What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-02-14 21:10:00 | Experts spotted a new strain of Shlayer macOS Malware (lien direct) | Security experts at Carbon Black have recently discovered a new strain of the Shlayer malware that targets macOS versions. Security experts at Carbon Black have recently spotted a new strain of the Shlayer malware that targets MacOS versions from 10.10.5 up to 10.14.3. The malware poses as an Adobe Flash update it was distributed through […] | Malware | ||
|
2019-02-13 13:17:04 | Experts found a way to create a super-malware implanted in SGX-enclaves (lien direct) | Researchers devised a new technique to hide malware in the security Intel SGX enclaves, making it impossible to detect by several security technologies. Security researchers devised a new technique to hide malware in the security Intel SGX enclaves. Intel Software Guard eXtensions (SGX) is a technology for application developers that allows protecting select code and data […] | Malware | ||
|
2019-02-11 14:50:05 | A mysterious code prevents QNAP NAS devices to be updated (lien direct) | Users of QNAP NAS devices are reporting through QNAP forum discussions of mysterious code that adds some entries that prevent software update. Users of the Network attached storage devices manufactured have reported a mystery string of malware attacks that disabled software updates by hijacking entries in host machines’ hosts file. According to the users, the […] | Malware | ||
|
2019-02-10 14:18:00 | New Linux coin miner kills competing malware to maximize profits (lien direct) | Security experts from Trend Micro have discovered a new strain of coin miner that targets the Linux platform and installs the XMR-Stak Cryptonight cryptocurrency miner. Security experts from Trend Micro have discovered a new strain of coin miner that targets the Linux platform and installs the XMR-Stak Cryptonight cryptocurrency miner, researchers observed it killing other Linux malware […] | Malware | ||
|
2019-02-09 14:29:03 | GandCrab ransomware campaign targets Italy using steganography (lien direct) | A newly discovered malware campaign leverages steganography to hide GandCrab ransomware in an apparently innocent Mario image. Security experts at Bromium have discovered a malware campaign using steganography to hide the GandCrab ransomware in a Mario graphic package. According to Matthew Rowan, a researcher at Bromium, threat actors use steganography to hide the malicious code and […] | Ransomware Malware Threat | ||
|
2019-02-07 13:55:00 | Expert publicly disclosed the existence of 0day flaw in macOS Mojave (lien direct) | A zero-day vulnerability in macOS Mojave can be exploited by malware to steal plaintext passwords from the Keychain. The security expert Linus Henze has disclosed the existence of a zero-day vulnerability in macOS Mojave that can be exploited by malware to steal plaintext passwords from the Keychain. According to Henze, the flaw affects macOS Mojave […] | Malware Vulnerability | ||
|
2019-02-06 15:16:02 | Security expert Marco Ramilli released for free the Malware Hunter tool (lien direct) | Malware researcher Marco Ramilli released for free the Malware Hunter tool a simple but interesting catching tool base on static YARA rules.Malware researcher Marco Ramilli released for free the Malware Hunter tool a simple but interesting catching tool base on static YARA rules.. I'v been working on cybersecurity for most than 10 years. During my […] | Malware Tool | ||
|
2019-02-01 16:46:00 | The return of the AdvisorsBot malware (lien direct) | Security experts at Cybaze– Yoroi ZLab have analyzed a new sample of the AdvisorsBot malware, a downloader that was first spotted in August 2018. As usual, the malware looks like a legitimate e-mail attachment, named as “invoice.doc”. Today, weaponized Microsoft office documents with macros, are one of the most common and more effective methods to […] | Malware | ||
|
2019-01-31 20:55:03 | CookieMiner Mac Malware steals browser cookies and sensitive Data (lien direct) | Palo Alto Networks discovered a piece of Mac malware dubbed CookieMiner that is targeting browser cookies associated with cryptocurrency exchanges and wallet service websites.. Researchers from Palo Alto Networks discovered a new piece of Mac malware dubbed CookieMiner that steals browser cookies associated with cryptocurrency exchanges and wallet service websites along with other sensitive data. […] | Malware | ||
|
2019-01-31 11:23:00 | Exclusive: spreading CSV Malware via Google Sheets (lien direct) | Cyber security expert Marco Ramilli, founder of Yoroi,discovered a way to spread CSV malware via Google Sheets … but Big G says it is anIntended behavior A .CSV file could be a malware carrier and if interpreted by Microsoft Excel it could become a malware executor ! When I personally saw this technique back in […] | Malware | ||
