What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-01-03 23:01:09 | New York county cyberattack under investigation (lien direct) | Patch reports that New York's Rockland County had its County Clerk's Office's record management servers disconnected following a malware attack against database software administrator Cott Systems around Christmas. | Malware | ★★ | |
 |
2023-01-03 19:03:00 | WordPress Sites Under Attack from Newly Found Linux Trojan (lien direct) | Researchers who discovered the backdoor Linux malware say it may have been around for more than three years - and it targets 30+ plugin bugs. | Malware | ★★ | |
 |
2023-01-03 17:02:00 | Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware (lien direct) | A new malware campaign has been observed using sensitive information stolen from a bank as a lure in phishing emails to drop a remote access trojan called BitRAT. The unknown adversary is believed to have hijacked the IT infrastructure of a Colombian cooperative bank, using the information to craft convincing decoy messages to lure victims into opening suspicious Excel attachments. The discovery | Malware | ★★★ | |
|
2023-01-03 16:55:17 | Raspberry Robin Worm Hatches a Highly Complex Upgrade (lien direct) | The Evil Corp-linked malware family has undergone an evolution, becoming more obfuscated and "several times more complex," as the group behind it tests how far the worm can be spread. | Malware | ★★★ | |
 |
2023-01-03 16:10:00 | Researchers Discover New Linux Malware Targeting WordPress Sites (lien direct) | The Trojan exploits known vulnerabilities in outdated WordPress plugins and themes | Malware | ★★ | |
|
2023-01-03 15:43:00 | Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe (lien direct) | Financial and insurance sectors in Europe have been targeted by the Raspberry Robin worm, as the malware continues to evolve its post-exploitation capabilities while remaining under the radar. "What is unique about the malware is that it is heavily obfuscated and highly complex to statically disassemble," Security Joes said in a new report published Monday. The intrusions, observed against | Malware | ★★★ | |
 |
2023-01-03 13:10:01 | BitRAT malware campaign uses stolen bank data for phishing (lien direct) | Threat actors behind a recent malware campaign have been using the stolen information of bank customers in Colombia as lures in phishing emails designed to infect targets with the BitRAT remote access trojan, according to cloud security firm Qualys. [...] | Malware Threat | ★★ | |
 |
2023-01-03 12:50:38 | Malware Delivered to PyTorch Users in Supply Chain Attack (lien direct) | Last week's nightly builds of the open source machine learning framework PyTorch were injected with malware following a supply chain attack. Now part of the Linux Foundation umbrella, PyTorch is based on the Torch library and is used for applications in computer vision and natural language processing fields. | Malware | ★ | |
 |
2023-01-03 12:10:05 | Nouvelles attaques du groupe BlueNoroff : l\'acteur APT se faisant passer pour une société de capital-risque étend son arsenal stratégique (lien direct) | >Les experts de Kaspersky ont découvert que le groupe APT BlueNoroff dispose désormais de nouvelles souches de malware sophistiquées pour déployer ses attaques. Tribune Kaspersky – BlueNoroff, acteur bien connu du paysage de la menace ciblant les crypto-monnaies des entités financières dans le monde entier, vise notamment les sociétés de capital-risque, les start-ups crypto et […] The post Nouvelles attaques du groupe BlueNoroff : l'acteur APT se faisant passer pour une société de capital-risque étend son arsenal stratégique first appeared on UnderNews. | Malware | ★★★ | |
 |
2023-01-03 03:37:37 | What are sandboxes? How to create your own sandbox (lien direct) | In the language of technology, a sandbox is a safe testing environment that is isolated from the rest of your network or system. Developers use sandboxes to test their code before deployment. In cybersecurity, suspicious and potentially unsafe programs, software, and attachments are executed in sandboxes to detect malware and to avoid any harm implicated by them. The use of a sandbox enables you to safely download, open, examine, or run unknown files, providing an additional layer of security. Benefits of Sandboxes. Spiceworks lists some benefits of sandboxing in cybersecurity: Prevents zero... | Malware | ★★ | |
