What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-07-19 14:00:00 | Protecting Against Kubernetes-Borne Ransomware (lien direct) | The conventional wisdom that virtual container environments were somehow immune from malware and hackers has been upended. | Ransomware Malware | Uber | |
 |
2022-07-19 13:20:21 | Ongoing \'Roaming Mantis\' Smishing Campaign Hits Over 70,000 Users in France (lien direct) | A Chinese threat actor named Roaming Mantis has been targeting Android users in France with the MoqHao malware in a new smishing campaign, security researchers with Sekoia warn. | Malware Threat | ||
 |
2022-07-19 13:06:41 | Google catches Turla hackers deploying Android malware in Ukraine (lien direct) | Google's Threat Analysis Group (TAG), whose primary goal is to defend Google users from state-sponsored attacks, said today that Russian-backed threat groups are still focusing their attacks on Ukrainian organizations. [...] | Malware Threat | ||
 |
2022-07-19 10:41:52 | (Déjà vu) More Malicious Malware Found in Google Play Store Apps (lien direct) | Google has taken steps to axe dozens of malicious apps from the official Play Store that were spotted propagating Facestealer, Joker, and Coper malware families through the virtual marketplace. Bad actors have repeatedly found ways to sneak past security barriers put up by Google in hopes of luring unsuspecting users into downloading the fraudulent apps. […] | Malware | ||
 |
2022-07-19 10:00:00 | What roles do humans play in cyber breaches (lien direct) | This blog was written by an independent guest blogger. Data is the most valuable asset of any organization, and most employees have access to secure business data. This makes them the first line of defense against combating a cyber-attack. However, hackers target vulnerable employees with insecure devices and sophisticated techniques to access the company's network and compromise valuable data. Human error enables a vast majority of cybersecurity problems. Many employees are already aware of the dangers that their mistakes can pose. A study found that nearly 88% of all data breaches result from employee mistakes. In addition, 60% of cybersecurity professionals accepted that their staff is the weakest link in IT security. It is high time for organizations and employees to take measures to reduce the attack surface and ensure a robust cybersecurity culture. Why humans are the weakest link in any organization? The cybersecurity threat landscape is becoming complex and threatening even with practicing strict cybersecurity regulations and using emerging technologies. Against this growing threat landscape, 57% of businesses assume that their IT security team might become compromised, and the most significant threat against the cyber-attacks is their employees. Humans are the weakest link in any business organization and continue to drive data breaches. The Verizon Data Breach Incident Report 2022 finds that 82% of cyber breaches involved the human element. By human element, it is meant that a breach can occur because of clicking on a link in a phishing email, reusing the same old passwords, or using the internet without hiding their IP. For example, a notable venture capital firm, Sequoia Capital, got hacked in February 2021. The hacking incident occurred because employees fell victim to a phishing attack that exposed its investors' personal and financial information to third parties. Besides this, there are a few other reasons that make employees vulnerable: Inadequate software security Employees tend to be careless when they perform the same task regularly. It turns their work into something that focuses more on efficiency than carefulness. As a result, they start neglecting to follow proper security procedures and practices and often compromise the cybersecurity of the entire organization. They even neglect updates because they consume more time or the pop-ups are inconvenient, leaving software vulnerable to cyber-attacks. Moreover, some employees continue to use legacy software with known vulnerabilities. They typically use such software because they’re used to it - not because it has exclusive features. In addition, employees sometimes disable security update options because they think it hinders their work. Such actions compromise the entire security of the organization. Low security awareness Hackers easily install malware, spyware, or ransomware through vulnerable or careless employees. Most employees have low security awareness about the evolving cyber threats and attacks that expose them to malicious actors to access the company's data. Employees even use or download unauthor | Data Breach Malware Threat Guideline | ||
 |
2022-07-19 09:30:44 | I see what you did there: A look at the CloudMensis macOS spyware (lien direct) | Previously unknown macOS malware uses cloud storage as its C&C channel and to exfiltrate documents, keystrokes, and screen captures from compromised Macs | Malware | ||
 |
2022-07-19 08:44:47 | Several apps on the Play Store used to spread Joker, Facestealer and Coper malware (lien direct) | >Google blocked dozens of malicious apps from the official Play Store that were spreading Joker, Facestealer, and Coper malware families. Google has removed dozens of malicious apps from the official Play Store that were distributing Joker, Facestealer, and Coper malware families. Researchers from security firms Pradeo discovered multiple apps spreading the Joker Android malware. The […] | Malware | ||
|
2022-07-19 05:30:00 | New CloudMensis malware backdoors Macs to steal victims\' data (lien direct) | Unknown threat actors are using previously undetected malware to backdoor macOS devices and exfiltrate information in a highly targeted series of attacks. [...] | Malware Threat | ||
