Security Affairs

NOVEMBER 24, 2023

North Korea-linked Konni APT group used Russian-language Microsoft Word documents to deliver malware. FortiGuard Labs researchers observed the North Korea-linked Konni APT group using a weaponized Russian-language Word document in an ongoing phishing campaign. The Word document seems to be in the Russian language.

Encryption 100

Encryption Malware Phishing Hacking 100

The Hacker News

FEBRUARY 3, 2023

In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise.

Malware 80

Malware Phishing 80

Schneier on Security

FEBRUARY 7, 2023

Criminals using Google search ads to deliver malware isn’t new, but Ars Technica declared that the problem has become much worse recently. The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader.

Malware 227

Malware Phishing Cybercrime 227

Quick Heal Antivirus

JULY 1, 2021

The post WARZONE RAT – Beware Of The Trojan Malware Stealing Data Triggering From Various Office Documents appeared first on Quick Heal Blog | Latest computer security news, tips, and advice. Warzone RAT is part of an APT campaign named “Confucius.” Confucius APT is known to target government sectors.

Malware 131

Malware Government Cybersecurity 131

Security Affairs

MAY 26, 2024

The government experts reported that the group carried out at least two massive campaigns since May 20, threat actors aimed at distributing SmokeLoader malware via email. “Starting from May 20th, hackers have launched at least two massive campaigns with emails containing the SmokeLoader malware.”

Malware 98

Malware Banking Accountability Phishing 98

Penetration Testing

JANUARY 25, 2024

This malicious software, designed to encrypt files on a victim’s computer, demands a ransom in exchange for the decryption key,... The post FAUST Ransomware Strikes: The Hidden Dangers Inside Office Documents appeared first on Penetration Testing.

Penetration Testing 107

Penetration Testing Ransomware Encryption Software 107

The Hacker News

APRIL 18, 2024

Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform.

Malware 95

Malware Government 95

Tech Republic Security

APRIL 29, 2020

Application Guard for Office and Safe Documents will make phishing attacks harder and the Office experience better for users, starting with Office 365 Pro Plus and E5 licences.

Phishing 195

Phishing Malware 195

The Hacker News

APRIL 16, 2024

The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others.

Malware 110

Malware 110

Penetration Testing

MARCH 1, 2024

A recent investigation by McAfee Labs has shed light on a significant surge in malware distribution through one of the most ubiquitous document formats: the PDF. This surge marks a concerning shift in cybercriminal... The post Malware Hiding in PDFs: What You Need to Know appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Malware 111

Graham Cluley

APRIL 11, 2024

If 25 documents stolen is "very serious," I'm not sure the words exist to describe the 1.3 terabytes of data that Leicester City Council now says it has had stolen by hackers.

Ransomware 76

Ransomware Malware 76

The Hacker News

JULY 28, 2023

Military-themed document lures to trick them into running malware on compromised systems. An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Cybersecurity firm Securonix is tracking the activity under the name STARK#MULE.

Cyber Attacks 83

Cyber Attacks Malware Cybersecurity 83

The Hacker News

FEBRUARY 15, 2024

A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, including a previously undocumented iOS malware called GoldPickaxe that's capable of harvesting identity documents, facial recognition data, and intercepting SMS.

Banking 121

Banking Malware Mobile 121

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware 251

Malware Cybercrime Software Antivirus 251

Dark Reading

APRIL 5, 2023

Using only ChatGPT prompts, a Forcepoint researcher convinced the AI to create malware for finding and exfiltrating specific documents, despite its directive to refuse malicious requests.

Malware 140

Malware 140

Tech Republic Security

JANUARY 11, 2022

Google took over the top spot for malicious downloads from Microsoft OneDrive as attackers created free accounts, uploaded malware and shared documents with unsuspecting users, says Netskope.

Accountability 218

Accountability Malware 218

Malwarebytes

MARCH 22, 2023

Opening the attachment up reveals a Word document called W-9 form.doc This file’s size is 548,164 KB (548 MB), which is very suspicious. You won’t find many genuine Word documents weighing in at 500MB or more. Opening the document quickly becomes a game of Macro-related risk. This is no exception. File early.

Malware 98

Malware Scams Social Engineering Banking 98

Bleeping Computer

AUGUST 30, 2022

Threat analysts have spotted a new malware campaign dubbed 'GO#WEBBFUSCATOR' that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware. [.].

Malware 145

Malware Phishing 145

Security Affairs

OCTOBER 16, 2023

Researchers uncovered an ongoing campaign abusing popular messaging platforms Skype and Teams to distribute the DarkGate malware. The threat actors abused popular messaging platforms such as Skype and Teams to deliver a script used as a loader for a second-stage payload, which was an AutoIT script containing the DarkGate malware.

Malware 100

Malware Cryptocurrency Accountability Cybercrime 100

Security Boulevard

JULY 28, 2022

Emotet is a Windows-based malware loader operated by the cybercrime group TA542 ( 1 ), also referred to as Mummy Spider ( 2 ). Emotet has been observed dropping other malware families such as Qakbot ( 5 ) and CobaltStrike ( 6 ). Microsoft Office XLS Document Executes Obfuscated Excel 4.0 First Stage: Initial Delivery.

