Malware - Security Ticks

MetaStealer malware is targeting enterprise macOS users

apple, Don't miss, enterprise, Hot stuff, macOS, Malware, News / SecurityTicks

MetaStealer malware is targeting enterprise macOS users 13/09/2023 at 14:32 By Helga Labus Enterprise macOS users are being targeted by attackers slinging new information-stealing malware dubbed MetaStealer. The MetaStealer malware MetaStealer is delivered within malicious disk image format (.dmg) files. The names of the files – such as Advertising terms of reference (MacOS presentation).dmg and […]

MetaStealer malware is targeting enterprise macOS users Read More »

The rise and evolution of supply chain attacks

backdoor, Broadcom, cybersecurity, Don't miss, Hot stuff, Malware, software, supply chain attacks, Symantec, trojan, Video / SecurityTicks

The rise and evolution of supply chain attacks 13/09/2023 at 07:03 By Help Net Security A supply chain attack is a cyberattack that focuses on a third-party supplier providing essential services or software to the supply chain. In this Help Net Security video, Dick O’Brien, Principal Intelligence Analyst in the Symantec Threat Hunter team, discusses

The rise and evolution of supply chain attacks Read More »

Requests via Facebook Messenger lead to hijacked business accounts

account hijacking, Don't miss, Facebook, Facebook Messenger, Guardio, Hot stuff, Malware, News, phishing / SecurityTicks

Requests via Facebook Messenger lead to hijacked business accounts 12/09/2023 at 13:32 By Zeljka Zorz Hijackers of Facebook business accounts are relying on fake business inquiries and threats of page/account suspension to trick targets into downloading password-stealing malware. Examples of phishing messages. (Source: Guardio Labs) The campaign Hijacked Facebook business accounts a great way to

Requests via Facebook Messenger lead to hijacked business accounts Read More »

Microsoft Teams users targeted in phishing attack delivering DarkGate malware

Don't miss, Hot stuff, Malware, Microsoft 365, Microsoft Teams, News, phishing / SecurityTicks

Microsoft Teams users targeted in phishing attack delivering DarkGate malware 11/09/2023 at 13:31 By Helga Labus A new phishing campaign taking advantage of an easily exploitable issue in Microsoft Teams to deliver malware has been flagged by researchers. Delivering malware to Microsoft Teams users Late last month, Truesec researchers spotted two compromised Microsoft 365 accounts

Microsoft Teams users targeted in phishing attack delivering DarkGate malware Read More »

Email forwarding flaws enable attackers to impersonate high-profile domains

bug bounty, cybersecurity, Don't miss, Email, identity, Malware, News, report, spoofing, spyware, vulnerability / SecurityTicks

Email forwarding flaws enable attackers to impersonate high-profile domains 11/09/2023 at 07:02 By Help Net Security Sending an email with a forged address is easier than previously thought, due to flaws in the process that allows email forwarding, according to a research team led by computer scientists at the University of California San Diego. The

Email forwarding flaws enable attackers to impersonate high-profile domains Read More »

Best practices for implementing a proper backup strategy

attacks, backup, cybersecurity, Don't miss, Hot stuff, Incident Response, Malware, network, Ransomware, strategy, Video, Wasabi / SecurityTicks

Best practices for implementing a proper backup strategy 08/09/2023 at 07:01 By Help Net Security Implementing a robust backup strategy for safeguarding crucial business data is more essential than ever. Without such a plan, organizations risk paying ransoms and incurring expenses related to investigations and lost productivity. In this Help Net Security video, David Boland,

Best practices for implementing a proper backup strategy Read More »

MacOS malware has a new trick up its sleeve

Don't miss, Google, Hot stuff, macOS, malvertising, Malware, News, phishing / SecurityTicks

MacOS malware has a new trick up its sleeve 07/09/2023 at 15:02 By Helga Labus A newer version of the Atomic Stealer macOS malware has a new trick that allows it to bypass the operating system’s Gatekeeper, Malwarebytes researchers have discovered. Mac malware delivered through Google ads The malware, which was first advertised in April

