN decentralized P2P network protocol

Webinars

Trending Sources

Cuttlefish malware targets enterprise-grade SOHO routers

Webinars

New Go-based Redigo malware targets Redis servers

Amadey malware spreads via software cracks laced with SmokeLoader

DroidMorph tool generates Android Malware Clones that

FiXS, a new ATM malware that is targeting Mexican banks

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

XCSSET malware now targets macOS 11 and M1-based Macs

Experts link AVRecon bot to the malware proxy service SocksEscort

New modular ModPipe POS Malware targets restaurants and hospitality sectors

New variant for Mac Malware XCSSET compiled for M1 Chips

North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

Experts detected a new variant of North Korea-linked RUSTBUCKET macOS malware

LLM meets Malware: Starting the Era of Autonomous Threat

US and UK link new Cyclops Blink malware to Russian state hackers?

North Korea-linked Lazarus continues to target job seekers with macOS malware

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Silver Sparrow, a new malware infects Mac systems using Apple M1 chip

Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

EnemyBot malware adds new exploits to target CMS servers and Android devices

Cyberium malware-hosting domain employed in multiple Mirai variants campaigns

Erbium info-stealing malware, a new option in the threat landscape

Woody RAT: A new feature-rich malware spotted in the wild

IDAT Loader used to infect a Ukraine entity in Finland with Remcos RAT

New Go-written GobRAT RAT targets Linux Routers in Japan

New P2PInfect bot targets routers and IoT devices

Experts found a macOS version of the sophisticated LightSpy spyware

Raccoon Malware, a success case in the cybercrime ecosystem

Crooks leverage Zoom’s popularity in Coronavirus outbreak to serve malware

CDRThief Linux malware steals VoIP metadata from Linux softswitches

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

New Redis miner Migo uses novel system weakening techniques

Silex malware bricks thousands of IoT devices in a few hours

Alien Android banking Trojan, the powerful successor of the Cerberus malware

HiddenWasp, a sophisticated Linux malware borroes from Mirai and Azazel

USENIX Security ’23 – Black-box Adversarial Example Attack Towards FCG Based Android Malware Detection Under Incomplete Feature Information

Updated Kmsdx botnet targets IoT devices

Talos wars of customizations of the open-source info stealer SapphireStealer

Akira ransomware received $42M in ransom payments from over 250 victims

Woody RAT: A new feature-rich malware spotted in the wild

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

BrandPost: Scary Cyber Threats and Sweet Solutions

Stay Connected