Malware

Harnessing Chisel for Covert Operations: Dissecting a Multi-Stage PowerShell Campaign

Malware /

Harnessing Chisel for Covert Operations: Dissecting a Multi-Stage PowerShell Campaign 2024-11-12 at 10:33 By rohansinhacyblecom Key Takeaways Executive Summary CRIL has recently identified a campaign engaging in a multi-stage infection chain. This chain employs several techniques, starting with the execution of PowerShell scripts. The campaign begins with a malicious LNK file that triggers the execution […]

React to this headline:

Loading spinner

Harnessing Chisel for Covert Operations: Dissecting a Multi-Stage PowerShell Campaign Read More »

Industrial companies in Europe targeted with GuLoader

Cado Security, Don't miss, Europe, Hot stuff, Malware, News, spear-phishing /

Industrial companies in Europe targeted with GuLoader 2024-11-07 at 15:48 By Zeljka Zorz A recent spear-phishing campaign targeting industrial and engineering companies in Europe was aimed at saddling victims with the popular GuLoader downloader and, ultimately, a remote access trojan that would permit attackers to steal information from and access compromised computers whenever they wish.

React to this headline:

Loading spinner

Industrial companies in Europe targeted with GuLoader Read More »

North Korean hackers employ new tactics to compromise crypto-related businesses

APT, backdoor, Cryptocurrency, Don't miss, financial industry, Hot stuff, macOS, Malware, News, North Korea, phishing, SentinelOne /

North Korean hackers employ new tactics to compromise crypto-related businesses 2024-11-07 at 13:49 By Zeljka Zorz North Korean hackers are targeting crypto-related businesses with phishing emails and novel macOS-specific malware. The crypto-related phishing campaign Since July 2024, phishing emails seemingly containing helpful information on risks related to the rise of the price of Bitcoin have

React to this headline:

Loading spinner

North Korean hackers employ new tactics to compromise crypto-related businesses Read More »

GodFather Malware Expands Its Reach, Targeting 500 Banking And Crypto Applications Worldwide

Malware /

GodFather Malware Expands Its Reach, Targeting 500 Banking And Crypto Applications Worldwide 2024-11-06 at 15:05 By daksh sharma Key Takeaways Overview Cyble Research and Intelligence Labs (CRIL) recently identified a phishing site, “mygov-au[.]app,” masquerading as the official MyGov website of the Australian Government. Upon further analysis, this site was found to be distributing a suspicious

React to this headline:

Loading spinner

GodFather Malware Expands Its Reach, Targeting 500 Banking And Crypto Applications Worldwide Read More »

Sophos mounted counter-offensive operation to foil Chinese attackers

cyber espionage, cybercrime, Malware, News, report, Sophos, survey /

Sophos mounted counter-offensive operation to foil Chinese attackers 2024-10-31 at 16:04 By Help Net Security Sophos conducted defensive and counter-offensive operation over the last five years with multiple interlinked nation-state adversaries based in China targeting perimeter devices, including Sophos Firewalls. Espionage campaigns tied to Chinese hacking groups The attackers used a series of campaigns with

React to this headline:

Loading spinner

Sophos mounted counter-offensive operation to foil Chinese attackers Read More »

Strela Stealer targets Central and Southwestern Europe through Stealthy Execution via WebDAV

infostealer, Malware /

Strela Stealer targets Central and Southwestern Europe through Stealthy Execution via WebDAV 2024-10-30 at 15:05 By rohansinhacyblecom Key Takeaways Executive Summary Strela Stealer, first identified by DCSO in late 2022, is a type of information-stealing malware primarily designed to exfiltrate email account credentials from widely used email clients, including Microsoft Outlook and Mozilla Thunderbird. This malware

React to this headline:

Loading spinner

Strela Stealer targets Central and Southwestern Europe through Stealthy Execution via WebDAV Read More »

US charges suspected Redline infostealer developer, admin

Don't miss, ESET, Eurojust, Hot stuff, Justice Department, law enforcement, Malware, News /