 |
2023-01-03 00:36:00 | How Infostealer Threat Actors Make a Profit (lien direct) | Infostealer is a type of information-stealing malware with the goal of stealing user credentials such as the user account information, cryptocurrency wallet address, and files that are saved in programs such as web browsers and email clients. According to the ASEC report for Q3 2022, Infostealers make up more than half of malware types with executable formats reported by client companies or collected by AhnLab. As the downloader types also actually install Infostealers or backdoor-type malware, it can be said... | Malware Threat | ★★ | |
 |
2023-01-02 22:15:18 | CVE-2022-4417 (lien direct) | The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users | Malware | ||
 |
2023-01-02 15:05:06 | Linux Malware Exploits 30+ Plugins Into WordPress Sites (lien direct) | A new strain of Linux malware is targeting WordPress sites and exploiting vulnerabilities in over two dozen plugins and themes to compromise systems. Russian security firm Doctor Web discovered the malware, which has been tracked as Linux.BackDoor.WordPressExploit.1. It targets both 32-bit and 64-bit versions of Linux and has backdoor capabilities that allow it to attack […] | Malware | ★★★ | |
|
2023-01-02 13:20:00 | WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws (lien direct) | WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. "If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts," Russian security vendor Doctor Web said in a report published last week. "As a result, | Malware | ★★★ | |
|
2023-01-02 01:18:00 | (Déjà vu) ASEC Weekly Malware Statistics (December 19th, 2022 – December 25th, 2022) (lien direct) | The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 19th, 2022 (Monday) to December 25th, 2022 (Sunday). For the main category, Infostealer ranked top with 37.3%, followed by downloader with 35.7%, backdoor with 23.9%, and ransomware with 3.1%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 23.3%. The malware is distributed via malware disguised as PUP installer.... | Ransomware Malware | ★★ | |
|
2022-12-30 10:41:11 | New Linux malware uses 30 plugin exploits to backdoor WordPress sites (lien direct) | A previously unknown Linux malware has been exploiting 30 vulnerabilities in multiple outdated WordPress plugins and themes to inject malicious JavaScript. [...] | Malware | ★★★ | |
 |
2022-12-29 16:30:00 | Anomali Cyber Watch: Zerobot Added New Exploits and DDoS Methods, Gamaredon Group Bypasses DNS, ProxyNotShell Exploited Prior to DLL Side-Loading Attacks, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Botnet, Bypassing DNS, DDoS, Infostealers, Layoffs, Spearphishing, Supply chain, and Zero-day vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
New RisePro Stealer Distributed by the Prominent PrivateLoader
(published: December 22, 2022)
RisePro is a new commodity infostealer that is being sold and supported by Telegram channels. Log credentials derived from RisePro are for sale on illicit markets since December 13, 2022. RisePro targets password stores and particular file patterns to extract cookies, credit card information, cryptocurrency wallets, installed software credentials, and passwords. RisePro was delivered by PrivateLoader and these two malware families have significant code similarity. It also shares similarity with the Vidar stealer in a way that both use dropped DLL dependencies.
Analyst Comment: Infostealers are a continually rising threat for organizations especially with hybrid workers utilizing their own and other non-corporate devices to access cloud based resources and applications. Information from these sessions, useful to attackers, can be harvested unknown to the worker or end organization. In addition, the rise of threat actor reliance on potent commodity malware is one of the trends that Anomali analysts observe going into 2023 (see Predictions below). Network defenders are advised to block known PrivateLoader and RisePro indicators (available on the Anomali platform).