|
2019-01-28 07:28:03 | Cobalt cybercrime gang abused Google App Engine in recent attacks (lien direct) | The Cobalt cybercrime gang has been using Google App Engine to distribute malware through PDF decoy documents. The Cobalt hacking group has been using Google App Engine to distribute malware through PDF decoy documents. The group targeted more than 20 other government and financial institutions worldwide. Cobalt crime gang is a Russian hacking crew that […] | Malware | ||
|
2019-01-25 18:53:03 | The Story of Manuel\'s Java RAT. (lien direct) | Security experts from Cybaze-Yoroi ZLab investigated two malicious spam campaigns delivering Java RAT that show some similarities. Introduction During the last weeks, the Cybaze-Yoroi ZLab researchers identified infection attempts aimed to install RAT malware directed to the naval industry sector. The malicious email messages contained a particular Adwind/JRat variant delivered via several methods tailored to […] | Spam Malware | ||
|
2019-01-24 23:03:00 | Kaspersky links GreyEnergy and Zebrocy activities (lien direct) | Security experts from Kaspersky Lab's Industrial Control Systems Cyber Emergency Response Team (ICS CERT) linked the GreyEnergy malware with and the Zebrocy backdoor. Security researchers from Kaspersky Lab's ICS CERT have discovered a link between GreyEnergy malware with and the Zebrocy tool. The activity of the GreyEnergy APT group emerged in concurrence with BlackEnergy operations, experts consider […] | Malware | ||
|
2019-01-24 21:02:04 | New Russian Language Malspam is delivering Redaman Banking Malware (lien direct) | A still ongoing spam campaign that has been active during the last months has been distributing the Redaman banking malware. Experts at Palo Alto Networks continue to monitor an ongoing spam campaign that has been distributing the Redaman banking malware. The malware was first observed in the threat landscape in 2015, most of the victims […] | Spam Malware Threat | ||
|
2019-01-23 07:29:04 | URLhaus identified and shut down 100,000 malware sites in 10 Months (lien direct) | Security experts participating in the abuse.ch project called URLhaus have identified and shut down roughly 100,000 malware distribution sites The abuse.ch project called URLhaus was launched in March 2018 to track websites used to spread malware, it involved 265 researchers worldwide. In a 10-month period, 265 security researchers around the world have identified in average 300 malware […] | Malware | ||
|
2019-01-21 07:32:01 | Iranian developer advertised BlackRouter RaaS (lien direct) | An Iranian developer is promoting on a Telegram hacking channel the BlackRouter ransomware through a Ransomware-as-a-Service model. An Iranian developer is advertising on Telegram a Ransomware-as-a-Service called BlackRouter. The same expert advertises other malware and is believed to the author of another ransomware called Blackheart. promotes other infections such as a RAT. BlackRouter was first […] | Ransomware Malware | ||
|
2019-01-18 18:37:02 | Android apps use the motion sensor to evade detection and deliver Anubis malware (lien direct) | Security experts from Trend Micro have recently spotted two Android apps that use the motion sensor to evade detection and spread the Anubis banking Trojan. Malware authors continue to improve their malicious apps to avoid detection and infect the largest number of users. Security experts from Trend Micro have recently spotted two Android apps in […] | Malware | ||
|
2019-01-16 18:45:00 | GreyEnergy: Welcome to 2019 (lien direct) | Early January, an interesting malware sample has been disclosed through the InfoSec community: a potential GreyEnergy implant still under investigation. This kind of threat, previously analyzed by third party firms, contains similarities with the infamous BlackEnergy malware, used in the attacks against the Ukrainian energy industry back in 2015. The Cybaze-Yoroi ZLAB researchers dissected this […] | Malware | ||
|
2019-01-16 08:59:01 | Experts link attack on Chilean interbank network Redbanc NK Lazarus APT (lien direct) | Researchers from Flashpoint linked the recently disclosed attack on Chilean interbank network Redbanc to the North Korean APT group Lazarus. Security experts at Flashpoint linked the recently disclosed attack on the Chilean interbank network to the dreaded Lazarus APT group. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware […] | Malware | APT 38 | |
|
2019-01-13 14:42:05 | TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal (lien direct) | Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. The ServHelper is a backdoor, experts analyzed two variants of it, while […] | Malware | ||
|
