What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-03-05 01:20:07 | Researchers Find 3 New Malware Strains Used by SolarWinds Hackers (lien direct) | FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a "sophisticated second-stage backdoor," as the investigation into the sprawling espionage campaign continues to yield fresh clues about the threat actor's tactics and techniques.
Dubbed GoldMax (aka SUNSHUTTLE), GoldFinder, and Sibot, the new set of |
Malware Threat | ||
|
2021-03-03 04:56:56 | Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection (lien direct) | Cybercriminals are now deploying remote access Trojans (RATs) under the guise of seemingly innocuous images hosted on infected websites, once again highlighting how threat actors quickly change tactics when their attack methods are discovered and exposed publicly.
New research released by Cisco Talos reveals a new malware campaign targeting organizations in South Asia that utilize malicious |
Malware Threat | ||
|
2021-03-01 06:18:35 | Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites (lien direct) | A framework notorious for delivering a banking Trojan has received a facelift to deploy a wider range of malware, including ransomware payloads.
"The Gootkit malware family has been around more than half a decade – a mature Trojan with functionality centered around banking credential theft," Sophos researchers Gabor Szappanos and Andrew Brandt said in a write-up published today.
"In recent years |
Ransomware Malware | ||
|
2021-02-26 03:02:08 | North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware (lien direct) | A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry.
Attributing the attacks with high confidence to the Lazarus Group, the new findings from Kaspersky signal an expansion of the APT actor's tactics by going beyond the usual gamut of financially-motivated |
Malware Medical | APT 38 | ★★ |
|
2021-02-25 01:13:03 | Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack (lien direct) | Ukraine is formally pointing fingers at Russian hackers for hacking into one of its government systems and attempting to plant and distribute malicious documents that would install malware on target systems of public authorities.
"The purpose of the attack was the mass contamination of information resources of public authorities, as this system is used for the circulation of documents in most |
Malware | ||
|
2021-02-24 07:29:47 | Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks (lien direct) | New research has uncovered a significant increase in QuickBooks file data theft using social engineering tricks to deliver malware and exploit the accounting software.
"A majority of the time, the attack involves basic malware that is often signed, making it hard to detect using antivirus or other threat detection software," researchers from ThreatLocker said in an analysis shared today with The |
Malware Threat | ||
|
2021-02-22 03:15:17 | Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online (lien direct) | On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations (TAO) unit of the U.S. National Security Agency (NSA).
Although the group has since signed off following the unprecedented disclosures, new "conclusive" |
Malware Tool Threat | ||
|
2021-02-21 23:47:09 | New \'Silver Sparrow\' Malware Infected Nearly 30,000 Apple Macs (lien direct) | Days after the first malware targeting Apple M1 chips were discovered in the wild, researchers have disclosed yet another previously undetected piece of malicious software that has already infected 29,139 Macs running Intel x86_64 and the iPhone maker's M1 processors.
However, the ultimate goal of the operation remains something of a conundrum, what with the lack of a next-stage or final payload |
Malware | ||
|
2021-02-19 01:18:55 | Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome Credentials (lien direct) | A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps.
Primarily directed against users in Turkey, Latvia, and Italy starting mid-January, the attacks involve the use of MassLogger - a .NET-based malware with capabilities to hinder static analysis - |
Malware | ||
|
2021-02-18 02:20:10 | First Malware Designed for Apple M1 Chip Discovered in the Wild (lien direct) | One of the first malware samples tailored to run natively on Apple's M1 chips has been discovered, suggesting a new development that indicates that bad actors have begun adapting malicious software to target the company's latest generation of Macs powered by its own processors.
While the transition to Apple silicon has necessitated developers to build new versions of their apps to ensure better |
Malware | ||
|
2021-02-17 04:02:37 | Researchers Unmask Hackers Behind APOMacroSploit Malware Builder (lien direct) | Cybersecurity researchers have disclosed a new kind of Office malware distributed as part of a malicious email campaign that targeted more than 80 customers worldwide in an attempt to control victim machines and steal information remotely.
The tool - dubbed "APOMacroSploit" - is a macro exploit generator that allows the user to create an Excel document capable of bypassing antivirus software, |
Malware Tool | ||
|
2021-02-16 05:02:42 | Unpatched ShareIT Android App Flaw Could Let Hackers Inject Malware (lien direct) | Multiple unpatched vulnerabilities have been discovered in SHAREit, a popular app with over one billion downloads, that could be abused to leak a user's sensitive data, execute arbitrary code, and possibly lead to remote code execution.