MacOS malware has a new trick up its sleeve Read More »

Old vulnerabilities are still a big problem

cybercrime, Don't miss, exploit, Fortinet, Hot stuff, Malware, News, patching, Qualys, Ransomware, vulnerability / SecurityTicks

Old vulnerabilities are still a big problem 06/09/2023 at 17:01 By Zeljka Zorz A recently flagged phishing campaign aimed at delivering the Agent Tesla RAT to unsuspecting users takes advantage of old vulnerabilities in Microsoft Office that allow remote code execution. “Despite fixes for CVE-2017-11882/CVE-2018-0802 being released by Microsoft in November, 2017 and January, 2018,

Old vulnerabilities are still a big problem Read More »

Connected cars and cybercrime: A primer

attacks, connected cars, cybercrime, cybercriminals, cybersecurity, Don't miss, Expert analysis, Expert corner, exploit, Hot stuff, identity theft, Keylogger, Malware, News, opinion, phishing, VicOne / SecurityTicks

Connected cars and cybercrime: A primer 05/09/2023 at 08:02 By Help Net Security Original equipment suppliers (OEMs) and their suppliers who are weighing how to invest their budgets might be inclined to slow pedal investment in addressing cyberthreats. To date, the attacks that they have encountered have remained relatively unsophisticated and not especially harmful. Analysis

Connected cars and cybercrime: A primer Read More »

Threat Actors Adopt, Modify Open Source ‘SapphireStealer’ Information Stealer

Malware, Malware & Threats, source code / SecurityTicks

Threat Actors Adopt, Modify Open Source ‘SapphireStealer’ Information Stealer 01/09/2023 at 14:04 By Ionut Arghire Cisco has observed multiple threat actors adopting the SapphireStealer information stealer after its source code was released on GitHub. The post Threat Actors Adopt, Modify Open Source ‘SapphireStealer’ Information Stealer appeared first on SecurityWeek. This article is an excerpt from

Threat Actors Adopt, Modify Open Source ‘SapphireStealer’ Information Stealer Read More »

How Ducktail capitalizes on compromised business, ad accounts

account hijacking, Don't miss, Facebook, Hot stuff, LinkedIn, Malware, News, phishing, social media, TikTok, Zscaler / SecurityTicks

How Ducktail capitalizes on compromised business, ad accounts 01/09/2023 at 12:04 By Helga Labus Quite some money can be made from selling compromised business and ad accounts on social media platforms, and the Ducktail threat actor has specialized in just that. “We observed that an account deemed ‘low-grade’ sells for around 350,000 Vietnamese dong (~$15

How Ducktail capitalizes on compromised business, ad accounts Read More »

Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices

Android trojan, Cyberwarfare, Featured, Five Eyes, Malware, Mobile & Wireless, Russia, Ukraine / SecurityTicks

Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices 31/08/2023 at 15:46 By Eduard Kovacs Five Eyes report details ‘Infamous Chisel’ malware used by Russian state-sponsored hackers to target the Ukrainian military’s Android devices. The post Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices appeared first on SecurityWeek. This article

Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices Read More »

Trojanized Signal, Telegram apps found on Google Play, Samsung Galaxy Store

Android, cyber espionage, cybercrime, cybercriminals, cybersecurity, data, Don't miss, ESET, Google, Google Play, Malware, News, Signal, smartphones, software, Telegram / SecurityTicks

Trojanized Signal, Telegram apps found on Google Play, Samsung Galaxy Store 31/08/2023 at 12:18 By Help Net Security ESET researchers have identified two active campaigns targeting Android users, where the threat actors behind the tools for Telegram and Signal are attributed to the China-aligned APT group GREF. Most likely active since July 2020 and since

Trojanized Signal, Telegram apps found on Google Play, Samsung Galaxy Store Read More »

