Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-11-16 19:30:07 |
WASP malware puts a sting in Python developers (lien direct) |
Info-stealing trojan is hidden in malicious PyPI packages on GitHub WASP malware is using steganography and polymorphism to evade detection with malicious Python packages designed to steal credentials, personal information, and cryptocurrency.… |
Malware
|
|
|
|
2022-11-10 04:46:41 |
Windows breaks under upgraded IceXLoader malware (lien direct) |
We're the malware of Nim! A malware loader deemed in June to be a "work in progress" is now fully functional and infecting thousands of Windows corporate and home PCs.… |
Malware
|
|
|
|
2022-11-07 15:30:08 |
Oh, look: More malware in the Google Play store (lien direct) |
Also, US media hit with JavaScript supply chain attack, while half of govt employees use out-of-date mobile OSes in brief A quartet of malware-laden Android apps from a single developer have been caught with malicious code more than once, yet the infected apps remain on Google Play and have collectively been downloaded more than one million times. … |
Malware
|
|
★★★★★
|
|
2022-10-31 16:30:08 |
Ordinary web access request or command to malware? (lien direct) |
Cranefly group unleashes nasty little technique using Microsoft Internet Information Services (IIS) logs A threat group that targets corporate emails is delivering dropper malware through a novel technique that uses Microsoft Internet Information Services (IIS) logs to send commands disguised as web access requests.… |
Malware
Threat
|
|
|
|
2022-10-26 23:06:26 |
Feds accuse Ukrainian of renting out PC-raiding Raccoon malware to fiends (lien direct) |
Separately, charges slapped on alleged operator of dark market, The Real Deal Mark Sokolovsky, 26, a Ukrainian national, is being held in the Netherlands while he awaits extradition to America on cybercrime charges, the US Justice Department said on Tuesday.… |
Malware
|
|
|
|
2022-10-24 22:11:11 |
Payment terminal malware steals $3.3m worth of credit card numbers – so far (lien direct) |
With shops leaving VNC and RDP open, quelle surprise Cybercriminals have used two strains of point-of-sale (POS) malware to steal the details of more than 167,000 credit cards from payment terminals. If sold on underground forums, the haul could net the thieves upwards of $3.3 million.… |
Malware
|
|
|
|
2022-10-21 10:28:06 |
Good news, URSNIF no longer a banking trojan. Bad news, it\'s now a backdoor (lien direct) |
And one designed to slip ransomware and data-stealing code onto infected machines URSNIF, the malware also known as Gozi that attempts to steal online banking credentials from victims' Windows PCs, is evolving to support extortionware.… |
Ransomware
Malware
|
|
|
|
2022-10-18 07:31:14 |
Imagine surviving a wiper attack only for ransomware to scramble your restored files (lien direct) |
Then again, imagine being invaded by Russia Organizations hit earlier by the HermeticWiper malware have reportedly been menaced by ransomware unleashed this month against transportation and logistics industries in Ukraine and Poland.… |
Ransomware
Malware
|
|
|
|
2022-10-14 08:32:11 |
LockBit 3.0 malware forced NHS tech supplier to shut down hosted sites (lien direct) |
Managed software provider Advanced admits some customer data 'exfiltrated' in August ransomware attack Advanced, a managed software provider to the UK National Health Service, has confirmed that customer data was indeed lifted as part of the attack by cyber baddies that has disrupted operations for months.… |
Ransomware
Malware
|
|
|
|
2022-10-13 23:35:05 |
Banks face their \'darkest hour\' as malware steps up, maker of antivirus says (lien direct) |
When I saw it, I had to reverse engineer it, Kaspersky's lead security researcher tells us Interview Crimeware targeting banks and other financial-services organizations today features sophisticated capabilities and evasion tools, according to Kaspersky's lead security researcher Sergey Lozhkin.… |
Malware
Guideline
|
|
|
|
2022-10-10 09:29:11 |
Criminal multitool LilithBot arrives on malware-as-a-service scene (lien direct) |
Bespoke botnet up for grabs from outfit praised for, er, customer service A Russia based threat group that set up a malware distribution shop earlier this year is behind a Swiss Army knife-like botnet that comes with a range of other malicious capabilities, from stealing information to mining cryptocurrency.… |
Malware
Threat
|
|
|
|
2022-10-03 10:00:10 |
Between ransomware and month-long engagements, IR teams need a hug - and a nap (lien direct) |
Here's what 1,100 incident responders say about their jobs, just in time for NSCAM Remember the good old days of cyber-incident response, when the job involved digital forensics and lots of stolen credit cards, as opposed to power-grid-breaking malware and multi-million-dollar ransom demands?… |
Ransomware