2019-01-11 12:54:01 | The \'AVE_MARIA\' Malware (lien direct) | Ave Maria Malware – Phishing attempts spreading in the last days of the past year against an Italian organization operating in the Oil&Gas sector The Cybaze-Yoroi ZLab researchers analyzed phishing attempts spreading in the last days of the past year against an Italian organization operating in the Oil&Gas sector. The malicious emails try to impersonate […] | Malware | ||
|
2019-01-05 15:16:04 | Did Aurora Ransomware infect you? You can decrypt file for free (lien direct) | Victims of the Aurora Ransomware could use a decryptor tool developed by the popular malware researcher Michael Gillespie to decrypt their data for free. Good news for the victims of the Aurora Ransomware, there are many variants of this Windows malware but most of the victims have been infected by the version that appends the […] | Ransomware Malware Tool | ||
|
2018-12-31 08:56:03 | \'Roma225\' campaign targets companies in the Italian automotive sector (lien direct) | ‘Roma225’ campaign -The Cybaze-Yoroi ZLab researchers investigated a recent espionage malware implant weaponized to target companies in the Italian automotive sector. The malware was spread through well-written phishing email trying to impersonate a senior partner of one of the major Brazilian business law firms: “Veirano Advogados”. The malicious email intercepted during the CSDC operations contains […] | Malware | ||
|
2018-12-18 16:21:00 | Malware controlled through commands hidden in memes posted on Twitter (lien direct) | New Malware Takes Commands From Memes Posted On Twitter Security researchers at Trend Micro have spotted a new strain of malware that retrieved commands from memes posted on a Twitter account controlled by the attackers. In this way, attackers make it hard to detect traffic associated with the malware that is this case appears as legitimate […] | Malware | ||
|
2018-12-13 15:01:02 | Operation Sharpshooter targets critical infrastructure and global defense (lien direct) | McAfee uncovered a campaign tracked as Operation Sharpshooter that hit at least 87 organizations in global defense and critical infrastructure. Security experts at McAfee uncovered a hacking campaign, tracked as Operation Sharpshooter, aimed at infrastructure companies worldwide. The threat actors are using malware associated with Lazarus APT group that carried out Sony Pictures attack back in […] | Malware Threat | APT 38 | |
|
2018-12-10 22:09:03 | A new Mac malware combines a backdoor and a crypto-miner (lien direct) | Experts from Malwarebytes discovered a new strain of Mac malware, tracked as DarthMiner, that is a combination of two open-source programs. Experts from Malwarebytes discovered a new piece of Mac malware, tracked as DarthMiner, that is the combination of two open source tools. The malware is distributed through Adobe Zii, an application supposedly helps in the piracy […] | Malware | ||
|
2018-12-05 15:00:05 | Fractured Block Campaign: CARROTBAT dropper dupports a dozen decoy document formats (lien direct) | Palo Alto Networks recently discovered a malware dropper, dubbed CARROTBAT, that supports a dozen decoy document file formats to drop many payloads. Experts from Palo Alto Networks have recently discovered a malware dropper, dubbed CARROTBAT, that supports a dozen decoy document file formats to drop many payloads. Security experts from Palo Alto Networks have discovered […] | Malware | ||
|
2018-12-05 07:58:00 | New strain of Ransomware infected over 100,000 PCs in China (lien direct) | Security experts reported a new strain of malware spreading in China, the malicious code rapidly infected over 100,000 PCs in just four days. Unfortunately, the number of infections is rapidly increasing because hackers compromised a supply chain. It is interesting to note that this ransomware requests victims to pay 110 yuan (nearly Euro 14) in ransom […] | Ransomware Malware | ||
|
2018-11-30 23:27:05 | New PowerShell-based Backdoor points to MuddyWater (lien direct) | Security researchers at Trend Micro recently discovered PowerShell-based backdoor that resembles a malware used by MuddyWater threat actor. Malware researchers at Trend Micro have discovered a Powershell-based backdoor that is very similar to a malware used by MuddyWater APT group. The first MuddyWater campaign was observed in late 2017, then researchers from Palo Alto Networks were investigating a mysterious wave […] | Malware Threat | ||
|
2018-11-27 12:40:00 | The SLoad Powershell malspam is expanding to Italy (lien direct) | A new malspam campaign hit Italy in this days, threat actors are spreading a new variant of a powerful downloader named sLoad. sLoad is a sophisticated script, used in the past to deliver different types of malware such as the dreaded “Ramnit banker”. “In the past months CERT-Yoroi observed an emerging attack pattern targeting its […] | Malware Threat | ||
|