US charges suspected Redline infostealer developer, admin 2024-10-29 at 18:22 By Zeljka Zorz The identity of a suspected developer and administrator of the Redline malware-as-a-service operation has been revealed: Russian national Maxim Rudometov. Infrastructure takedown As promised on Monday when they announced the disruption of the Redline and Meta infostealer operations, law enforcement Operation Magnus

React to this headline:

Loading spinner

US charges suspected Redline infostealer developer, admin Read More »

Police hacks, disrupts Redline, Meta infostealer operations

Don't miss, Hot stuff, law enforcement, Malware, News /

Police hacks, disrupts Redline, Meta infostealer operations 2024-10-28 at 16:25 By Zeljka Zorz The Dutch National Police, along with partner law enforcement agencies, has disrupted the operation of the Redline and Meta infostealers and has collected information that may unmask users who paid to leverage the infamous malware. Screenshot of the Redline License Server panel

React to this headline:

Loading spinner

Police hacks, disrupts Redline, Meta infostealer operations Read More »

Adversarial groups adapt to exploit systems in new ways

cybersecurity, Don't miss, Elastic, Hot stuff, Malware, Video /

Adversarial groups adapt to exploit systems in new ways 2024-10-28 at 06:36 By Help Net Security In this Help Net Security video, Jake King, Head of Threat & Security Intelligence at Elastic, discusses the key findings from the 2024 Elastic Global Threat Report. Adversaries are utilizing off-the-shelf tools Offensive security tools (OSTs), including Cobalt Strike

React to this headline:

Loading spinner

Adversarial groups adapt to exploit systems in new ways Read More »

HeptaX: Unauthorized RDP Connections for Cyberespionage Operations

Malware /

HeptaX: Unauthorized RDP Connections for Cyberespionage Operations 2024-10-25 at 18:08 By rohansinhacyblecom Key takeaways Overview CRIL has come across a multi-stage cyberattack campaign that begins with a ZIP file containing a malicious shortcut file (.lnk). While the source of this ZIP file remains unknown, it is suspected to be disseminated through phishing emails. Based on

React to this headline:

Loading spinner

HeptaX: Unauthorized RDP Connections for Cyberespionage Operations Read More »

Israeli orgs targeted with wiper malware via ESET-branded emails

ESET, Hot stuff, Israel, Malware, News, phishing /

Israeli orgs targeted with wiper malware via ESET-branded emails 2024-10-18 at 13:32 By Zeljka Zorz Attackers have tried to deliver wiper malware to employees at organizations across Israel by impersonating cybersecurity company ESET via email. The phishing email The attack took the form of a phishing email ostensibly sent by the “Eset Advanced Threat Defense

React to this headline:

Loading spinner

Israeli orgs targeted with wiper malware via ESET-branded emails Read More »

Vietnamese Threat Actor’s Multi-Layered Strategy on Digital Marketing Professionals

cybercrime, Malware /

Vietnamese Threat Actor’s Multi-Layered Strategy on Digital Marketing Professionals 2024-10-18 at 12:48 By rohansinhacyblecom Key takeaways Overview Cyble Research and Intelligence Lab (CRIL) has uncovered an advanced attack campaign that likely originates from spam emails containing phishing attachments. These emails include an archive file with an LNK file disguised as a PDF file. The attack

React to this headline:

Loading spinner

Vietnamese Threat Actor’s Multi-Layered Strategy on Digital Marketing Professionals Read More »

Fake Google Meet pages deliver infostealers

Don't miss, Hot stuff, macOS, Malware, News, Proofpoint, Sekoia.io, social engineering, video conferencing, Windows /

Fake Google Meet pages deliver infostealers 2024-10-17 at 14:47 By Zeljka Zorz Users of the Google Meet video communication service have been targeted by cyber crooks using the ClickFix tactic to infect them with information-stealing malware. Fake Google Meet video conference page with malicious ClickFix pop-up (Source: Sekoia) “The ClickFix tactic deceives users into downloading

React to this headline:

Loading spinner

Fake Google Meet pages deliver infostealers Read More »

