Malware

BlackByte affiliates use new encryptor and new TTPs

Cisco, cybercrime, Don't miss, Hot stuff, Malware, manufacturing sector, News, Ransomware, threats, transportation /

BlackByte affiliates use new encryptor and new TTPs 2024-08-28 at 13:16 By Zeljka Zorz BlackByte, the ransomware-as-a-service gang believed to be one of Conti’s splinter groups, has (once again) created a new iteration of its encryptor. “Talos observed some differences in the recent BlackByte attacks. Most notably, encrypted files across all victims were rewritten with […]

React to this headline:

Loading spinner

BlackByte affiliates use new encryptor and new TTPs Read More »

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)

0-day, APT, Don't miss, Hot stuff, ISP, Lumen, Malware, misconfiguration, MSP, News, USA, Versa Networks, web shell /

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717) 2024-08-27 at 19:01 By Zeljka Zorz Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentials enabling the attackers to access the providers’ downstream

React to this headline:

Loading spinner

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717) Read More »

Android malware uses NFC to steal money at ATMs

Android, Banks, cybercrime, Don't miss, EU, Europe, Hot stuff, Malware, News, scams /

Android malware uses NFC to steal money at ATMs 2024-08-22 at 12:01 By Help Net Security ESET researchers uncovered NGate malware, which can relay data from victims’ payment cards via a malicious app installed on their Android devices to the attacker’s rooted Android phone. Attack overview (Source: ESET) Unauthorized ATM withdrawals The campaign’s primary goal

React to this headline:

Loading spinner

Android malware uses NFC to steal money at ATMs Read More »

PostgreSQL databases under attack

Aqua Security, brute-force, Cloud, cryptojacking, Don't miss, Hot stuff, Linux, Malware, News, PostgreSQL, tips /

PostgreSQL databases under attack 2024-08-21 at 16:16 By Zeljka Zorz Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers. The attack – observed by Aqua Security researchers on a honeypot system – starts with the threat actors brute-forcing access credentials. Once access is achieved, the threat actor: Creates a new

React to this headline:

Loading spinner

PostgreSQL databases under attack Read More »

Chrome, Edge users beset by malicious extensions that can’t be easily removed

add-ons, adware, Chrome, cybercrime, Don't miss, extension, Hot stuff, Malware, Microsoft Edge, News, Reason Labs /

Chrome, Edge users beset by malicious extensions that can’t be easily removed 2024-08-12 at 16:31 By Zeljka Zorz A widespread campaign featuring a malicious installer that saddles users with difficult-to-remove malicious Chrome and Edge browser extensions has been spotted by researchers. “The trojan malware contains different deliverables ranging from simple adware extensions that hijack searches

React to this headline:

Loading spinner

Chrome, Edge users beset by malicious extensions that can’t be easily removed Read More »

Unmasking the Overlap Between Golddigger and Gigabud Android Malware

Android, Malware /

Unmasking the Overlap Between Golddigger and Gigabud Android Malware 2024-08-08 at 19:31 By Cyble Key Takeaways Overview  In January 2023, Cyble Intelligence and Research Labs (CRIL) discovered a Gigabud campaign that was impersonating government entities to target users in Thailand, the Philippines, and Peru. By June 2023, the Golddigger Android Banking Trojan emerged, targeting users

React to this headline:

Loading spinner

Unmasking the Overlap Between Golddigger and Gigabud Android Malware Read More »

Chinese hackers compromised an ISP to deliver malicious software updates

APT, cyber espionage, DNS, Don't miss, ESET, Hot stuff, ISP, Malware, News, supply chain compromise, Symantec, Volexity /

Chinese hackers compromised an ISP to deliver malicious software updates 2024-08-05 at 13:46 By Zeljka Zorz APT StormBamboo compromised a undisclosed internet service provider (ISP) to poison DNS queries and thus deliver malware to target organizations, Volexity researchers have shared. Malware delivery via automatic software updates StormBamboo (aka Evasive Panda, aka StormCloud), a Chinese-speaking threat

