1.3 Million Android TV Boxes Infected by Vo1d Malware 2024-09-13 at 13:17 By Ionut Arghire Doctor Web warns of the new Vo1d Android malware infecting roughly 1.3 million TV boxes running older OS versions. The post 1.3 Million Android TV Boxes Infected by Vo1d Malware appeared first on SecurityWeek. This article is an excerpt from […]
React to this headline:
1.3 Million Android TV Boxes Infected by Vo1d Malware Read More »
Iranian Hackers Targeting Iraqi Government: Security Firm 2024-09-12 at 13:46 By Eduard Kovacs Hackers believed to be operating on behalf of the Iranian government have deployed malware to Iraqi government networks. The post Iranian Hackers Targeting Iraqi Government: Security Firm appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original
React to this headline:
Iranian Hackers Targeting Iraqi Government: Security Firm Read More »
Reputation Hijacking with JamPlus: A Maneuver to Bypass Smart App Control (SAC) 2024-09-09 at 16:02 By rohansinhacyblecom Key takeaways Overview CapCut, a video editing tool developed by Bytedance, has become increasingly popular. This popularity has extended to CapCut-themed attacks, which are on the rise among TAs. These themes have been frequently used in phishing campaigns.
React to this headline:
Reputation Hijacking with JamPlus: A Maneuver to Bypass Smart App Control (SAC) Read More »
ManticoraLoader: New Loader Announced from the Developers of AresLoader 2024-08-30 at 15:01 By rohansinhacyblecom Cyble Research & Intelligence Labs (CRIL) has discovered the announcement of a new malware-as-a-service named ‘ManticoraLoader’ in the underground. The threat actors behind the group DeadXInject have been offering the service in underground forums and on their Telegram channel since August
React to this headline:
ManticoraLoader: New Loader Announced from the Developers of AresLoader Read More »
Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites 2024-08-29 at 16:16 By Zeljka Zorz Suspected Russian hackers have been hitting iPhone and Android users visiting government websites with exploits first leveraged by commercial surveillance vendors, Google TAG researchers shared. The watering hole campaigns Between November 2023 and July 2024, threat actors have repeatedly
React to this headline:
Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites Read More »
Iranian Hackers Use New Tickler Malware to Collect Intel From US, UAE 2024-08-29 at 13:01 By Eduard Kovacs The Iran-linked state-sponsored hacker group tracked as Peach Sandstorm has started using a new backdoor in attacks aimed at the US and UAE. The post Iranian Hackers Use New Tickler Malware to Collect Intel From US, UAE
React to this headline:
Iranian Hackers Use New Tickler Malware to Collect Intel From US, UAE Read More »
Malware Delivered via Malicious Pidgin Plugin, Signal Fork 2024-08-28 at 16:01 By Eduard Kovacs Threat actors delivered malware via instant messaging applications, including a malicious Pidgin plugin and an unofficial Signal fork. The post Malware Delivered via Malicious Pidgin Plugin, Signal Fork appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed
React to this headline:
Malware Delivered via Malicious Pidgin Plugin, Signal Fork Read More »
US Offering $2.5 Million Reward for Belarusian Malware Distributor 2024-08-28 at 14:01 By Ionut Arghire The US government is offering a $2.5 million reward for information leading to the arrest of malware distributor Volodymyr Kadariya. The post US Offering $2.5 Million Reward for Belarusian Malware Distributor appeared first on SecurityWeek. This article is an excerpt
React to this headline:
US Offering $2.5 Million Reward for Belarusian Malware Distributor Read More »
BlackByte affiliates use new encryptor and new TTPs 2024-08-28 at 13:16 By Zeljka Zorz BlackByte, the ransomware-as-a-service gang believed to be one of Conti’s splinter groups, has (once again) created a new iteration of its encryptor. “Talos observed some differences in the recent BlackByte attacks. Most notably, encrypted files across all victims were rewritten with
React to this headline:
BlackByte affiliates use new encryptor and new TTPs Read More »
Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717) 2024-08-27 at 19:01 By Zeljka Zorz Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentials enabling the attackers to access the providers’ downstream
React to this headline:
Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717) Read More »