Encryption 59

Encryption Malware Phishing Cybercrime 59

Schneier on Security

MAY 18, 2020

A new malware, called Ramsey, can jump air gaps : ESET said they've been able to track down three different versions of the Ramsay malware, one compiled in September 2019 (Ramsay v1), and two others in early and late March 2020 (Ramsay v2.a Seems likely.

Malware 216

Malware Government 216

Security Affairs

OCTOBER 3, 2022

The Italian luxury sports car manufacturer Ferrari confirmed the availability of internal documents online, but said it has no evidence of cyber attack. Documents belonging to the Italian luxury sports car manufacturer Ferrari are circulating online, the company confirmed their authenticity stating it is not aware of cyber attacks.

Hacking 107

Hacking Manufacturing Cyber Attacks Ransomware 107

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims.

Malware 300

Malware Identity Theft Cybercrime Accountability 300

Security Affairs

FEBRUARY 27, 2020

Google announced that the new scanning capabilities implemented in Gmail have increased the detection rate of malicious documents. The figures revealed by Google are awesome, the company declared that its malware scanner processes more than 300 billion attachments each week. SecurityAffairs – Gmail, malware).

Malware 106

Malware Advertising Technology Engineering 106

Adam Levin

JUNE 12, 2020

and global protests of the killing of George Floyd are being used to spread malware according to the cybersecurity non-profit organization abuse.ch. . The Zurich-based group identified a phishing campaign that capitalizes on the Black Lives Matter movement to distribute malware. The documented by Abuse.ch shmbidgp.monster.

Malware 167

Malware Banking Phishing Ransomware 167

The Hacker News

OCTOBER 13, 2023

A piece of malware known as DarkGate has been observed being spread via instant messaging platforms such as Skype and Microsoft Teams.

Malware 118

Malware 118

eSecurity Planet

OCTOBER 4, 2022

Malicious programs or malware are common and dangerous threats in the digital space for both individual users and organizations alike. German IT-Security Institute AV-TEST has recorded over 1 billion malicious programs as of this writing, with over 450,000 new instances of malware being recorded every day. Malvertising.

Malware 122

Malware Phishing Ransomware Mobile 122

Krebs on Security

MARCH 22, 2023

Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the software. In November 2022, Google documented these three same vulnerabilities being used together to compromise Samsung devices. The three Samsung exploits that DarkNavy says were used by the malicious app.

Malware 272

Malware eCommerce Mobile Media 272

Bleeping Computer

MAY 22, 2022

Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware. [.].

Malware 141

Malware 141

Security Boulevard

DECEMBER 4, 2023

In the ever-evolving landscape of cybersecurity, a recent discovery sheds light on a new phishing attack being dubbed the Konni malware. Identifying The Konni […] The post Konni Malware Alert: Uncovering The Russian-Language Threat appeared first on TuxCare.

Malware 72

Malware Phishing Cybersecurity Cyber threats 72

Heimadal Security

MARCH 4, 2021

ObliqueRAT operators, also known as Remote Access Trojan, have developed four advanced versions of the malware, using new technical capabilities and a series of initial infection vectors. The post ObliqueRAT Infiltrates into Victims’ Endpoints Using Malicious Documents appeared first on Heimdal Security Blog.

Cyber threats 89

Cyber threats Malware Cybersecurity 89

Malwarebytes

JULY 19, 2022

This data includes identification documents, spreadsheets related to Roblox creators, and various email addresses. At time of writing, there’s no specifics with regard to the “identification documents” This could mean driving licence, passport, employee ID scan…we simply don’t know at the moment.

Accountability 92

Accountability Phishing Hacking Ransomware 92

SecureList

JUNE 28, 2023

Introduction Andariel, a part of the notorious Lazarus group, is known for its use of the DTrack malware and Maui ransomware in mid-2022. Their campaign introduced several new malware families, such as YamaBot and MagicRat, but also updated versions of NukeSped and, of course, DTrack.

Malware 136

Malware Cybercrime Phishing Ransomware 136

Security Affairs

OCTOBER 12, 2020

Security experts from Cyble found alleged sensitive documents of NATO and Turkey, is it a case of cyber hacktivism or cyber espionage? The post Researchers found alleged sensitive documents of NATO and Turkey appeared first on Security Affairs. ” reads the post published by Cyble. Pierluigi Paganini.

Advertising 131

Advertising Manufacturing Hacking Cyber Attacks 131

Security Affairs

FEBRUARY 10, 2022

exe heavily via various types of Microsoft Office documents. During our analysis of these malware samples, we have identified that some of the malware samples belonged to Qbot and Lokibot attempting to execute.ocx files. Microsoft Word/Rich Text Format data/Composite Document —. This blog details the use of regsvr32.exe

Malware 89

Malware Engineering Hacking Ransomware 89

Security Boulevard

JANUARY 29, 2024

Threat actors have recently used the Balada injector malware to exploit a plugin vulnerability, leading to the compromise of more than 7,000 WordPress sites. Recent reports have shed light on the WordPress Balada injector infections, claiming that attacks were first documented in December 2022.

Malware 64

Malware Cybersecurity 64

CSO Magazine

JUNE 18, 2021

People tend to click on shared documents quickly, averaging less than four minutes from the time they hit the inbox. To do their jobs, users need to be able to download files from external sources. Malicious downloads enter the organization in many ways, including: Web browsing. Clicking on shared links. Installing programs.

Malware 87

Malware 87