React to this headline:

Loading spinner

Chinese hackers compromised an ISP to deliver malicious software updates Read More »

Cloudflare Tunnels Abused for Malware Delivery

Malware, Malware & Threats /

Cloudflare Tunnels Abused for Malware Delivery 2024-08-02 at 13:46 By Ionut Arghire Threat actors are abusing Cloudflare’s TryCloudflare feature to create one-time tunnels for the distribution of remote access trojans. The post Cloudflare Tunnels Abused for Malware Delivery appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Cloudflare Tunnels Abused for Malware Delivery Read More »

BingoMod Android RAT Wipes Devices After Stealing Money

Android trojan, Malware, Malware & Threats, Mobile & Wireless, mobile malware, RAT /

BingoMod Android RAT Wipes Devices After Stealing Money 2024-08-01 at 15:16 By Ionut Arghire The BingoMod Android trojan steals user information and communication and allows attackers to steal money via account takeover. The post BingoMod Android RAT Wipes Devices After Stealing Money appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

BingoMod Android RAT Wipes Devices After Stealing Money Read More »

Threat Actors Exploit Sora AI-themed Branding to Spread Malware

Malware, phishing /

Threat Actors Exploit Sora AI-themed Branding to Spread Malware 2024-07-31 at 20:01 By Cyble Key Takeaways  Overview  After exfiltrating data, TAs deploy open-source mining software like XMRig and lolMiner, indicating a dual objective of both data theft and cryptocurrency mining to monetize their activities further.  In February, OpenAI introduced Sora, an advanced AI model set

React to this headline:

Loading spinner

Threat Actors Exploit Sora AI-themed Branding to Spread Malware Read More »

SMS Stealer malware targeting Android users: Over 105,000 samples identified

Android, cybercrime, cybersecurity, Don't miss, Malware, News, scams, Zimperium /

SMS Stealer malware targeting Android users: Over 105,000 samples identified 2024-07-31 at 17:49 By Help Net Security Zimperium’s zLabs team has uncovered a new and widespread threat dubbed SMS Stealer. Detected during routine malware analysis, this malicious software has been found in over 105,000 samples, affecting more than 600 global brands. SMS Stealer’s extensive reach

React to this headline:

Loading spinner

SMS Stealer malware targeting Android users: Over 105,000 samples identified Read More »

Some good may come out of the CrowdStrike outage

Bitdefender, CrowdStrike, Don't miss, Endpoint Security, Fortinet, fraud, Hot stuff, Malware, Microsoft, News, SecureWorks, Trellix, UpGuard, Windows /

Some good may come out of the CrowdStrike outage 2024-07-29 at 19:31 By Zeljka Zorz Estimated financial losses due to the recent massive IT outage triggered by the faulty CrowdStrike update are counted in billions, but the unfortunate incident is having several positive effects, as well. Some silver linings As CrowdStrike was forced to explain,

React to this headline:

Loading spinner

Some good may come out of the CrowdStrike outage Read More »

Network of 3,000 GitHub Accounts Used for Malware Distribution

GitHub, Malware, Malware & Threats, Stargazer Goblin /

Network of 3,000 GitHub Accounts Used for Malware Distribution 2024-07-25 at 14:16 By Ionut Arghire Stargazer Goblin has created a network of over 3,000 GitHub accounts to distribute malware through phishing repositories. The post Network of 3,000 GitHub Accounts Used for Malware Distribution appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Network of 3,000 GitHub Accounts Used for Malware Distribution Read More »

Network of ghost GitHub accounts successfully distributes malware

automa, Check Point, Don't miss, GitHub, Hot stuff, Malware, News, phishing /

Network of ghost GitHub accounts successfully distributes malware 2024-07-24 at 17:31 By Zeljka Zorz Check Point researchers have unearthed an extensive network of GitHub accounts that they believe provides malware and phishing link Distribution-as-a-Service. Set up and operated by a threat group the researchers dubbed as Stargazer Goblin, the “Stargazers Ghost Network” is estimated encompass