Malware
|
|
|
|
2022-10-02 08:47:05 |
BlackCat malware lashes out at US defense IT contractor (lien direct) |
Also, Amazon's Ring footage TV shows draws criticism, US v Societ spying docs found, and more In Brief The BlackCat ransomware gang, also known as ALPHV, has allegedly broken into IT firm NJVC, a provider of services to civilian US government agencies and the Department of Defense.… |
Ransomware
Malware
|
|
|
|
2022-09-29 13:00:09 |
Covert malware targets VMware for hypervisor-level espionage (lien direct) |
VMware, Mandiant track back operators, finding ties to China Emerging covert malware families that target VMware environments could allow criminals to gain persistent administrative access to the hypervisor, transfer files, and execute arbitrary commands between virtual machines, according to VMware and Mandiant, which discovered the software nasty earlier this year.… |
Malware
|
|
|
|
2022-09-28 17:00:07 |
Want to sneak a RAT into Windows? Buy Quantum Builder on the dark web (lien direct) |
Beware what could be hiding in those LNK shortcuts A tool sold on the dark web that allows cybercriminals to build malicious shortcuts for delivering malware is being used in a campaign pushing a longtime .NET keylogger and remote access trojan (RAT) named Agent Tesla.… |
Malware
Tool
|
|
|
|
2022-09-25 08:50:14 |
Noberus ransomware gets info-stealing upgrades, targets Veeam backup software (lien direct) |
'One of the most dangerous and active malware developers operating at the moment' Crooks spreading the Noberus ransomware are adding weapons to their malware to steal data and credentials from compromised networks.… |
Ransomware
Malware
|
|
|
|
2022-09-22 13:45:08 |
Fake sites fool Zoom users into downloading deadly code (lien direct) |
Ah, the human touch Beware the Zoom site you don't recognize, as a criminal gang is creating multiple fake versions aimed at luring users to download malware that can steal banking data, IP addresses, and other information.… |
Malware
|
|
|
|
2022-09-21 15:56:01 |
Malwarebytes blocks Google, YouTube as malware (lien direct) |
Sounds like fair comment Google and its Youtube domains are being flagged as malicious by Malwarebytes as of Wednesday morning, blocking users from accessing a whole range of websites.… |
Malware
|
|
|
|
2022-09-21 09:26:11 |
ChromeLoader, what took you so long? Malvertising irritant now slings ransomware (lien direct) |
Doesn't make cents, makes bigger bucks instead ... probably ChromeLoader – the malware that exploded onto the scene this year by hijacking browsers to redirect users to pages of ads – is apparently evolving into a more significant threat by deploying malicious payloads that go beyond malvertising.… |
Ransomware
Malware
Threat
|
|
|
|
2022-09-10 11:00:07 |
Shape-shifting cryptominer savaging Linux endpoints and IoT (lien direct) |
Also, Authorities seize WT1SHOP selling 5.8m sets of PII, The North Face users face tough secuirty hike In brief AT&T cybersecurity researchers have discovered a sneaky piece of malware targeting Linux endpoints and IoT devices in the hopes of gaining persistent access and turning victims into crypto-mining drones.… |
Malware
|
|
|
|
2022-09-08 12:00:09 |
Lazarus Group unleashed a MagicRAT to spy on energy providers (lien direct) |
Cisco finds custom malware in North Korea's latest cyberespionage effort The North Korean state-sponsored crime ring Lazarus Group is behind a new cyberespionage campaign with the goal to steal data and trade secrets from energy providers across the US, Canada and Japan, according to Cisco Talos.… |
Malware
Medical
|
APT 38
|
|
|
2022-09-07 12:34:49 |
Cybercriminals target games popular with kids to distribute malware (lien direct) |
Kaspersky research finds Minecraft and Roblox have the most malicious files associated with them With 3 billion players globally, the $200 billion gaming market is an increasingly ripe target for cybercriminals – with the perennially popular Minecraft one of the most targeted lures.… |
Malware
|
|
|
|
2022-09-06 16:15:14 |
Newly discovered cyberspy crew targets Asian governments and corporations (lien direct) |
Worok uses mix of publicly available tools, custom malware to steal info, gang active since 2020 A cyberespionage group has targeted government agencies and big-name corporations throughout Asia since at least 2020, using the notorious ProxyShell vulnerabilities in Microsoft Exchange to gain initial access.… |
Malware
|
|
|
|
2022-09-05 06:57:12 |
Microsoft mistakenly rated Chromium, Electron, as malware (lien direct) |
Windows Defender update fixed the mess after a weekend of false positive weirdness Microsoft appears to have fixed a problem that saw its Defender antivirus program identify apps based on the Chromium browser engine and/or Electron JavaScript framework as malware, and suggest users remove them.… |
Malware
|
|
|
|
2022-09-01 07:04:15 |