MITRE ATT&CK: [MITRE ATT&CK] T1213 - Data From Information Repositories | [MITRE ATT&CK] T1113 - Screen Capture | [MITRE ATT&CK] T1555.004 - Credentials from Password Stores: Windows Credential Manager | [MITRE ATT&CK] T1140 - Deobfuscate/Decode Files Or Information | [MITRE ATT&CK] T1222: File and Directory Permissions Modification | [MITRE ATT&CK] T1027 - Obfuscated Files Or Information | [MITRE ATT&CK] T1027.005 - Obfuscated Files or Information: Indicator Removal From Tools | [MITRE ATT&CK] T1087 - Account Discovery | [MITRE ATT&CK] T1083 - File And Directory Discovery | [MITRE ATT&CK] T1057 - Process Discovery | [MITRE ATT&CK] T1012: Query Registry | [MITRE ATT&CK] T1518 - Software Discovery | [MITRE ATT&CK] Picus: The System Information Discovery Technique Explained - MITRE ATT&CK T1082 | |
Malware Tool Threat | ★★ | |
|
2022-12-29 11:56:34 | Malware increasingly spread through Google Ads exploits (lien direct) | More threat actors have been distributing malware through fraudulent websites of widely used software products that are being promoted by exploiting the Google Ads platform, according to BleepingComputer. | Malware Threat | ★★ | |
|
2022-12-28 14:12:16 | Hackers abuse Google Ads to spread malware in legit software (lien direct) | Malware operators have been increasingly abusing the Google Ads platform to spread malware to unsuspecting users searching for popular software products. [...] | Malware | ★★★ | |
|
2022-12-28 12:42:00 | APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector (lien direct) | Microsoft's decision to block Visual Basic for Applications (VBA) macros by default for Office files downloaded from the internet has led many threat actors to improvise their attack chains in recent months. Now according to Cisco Talos, advanced persistent threat (APT) actors and commodity malware families alike are increasingly using Excel add-in (.XLL) files as an initial intrusion vector. | Malware Threat | ★ | |
|
2022-12-27 23:35:42 | Types of Recent .NET Packers and Their Distribution Trends in Korea (lien direct) | 0. Overview This post is a summary of the TI report, ‘Report on the Trends and Types of Recent .NET Packers.’ Please refer to the report in the hyperlink for more details on the topic. Recently, packers made with .NET are being found in various places both in and outside Korea. Thus, the ASEC analysis team aims to introduce the five most commonly distributed .NET packers and their distribution trends in Korea. We will overview the types of malware distributed... | Malware | ★★★★ | |
 |
2022-12-27 17:13:27 | 4 Mac Malware Finds in 2022 (lien direct) | >Mac malware in 2022: An overview of four important macOS malware variants found in 2022 and tips on staying safe. | Malware | ★★★ | |
 |
2022-12-27 14:20:16 | (Déjà vu) QBot Malware Attacks Use SVG files to Perform HTML Smuggling (lien direct) |
|
Malware | ★ | |
|
2022-12-27 13:35:58 | (Déjà vu) RisePro info-stealer distributed through PrivateLoader PPI service (lien direct) | New information-stealing malware RisePro is being distributed using the PrivateLoader pay-per-install malware downloader service | Malware | ★ | |
|
2022-12-27 13:34:53 | Security system bypass techniques added to GuLoader malware downloader (lien direct) | Advanced malware downloader GuLoader, also known as CloudEyE, was discovered by CrowdStrike researchers to be leveraging new techniques for bypassing security software. | Malware | ★★★ | |
 |
2022-12-27 08:00:26 | BlueNoroff introduces new methods bypassing MoTW (lien direct) | We continue to track the BlueNoroff group's activities and this October we observed the adoption of new malware strains in its arsenal. | Malware | ★★ | |
|
2022-12-26 17:57:00 | GuLoader Malware Utilizing New Techniques to Evade Security Software (lien direct) | Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called GuLoader to evade security software. "New shellcode anti-analysis technique attempts to thwart researchers and hostile environments by scanning entire process memory for any virtual machine (VM)-related strings," CrowdStrike researchers Sarang Sonawane and Donato Onofri said in a | Malware | ★★★ | |