React to this headline:

Loading spinner

Network of ghost GitHub accounts successfully distributes malware Read More »

Telegram Zero-Day Enabled Malware Delivery

Malware, Malware & Threats, Telegram, Zero-Day /

Telegram Zero-Day Enabled Malware Delivery 2024-07-23 at 15:16 By Ionut Arghire The EvilVideo zero-day vulnerability in Telegram for Android allowed threat actors to send malicious files disguised as videos. The post Telegram Zero-Day Enabled Malware Delivery appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

Telegram Zero-Day Enabled Malware Delivery Read More »

CrowdStrike Incident Leveraged for Malware Delivery, Phishing, Scams

CrowdStrike, Malware, Malware & Threats, phishing, scam /

CrowdStrike Incident Leveraged for Malware Delivery, Phishing, Scams 2024-07-22 at 13:47 By Eduard Kovacs The major IT outage caused by CrowdStrike is being leveraged by threat actors for phishing, scams, and malware delivery. The post CrowdStrike Incident Leveraged for Malware Delivery, Phishing, Scams appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

CrowdStrike Incident Leveraged for Malware Delivery, Phishing, Scams Read More »

Ad-injecting malware posing as DwAdsafe ad blocker uses Microsoft-signed driver

browser, cybersecurity, drivers, ESET, Malware, News, report /

Ad-injecting malware posing as DwAdsafe ad blocker uses Microsoft-signed driver 2024-07-22 at 06:01 By Help Net Security ESET Research has discovered a sophisticated Chinese browser injector: a signed, vulnerable, ad-injecting driver from a mysterious Chinese company. This threat, which ESET dubbed HotPage, comes self-contained in an executable file that installs its main driver and injects

React to this headline:

Loading spinner

Ad-injecting malware posing as DwAdsafe ad blocker uses Microsoft-signed driver Read More »

Threat Actors Exploit Recent CrowdStrike Outage to Ramp Up Suspicious Domain Creation

CrowdStrike, Malware, Threat Actor, Windows /

Threat Actors Exploit Recent CrowdStrike Outage to Ramp Up Suspicious Domain Creation 2024-07-20 at 19:46 By dakshsharma16 On July 19th, 2024, CrowdStrike, a leading cybersecurity provider of advanced end-point security detection and protection solutions, released a sensor configuration update to Windows systems. This update contained a logic error that resulted in system crashes and Blue

React to this headline:

Loading spinner

Threat Actors Exploit Recent CrowdStrike Outage to Ramp Up Suspicious Domain Creation Read More »

FIN7 sells improved EDR killer tool

attack tools, backdoor, cybercrime, cybercriminals, Don't miss, Hot stuff, Malware, News, Ransomware, SentinelOne /

FIN7 sells improved EDR killer tool 2024-07-18 at 15:46 By Zeljka Zorz The cybercrime-focused enterprise known as FIN7 (aka the Carbanak group) has come up with yet another trick to assure the effectiveness of its “EDR killer” tool, dubbed AvNeutralizer (i.e., AuKill) by researchers. By leveraging Windows’ built-in driver TTD Monitor Driver (ProcLaunchMon.sys), in conjunction

React to this headline:

Loading spinner

FIN7 sells improved EDR killer tool Read More »

New Malware Campaign Abusing RDPWrapper and Tailscale to Target Cryptocurrency Users 

Malware /

New Malware Campaign Abusing RDPWrapper and Tailscale to Target Cryptocurrency Users  2024-07-17 at 18:46 By Neetha Key Takeaways  Summary  CRIL has discovered a multi-stage cyberattack campaign that starts with a Zip file containing a malicious shortcut file (.lnk). As of now, the source of this Zip file is unknown, but we suspect it to be

React to this headline:

Loading spinner

New Malware Campaign Abusing RDPWrapper and Tailscale to Target Cryptocurrency Users  Read More »

Scroll to Top