Blog, Cybersecurity, Information Security and Malware

Hackers are taking advantage of the interest in generative AI to install Malware

Security Affairs

MAY 3, 2023

Threat actors are using the promise of generative AI like ChatGPT to deliver malware, Facebook parent Meta warned. Threat actors are taking advantage of the huge interest in generative AI like ChatGPT to trick victims into installing malware, Meta warns. ” reads the Meta’s Q1 2023 Security Reports.

Malware

Malware Education Accountability Media

Thank you!!! SecurityAffairs awarded as Best European Personal Cybersecurity Blog 2022

Security Affairs

JUNE 22, 2022

I’m proud to announce that SecurityAffairs was awarded as the Best European Personal Cybersecurity Blog 2022 at European Cybersecurity Blogger Awards 2022. The winners of the annual European Cybersecurity Blogger Awards have been announced. For me its time to thank you for the amazing support and the votes you gave me.

Cybersecurity

Cybersecurity Hacking Information Security Malware

15 Best Cybersecurity Blogs To Read

Spinone

OCTOBER 10, 2019

Cybersecurity is one of the most dynamic and quick-changing industries. The best way to stay up-to-date with the recent trends is by reading the top cybersecurity blogs. Here’s our list of the best cybersecurity blogs to read and follow. The blog has sections for both individual and business users.

Cybersecurity

Cybersecurity IoT Antivirus Education

Multiple malware used in attacks exploiting Ivanti VPN flaws

Security Affairs

FEBRUARY 1, 2024

Mandiant spotted new malware used by a China-linked threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant researchers discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices.

VPN

VPN Malware Authentication Hacking

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

JUNE 9, 2022

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. “Symbiote is a malware that is highly evasive. ” concludes the report.

Malware

Malware DNS Antivirus Passwords

Learning Malware Analysis and Cybersecurity Writing Online

Lenny Zeltser

APRIL 19, 2020

You can now take my malware analysis and cybersecurity writing courses online in two formats at SANS Institute, depending on how you prefer to learn: OnDemand: Self-paced, recorded training with four months of access to course materials and labs. Malware Analysis. Cybersecurity Writing.

Malware

Malware Cybersecurity Software Information Security

New Lobshot hVNC malware spreads via Google ads

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Researchers from Elastic Security Labs spotted a new remote access trojan dubbed LOBSHOT was being distributed through Google Ads. ” reads the report published by Elastic Security Labs.

Malware

Malware Cybercrime Banking Software

What Is Residual Risk in Information Security?

Heimadal Security

APRIL 7, 2021

The post What Is Residual Risk in Information Security? appeared first on Heimdal Security Blog. Cyberattacks have been happening for decades, but as we have become more dependent on digital technology and infrastructure and therefore create more value in […].

Information Security

Information Security Risk Cyber Attacks Technology

North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

Security Affairs

APRIL 25, 2023

North Korea-linked APT group BlueNoroff (aka Lazarus) was spotted targeting Mac users with new RustBucket malware. Researchers from security firm Jamf observed the North Korea-linked BlueNoroff APT group using a new macOS malware, dubbed RustBucket, family in recent attacks. The trojan can run on both ARM and x86 architectures.

Malware

Malware Social Engineering Architecture Education

Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack

Security Affairs

APRIL 20, 2023

North Korea-linked APT group Lazarus employed new Linux malware in attacks that are part of Operation Dream Job. North Korea-linked APT group Lazarus is behind a new campaign tracked as Operation DreamJob (aka DeathNote or NukeSped ) that employed Linux malware. ” concludes the report.

Malware

Malware Social Engineering Education Media

A flaw in the Kyocera Android printing app can be abused to drop malware

Security Affairs

APRIL 13, 2023

Security experts warn that a Kyocera Android printing app is vulnerable to improper intent handling and can be abused to drop malware. An improper intent handling issue affecting the Kyocera Android printing app can allow malicious applications to drop malware.

Malware

Malware Mobile Education Media

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

Security Affairs

JUNE 3, 2022

An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. The activity of the group was first documented by TeamT5 researchers that also reported the use of three malware families: SpyDealer, Demsty and WinDealer. To nominate, please visit:?.

Malware

Malware Telecommunications Hacking Internet

Tax preparation and e-file service eFile.com compromised to serve malware

Security Affairs

APRIL 5, 2023

The eFile.com online service, which is authorized by the US Internal Revenue Service (IRS), was spotted serving malicious malware to visitors. eFile.com , the personal online tax preparation and e-file service authorized by the US Internal Revenue Service (IRS), was spotted serving malware to visitors.

