Blog, Education, Information Security and Malware

Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE

Security Affairs

MAY 12, 2023

CISA and FBI warned of attacks conducted by the Bl00dy Ransomware Gang against the education sector in the country. The FBI and CISA issued a joint advisory warning that the Bl00dy Ransomware group is actively targeting the education sector by exploiting the PaperCut remote-code execution vulnerability CVE-2023-27350.

Education

Education Ransomware Encryption Malware

Hackers are taking advantage of the interest in generative AI to install Malware

Security Affairs

MAY 3, 2023

Threat actors are using the promise of generative AI like ChatGPT to deliver malware, Facebook parent Meta warned. Threat actors are taking advantage of the huge interest in generative AI like ChatGPT to trick victims into installing malware, Meta warns. ” reads the Meta’s Q1 2023 Security Reports.

Malware

Malware Education Accountability Media

Experts spotted a new sophisticated malware toolkit called Decoy Dog

Security Affairs

MAY 1, 2023

Infoblox researchers discovered a new sophisticated malware toolkit, dubbed Decoy Dog, targeting enterprise networks. While analyzing billions of DNS records, Infoblox researchers discovered a sophisticated malware toolkit, dubbed Decoy Dog, that was employed in attacks aimed at enterprise networks.

Malware

Malware DNS Education Media

New Lobshot hVNC malware spreads via Google ads

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Researchers from Elastic Security Labs spotted a new remote access trojan dubbed LOBSHOT was being distributed through Google Ads. ” reads the report published by Elastic Security Labs.

Malware

Malware Cybercrime Banking Software

North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

Security Affairs

APRIL 25, 2023

North Korea-linked APT group BlueNoroff (aka Lazarus) was spotted targeting Mac users with new RustBucket malware. Researchers from security firm Jamf observed the North Korea-linked BlueNoroff APT group using a new macOS malware, dubbed RustBucket, family in recent attacks. The trojan can run on both ARM and x86 architectures.

Malware

Malware Social Engineering Architecture Education

Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack

Security Affairs

APRIL 20, 2023

North Korea-linked APT group Lazarus employed new Linux malware in attacks that are part of Operation Dream Job. North Korea-linked APT group Lazarus is behind a new campaign tracked as Operation DreamJob (aka DeathNote or NukeSped ) that employed Linux malware. ” concludes the report.

Malware

Malware Social Engineering Education Media

A flaw in the Kyocera Android printing app can be abused to drop malware

Security Affairs

APRIL 13, 2023

Security experts warn that a Kyocera Android printing app is vulnerable to improper intent handling and can be abused to drop malware. An improper intent handling issue affecting the Kyocera Android printing app can allow malicious applications to drop malware.

Malware

Malware Mobile Education Media

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

On March 7, 2023, the researchers found a Linux variant of the PingPull that was uploaded to VirusTotal, it had a very low detection rate (3 out of 62) “Despite a largely benign verdict, additional analysis has determined that this sample is a Linux variant of PingPull malware. ” reads the analysis published by Unit 42.

Malware

Malware Telecommunications Government VPN

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Security Affairs

MAY 1, 2023

Iranian authorities have been spotted using the BouldSpy Android malware to spy on minorities and traffickers. The researchers are tracking the spyware since March 2020, starting in 2023, multiple security experts [ 1 , 2 ] started monitoring its activity.

Surveillance

Surveillance Malware Spyware Education

Tax preparation and e-file service eFile.com compromised to serve malware

Security Affairs

APRIL 5, 2023

The eFile.com online service, which is authorized by the US Internal Revenue Service (IRS), was spotted serving malicious malware to visitors. eFile.com , the personal online tax preparation and e-file service authorized by the US Internal Revenue Service (IRS), was spotted serving malware to visitors.

Malware

Malware Education Media Hacking

‘Educational’ ransomware program may instead become a how-to guide for attackers

SC Magazine

MARCH 5, 2021

The author claims the program, dubbed Povlsomware, is designed to be an educational tool for testing anti-virus protections; however, it’s possible that cybercriminals could adopt and modify the code in order to launch their own attacks, warns Trend Micro, which detailed the ransomware in a new company blog post this week.

Education

Education Ransomware Malware Cybercrime

China-linked Hafnium APT leverages Tarrask malware to gain persistence

Security Affairs

APRIL 13, 2022

China-linked Hafnium APT group started using a new piece of new malware to gain persistence on compromised Windows systems. HAFNIUM primarily targets entities in the United States across multiple industries, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.