 |
2022-07-18 23:58:55 | Several New Play Store Apps Spotted Distributing Joker, Facestealer and Coper Malware (lien direct) | Google has taken steps to ax dozens of fraudulent apps from the official Play Store that were spotted propagating Joker, Facestealer, and Coper malware families through the virtual marketplace. While the Android storefront is considered to be a trusted source for discovering and installing apps, bad actors have repeatedly found ways to sneak past security barriers erected by Google in hopes of | Malware | ||
|
2022-07-18 22:32:02 | Trojanized Password Crackers Targeting Industrial Systems (lien direct) | Tools purporting to help organizations recover lost passwords for PLCs are really droppers for malware targeting industrial control systems, vendor says. | Malware | ||
 |
2022-07-18 19:12:53 | Botnet malware disguises itself as password cracker for industrial controllers (lien direct) | Can't get into that machine? No problem, just trust this completely sketchy looking tool Industrial engineers and operators are being lured into running backdoor malware disguised as tools for recovering access to work systems.… | Malware | ||
|
2022-07-18 12:10:24 | PLC and HMI Password Cracking Tools Deliver Malware (lien direct) | Tools advertised as being capable of cracking passwords for HMIs, PLCs and other industrial products have been found to exploit a zero-day vulnerability, and threat actors are using these tools to deliver malware. | Malware Threat | ||
 |
2022-07-18 05:38:13 | Adding Your Own Keywords To My PDF Tools, (Mon, Jul 18th) (lien direct) | On some rare occasions, when Xavier Mertens teaches "FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques", he will DM me during class with a very specific question from a student. | Malware | ||
 |
2022-07-18 03:00:00 | The State of Security: Malware in 2022 (lien direct) | >Among the many challenges businesses contend with in the global marketplace today, the 11th Allianz Risk Barometer 2022 ranks cybersecurity threats as the most important business risk. This proves beyond any doubt that enterprises are experiencing increasing threats and full-on attacks to their information technology systems. To safeguard their network systems and entire security architecture, […]… Read More | Malware | ||
|
2022-07-16 14:34:10 | North Koreans spotted harassing SMBs with malware (lien direct) | Also: Lawyers told to dissuade clients from paying off ransomware crooks, and more In brief SMBs, beware: Microsoft said this week it has discovered a North Korean crew targeting small businesses with ransomware since September of last year.… | Ransomware Malware | ||
 |
2022-07-16 12:44:45 | New Android Malware Installed More Than 3 Million Times From Google Play (lien direct) | >A security researcher discovered a new family of Android malware on the Google Play Store that secretly signed up subscribers to premium services, according to a report from Bleeping Computer. The new Android malware, dubbed Autolycos, was discovered by Maxime Ingrao, a security researcher at cybersecurity company Evina. The malware, which was first identified by […] | Malware | ||
|
2022-07-16 10:11:12 | (Déjà vu) Elastix VoIP systems hacked in massive campaign to install PHP web shells (lien direct) | Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months. [...] | Malware Threat | ||
|
2022-07-16 10:11:12 | Massive campaign hits Elastix VoIP systems with 500,000 unique malware samples (lien direct) | Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months. [...] | Malware Threat | ||
 |
2022-07-16 00:00:26 | Hackers are targeting industrial systems with malware (lien direct) | An entire ecosystem of sketchy software is targeting potentially critical infrastructure. | Malware | ||
|
2022-07-15 22:33:16 | Hackers Targeting VoIP Servers By Exploiting Digium Phone Software (lien direct) | VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system," Palo | Malware | ||
|
2022-07-15 15:16:44 | Sandworm APT Trolls Researchers on Its Trail as It Targets Ukraine (lien direct) | Researchers who helped thwart the Russian nation-state group's recent attack on Ukraine's power supply will disclose at Black Hat USA what they found while reverse-engineering the powerful Industroyer2 malware used by the powerful hacking team. | Malware | ||
 |
2022-07-15 15:08:00 | North Korean Threat Actor Targeting SME Businesses with Ransomware (lien direct) | The group, going by the name H0lyGh0st, has been developing and conducting cross-national malware attacks for over a year | Ransomware Malware Threat | ||
|
2022-07-15 13:46:43 | Password recovery tool infects industrial systems with Sality malware (lien direct) | A threat actor is infecting industrial control systems (ICS) to create a botnet through password "cracking" software for programmable logic controllers (PLCs). [...] | Malware Tool Threat | ||
 |
2022-07-14 15:03:32 | New variant of Android SpyJoker malware removed from Play Store after 3 million+ installs (lien direct) | A researcher found eight malware-laden apps in the Play Store which have been downloaded over 3 million times. | Malware | ||
 |
2022-07-14 13:41:53 | À l'intérieur des applications Windows malveillantes pour le déploiement de logiciels malveillants Inside Malicious Windows Apps for Malware Deployment (lien direct) |
Découvrez comment les acteurs de la menace manipulent Windows pour installer des applications malveillantes qui sont fiables par le système et comment se défendre contre eux.