The findings come from cybersecurity firm Trend Micro's analysis of the Android version of the app, which allows users to share or transfer files between devices |
Malware Guideline | ||
|
2021-02-11 08:23:13 | Researchers Uncover Android Spying Campaign Targeting Pakistan Officials (lien direct) | Two new Android surveillanceware families have been found to target military, nuclear, and election entities in Pakistan and Kashmir as part of a pro-India, state-sponsored hacking campaign.
Dubbed Hornbill and Sunbird, the malware impersonates legitimate or seemingly innocuous services to cover its tracks, only to stealthily collect SMS, encrypted messaging app content, and geolocation, among |
Malware | ||
|
2021-02-10 04:18:09 | LodaRAT Windows Malware Now Also Targets Android Devices (lien direct) | A previously known Windows remote access Trojan (RAT) with credential-stealing capabilities has now expanded its scope to set its sights on users of Android devices to further the attacker's espionage motives.
"The developers of LodaRAT have added Android as a targeted platform," Cisco Talos researchers said in a Tuesday analysis. "A new iteration of LodaRAT for Windows has been identified with |
Malware | ||
|
2021-02-06 02:30:56 | WARNING - Hugely Popular \'The Great Suspender\' Chrome Extension Contains Malware (lien direct) | Google on Thursday removed The Great Suspender, a popular Chrome extension used by millions of users, from its Chrome Web Store for containing malware. It also took the unusual step of deactivating it from users' computers.
"This extension contains malware," read a terse notification from Google, but it has since emerged that the add-on stealthily added features that could be exploited to |
Malware | ||
|
2021-02-04 02:48:55 | Beware: New Matryosh DDoS Botnet Targeting Android-Based Devices (lien direct) | A nascent malware campaign has been spotted co-opting Android devices into a botnet with the primary purpose of carrying out distributed denial-of-service (DDoS) attacks.
Called "Matryosh" by Qihoo 360's Netlab researchers, the latest threat has been found reusing the Mirai botnet framework and propagates through exposed Android Debug Bridge (ADB) interfaces to infect Android devices and ensnare |
Malware Threat | ||
|
2021-02-04 02:20:16 | Why Human Error is #1 Cyber Security Threat to Businesses in 2021 (lien direct) | Phishing and Malware
Among the major cyber threats, the malware remains a significant danger. The 2017 WannaCry outbreak that cost businesses worldwide up to $4 billion is still in recent memory, and other new strains of malware are discovered on a daily basis.
Phishing has also seen a resurgence in the last few years, with many new scams being invented to take advantage of unsuspecting |
Malware Threat | Wannacry Wannacry | |
|
2021-02-03 02:43:35 | A New Linux Malware Targeting High-Performance Computing Clusters (lien direct) | High-performance computing clusters belonging to university networks as well as servers associated with government agencies, endpoint security vendors, and internet service providers have been targeted by a newly discovered backdoor that gives attackers the ability to execute arbitrary commands on the systems remotely.
Cybersecurity firm ESET named the malware "Kobalos" - a nod to a "mischievous |
Malware | ||
|
2021-02-02 06:02:15 | Agent Tesla Malware Spotted Using New Delivery & Evasion Techniques (lien direct) | Security researchers on Tuesday uncovered new delivery and evasion techniques adopted by Agent Tesla remote access trojan (RAT) to get around defense barriers and monitor its victims.
Typically spread through social engineering lures, the Windows spyware not only now targets Microsoft's Antimalware Scan Interface (AMSI) in an attempt to defeat endpoint protection software, it also employs a |
Malware | ||
|
2021-02-01 04:13:18 | A New Software Supply‑Chain Attack Targeted Millions With Spyware (lien direct) | Cybersecurity researchers today disclosed a new supply chain attack compromising the update mechanism of NoxPlayer, a free Android emulator for PCs and Macs.
Dubbed "Operation NightScout" by Slovak cybersecurity firm ESET, the highly-targeted surveillance campaign involved distributing three different malware families via tailored malicious updates to selected victims based in Taiwan, Hong Kong, |
Malware | ||
|
2021-02-01 03:15:16 | New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers (lien direct) | A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research.