Malware

Malware Education Internet Internet

15 Best Cybersecurity Blogs To Read

Spinone

OCTOBER 10, 2019

The best way to stay up-to-date with the recent trends is by reading the top cybersecurity blogs. Here’s our list of the best cybersecurity blogs to read and follow. Securing Tomorrow SecuringTomorrow is a blog by McAfee, one of the biggest security software providers.

Cybersecurity

Cybersecurity IoT Antivirus Education

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Security Affairs

APRIL 24, 2023

The tool was developed by a company named Kodex, which claims that the tool was developed for an educational purpose. The malware environment checking and Anti-VM functions. FortiGuard Labs observed this malware in a phishing email campaign on 30 March, which we traced back to the samples included in this blog.”

Cybercrime

Cybercrime Malware Education Phishing

Experts temporarily disrupted the RedLine Stealer operations

Security Affairs

APRIL 18, 2023

The two companies teamed up with Flare to curb the operations of the malware operators. The experts discovered that the malware control panels use GitHub repositories as dead-drop resolvers. The info-stealer is considered a commodity malware that is available through malware-as-a-service model.

Malware

Malware Education Media Authentication

Atomic macOS Stealer is advertised on Telegram for $1,000 per month

Security Affairs

APRIL 29, 2023

Atomic macOS Stealer is a new information stealer targeting macOS that is advertised on Telegram for $1,000 per month. Cyble Research and Intelligence Labs (CRIL) recently discovered a Telegram channel advertising a new information-stealing malware, named Atomic macOS Stealer (AMOS). ” reads the report published by Cyble.

Advertising

Advertising Passwords Malware Password Management

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

.” The company reported the security breach to the relevant authorities, and it downplayed the incident, saying that the attack had no significant financial and operational impact. In response to the incident, the company announced it is enhancing the information security control measures of its network and infrastructure.

Ransomware

Ransomware Firmware Hacking Manufacturing

Google obtained a temporary court order against CryptBot distributors

Security Affairs

APRIL 28, 2023

Google announced that a federal judge in the Southern District of New York unsealed its civil action against the operators of the information stealer Cryptbot. to disrupt the operations of the CryptBot malware, which experts estimate infected approximately 670,000 computers this past year. ” concludes the announcemebt.

Malware

Malware Cybercrime Cryptocurrency Media

Trigona Ransomware targets Microsoft SQL servers

Security Affairs

APRIL 20, 2023

Threat actors are hacking poorly secured and Interned-exposed Microsoft SQL servers to deploy the Trigona ransomware. Threat actors are hacking into poorly secured and public-facing Microsoft SQL servers to deploy Trigona ransomware. “V3 should be updated to the latest version so that malware infection can be prevented.

Ransomware

Ransomware Malware Encryption Hacking

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

A new variant of the information-stealing malware ViperSoftX implements sophisticated techniques to avoid detection. Trend Micro researchers observed a new ViperSoftX malware campaign that unlike previous attacks relies on DLL sideloading for its arrival and execution technique. c2 arrowlchat[.]com ” continues the report.

Encryption

Encryption Malware Cryptocurrency Software

New QBot campaign delivered hijacking business correspondence

Security Affairs

APRIL 17, 2023

Kaspersky researchers warn of a new QBot campaign leveraging hijacked business emails to deliver malware. In early April, Kaspersky experts observed a surge in attacks that QBot malware attacks (aka Qakbot , QuackBot, and Pinkslipbot ). Its modular structure allows operators to implement new features to extend their capabilities.

Malware

Malware Education Banking Media

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware. The group targeted multiple sectors, including government, defense, energy, transportation/logistics, education, and humanitarian organizations. and similar services.

Phishing

Phishing Education Accountability Telecommunications

Crooks use PaperCut exploits to deliver Cl0p and LockBit ransomware

Security Affairs

APRIL 27, 2023

Microsoft 365 Defender detects the exploitation, malware, & malicious activity in these Lace Tempest attacks. Microsoft is also monitoring a separate cluster of attacks exploiting PaperCut flaws to deliver the Lockbit ransomware. The company warns that other financially motivated groups could adopt a similar infection chain.