Malware

Malware Education Media Hacking

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. Together, CWRU and the FBI were able to identify that an IP address with which the malware was communicating had also been used to access the alumni email account of a man called Phillip Durachinsky.

Malware

Malware Passwords Identity Theft Data collection

China-linked Hafnium APT leverages Tarrask malware to gain persistence

Security Affairs

APRIL 13, 2022

China-linked Hafnium APT group started using a new piece of new malware to gain persistence on compromised Windows systems. Microsoft Threat Intelligence Center (MSTIC) highlighted the simplicity of the technique employed by the Tarrask malware that creates “hidden” scheduled tasks on the system to maintain persistence.

Malware

Malware Education Internet Internet

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Security Affairs

JUNE 20, 2022

The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. “TAs are modifying their code in order to tailor their malware on specific banking institutions.

Malware

Malware Banking Antivirus Phishing

Fleckpe Android malware totaled +620K downloads via Google Play Store

Security Affairs

MAY 5, 2023

Fleckpe is a new Android subscription Trojan that spreads via Google Play, the malware discovered by Kaspersky is hidden in photo editing apps, smartphone wallpaper packs, and other general-purpose apps. In case the subscription process requires a confirmation code, the malware is able to get it from the notifications.

Malware

Malware Mobile Antivirus Hacking

FFDroider, a new information-stealing malware disguised as Telegram app

Security Affairs

APRIL 11, 2022

Cybersecurity researchers spotted a new Windows information-stealing malware, named FFDroider, designed to steal credentials and cookies. Cybersecurity researchers from Zscaler ThreatLabz warn of a new information-stealing malware, named FFDroider, that disguises itself as the popular instant messaging app Telegram.

Malware

Malware Media Firewall Advertising

NetDooka framework distributed via a pay-per-install (PPI) malware service

Security Affairs

MAY 6, 2022

Researchers discovered a sophisticated malware framework, dubbed NetDooka, distributed via a pay-per-install (PPI) malware service known as PrivateLoader. The PrivateLoader malware is a downloader used by threat actors for downloading and installing multiple malware. ” reads a report published by Trend Micro.

Malware

Malware Antivirus DDOS Hacking

Threat actors target the Ukrainian gov with IcedID malware

Security Affairs

APRIL 16, 2022

Threat actors are targeting Ukrainian government agencies with phishing attacks delivering the IcedID malware. The Ukrainian Computer Emergency Response Team (CERT-UA) uncovered new phishing campaigns aimed at infecting systems of Ukrainian government agencies with the IcedID malware. ” reads the analysis published by CERT-UA.

Malware

Malware Phishing Banking Government

China-linked Moshen Dragon abuses security software to sideload malware

Security Affairs

MAY 3, 2022

A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. Both PlugX and ShadowPad malware are very common among China-linked cyberespionage groups. ” concludes the report.”Once To nominate, please visit:?

Software

Software Malware Telecommunications Antivirus

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” ” Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. .”

Malware

Malware DDOS IoT Cybercrime

Experts spotted a new variant of UpdateAgent macOS malware dropper written in Swift

Security Affairs

MAY 18, 2022

Researchers spotted a new variant of the UpdateAgent macOS malware dropper that was employed in attacks in the wild. Researchers from the Jamf Threat Labs team have uncovered a new variant of the UpdateAgent macOS malware dropper. Upon executing the malware, it connects to a remote server and retrieves a bash script to be executed.

Adware

Adware Malware Spyware Hacking

Nation-state malware could become a commodity on dark web soon, Interpol warns

Security Affairs

MAY 24, 2022

Interpol Secretary warns that nation-state malware will become available on the cybercrime underground in a couple of years. In the ongoing conflict between Russia and Ukraine, the malware developed by both nation-state actors and non state actors represents a serious risk for critical infrastructure and organizations worldwide.

Malware

Malware Cybercrime Government Engineering

Lockbit ransomware gang claims to have hacked cybersecurity giant Mandiant

Security Affairs

JUNE 6, 2022

LockBit ransomware gang claims to have hacked the cybersecurity firm Mandiant, which is investigating the alleged security breach. Today the LockBit ransomware gang has added the cybersecurity firm Mandiant to the list of victims published on its darkweb leak site. Follow me on Twitter: @securityaffairs and Facebook.