2018-11-26 21:41:00 | Ransomware attack disrupted emergency rooms at Ohio Hospital System (lien direct) | Ransomware attacks continue to threaten the healthcare industry, the last incident in order of time impacted the Ohio Hospital System. The ransomware attack infected computer systems at the East Ohio Regional Hospital and Ohio Valley Medical Center reportedly caused the disruption of the hospitals’ emergency rooms. The malware hit the Ohio Hospital System on Friday, Nov. 23, evening, […] | Ransomware Malware | ||
|
2018-11-24 10:23:02 | North Korea-linked group Lazarus targets Latin American banks (lien direct) | According to security reearchers at Trend Micro, the North Korea-linked APT group Lazarus recently targeted banks in Latin America. The North Korea-linked APT group Lazarus recently targeted banks in Latin America, Trend Micro experts reported. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts […] | Malware Medical | APT 38 | |
|
2018-11-23 13:52:01 | New Emotet Thanksgiving campaign differs from previous ones (lien direct) | Researchers from Forcepoint observed a new Emotet Thanksgiving-themed campaign that appears quite different from previous ones. Security researchers from Forcepoint have observed a new Emotet Thanksgiving-themed campaign that appears quite different from previous ones. EMOTET, aka Geodo, is a banking trojan linked to the dreaded Dridex and Feodo (Cridex, Bugat) malware families. In past campaigns, EMOTET was used by crooks […] | Malware | ||
|
2018-11-23 10:38:04 | Exclusive Cybaze ZLab – Yoroi – Hunting Cozy Bear, new campaign, old habits (lien direct) | The experts at Cybaze ZLab – Yoroi continue the analysis of new strain of malware used by the Russia-linked APT29 cyberespionage group (aka Cozy Bear) The experts at Cybaze ZLab – Yoroi continue the analysis of new strain of malware used by the Russia-linked APT29 cyberespionage group (aka The Dukes, Cozy Bear, and Cozy Duke). The researchers of Yoroi ZLab, on […] | Malware | APT 29 | |
|
2018-11-23 09:54:01 | 13 fraudulent apps into Google Play have been downloaded 560,000+ times (lien direct) | Malware researcher discovered 13 fraudulent apps into Google Play that have been already downloaded and installed more than 560,000 times. Malware researcher Lukas Stefanko from security firm ESET discovered 13 malicious apps into Google Play that have been already downloaded and installed over half a million times (+560,000). The malicious apps could allow attackers to […] | Malware | ||
|
2018-11-19 13:27:04 | Cybaze ZLab – Yoroi team analyzed malware used in recent attacks on US entities attributed to APT29 (lien direct) | Malware researchers from Cybaze ZLab – Yoroi team have detected a new strain of malware that appears to be associated with a new wave of attacks carries out by Russia linked APT29 group. The researchers of Yoroi ZLab, on 16 November, accessed to a new APT29's dangerous malware which seems to be involved in the recent […] | Malware | APT 29 | |
|
2018-11-16 18:55:05 | Using Microsoft Powerpoint as Malware Dropper (lien direct) | Marco Ramilli, founder and CEO at cyber security firm Yoroi has explained how to use Microsoft Powerpoint as Malware Dropper Nowadays Microsoft office documents are often used to propagate Malware acting like dynamic droppers. Microsoft Excel embedding macros or Microsoft Word with user actions (like links or external OLE objects) are the main players in […] | Malware | ||
|
2018-11-14 09:37:01 | The \'MartyMcFly\' investigation: Italian naval industry under attack (lien direct) | Experts at Yoroi's Cyber Security Defence Center along with Fincantieri's security team investigated the recently discovered Martymcfly malware attacks. Background On October 17th we disclosed the ‘MartyMcFly’ Threat (Rif. Analysis) where unknown attackers were targeting Italian naval industries. The analysis was cited by Kaspersky's ICS CERT who exposed a wider threat extension across multiple countries such as: […] | Malware Threat | ||
|
2018-11-11 10:04:04 | Linux Cryptocurrency miner leverages rootkit to avoid detection (lien direct) | Researchers from Trend Micro spotted a new cryptocurrency miner that leverages a rootkit component to hide its presence on the infected systems. Cryptocurrency malware continues to be a privileged choice for crooks and the number of victims is rapidly growing. Cryptocurrency miners are easy to detect due to the saturation of resources on the affected […] | Malware | ||
|
2018-11-10 14:47:00 | (Déjà vu) Symantec shared details of North Korean Lazarus\'s FastCash Trojan used to hack banks (lien direct) | North Korea-linked Lazarus Group has been using FastCash Trojan to compromise AIX servers to empty tens of millions of dollars from ATMs. Security experts from Symantec have discovered a malware, tracked as FastCash Trojan, that was used by the Lazarus APT Group, in a string of attacks against ATMs. The ATP group has been using this malware […] | Malware Hack Medical | APT 38 | |