Oh no, that James Webb Space Telescope snap might actually contain malware (lien direct) |
Is nothing sacred? Scumbags are using a photo from the James Webb Space Telescope to smuggle Windows malware onto victims' computers – albeit in a roundabout way.… |
Malware
|
|
|
|
2022-08-30 10:27:12 |
That \'clean\' Google Translate app is actually Windows crypto-mining malware (lien direct) |
Ah, nothing like a classic Trojan horse Watch out: someone is spreading cryptocurrency-mining malware disguised as legitimate-looking applications, such as Google Translate, on free software download sites and through Google searches.… |
Malware
|
|
|
|
2022-08-25 09:24:07 |
Shout-out to whoever went to Black Hat with North Korean malware on their PC (lien direct) |
I am the one who NOCs The folks tasked with defending the Black Hat conference network see a lot of weird, sometimes hostile activity, and this year it included malware linked to Kim Jong-un's agents.… |
Malware
|
|
|
|
2022-08-17 18:41:18 |
After 7 years, long-term threat DarkTortilla crypter is still evolving (lien direct) |
.NET-based malware can push wide range of malicious payloads, and evades detection, Secureworks says A highly pervasive .NET-based crypter that has flown under the radar since about 2015 and can deliver a wide range of malicious payloads continues to evolve rapidly, with almost 10,000 code samples being uploaded to VirusTotal over a 16-month period.… |
Malware
Threat
|
|
|
|
2022-08-17 03:01:05 |
Open source VideoLAN media player asks why it\'s blocked in India (lien direct) |
Rubbishes suggestions poisoned clones or ancient malware are worthy reasons for ban Developers of the open source VideoLAN media player have started sniping at India's government over an apparent block on the project's website.… |
Malware
|
|
|
|
2022-08-11 18:30:13 |
Sonatype spots another PyPI package behaving badly (lien direct) |
Identity of a real person was used to lend credence to a package that dropped cryptominer in memory Sonatype has unearthed yet more malware lurking on PyPI, this time a fileless Linux nasty designed to mine Monero and using the identity of a real person to lend credibility to the package.… |
Malware
|
|
|
|
2022-08-04 13:00:09 |
US aims to step up security for federal datacenters: Both physical and cyber (lien direct) |
Bit barns threatened by malware flingers, but fire, storms, or bad guys arriving at the sites are also bad news Proposed legislation in the US will seek to ensure greater protection for government datacenters from the threat of cyberattacks, but also physical dangers such as natural disasters and terrorism.… |
Malware
Threat
|
|
|
|
2022-07-27 05:03:08 |
Vietnamese attacker circumvents Facebook security with \'DUCKTAIL\' malware (lien direct) |
Session cookies and 2FA subversion allow takeover of biz and ad accounts, lead to unauthorized ad buys Security vendor WithSecure, which was spun out in March 2022 as F-Secure's enterprise security arm, claims it's found malware that targets Facebook Business accounts.… |
Malware
Guideline
|
|
|
|
2022-07-26 17:00:08 |
Luca Stealer malware spreads rapidly after code handily appears on GitHub (lien direct) |
Cool, another Rust project ... Oh A new info-stealer malware is spreading rapidly in the wild as the developer behind it continues to add capabilities and recently released the source code on GitHub.… |
Malware
|
|
|
|
2022-07-26 14:26:53 |
Ransomware less popular this year, but malware up: SonicWall cyber threat report (lien direct) |
Be ready for a rebound, and protect yourself with patching and segmentation SonicWall has published its latest threat report, showing a drop in ransomware but an increase in malware attacks in the first half of 2022.… |
Ransomware
Malware
Threat
Patching
|
|
|
|
2022-07-21 20:29:10 |
US Cyber Command spots another 20 malware strains targeting Ukraine (lien direct) |
Plus Mandiant, Cisco Talos uncover digital espionage US Cyber Command has disclosed 20 new strains of malware among the numerous software nasties and cyberattacks being used against Ukrainian targets over the last few months.… |
Malware
|
|
|
|
2022-07-20 23:56:43 |
Suspected Gozi malware gang \'CIO\' extradited to US on fraud, hacking charges (lien direct) |
Euro man allegedly known as 'Virus' faces years behind bars if convicted A man suspected of providing the IT infrastructure behind the Gozi banking trojan has been extradited to the US to face a string of computer fraud charges.… |
Malware
|
|
|
|
2022-07-20 20:36:03 |
(Déjà vu) Google: Kremlin-backed goons spread Android malware disguised as pro-Ukraine app (lien direct) |
Don't. Download. Unknown. Apps. Kremlin-backed criminals are trying to trick people into downloading Android malware by spoofing a Ukrainian military group, according to Google security researchers.… |
Malware
|
|
|
|
2022-07-20 20:36:03 |