Android malware uses NFC to steal money at ATMs 2024-08-22 at 12:01 By Help Net Security ESET researchers uncovered NGate malware, which can relay data from victims’ payment cards via a malicious app installed on their Android devices to the attacker’s rooted Android phone. Attack overview (Source: ESET) Unauthorized ATM withdrawals The campaign’s primary goal
React to this headline:
Android malware uses NFC to steal money at ATMs Read More »
PostgreSQL databases under attack 2024-08-21 at 16:16 By Zeljka Zorz Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers. The attack – observed by Aqua Security researchers on a honeypot system – starts with the threat actors brute-forcing access credentials. Once access is achieved, the threat actor: Creates a new
React to this headline:
PostgreSQL databases under attack Read More »
Chrome, Edge users beset by malicious extensions that can’t be easily removed 2024-08-12 at 16:31 By Zeljka Zorz A widespread campaign featuring a malicious installer that saddles users with difficult-to-remove malicious Chrome and Edge browser extensions has been spotted by researchers. “The trojan malware contains different deliverables ranging from simple adware extensions that hijack searches
React to this headline:
Chrome, Edge users beset by malicious extensions that can’t be easily removed Read More »
Unmasking the Overlap Between Golddigger and Gigabud Android Malware 2024-08-08 at 19:31 By Cyble Key Takeaways Overview In January 2023, Cyble Intelligence and Research Labs (CRIL) discovered a Gigabud campaign that was impersonating government entities to target users in Thailand, the Philippines, and Peru. By June 2023, the Golddigger Android Banking Trojan emerged, targeting users
React to this headline:
Unmasking the Overlap Between Golddigger and Gigabud Android Malware Read More »
Chinese hackers compromised an ISP to deliver malicious software updates 2024-08-05 at 13:46 By Zeljka Zorz APT StormBamboo compromised a undisclosed internet service provider (ISP) to poison DNS queries and thus deliver malware to target organizations, Volexity researchers have shared. Malware delivery via automatic software updates StormBamboo (aka Evasive Panda, aka StormCloud), a Chinese-speaking threat
React to this headline:
Chinese hackers compromised an ISP to deliver malicious software updates Read More »
Cloudflare Tunnels Abused for Malware Delivery 2024-08-02 at 13:46 By Ionut Arghire Threat actors are abusing Cloudflare’s TryCloudflare feature to create one-time tunnels for the distribution of remote access trojans. The post Cloudflare Tunnels Abused for Malware Delivery appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React
React to this headline:
Cloudflare Tunnels Abused for Malware Delivery Read More »
BingoMod Android RAT Wipes Devices After Stealing Money 2024-08-01 at 15:16 By Ionut Arghire The BingoMod Android trojan steals user information and communication and allows attackers to steal money via account takeover. The post BingoMod Android RAT Wipes Devices After Stealing Money appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed
React to this headline:
BingoMod Android RAT Wipes Devices After Stealing Money Read More »
Threat Actors Exploit Sora AI-themed Branding to Spread Malware 2024-07-31 at 20:01 By Cyble Key Takeaways Overview After exfiltrating data, TAs deploy open-source mining software like XMRig and lolMiner, indicating a dual objective of both data theft and cryptocurrency mining to monetize their activities further. In February, OpenAI introduced Sora, an advanced AI model set
React to this headline:
Threat Actors Exploit Sora AI-themed Branding to Spread Malware Read More »
SMS Stealer malware targeting Android users: Over 105,000 samples identified 2024-07-31 at 17:49 By Help Net Security Zimperium’s zLabs team has uncovered a new and widespread threat dubbed SMS Stealer. Detected during routine malware analysis, this malicious software has been found in over 105,000 samples, affecting more than 600 global brands. SMS Stealer’s extensive reach
React to this headline:
SMS Stealer malware targeting Android users: Over 105,000 samples identified Read More »
Some good may come out of the CrowdStrike outage 2024-07-29 at 19:31 By Zeljka Zorz Estimated financial losses due to the recent massive IT outage triggered by the faulty CrowdStrike update are counted in billions, but the unfortunate incident is having several positive effects, as well. Some silver linings As CrowdStrike was forced to explain,
React to this headline:
Some good may come out of the CrowdStrike outage Read More »