|
2018-11-08 10:53:01 | U.S. Cyber Command CNMF Shares unclassified malware samples via VirusTotal (lien direct) | The U.S. Cyber Command (USCYBERCOM) CNMF is sharing malware samples with the cybersecurity industry via VirusTotal intelligence service. The U.S. Cyber Command (USCYBERCOM) is providing unclassified malware samples to VirusTotal intelligence service with the intent of sharing them with cybersecurity industry. The USCYBERCOM's Cyber National Mission Force (CNMF) is going to share the unclassified malware samples on […] | Malware | ||
|
2018-11-06 07:22:04 | Shellbot Botnet Targets IoT devices and Linux servers (lien direct) | Security experts at Trend Micro have spotted an IRC bot dubbed Shellbot that was built using Perl Shellbot. The malware was distributed by a threat group called Outlaw, it was able to target Linux and Android devices, and also Windows systems. “We uncovered an operation of a hacking group, which we're naming “Outlaw” (translation derived from the Romanian word haiduc, […] | Malware Threat | ||
|
2018-11-05 08:31:04 | USB drives are primary vector for destructive threats to industrial facilities (lien direct) | USB removable storage devices are the main vector for malware attacks against industrial facilities, states Honeywell report. According to a report published on by Honeywell, malware-based attacks against industrial facilities mostly leverage USB removable storage devices Experts from Honeywell analyzed data collected with the Secure Media Exchange (SMX), a product it has launched in 2017 and that was designed […] | Malware | ||
|
2018-11-04 11:25:00 | (Déjà vu) Security Affairs newsletter Round 187 – News of the week (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! · How to deliver malware using weaponized Microsoft […] | Malware | ||
|
2018-11-04 10:32:04 | Kraken ransomware 2.0 is available through the RaaS model (lien direct) | The author of the infamous Kraken ransomware has released a new version of the malicious code and launched a RaaS distribution program on the Dark Web. Researchers from Recorded Future's Insikt Group and McAfee's Advanced Threat Research team have discovered a new version of the malware that is offered through a RaaS distribution program on the Dark Web. […] | Ransomware Malware Threat | ||
|
2018-11-01 14:34:04 | 0x20k of Ghost Squad Hackers Releases ODay Exploit Targeting Apache Hadoop (lien direct) | 0x20k of Ghost Squad Hackers has released the full source code of the 0day exploit used to targeting Apache Hadoop and build the FICORA Botnet. In direct response to the publication of Radware’s analysis of the new discovery of the DemonBot malware strain effecting Hadoop clusters earlier the week, October 25th, 2018, 0x20k of Ghost […] | Malware | ||
|
2018-10-28 10:13:00 | How to deliver malware using weaponized Microsoft Office docs embedding YouTube video (lien direct) | Researchers at Cymulate security firm devised a new stealthy technique to deliver malware leveraging videos embedded into weaponized Microsoft Office Documents. The technique could be used to execute JavaScript code when a user clicks on a weaponized YouTube video thumbnail embedded in a Weaponized Office document. Experts pointed out that no message is displayed by […] | Malware | ||
|
2018-10-26 07:23:02 | Experts presented BOTCHAIN, the first fully functional Botnet built upon the Bitcoin Protocol (lien direct) | Security experts Antonio Pirozzi and Pierluigi Paganini presented BOTCHAIN, the first fully functional Botnet built upon the Bitcoin Protocol. Security expert Antonio Pirozzi, director at ZLab malware lab at Cybaze firm, presented at the EU Cyber Threat Conference in Dublin conducted a research along with Pierluigi Paganini (aka @securityaffairs), about how crooks could abuse blockchain […] | Malware Threat | ||
|
2018-10-24 06:21:01 | Chalubo, a new IoT botnet emerges in the threat landscape (lien direct) | Security experts from Sophos Labs have spotted a new piece of IoT malware tracked as Chalubo that is attempting to recruit devices into a botnet used to launch DDoS attacks. Security experts from Sophos Labs have spotted a new piece of Linux malware tracked as Chalubo (ChaCha-Lua-bot) that is targeting IoT devices in an attempt to recruit them into […] | Malware Threat | ||
|
2018-10-24 05:23:04 | Russian Government-owned research institute linked to Triton attacks (lien direct) | Security experts from FireEye found evidence that links the development of the Triton malware (aka Trisis and HatMan) to a Russian government research institute. In December 2017, experts from FireEye discovered a new strain of malware dubbed Triton that was specifically designed to target industrial control systems (ICS). The Triton malware has been used in attacks aimed at a critical […] | Malware |
To see everything:
Our RSS (filtrered)