The removal of Qakbot from infected computers is just the first step

account hijacking, botnet, Don't miss, Europe, FBI, Hot stuff, Malware, News, remediation, Shadowserver, Spamhaus, USA / SecurityTicks

The removal of Qakbot from infected computers is just the first step 30/08/2023 at 14:46 By Zeljka Zorz The Qakbot botnet has been disrupted by an international law enforcement operation that culminated last weekend, when infected computers started getting untethered from it by specially crafted FBI software. Arranging a widespread Qakbot removal The Qakbot administrators

The removal of Qakbot from infected computers is just the first step Read More »

DreamBus Botnet Exploiting RocketMQ Vulnerability to Delivery Cryptocurrency Miner

exploited, Malware, Malware & Threats / SecurityTicks

DreamBus Botnet Exploiting RocketMQ Vulnerability to Delivery Cryptocurrency Miner 30/08/2023 at 14:17 By Eduard Kovacs The DreamBus botnet has resurfaced and it has been exploiting a recently patched Apache RocketMQ vulnerability to deliver a Monero miner. The post DreamBus Botnet Exploiting RocketMQ Vulnerability to Delivery Cryptocurrency Miner appeared first on SecurityWeek. This article is an

DreamBus Botnet Exploiting RocketMQ Vulnerability to Delivery Cryptocurrency Miner Read More »

Qakbot botnet disrupted, malware removed from 700,000+ victim computers

botnet, Don't miss, Europe, Government, Hot stuff, Justice Department, Malware, News, USA / SecurityTicks

Qakbot botnet disrupted, malware removed from 700,000+ victim computers 29/08/2023 at 21:19 By Zeljka Zorz The Qakbot botnet has been crippled by the US Department of Justice (DOJ): 52 of its servers have been seized and the popular malware loader has been removed from over 700,000 victim computers around the world. “To disrupt the botnet,

Qakbot botnet disrupted, malware removed from 700,000+ victim computers Read More »

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure

Cisco, critical infrastructure, Don't miss, Europe, healthcare, Hot stuff, Malware, ManageEngine, News, North Korea, trojan, USA, vulnerability / SecurityTicks

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure 25/08/2023 at 15:36 By Helga Labus North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe and the US. The group leveraged the vulnerability to deploy QuiteRAT, downloaded from an IP address

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure Read More »

WinRAR patches zero-day bug that targeted stock and crypto traders

cybersecurity, exploit, hackers, Malware, vulnerability, WinRAR / SecurityTicks

WinRAR patches zero-day bug that targeted stock and crypto traders 25/08/2023 at 08:04 By Cointelegraph By Martin Young According to cybersecurity firm Group-IB, weaponized ZIP file archives were being shared on crypto trading forums, with each one containing a nasty surprise. This article is an excerpt from Cointelegraph.com News View Original Source

WinRAR patches zero-day bug that targeted stock and crypto traders Read More »

Ransomware dwell time hits new low

Active Directory, attack, cybercrime, cybersecurity, Incident Response, Malware, News, Ransomware, report, Sophos, threats / SecurityTicks

Ransomware dwell time hits new low 25/08/2023 at 06:34 By Help Net Security Median attacker dwell time—the time from when an attack starts to when it’s detected—shrunk from 10 to eight days for all attacks, and to five days for ransomware attacks during the first half of 2023, according to Sophos. In 2022, the median

Ransomware dwell time hits new low Read More »

Mysterious Malware Uses Wi-Fi Scanning to Get Location of Infected Device

Malware, Malware & Threats, Wi-Fi / SecurityTicks

Mysterious Malware Uses Wi-Fi Scanning to Get Location of Infected Device 24/08/2023 at 18:31 By Eduard Kovacs Mysterious Whiffy Recon malware scans for nearby Wi-Fi access points to obtain the location of the infected device. The post Mysterious Malware Uses Wi-Fi Scanning to Get Location of Infected Device appeared first on SecurityWeek. This article is

Mysterious Malware Uses Wi-Fi Scanning to Get Location of Infected Device Read More »