Hacking

Hacking Ransomware Cybersecurity Cybercrime

Why Taylor Swift Fans Should Work in Cybersecurity

SecureWorld News

SEPTEMBER 12, 2023

These skills also happen to apply to information security (infosec) and cyber threat intelligence and research. 13 reasons why Swifties should consider a career in cybersecurity 1. Like most hard things, security is a team effort. We can do better.

Cybersecurity

Cybersecurity InfoSec Threat Detection Accountability

Malware campaign hides a shellcode into Windows event logs

Security Affairs

MAY 7, 2022

Experts spotted a malware campaign that is the first one using a technique of hiding a shellcode into Windows event logs. The experts discovered that the attackers are hiding encrypted shellcode containing the next-stage malware as 8KB pieces in event logs. The code is quite unique, with no similarities to known malware.

Malware

Malware Encryption Hacking Cybersecurity

Threat actors target the infoSec community with fake PoC exploits

Security Affairs

MAY 22, 2022

Researchers uncovered a malware campaign targeting the infoSec community with fake Proof Of Concept to deliver a Cobalt Strike beacon. Researchers from threat intelligence firm Cyble uncovered a malware campaign targeting the infoSec community. The malware, disguised as a fake PoC code, was available on GitHub.

InfoSec

InfoSec Malware Cybercrime Information Security

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

The Last Watchdog

JANUARY 8, 2023

And when malware, ransomware, or other cyber threats get in the way, the focus shifts from forward progress to focused co-operation. A security strategy should clear obstacles and enable every part of a business operation to run smoothly. In golf there’s a popular saying: play the course, not your opponent.

Risk

Risk Cybersecurity Technology CISO

Bumblebee, a new malware loader used by multiple crimeware threat actors

Security Affairs

APRIL 28, 2022

Threat actors have replaced the BazaLoader and IcedID malware with a new loader called Bumblebee in their campaigns. Cybercriminal groups that were previously using the BazaLoader and IcedID as part of their malware campaigns seem to have adopted a new loader called Bumblebee. It is used by multiple cybercrime threat actors.”

Malware

Malware Cybercrime Encryption Hacking

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

Cybersecurity and Infrastructure Security Agency (CISA) has started a campaign to increase awareness of these risks to U.S. Educate your employees on threats and risks such as phishing and malware. About the essayist: Don Boian is the Chief Information Security Officer at Hound Labs, Inc., The efficacy of hygiene.

Cybersecurity

Cybersecurity Cybercrime Education Government

North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware

Security Affairs

MAY 25, 2023

North Korea-linked APT group Lazarus actor has been targeting vulnerable Microsoft IIS servers to deploy malware. AhnLab Security Emergency response Center (ASEC) researchers reported that the Lazarus APT Group is targeting vulnerable versions of Microsoft IIS servers in a recent wave of malware-based attacks.

Malware

Malware Hacking Government Cybersecurity

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Security Affairs

MAY 4, 2020

Hackers are conducting a mass-scanning the Internet for vulnerable Salt installs that could allow them to hack the organizations, the last victim is the Ghost blogging platform. A few hours later another security incident was reported by the media, ZDNet reported that the Node.js-based Pierluigi Paganini.

Internet

Internet Internet Hacking Advertising

Experts show how to run malware on chips of a turned-off iPhone

Security Affairs

MAY 16, 2022

Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is “off.” An attacker with privileged access can exploit this bug to develop a malware that can run on an iPhone Bluetooth chip even when it is off. To nominate, please visit:? Pierluigi Paganini.

Malware

Malware Wireless Firmware Mobile

15 Cybersecurity Measures for the Cloud Era

Security Affairs

APRIL 8, 2022

Which are the most important cybersecurity measures that businesses can take to protect themselves in the cloud era? This ubiquity has led to increased concerns about data security, as more and more sensitive information is stored online. In this article, we will discuss 15 of the most important cybersecurity measures.

Cybersecurity

Cybersecurity Passwords Penetration Testing Encryption

Vulnerable Docker Installations Are A Playhouse for Malware Attacks

Security Affairs

MAY 6, 2022

Coinminer attacks Reverse shell attacks Kinsing malware attacks. Case 4 – Kinsing malware attacks. The last and the most commonly seen attacks is Kinsing, a popular malware family seen in the *nix based malware attacks. Figure 12: honeypot log – kinsing malware attack. Case 1 – Coinminer Attacks.

Malware

Malware Cryptocurrency Hacking Cybersecurity

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

Upon detecting network anomalies, the information department promptly activated relevant defense mechanisms and carried out recovery measures, and reported the incident to government law enforcement agencies and cybersecurity units.” ” reads a statement published by the company.