Deployed by the China-based cybercrime group Rocke, the Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as harbors |
Malware Threat | APT 32 | |
|
2021-01-29 02:08:37 | Hezbollah Hacker Group Targeted Telecoms, Hosting, ISPs Worldwide (lien direct) | A "persistent attacker group" with alleged ties to Hezbollah has retooled its malware arsenal with a new version of a remote access Trojan (RAT) to break into companies worldwide and extract valuable information.
In a new report published by the ClearSky research team on Thursday, the Israeli cybersecurity firm said it identified at least 250 public-facing web servers since early 2020 that have |
Malware | ||
|
2021-01-28 05:44:07 | Italy CERT Warns of a New Credential Stealing Android Malware (lien direct) | Researchers have disclosed a new family of Android malware that abuses accessibility services in the device to hijack user credentials and record audio and video.
Dubbed "Oscorp" by Italy's CERT-AGID, the malware "induce(s) the user to install an accessibility service with which [the attackers] can read what is present and what is typed on the screen."
So named because of the title of the login |
Malware | ||
|
2021-01-28 01:41:53 | European Authorities Disrupt Emotet - World\'s Most Dangerous Malware (lien direct) | Law enforcement agencies from as many as eight countries dismantled the infrastructure of Emotet, a notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks over the past decade.
The coordinated takedown of the botnet on Tuesday - dubbed "Operation Ladybird" - is the result of a joint effort between authorities in the Netherlands, Germany, the U.S. |
Ransomware Spam Malware | ||
|
2021-01-25 00:05:35 | Beware - A New Wormable Android Malware Spreading Through WhatsApp (lien direct) | A newly discovered Android malware has been found to propagate itself through WhatsApp messages to other contacts in order to expand what appears to be an adware campaign.
"This malware spreads via victim's WhatsApp by automatically replying to any received WhatsApp message notification with a link to [a] malicious Huawei Mobile app," ESET researcher Lukas Stefanko said.
The link to the fake |
Malware | ||
|
2021-01-21 06:58:01 | MrbMiner Crypto-Mining Malware Links to Iranian Software Company (lien direct) | A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server (MSSQL) databases has now been linked to a small software development company based in Iran.
The attribution was made possible due to an operational security oversight, said researchers from cybersecurity firm Sophos, that led to the company's name inadvertently making its way into the |
Malware | ||
|
2021-01-19 07:04:55 | Researchers Discover Raindrop - 4th Malware Linked to the SolarWinds Attack (lien direct) | Cybersecurity researchers have unearthed a fourth new malware strain-designed to spread the malware onto other computers in victims' networks-which was deployed as part of the SolarWinds supply chain attack disclosed late last year.
Dubbed "Raindrop" by Broadcom-owned Symantec, the malware joins the likes of other malicious implants such as Sunspot, Sunburst (or Solorigate), and Teardrop that |
Malware Mobile | Solardwinds Solardwinds | |
|
2021-01-19 03:02:30 | FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities (lien direct) | An ongoing malware campaign has been found exploiting recently disclosed vulnerabilities in Linux devices to co-opt the systems into an IRC botnet for launching distributed denial-of-service (DDoS) attacks and mining Monero cryptocurrency.
The attacks involve a new malware variant called "FreakOut" that leverages newly patched flaws in TerraMaster, Laminas Project (formerly Zend Framework), and |
Malware | ||
|
2021-01-15 03:31:43 | Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks (lien direct) | Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware - including a previously undocumented backdoor.
Attributing the campaign to Winnti (or APT41), Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts to extract and run the malware payload. A |
Malware Threat Guideline | APT 41 | ★★★★★ |
|
2021-01-14 01:10:41 | Experts Uncover Malware Attacks Against Colombian Government and Companies (lien direct) | Cybersecurity researchers took the wraps off an ongoing surveillance campaign directed against Colombian government institutions and private companies in the energy and metallurgical industries.
In a report published by ESET on Tuesday, the Slovak internet security company said the attacks - dubbed "Operation Spalax" - began in 2020, with the modus operandi sharing some similarities to an APT |
Malware | ||
|
2021-01-12 21:01:20 | Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws (lien direct) | For the first patch Tuesday of 2021, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability.