Learn how threat actors manipulate Windows to install malicious apps that are trusted by the system, and how to defend against them. |
Malware Threat Technical | ★★★ | |
 |
2022-07-14 13:00:00 | The Trojan Horse Malware & Password “Cracking” Ecosystem Targeting Industrial Operators (lien direct) | >The internet brings endless possibilities for scammers and cyber criminals to make money illegitimately. The usual suspects – ransomware, business... The post The Trojan Horse Malware & Password “Cracking” Ecosystem Targeting Industrial Operators first appeared on Dragos. | Malware | ||
|
2022-07-14 04:29:54 | State-Backed Hackers Targeting Journalists in Widespread Espionage Campaigns (lien direct) | Nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware as part of a series of campaigns since early 2021. "Most commonly, phishing attacks targeting journalists are used for espionage or to gain key insights into the inner workings of another government, company, or other area of state-designated | Malware | ||
|
2022-07-14 01:15:16 | Pakistani Hackers Targeting Indian Students in Latest Malware Campaign (lien direct) | The advanced persistent threat (APT) group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021. "This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users," Cisco Talos said in a report shared with The Hacker News. | Malware Threat | APT 36 | |
|
2022-07-13 18:29:04 | Qakbot operations continue to evolve to avoid detection (lien direct) | >Experts warn that operators behind the Qakbot malware operation are improving their attack chain in an attempt to avoid detection. Qakbot, also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware spreads via malspam campaigns, it inserts replies in active email threads. The threat continues to […] | Malware Threat | ||
|
2022-07-13 11:00:33 | New Android malware on Google Play installed 3 million times (lien direct) | A new Android malware family on the Google Play Store that secretly subscribes users to premium services was downloaded over 3,000,000 times. [...] | Malware | ||
 |
2022-07-13 11:00:06 | A Hit is made: Suspected India-based Sidewinder APT successfully cyber attacks Pakistan military focused targets (lien direct) | >Check Point Research (CPR) reported evidence suggesting that Pakistan Air Force's Headquarters was a victim of a successful attack conducted by Sidewinder, a suspected India-based APT group. During May 2022, several malware samples and two encrypted files, related to the attack were uploaded to Virus Total. After decrypting the encrypted files, CPR saw that one… | Malware | APT-C-17 | |
|
2022-07-13 00:51:34 | Researchers Uncover New Variants of the ChromeLoader Browser Hijacking Malware (lien direct) | Cybersecurity researchers have uncovered new variants of the ChromeLoader information-stealing malware, highlighting its evolving feature set in a short span of time. Primarily used for hijacking victims' browser searches and presenting advertisements, ChromeLoader came to light in January 2022 and has been distributed in the form of ISO or DMG file downloads advertised via QR codes on Twitter | Malware | ||
|
2022-07-12 22:04:21 | Researchers Uncover New Attempts by Qakbot Malware to Evade Detection (lien direct) | The operators behind the Qakbot malware are transforming their delivery vectors in an attempt to sidestep detection. "Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel (XLM) 4.0 to trick victims into downloading malicious attachments that install Qakbot," Zscaler Threatlabz | Malware Threat | ||
|
2022-07-12 11:00:05 | June 2022\'s Most Wanted Malware: New Banking, MaliBot, Poses Danger for Users of Mobile Banking (lien direct) | >Check Point Research reports on new Android banking malware, MaliBot. Emotet, with new variant, is still the most prevalent malware while Snake Keylogger climbs from eighth place to third. Our latest Global Threat Index for June 2022 reveals new Android banking, MaliBot, has taken third place in the most prevalent mobile malwares after it emerged… | Malware Threat | ||
 |
2022-07-12 10:42:25 | Classement mensuel Top Malware Check Point (lien direct) | Check Point Research (CPR), la branche de renseignement sur les menaces de Check Point® Software Technologies Ltd. publie son Classement des menaces pour le mois de juin 2022. Au niveau global, CPR signale l'apparition d'un nouveau logiciel malveillant bancaire Android, baptisé MaliBot. Il voit le jour après le démantèlement de FluBot à la fin du mois de mai. Ce mois-ci également, le célèbre logiciel malveillant Emotet reste le plus répandu. Les chercheurs ont également signalé un nouveau variant (...) - Malwares | Malware | ||
 |
2022-07-12 09:14:00 | MaliBot Android malware spreading fast, says Check Point (lien direct) | Pas de details / No more details | Malware | ||