|
2022-12-26 17:42:00 | PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware (lien direct) | The pay-per-install (PPI) malware downloader service known as PrivateLoader is being used to distribute a previously documented information-stealing malware dubbed RisePro. Flashpoint spotted the newly identified stealer on December 13, 2022, after it discovered "several sets of logs" exfiltrated using the malware on an illicit cybercrime marketplace called Russian Market. A C++-based malware, | Malware | ★★ | |
|
2022-12-26 04:51:42 | (Déjà vu) ASEC Weekly Malware Statistics (December 12th, 2022 – December 18th, 2022) (lien direct) | The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 12th, 2022 (Monday) to December 18th, 2022 (Sunday). For the main category, downloader ranked top with 61.9%, followed by Infostealer with 24.7%, backdoor with 12.5%, and ransomware with 0.9%. Top 1 – SmokeLoader SmokeLoader is an Infostealer/downloader malware that is distributed via exploit kits. This week, it ranked first place with 28.9%. Like... | Ransomware Malware | ★★ | |
|
2022-12-26 04:08:49 | Caution! Malware Signed With Microsoft Certificate (lien direct) | Microsoft announced details on the distribution of malware signed with a Microsoft certificate.[1] According to the announcement, a driver authenticated with the Windows Hardware Developer Program had been abused due to the leakage of multiple Windows developer accounts. To prevent damage, Microsoft blocked the related accounts and applied a security update (Microsoft Defender 1.377.987.0 or later). To prevent security risks, Windows only allows the loading of kernel mode drivers that are signed. If a driver is not signed, it cannot... | Malware | ★★★ | |
|
2022-12-24 18:21:00 | W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names (lien direct) | Threat actors have published yet another round of malicious packages to Python Package Index (PyPI) with the goal of delivering information-stealing malware on compromised developer machines. Interestingly, while the malware goes by a variety of names like ANGEL Stealer, Celestial Stealer, Fade Stealer, Leaf $tealer, PURE Stealer, Satan Stealer, and @skid Stealer, cybersecurity company Phylum | Malware Threat | ★★★ | |
|
2022-12-24 10:08:16 | New info-stealer malware infects software pirates via fake cracks sites (lien direct) | A new information-stealing malware named 'RisePro' is being distributed through fake cracks sites operated by the PrivateLoader pay-per-install (PPI) malware distribution service. [...] | Malware | ★★ | |
 |
2022-12-23 00:00:00 | IcedID Botnet Distributors Abuse Google PPC to Distribute Malware (lien direct) | We analyze the latest changes in IcedID botnet from a campaign that abuses Google pay per click (PPC) ads to distribute IcedID via malvertising attacks. | Malware | ★★★ | |
 |
2022-12-22 18:34:52 | Zerobot malware now shooting for Apache systems (lien direct) | Upgraded threat, time to patch The Zerobot botnet, first detected earlier this month, is expanding the types of Internet of Things (IoT) devices it can compromise by going after Apache systems.… | Malware | ★★★ | |
 |
2022-12-22 18:25:13 | Cisco Talos report: Threat actors use known Excel vulnerability (lien direct) | >The use of .XLL Excel files by threat actors to infect computers with malware is growing fast. Learn more about this relatively new technique and how to protect from it. | Malware Vulnerability Threat | ★ | |
 |
2022-12-22 15:43:07 | Intelligence Insights: December 2022 (lien direct) | The ghost of malware past, Yellow Cockatoo, returns from hiatus while Gootloader unwraps new TTPs in this month's Intelligence Insights | Malware | ★★★ | |
|
2022-12-22 14:44:21 | New Polymorphic Wiper Malware Leaves Attacked Environments “Unrecoverable” (lien direct) |
|
Malware | ★★ | |
|
2022-12-22 14:03:30 | Brazilian Bank Users Are the Target of a New BrasDex Malware (lien direct) | Cybercriminals have recently launched a new Android trojan called BrasDex that targets Brazilian bank users. This trojan is part of a more extensive, ongoing multi-platform campaign that has been attributed to the threat players behind the Windows banking malware Casbaneiro. Dutch security firm ThreatFabric published a report last week stating that BrasDex has “a very […] | Malware Threat | ★★ | |