Ransomware

Ransomware Education Media Malware

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter ) The post Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Cybercrime

Cybercrime Malware Hacking Accountability

North Korea-linked ScarCruft APT uses large LNK files in infection chains

Security Affairs

MAY 2, 2023

North Korea-linked ScarCruft APT group started using oversized LNK files to deliver the RokRAT malware starting in early July 2022. The infection chain used by the threat actors relies on large LNK files running PowerShell, leading to the execution of the previously undetected malware. ” concludes the report.

Malware

Malware Education Media Phishing

Moobot botnet spreads by targeting Cacti and RealTek flaws

Security Affairs

APRIL 3, 2023

FortiGuard Labs researchers observed an ongoing hacking campaign targeting Cacti ( CVE-2022-46169 ) and Realtek ( CVE-2021-35394 ) vulnerabilities to spread ShellBot and Moobot malware. “Over the past few months, threat actors have been spreading ShellBot and Moobot malware on exploitable servers. ” concludes the report.

DDOS

DDOS Malware Hacking Education

Researchers found the first Linux variant of the RTM locker

Security Affairs

APRIL 27, 2023

The gang’s affiliates must keep the RTM Locker malware builds private to prevent they can be analyzed. Its malware is specifically geared toward ESXi hosts, as it contains two related commands. The affiliates are obliged to remain active, or their account will be removed after 10 days without notifying them upfront.

Encryption

Encryption Ransomware Malware Education

New Android malicious library Goldoson found in 60 apps +100M downloads

Security Affairs

APRIL 15, 2023

A new Android malware named Goldoson was distributed through 60 legitimate apps on the official Google Play store. ” The library can load web pages without user awareness, this means that the malware can load ads for financial profit.

Data collection

Data collection Mobile Malware Education

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

Educate your employees on threats and risks such as phishing and malware. Enforce strong passwords and implement multi-factor authentication (MFA) — by educating users about using a unique password for each account and enforcing higher security for privileged accounts (administrators, root).

Cybersecurity

Cybersecurity Cybercrime Education Government

Experts found the first LockBit encryptor that targets macOS systems

Security Affairs

APRIL 16, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, LockBit ) The post Experts found the first LockBit encryptor that targets macOS systems appeared first on Security Affairs. It appears we are late to the game.

Encryption

Encryption Architecture Ransomware Education

Experts warn of an emerging Python-based credential harvester named Legion

Security Affairs

APRIL 17, 2023

The malware can exfiltrate collected data via Telegram chat using the Telegram Bot API. The experts believe that the tool is widely distributed and is likely paid malware. The sample analyzed by Cado Labs is a Python3 script of 21015 lines, it includes configurations for integrating with services such as Twilio and Shodan.

Mobile

Mobile Hacking Malware Accountability

Remcos RAT campaign targets US accounting and tax return preparation firms

Security Affairs

APRIL 16, 2023

In 2021, CISA added Remcos to the list of top malware strains due to its use in mass phishing attacks using COVID-19 pandemic themes targeting businesses and individuals. The phishing attacks began in February 2023, the IT giant reported.

Accountability

Accountability Phishing Financial Services Surveillance

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

” Upon installing the malware on the target system, it queries Google Sheets to obtain attacker commands. Secondly, it also points to the growing adoption of malware and tools written in the Go programming language, owing to its cross-platform compatibility and its modular nature. ” continues the report.

Media

Media Accountability Government Malware

FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminals

Security Affairs

MAY 2, 2023

“Through exchanges, attackers channeled assets obtained as a result of malware attacks (cryptoviruses) and online fraud. Such services were provided to facilitate the legalization and laundering of money obtained illegally.” ” states the press release published by the Ukraine’s Cyber Police.

Cybercrime

Cybercrime Cryptocurrency Advertising Education

Microsoft aims at stopping cybercriminals from using cracked copies of Cobalt Strike

Security Affairs

APRIL 7, 2023

. “More specifically, cracked versions of Cobalt Strike allow Defendants to gain control of their victim’s machine and move laterally through the connected network to find other victims and install malware. ” reads the court order. ” Example of an attack flow by threat actor DEV-0243. .”

Penetration Testing

Penetration Testing Ransomware Malware Hacking

3CX Supply chain attack allowed targeting cryptocurrency companies

Security Affairs

APRIL 4, 2023

The products from multiple cybersecurity vendors started detecting the popular software as malware suggesting that the company has suffered a supply chain attack. Upon executing the Gopuram backdoor, the malware connects to a C2 server and await further commands. The backdoor is able to launch at least eight in-memory modules.

