SecureList

JULY 28, 2022

In late 2021, we encountered a malicious DXE driver incorporated into several UEFI firmware images that were flagged by our firmware scanner (integrated into Kaspersky products at the start of 2019). Based on our telemetry, the actor initiated the attack by sending a spear-phishing email containing a macro-embedded Word document.

Malware 145

Malware Firmware Phishing Cryptocurrency 145

Security Affairs

NOVEMBER 16, 2018

The attackers’ research vector is now shifting from software vulnerabilities to those located at the hardware and firmware level. In 2017-2018 hackers’ interest in cryptocurrency exchanges ramped up. Thus, 60% of the total amount was stolen from Coincheck , a Japanese cryptocurrency exchange. Attacks on Crypto.

Cybercrime 108

Cybercrime Hacking Banking Phishing 108

Security Affairs

DECEMBER 17, 2023

Hunters International ransomware gang claims to have hacked the Fred Hutch Cancer Center New NKAbuse malware abuses NKN decentralized P2P network protocol Snatch ransomware gang claims the hack of the food giant Kraft Heinz Multiple flaws in pfSense firewall can lead to arbitrary code execution BianLian, White Rabbit, and Mario Ransomware Gangs Spotted (..)

Data breaches 124

Data breaches Cybercrime Firewall Ransomware 124

Security Boulevard

JANUARY 13, 2025

Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Wallet drainers were primarily delivered to victims via phishing websites. Malware campaigns covered generally target/affect the end user.

Scams 89

Scams Phishing Advertising Data breaches 89

Security Affairs

NOVEMBER 20, 2021

U.S. (..)

Banking 76

Banking Small Business Data breaches Firmware 76

SecureWorld News

AUGUST 8, 2022

It has been sold on underground hacker forums for stealing browser data, user credentials, and cryptocurrency information. LokiBot LokiBot is a Trojan malware for stealing sensitive information, including user credentials, cryptocurrency wallets, and other credentials. AZORult's developers are constantly updating its capabilities.

Malware 98

Malware Banking Penetration Testing Healthcare 98

Security Affairs

AUGUST 25, 2019

Intel addresses High-Severity flaws in NUC Firmware and other tools. 5 Common Phishing Attacks and How to Avoid Them? Employees abused systems at Ukrainian nuclear power plant to mine cryptocurrency. Bluetana App allows detecting Bluetooth card skimmers in just 3 seconds. Hacker publicly releases Jailbreak for iOS version 12.4.

Small Business 79

Small Business Data breaches Spyware Advertising 79

eSecurity Planet

NOVEMBER 16, 2021

The researchers said they had seen Nobelium using HTML smuggling in a spear-phishing campaign in May, and more recently, observed it being used to deliver the banking Trojan Mekotio and the AsyncRAT/MJRAT and Trickbot malware used by attackers to get control of targeted devices and deliver such malware as ransomware.

Firewall 123

Firewall Ransomware Banking Malware 123

Malwarebytes

MARCH 3, 2022

The main attack vector is phishing which the group uses to gain a foothold before moving on to breach the network from there. In the case of the Nvidia breach, LAPSUS$ claimed it was mainly after the removal of the lite hast rate (LHR) limitations in all GeForce 30 series firmware—apparently all to help out gamers and the mining community.

Ransomware 99

Ransomware Password Management Passwords Hacking 99

SecureList

NOVEMBER 25, 2024

This is particularly notable in the case of Lazarus APT, specifically its attacks against cryptocurrency investors in May. This is especially true for phishing attacks, as generative AI tools are now capable of composing well-written, illustrated phishing emails.

IoT 119

IoT Energy and Utilities Phishing Cryptocurrency 119

SecureList

NOVEMBER 18, 2022

In July, we reported a rootkit that we found in modified Unified Extensible Firmware Interface (UEFI) firmware, the code that loads and initiates the boot process when the computer is turned on. First, the threat actor sends a spear-phishing email to the potential victim with a lure to download additional documents.

Malware 123

Malware Computers and Electronics Adware Cryptocurrency 123

SecureList

NOVEMBER 14, 2023

In May, Ars Technica reported that BootGuard private keys had been stolen following a ransomware attack on Micro-Star International (MSI) in March this year (firmware on PCs with Intel chips and BootGuard enabled will only run if it is digitally signed using the appropriate keys).

Hacking 141

Hacking Energy and Utilities Malware Media 141

SecureList

MARCH 1, 2021

The manufacturer of the mobile device preloads an adware application or a component with the firmware. It stole credentials for various financial systems including online banking applications and cryptocurrency wallets in Brazil. Another example of the partnership is so-called preinstall. variant is a native ELF executable.

Mobile 145

Mobile Malware Adware Banking 145

eSecurity Planet

JULY 25, 2023

Phishing attacks: Deceptive techniques, such as fraudulent emails or websites, trick individuals into revealing sensitive information like credit card and payment information, passwords, or login credentials. Cryptojacking : Unauthorized use of a computer’s processing power to mine cryptocurrencies.

Software 98

Software Data breaches DDOS Ransomware 98

eSecurity Planet

DECEMBER 7, 2023

Phishing and social engineering are common ways threat actors can obtain a symmetric key, but cryptanalysis and brute force attempts can also break symmetric key ciphers. This feature can be included in firmware, in operating systems, or as a feature in open-source, shareware, or commercial applications.

Encryption 109

Encryption Authentication Passwords Password Management 109

Webroot

OCTOBER 31, 2024

The rise of AI-driven phishing and social engineering, increased targeting of critical infrastructure, and the emergence of more sophisticated fileless malware are all trends that have shaped the cybersecurity battlefield this year. Keep Software Updated: Enable automatic updates for your operating system, applications, and security software.

Malware 117

Malware Ransomware Passwords Healthcare 117

SecureList

APRIL 27, 2022

We found overlaps in the infrastructure used by a tunneling tool used by the actor and several possible phishing websites set up within the above time frame. This application contains a legitimate program called DeFi Wallet, that saves and manages a cryptocurrency wallet, but also implants a malicious file when executed.

Malware 145

Malware Firmware Government Phishing 145

eSecurity Planet

FEBRUARY 16, 2021

Attackers often use botnets to send out spam or phishing campaigns to carry out distributed denial of service (DDoS) attacks. CISA reported that LokiBot “employs Trojan malware to steal sensitive information such as usernames, passwords, cryptocurrency wallets, and other credentials.” Phishing and Social Engineering.

Malware 105

Malware Adware Spyware Antivirus 105

eSecurity Planet

OCTOBER 21, 2022

The method of infection can vary from attack to attack and can include social engineering strategies, such as phishing and email spoofing , or a fraudulent website masquerading as legitimate, among others. This note will provide instructions on how to pay the ransom, usually through difficult-to-trace means like cryptocurrency.

Malware 75

Malware Adware Spyware Antivirus 75