The latest security patches cover Microsoft Windows, Edge browser, ChakraCore, Office and Microsoft Office Services, and Web Apps, Visual Studio, Microsoft Malware Protection Engine, .NET Core |
Malware | ||
|
2021-01-12 03:07:27 | Experts Sound Alarm On New Android Malware Sold On Hacking Forums (lien direct) | Cybersecurity researchers have exposed the operations of an Android malware vendor who teamed up with a second threat actor to market and sell a remote access Trojan (RAT) capable of device takeover and exfiltration of photos, locations, contacts, and messages from popular apps such as Facebook, Instagram, WhatsApp, Skype, Telegram, Kik, Line, and Google Messages.
The vendor, who goes by the |
Malware Threat | ||
|
2021-01-11 22:29:57 | Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor (lien direct) | As the investigation into the SolarWinds supply-chain attack continues, cybersecurity researchers have disclosed a third malware strain that was deployed into the build environment to inject the backdoor into the company's Orion network monitoring platform.
Called "Sunspot," the malignant tool adds to a growing list of previously disclosed malicious software such as Sunburst and Teardrop.
"This |
Malware Tool Mobile | Solardwinds Solardwinds | |
|
2021-01-11 05:41:59 | Researchers Find Links Between Sunburst and Russian Kazuar Malware (lien direct) | Cybersecurity researchers, for the first time, may have found a potential connection between the backdoor used in the SolarWinds hack to a previously known malware strain.
In new research published by Kaspersky researchers today, the cybersecurity firm said it discovered several features that overlap with another backdoor known as Kazuar, a .NET-based malware first documented by Palo Alto |
Malware | Solardwinds Solardwinds | |
|
2021-01-06 06:00:59 | Hackers Using Fake Trump\'s Scandal Video to Spread QNode Malware (lien direct) | Cybesecurity researchers today revealed a new malspam campaign that distributes a remote access Trojan (RAT) by purporting to contain a sex scandal video of U.S. President Donald Trump.
The emails, which carry with the subject line "GOOD LOAN OFFER!!," come attached with a Java archive (JAR) file called "TRUMP_SEX_SCANDAL_VIDEO.jar," which, when downloaded, installs Qua or Quaverse RAT (QRAT) |
Malware | ||
|
2021-01-05 07:08:04 | Warning: Cross-Platform ElectroRAT Malware Targeting Cryptocurrency Users (lien direct) | Cybersecurity researchers today revealed a wide-ranging scam targeting cryptocurrency users that began as early as January last year to distribute trojanized applications to install a previously undetected remote access tool on target systems.
Called ElectroRAT by Intezer, the RAT is written from ground-up in Golang and designed to target multiple operating systems such as Windows, Linux, and |
Malware Tool | ||
|
2020-12-26 22:24:48 | A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware (lien direct) | An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries to deploy the SUPERNOVA malware in target environments.
According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that's used to interface with all other Orion system monitoring and management products suffers from a security flaw that could |
Malware Vulnerability | ||
|
2020-12-23 00:41:49 | How to Defend Against Malware, Phishing, and Scams During COVID-19 Crisis (lien direct) | As if the exponential rise in phishing scams and malware attacks in the last five years wasn't enough, the COVID-19 crisis has worsened it further.
The current scenario has given a viable opportunity to cybercriminals to find a way to target individuals, small and large enterprises, government corporations.
According to Interpol's COVID-19 Cybercrime Analysis Report, based on the feedback of 194 |
Malware | ||
|
2020-12-22 01:50:07 | A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says (lien direct) | As the probe into the SolarWinds supply chain attack continues, new digital forensic evidence has brought to light that a separate threat actor may have been abusing the IT infrastructure provider's Orion software to drop a similar persistent backdoor on target systems.
"The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the |
Malware Threat | ||
|
2020-12-16 06:33:56 | Ransomware Attackers Using SystemBC Malware With RAT and Tor Proxy (lien direct) | Cybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools, according to new research.
In a new analysis published by Sophos today and shared with The Hacker News, recent deployments of Ryuk and Egregor ransomware have involved the use of SystemBC backdoor to laterally move across the network and fetch additional payloads |
Ransomware Malware | ||
|
2020-12-14 23:58:12 | Exfiltrating Data from Air-Gapped Computers via Wi-Fi Signals (Without Wi-Fi Hardware) (lien direct) | A security researcher has demonstrated that sensitive data could be exfiltrated from air-gapped computers via a novel technique that leverages Wi-Fi signals as a covert channel-surprisingly, without requiring the presence of Wi-Fi hardware on the targeted systems.