Cryptocurrency

Cryptocurrency Malware Software Manufacturing

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

. “When recipients replied expressing interest in an interview, ARCHIPELAGO continued the correspondence over several emails before finally sending a OneDrive link to a password-protected file that contained malware.” ” The threat actor has also sent links that lead to “ browser-in-the-browser ” phishing pages.

Phishing

Phishing Media Passwords Malware

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. According to the joint report, APT28 exploited the known vulnerability to carry out reconnaissance and reploy malware on unpatched Cisco routers. For some of the targeted devices, threat actors abused an SNMP exploit to deploy the Jaguar Tooth Malware.

Malware

Malware Firmware Government Education

City of Dallas shut down IT services after ransomware attack

Security Affairs

MAY 4, 2023

However, CBS News Texas obtained an image the ransomware note dropped by the malware on the infected systems. According to government experts, the Royal ransomware attacks targeted numerous critical infrastructure sectors including, manufacturing, communications, healthcare and public healthcare (HPH), and education. Source J.D.

Ransomware

Ransomware Healthcare Education Encryption

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

System Administration

System Administration Government Phishing Malware

Panchan Golang P2P botnet targeting Linux servers in cryptomining campaign

Security Affairs

JUNE 15, 2022

Researchers discovered a new Golang-based peer-to-peer (P2P) botnet, dubbed Panchan, targeting Linux servers in the education sector since March 2022. Akamai security researchers discovered a new Golang-based P2P Botnet, tracked as Panchan, that is targeting Linux servers that has been active since March 2022. Pierluigi Paganini.

Malware

Malware Cryptocurrency Education Engineering

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Security Affairs

APRIL 9, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter newsletter) The post Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition appeared first on Security Affairs. billion rubles.

Computers and Electronics

Computers and Electronics Backups Cybercrime Marketing

NPM packages found containing the TurkoRat infostealer

Security Affairs

MAY 19, 2023

TurkoRat is an information-stealing malware that can obtain a broad range of data from the infected machine, including account login credentials, cryptocurrency wallets, and website cookies. The malware also supports anti-sandbox and analysis functionalities to avoid detection and prevent being analyzed. file ( agent-base ).

Encryption

Encryption Social Engineering Malware Cryptocurrency

Money Message ransomware group claims to have hacked IT giant MSI

Security Affairs

APRIL 6, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, MSI) The post Money Message ransomware group claims to have hacked IT giant MSI appeared first on Security Affairs.

Hacking

Hacking Ransomware Manufacturing Education

Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE

Hackers are taking advantage of the interest in generative AI to install Malware

Trending Sources

Experts spotted a new sophisticated malware toolkit called Decoy Dog

New Lobshot hVNC malware spreads via Google ads

North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack

A flaw in the Kyocera Android printing app can be abused to drop malware

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Tax preparation and e-file service eFile.com compromised to serve malware

‘Educational’ ransomware program may instead become a how-to guide for attackers

China-linked Hafnium APT leverages Tarrask malware to gain persistence

15 Best Cybersecurity Blogs To Read

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Experts temporarily disrupted the RedLine Stealer operations

Atomic macOS Stealer is advertised on Telegram for $1,000 per month

MSI confirms security breach after Money Message ransomware attack

Google obtained a temporary court order against CryptBot distributors

Trigona Ransomware targets Microsoft SQL servers

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

New QBot campaign delivered hijacking business correspondence

Google TAG warns of Russia-linked APT groups targeting Ukraine

Crooks use PaperCut exploits to deliver Cl0p and LockBit ransomware

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

North Korea-linked ScarCruft APT uses large LNK files in infection chains

Moobot botnet spreads by targeting Cacti and RealTek flaws

Researchers found the first Linux variant of the RTM locker

New Android malicious library Goldoson found in 60 apps +100M downloads

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

Experts found the first LockBit encryptor that targets macOS systems

Experts warn of an emerging Python-based credential harvester named Legion

Remcos RAT campaign targets US accounting and tax return preparation firms

China-linked APT41 group spotted using open-source red teaming tool GC2

FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminals

Microsoft aims at stopping cybercriminals from using cracked copies of Cobalt Strike

3CX Supply chain attack allowed targeting cryptocurrency companies

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

City of Dallas shut down IT services after ransomware attack

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Panchan Golang P2P botnet targeting Linux servers in cryptomining campaign

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

NPM packages found containing the TurkoRat infostealer

Money Message ransomware group claims to have hacked IT giant MSI

Stay Connected