MisterioLNK: The Open-Source Builder Behind Malicious Loaders

Malware /

MisterioLNK: The Open-Source Builder Behind Malicious Loaders 2024-10-08 at 15:31 By rohansinhacyblecom Cyble Research and Intelligence Labs (CRIL) has uncovered a new, previously undetected loader builder known as “MisterioLNK.” This discovery follows our earlier analysis of Quantum Software, another LNK file-based builder that has been gaining traction in the cyber landscape. MisterioLNK, available on GitHub,

React to this headline:

Loading spinner

MisterioLNK: The Open-Source Builder Behind Malicious Loaders Read More »

Cyble Honeypot Sensors Detect D-Link, Cisco, QNAP and Linux Attacks

Cisco, Linux, Malware, vulnerability /

Cyble Honeypot Sensors Detect D-Link, Cisco, QNAP and Linux Attacks 2024-10-08 at 13:49 By dakshsharma16 Key Takeaways Overview Cyble’s Vulnerability Intelligence unit last week detected numerous exploit attempts, malware intrusions, phishing campaigns, and brute-force attacks via its network of Honeypot sensors. In the week of Sept. 25-Oct. 1, Cyble researchers identified several recent active exploits, including new attacks against a number of

React to this headline:

Loading spinner

Cyble Honeypot Sensors Detect D-Link, Cisco, QNAP and Linux Attacks Read More »

Linux systems targeted with stealthy “Perfctl” cryptomining malware

Aqua Security, cryptojacking, Don't miss, Hot stuff, Linux, Malware, misconfiguration, News, rootkits, vulnerability /

Linux systems targeted with stealthy “Perfctl” cryptomining malware 2024-10-07 at 15:46 By Zeljka Zorz Thousands of Linux systems are likely infected with the highly elusive and persistent “perfctl” (or “perfcc“) cryptomining malware and many others still could be at risk of getting compromised, Aqua Security researchers revealed last week. “In all the attacks observed, the

React to this headline:

Loading spinner

Linux systems targeted with stealthy “Perfctl” cryptomining malware Read More »

US Transportation and Logistics Firms Targeted With Infostealers, Backdoors

Malware, Malware & Threats /

US Transportation and Logistics Firms Targeted With Infostealers, Backdoors 2024-09-26 at 15:01 By Ionut Arghire A malicious campaign is targeting transportation and logistics organizations in North America with various malware families. The post US Transportation and Logistics Firms Targeted With Infostealers, Backdoors appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

US Transportation and Logistics Firms Targeted With Infostealers, Backdoors Read More »

AI-Generated Malware Found in the Wild

AI, Artificial Intelligence, Featured, Malware, Malware & Threats /

AI-Generated Malware Found in the Wild 2024-09-24 at 20:16 By Kevin Townsend HP has intercepted an email campaign comprising a standard malware payload delivered by an AI-generated dropper. The post AI-Generated Malware Found in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

AI-Generated Malware Found in the Wild Read More »

Transportation, logistics companies targeted with lures impersonating fleet management software

Don't miss, Hot stuff, Malware, News, Proofpoint, social engineering, supply chain, transportation, USA /

Transportation, logistics companies targeted with lures impersonating fleet management software 2024-09-24 at 17:46 By Zeljka Zorz Financially motivated threat actors are targeting North American companies in the transportation and logistics sector with tailored lures, info-stealing malware, and a clever new trick. How the attack unfolds According to Proofpoint threat researchers, the attackers start by compromising

React to this headline:

Loading spinner

Transportation, logistics companies targeted with lures impersonating fleet management software Read More »

Cyble Sensor Intelligence: Attacks, Phishing Scams and Brute-Force Detections

Malware, phishing, vulnerability /

Cyble Sensor Intelligence: Attacks, Phishing Scams and Brute-Force Detections 2024-09-20 at 17:31 By dakshsharma16 Key Takeaways Overview The Cyble Global Sensor Intelligence Network, or CGSI, monitors and captures real-time attack data through Cyble’s network of Honeypot sensors. This week, Cyble’s Threat Hunting service discovered and investigated dozens of exploit attempts, malware intrusions, financial fraud, and brute-force attacks. 

React to this headline:

Loading spinner

Cyble Sensor Intelligence: Attacks, Phishing Scams and Brute-Force Detections Read More »

Scroll to Top