 |
2022-12-22 13:00:50 | (Déjà vu) Black Hat Europe 2022 NOC: When planning meets execution (lien direct) | Cisco is a Premium Partner of the Black Hat NOC, and is the Official Wired & Wireless Network Equipment, Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider. | Malware | ★★★ | |
|
2022-12-22 13:00:22 | (Déjà vu) Black Hat Europe 2022 NOC: The SOC Inside the NOC (lien direct) | Cisco is a Premium Partner of the Black Hat NOC, and is the Official Wired & Wireless Network Equipment, Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider. | Malware | ★★★ | |
 |
2022-12-22 12:37:00 | Trying to Steal Christmas (Again!) (lien direct) | FortiGuard Labs discovered some holiday-themed phishing examples that exploit excitement and interest in the holidays created by an AgentTesla affiliate. Read our blog to learn more about how malware operators are attempting to maximize the holiday to compromise the systems of users. | Malware | ★★ | |
 |
2022-12-22 10:15:05 | Ce malware Android a un plan implacable pour ruiner ses victimes (lien direct) |  Un redoutable malware s'attaque aux smartphones Android. Inspiré du tristement célèbre " Anubis ", le virus est conçu pour siphonner les économies des utilisateurs. Il vise plus de 400 applications bancaires et de cryptomonnaies. |
Malware | ★★ | |
|
2022-12-22 09:00:00 | Researchers Develop AI-powered Malware Classification for 5G-enabled IIoT (lien direct) | A team of researchers came up with an ingenuous method leveraging AI to detect and classify malware in IIoT devices | Malware | ★★★ | |
|
2022-12-22 02:20:36 | Godfather malware makes banking apps an offer they can\'t refuse (lien direct) | No horse heads in beds...that we know of Crooks are using an Android banking Trojan dubbed Godfather to steal from banking and cryptocurrency exchange app users in 16 countries, according to Group-IB security researchers… | Malware | ★★★ | |
|
2022-12-22 01:22:41 | Qakbot Being Distributed via Virtual Disk Files (*.vhd) (lien direct) | There’s been a recent increase in the distribution of malware using disk image files. Out of these, the Qakbot malware has been distributed in ISO and IMG file formats, and the ASEC analysis team discovered that it has recently changed its distribution to the use of VHD files. Such use of disk image files (IMG, ISO, VHD) is seen to be Qakbot’s method of bypassing Mark of the Web (MOTW). Disk image files can bypass the MOTW feature because when the files inside... | Malware | ★★★★ | |
|
2022-12-22 01:16:00 | Vidar Stealer Exploiting Various Platforms (lien direct) | Vidar Malware is one of the active Infostealers, and its distribution has been significantly increasing. Its characteristics include the use of famous platforms such as Telegram and Mastodon as an intermediary C2. The link below is a post about a case where malicious behaviors were performed using Mastodon. Even afterward, Vidar saw continuous version updates while actively being distributed. In the recent samples in circulation, various other platforms such as Steam and TikTok were used aside from Telegram and Mastodon.... | Malware | ★★★ | |
|
2022-12-22 01:03:21 | Nitol DDoS Malware Installing Amadey Bot (lien direct) | The ASEC analysis team recently discovered that a threat actor has been using Nitol DDoS Bot to install Amadey. Amadey is a downloader that has been in circulation since 2018, and besides extorting user credentials, it can also be used for the purpose of installing additional malware. Amadey is being actively distributed again this year, and even until very recently, it has been propagating itself on websites disguised as cracks and keygens for normal software and installing other malware on... | Malware Threat | ★★★ | |
 |