Google: Kremlin-backed goons spread Andriod malware disguised as pro-Ukraine app (lien direct) |
Don't. Download. Unknown. Apps. Kremlin-backed criminals are trying to trick people into downloading Android malware by spoofing a Ukrainian military group, according to Google security researchers.… |
Malware
|
|
|
|
2022-07-18 19:12:53 |
Botnet malware disguises itself as password cracker for industrial controllers (lien direct) |
Can't get into that machine? No problem, just trust this completely sketchy looking tool Industrial engineers and operators are being lured into running backdoor malware disguised as tools for recovering access to work systems.… |
Malware
|
|
|
|
2022-07-16 14:34:10 |
North Koreans spotted harassing SMBs with malware (lien direct) |
Also: Lawyers told to dissuade clients from paying off ransomware crooks, and more In brief SMBs, beware: Microsoft said this week it has discovered a North Korean crew targeting small businesses with ransomware since September of last year.… |
Ransomware
Malware
|
|
|
|
2022-07-06 22:51:04 |
Here today, gone to Maui: That\'s your data captured by North Korean ransomware (lien direct) |
CISA, FBI, US Treasury warn Kim Jong-un's latest malware has hit healthcare orgs For the past year, state-sponsored hackers operating on behalf of North Korea have been using ransomware called Maui to attack healthcare organizations, US cybersecurity authorities said on Wednesday.… |
Ransomware
Malware
|
|
|
|
2022-07-06 17:50:04 |
Hive ransomware gang rapidly evolves with complex encryption, Rust code (lien direct) |
RaaS malware devs have been busy bees The Hive group, which has become one of the most prolific ransomware-as-a-service (RaaS) operators, has significantly changed its malware, including migrating the code to the Rust programming language and using a more complex encryption technique.… |
Ransomware
Malware
|
|
|
|
2022-07-06 05:27:10 |
Near-undetectable malware linked to Russia\'s Cozy Bear (lien direct) |
The fun folk who attacked Solar Winds using a poisoned CV and tools from the murky world of commercial hackware Palo Alto Networks' Unit 42 threat intelligence team has claimed that a piece of malware that 56 antivirus products were unable to detect is evidence that state-backed attackers have found new ways to go about the evil business.… |
Malware
Tool
Threat
|
APT 29
|
|
|
2022-06-10 14:50:38 |
Symbiote Linux malware spotted, and infections are \'very hard to detect\' (lien direct) |
'Performing live forensics on an infected machine may not turn anything up' warn researchers Intezer security researcher Joakim Kennedy and the BlackBerry Threat Research and Intelligence Team have analyzed an unusual piece of Linux malware they say is unlike most seen before - it isn't a standalone executable file.… |
Malware
Threat
|
|
|
|
2022-06-10 07:57:06 |
Emotet malware gang re-emerges with Chrome-based credit card heistware (lien direct) |
Crimeware groups are re-inventing themselves The criminals behind the Emotet botnet – which rose to fame as a banking trojan before evolving into spamming and malware delivery – are now using it to target credit card information stored in the Chrome web browser.… |
Malware
|
|
|
|
2022-06-09 11:45:09 |
Symantec: More malware operators moving in to exploit Follina (lien direct) |
Meanwhile Microsoft still hasn't patched the fatal flaw While enterprises are still waiting for Microsoft to issue a fix for the critical "Follina" vulnerability in Windows, yet more malware operators are moving in to exploit it.… |
Malware
Vulnerability
|
|
|
|
2022-06-09 00:29:36 |
Now Windows Follina zero-day exploited to infect PCs with Qbot (lien direct) |
Data-stealing malware also paired with Black Basta ransomware gang Miscreants are reportedly exploiting the recently disclosed critical Windows Follina zero-day flaw to infect PCs with Qbot, thus aggressively expanding their reach.… |
Ransomware
Malware
|
|
|
|
2022-06-03 22:55:42 |
Even Russia\'s Evil Corp now favors software-as-a-service (lien direct) |
Albeit to avoid US sanctions hitting it in the wallet The Russian-based Evil Corp is jumping from one malware strain to another in hopes of evading sanctions placed on it by the US government in 2019.… |
Malware
|
|
|
|
2022-06-03 12:30:11 |
Clipminer rakes in $1.7m in crypto hijacking scam (lien direct) |
Crooks divert transactions to own wallets while running mining on the side A crew using malware that performs cryptomining and clipboard-hacking operations have made off with at least $1.7 million in stolen cryptocurrency.… |
Malware
|
|
|
|
2022-06-02 08:03:13 |
Super-spreader FluBot squashed by Europol (lien direct) |
Your package is delayed. Click this innocent-looking link to reschedule FluBot, the super-spreader Android malware that infected tens of thousands of phones globally, has been reportedly squashed by an international law enforcement operation.… |
Malware
|
|
|