Ransomware

Ransomware Firmware Hacking Manufacturing

Experts temporarily disrupted the RedLine Stealer operations

Security Affairs

APRIL 18, 2023

The two companies teamed up with Flare to curb the operations of the malware operators. The experts discovered that the malware control panels use GitHub repositories as dead-drop resolvers. The info-stealer is considered a commodity malware that is available through malware-as-a-service model.

Malware

Malware Education Media Authentication

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter ) The post Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Cybercrime

Cybercrime Malware Hacking Accountability

Malware Training Sets: FollowUP

Security Affairs

MAY 14, 2019

The popular expert Marco Ramilli provided a follow up to its Malware classification activity by adding a scripting section which would be useful for several purposes. On 2016 I was working hard to find a way to classify Malware families through artificial intelligence (machine learning). Everybody is using this set will appreciate it.

Malware

Malware Artificial Intelligence Computers and Electronics Penetration Testing

Trigona Ransomware targets Microsoft SQL servers

Security Affairs

APRIL 20, 2023

Threat actors are hacking poorly secured and Interned-exposed Microsoft SQL servers to deploy the Trigona ransomware. Threat actors are hacking into poorly secured and public-facing Microsoft SQL servers to deploy Trigona ransomware. “V3 should be updated to the latest version so that malware infection can be prevented.

Ransomware

Ransomware Malware Encryption Hacking

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Security Affairs

APRIL 24, 2023

The malware environment checking and Anti-VM functions. FortiGuard Labs observed this malware in a phishing email campaign on 30 March, which we traced back to the samples included in this blog.” The malware can steal sensitive data from the infected endpoint, including browser history and passwords, and cookies.

Cybercrime

Cybercrime Malware Education Phishing

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Security Affairs

APRIL 13, 2022

Microsoft dismantled the C2 infrastructure used by the ZLoader trojan with the help of telecommunications providers around the world and cybersecurity firms. ” Zloader is a banking malware that has been active at least since 2016, it borrows some functions from the notorious Zeus 2.0.8.9 ” concludes Microsoft.

Banking

Banking Malware Telecommunications Antivirus

Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks

Security Affairs

MAY 28, 2022

The instances of the malware spotted by the experts were compiled in early March, a few days after the Russian invasion of Ukraine began. While monitoring the activity of the APT group, experts observed threat actors conducting multiple attacks, including phishing campaigns and malware attacks. caciques.gloritapa.** delicate.maizuko.**

DDOS

DDOS Malware Phishing Hacking

Hackers are taking advantage of the interest in generative AI to install Malware

Thank you!!! SecurityAffairs awarded as Best European Personal Cybersecurity Blog 2022

Trending Sources

15 Best Cybersecurity Blogs To Read

Multiple malware used in attacks exploiting Ivanti VPN flaws

Symbiote, a nearly-impossible-to-detect Linux malware?

Learning Malware Analysis and Cybersecurity Writing Online

New Lobshot hVNC malware spreads via Google ads

What Is Residual Risk in Information Security?

North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack

A flaw in the Kyocera Android printing app can be abused to drop malware

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

Tax preparation and e-file service eFile.com compromised to serve malware

Alleged FruitFly malware creator ruled incompetent to stand trial

China-linked Hafnium APT leverages Tarrask malware to gain persistence

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Fleckpe Android malware totaled +620K downloads via Google Play Store

FFDroider, a new information-stealing malware disguised as Telegram app

NetDooka framework distributed via a pay-per-install (PPI) malware service

Threat actors target the Ukrainian gov with IcedID malware

China-linked Moshen Dragon abuses security software to sideload malware

EnemyBot malware adds new exploits to target CMS servers and Android devices

Experts spotted a new variant of UpdateAgent macOS malware dropper written in Swift

Nation-state malware could become a commodity on dark web soon, Interpol warns

Lockbit ransomware gang claims to have hacked cybersecurity giant Mandiant

Why Taylor Swift Fans Should Work in Cybersecurity

Malware campaign hides a shellcode into Windows event logs

Threat actors target the infoSec community with fake PoC exploits

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

Bumblebee, a new malware loader used by multiple crimeware threat actors

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Experts show how to run malware on chips of a turned-off iPhone

15 Cybersecurity Measures for the Cloud Era

Vulnerable Docker Installations Are A Playhouse for Malware Attacks

MSI confirms security breach after Money Message ransomware attack

Experts temporarily disrupted the RedLine Stealer operations

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Malware Training Sets: FollowUP

Trigona Ransomware targets Microsoft SQL servers

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks

Stay Connected