Dubbed "AIR-FI," the attack hinges on deploying a specially designed malware in a compromised system that exploits "DDR SDRAM buses |
Malware | ||
|
2020-12-14 05:34:45 | SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online (lien direct) | Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response.
"SoReL-20M" (short for Sophos-ReversingLabs – 20 Million), as it's called, is a dataset containing metadata, labels |
Malware | ||
|
2020-12-11 03:48:22 | Watch Out! Adrozek Malware Hijacking Chrome, Firefox, Edge, Yandex Browsers (lien direct) | Microsoft on Thursday took the wraps off an ongoing campaign impacting popular web browsers that stealthily injects malware-infested ads into search results to earn money via affiliate advertising.
"Adrozek," as it's called by the Microsoft 365 Defender Research Team, employs an "expansive, dynamic attacker infrastructure" consisting of 159 unique domains, each of which hosts an average of |
Malware | Adrozek | |
|
2020-12-09 07:11:49 | Russian APT28 Hackers Using COVID-19 as Bait to Deliver Zebrocy Malware (lien direct) | A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once again indicating how adversaries are adept at repurposing the current world events to their advantage.
Linking the operation to a sub-group of APT28 (aka Sofacy, Sednit, Fancy Bear, or STRONTIUM), cybersecurity firm Intezer said the |
Malware Threat | APT 28 | |
|
2020-12-07 21:44:01 | NSA Warns Russian Hacker Exploiting VMware Bug to Breach Corporate Networks (lien direct) | The US National Security Agency (NSA) on Monday issued an advisory warning that Russian threat actors are leveraging recently disclosed VMware vulnerability to install malware on corporate systems and access protected data.
Specifics regarding the identities of the threat actor exploiting the VMware flaw or when these attacks started were not disclosed.
The development comes two weeks after the |
Malware Vulnerability Threat | ||
|
2020-12-07 06:57:40 | Iranian RANA Android Malware Also Spies On Instant Messengers (lien direct) | A team of researchers today unveiled previously undisclosed capabilities of an Android spyware implant-developed by a sanctioned Iranian threat actor-that could let attackers spy on private chats from popular instant messaging apps, force Wi-Fi connections, and auto-answer calls from specific numbers for purposes of eavesdropping on conversations.
In September, the US Department of the Treasury |
Malware Threat | ||
|
2020-12-04 00:06:34 | Hackers-For-Hire Group Develops New \'PowerPepper\' In-Memory Malware (lien direct) | Cybersecurity researchers on Thursday disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from its targets in Asia, Europe, and the US.
Dubbed "PowerPepper" by Kaspersky researchers, the malware has been attributed to the DeathStalker group (formerly called |
Malware | ★★ | |
|
2020-12-03 02:59:14 | TrickBot Malware Gets UEFI/BIOS Bootkit Feature to Remain Undetected (lien direct) | TrickBot, one of the most notorious and adaptable malware botnets in the world, is expanding its toolset to set its sights on firmware vulnerabilities to potentially deploy bootkits and take complete control of an infected system.
The new functionality, dubbed "TrickBoot" by Advanced Intelligence (AdvIntel) and Eclypsium, makes use of readily available tools to check devices for well-known |
Malware | ||
|
2020-12-02 04:08:21 | Experts Uncover \'Crutch\' Russian Malware Used in APT Attacks for 5 Years (lien direct) | Cybersecurity researchers today took the wraps off a previously undocumented backdoor and document stealer that has been deployed against specific targets from 2015 to early 2020.
Codenamed "Crutch" by ESET researchers, the malware has been attributed to Turla (aka Venomous Bear or Snake), a Russia-based advanced hacker group known for its extensive attacks against governments, embassies, and |
Malware | ||
|
2020-11-27 00:17:40 | Digitally Signed Bandook Malware Once Again Targets Multiple Sectors (lien direct) | A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan.
Check Point Research called out hackers affiliated with a group named Dark Caracal in a new report published yesterday for their efforts to deploy "dozens of digitally signed variants" of |
Malware |
To see everything:
Our RSS (filtrered)