2022-12-22 00:00:00 | Le rapport Threat Lab de WatchGuard révèle que la principale menace emprunte exclusivement des connexions chiffrées (lien direct) | Paris, le 4 janvier 2023 – WatchGuard® Technologies, leader mondial de la cybersécurité unifiée, publie son dernier Rapport trimestriel sur la sécurité Internet, qui présente les grandes tendances en matière de malwares et de menaces pour la sécurité des réseaux et des endpoints analysées par les chercheurs du Threat Lab de WatchGuard au 3ème trimestre 2022. Ses conclusions clés révèlent notamment que la principale menace du trimestre en matière de logiciels malveillants a été détectée exclusivement via des connexions chiffrées, que les attaques ICS conservent leur popularité, que le logiciel malveillant LemonDuck évolue au-delà du cryptominage, et qu'un moteur de triche Minecraft diffuse une charge utile malveillante. " Nous ne saurions trop insister sur l'importance d'activer l'inspection HTTPS, même si elle nécessite quelques réglages et exceptions pour fonctionner correctement. La majorité des logiciels malveillants utilisent le protocole chiffré HTTPS, et ces menaces ne sont pas détectées en l'absence d'inspection ", a déclaré Corey Nachreiner, Chief Security Officer chez WatchGuard Technologies. " À juste titre, les plus grands objets de convoitise des cybercriminels, comme les serveurs Exchange ou les systèmes de gestion SCADA, méritent également un maximum d'attention. Lorsqu'un correctif est disponible, il est important de procéder immédiatement à la mise à jour, car les cybercriminels finiront par tirer profit de toute organisation qui n'a pas encore mis en œuvre le dernier correctif. " Le rapport sur la sécurité Internet du 3ème trimestre contient d'autres résultats clés, notamment : La grande majorité des logiciels malveillants empruntent des connexions chiffrées – Bien qu'il soit arrivé 3ème dans la liste classique des 10 principaux malwares du 3ème trimestre, Agent.IIQ a pris la tête de la liste des logiciels malveillants chiffrés pour cette même période. De fait, en regardant les détections de ce malware sur ces deux listes, il apparaît que toutes les détections d'Agent.IIQ proviennent de connexions chiffrées. Au 3ème trimestre, si une appliance Firebox inspectait le trafic chiffré, 82 % des logiciels malveillants détectés passaient par une connexion chiffrée, ce qui correspond à seulement 18 % de détections sans chiffrement. Si le trafic chiffré n'est pas inspecté sur Firebox, il est très probable que ce ratio moyen s'applique et que l'entreprise passe à côté d'une énorme partie des logiciels malveillants. Les systèmes ICS et SCADA restent les cibles d'attaques les plus courantes – Ce trimestre, une attaque de type injection SQL ayant touché plusieurs fournisseurs a fait son apparition dans la liste des dix principales attaques réseau. Advantech fait partie des entreprises concernées. Son portail WebAccess est utilisé pour les systèmes SCADA dans une variété d'infrastructures critiques. Un autre exploit sérieux au 3ème trimestre, également classé parmi les cinq principales attaques réseau en termes de volume, a visé les versions 1.2.1 et antérieures du logiciel U.motion Builder de Schneider Electric. Un rappel brutal du fait que les cybercriminels ne se contentent pas d'attendre tranquillement la prochaine opportunité, mais qu'ils cherchent activement à compromettre les systèmes chaque fois que cela est possible. Les vulnérabilités des serveurs Exchange continuent de poser des risques – La C | Ransomware Malware Tool Threat | APT 3 | ★★★ |
|
2022-12-21 17:04:56 | Fake payload deployed by Raspberry Robin in new attacks (lien direct) | New Raspberry Robin malware attacks against government systems and telecommunication service providers involved the delivery of a fake payload aimed at bypassing detection and confusing researchers, according to BleepingComputer. | Malware | ★★ | |
|
2022-12-21 17:03:42 | More cybercriminals leveraging RisePro info-stealing malware (lien direct) | More than 2,000 logs have been noted by the cybercrime market Russian Market to have been stolen using the new RisePro information stealer, indicating its rising popularity among threat actors, SecurityWeek reports. | Malware Threat | ★★ |
To see everything:
Our RSS (filtrered)