 |
2022-07-11 23:47:10 | GuLoader Disguised as Estimate Requests Being Distributed via Phishing Email (lien direct) | GuLoader has ranked again in Top 5 malware keywords of ASEC Weekly Malware Statistics for the first time in two years. It is a downloader malware that can download additional malware, and got its name as Google Drive is frequently used as its download URL. The ASEC analysis team has discovered that this type of malware took the most portion among Downloader malware types that were distributed during the 2nd quarter of this year (see figure below). Recently discovered case... | Malware | ||
 |
2022-07-11 22:59:00 | Anomali Cyber Watch: Brute Ratel C4 Framework Abused to Avoid Detection, OrBit Kernel Malware Patches Linux Loader, Hive Ransomware Gets Rewritten, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China, Cyberespionage, India, Malspam, Ransomware, Russia, Spearhishing, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Targets of Interest | Russian Organizations Increasingly Under Attack By Chinese APTs
(published: July 7, 2022)
SentinelLabs researchers detected yet another China-sponsored threat group targeting Russia with a cyberespionage campaign. The attacks start with a spearphishing email containing Microsoft Office maldocs built with the Royal Road malicious document builder. These maldocs were dropping the Bisonal backdoor remote access trojan (RAT). Besides targeted Russian organizations, the same attackers continue targeting other countries such as Pakistan. This China-sponsored activity is attributed with medium confidence to Tonto Team (CactusPete, Earth Akhlut).
Analyst Comment: Defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) is the best way to ensure safety from advanced persistent threats (APTs), including a focus on both network and host-based security. Prevention and detection capabilities should also be in place. Furthermore, all employees should be educated on the risks of spearphishing and how to identify such attempts.
MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Exploitation for Client Execution - T1203
Tags: China, source-country:CN, Russia, target-country:RU, Ukraine, Pakistan, target-country:PK, Bisonal RAT, Tonto Team, APT, CactusPete, Earth Akhlut, Royal Road, 8.t builder, CVE-2018-0798
OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow
(published: July 6, 2022)
Intezer researchers describe a new Linux malware dubbed OrBit, that was fully undetected at the time of the discovery. This malware hooks functions and adds itself to all running processes, but it doesn’t use LD_PRELOAD as previously described Linux threats. Instead it achieves persistence by adding the path to the malware into the /etc/ld.so.preload and by patching the binary of the loader itself so it will load the malicious shared object. OrBit establishes an SSH connection, then stages and infiltrates stolen credentials. It avoids detection by multiple functions that show running processes or network connections, as it hooks these functions and filters their output.
Analyst Comment: Defenders are advised to use network telemetry to detect anomalous SSH traffic associated with OrBit exfiltration attempts. Consider network segmentation, storing sensitive data offline, and deploying security solutions as statically linked executables.
MITRE ATT&CK: [MITRE ATT&CK] Hijack Execution Flow - T1574 | [MITRE ATT&CK] Hide Artifacts - T1564 | |
Ransomware Malware Tool Vulnerability Threat Patching | APT 29 | |
|
2022-07-11 12:07:04 | \'Raspberry Robin\' Windows Worm Abuses QNAP Devices (lien direct) | A recently discovered Windows worm is abusing compromised QNAP network-attached storage (NAS) devices as stagers to spread to new systems, according to Cybereason. Dubbed Raspberry Robin, the malware was initially spotted in September 2021, spreading mainly via removable devices, such as USB drives. | Malware | ||
|
2022-07-11 00:47:31 | Meterpreter Distributed to Vulnerable Server of Korean Medical Institution (lien direct) | While monitoring malware strains distributed to vulnerable servers, the ASEC analysis team discovered an attack case for PACS (Picture Archiving and Communication System) server used by Korean medical institutions. PACS is a system for digitally managing and transferring medical images of patients, which is used to check and interpret the images without being restrained by time and space. This system is thus used by many hospitals. As there are multiple PACS vendors, each medical institution may use different PACS systems.... | Malware | ||
|
2022-07-11 00:36:11 | AppleSeed Disguised as Purchase Order and Request Form Being Distributed (lien direct) | The ASEC analysis team has recently discovered the distribution of AppleSeed disguised as purchase orders and request forms. AppleSeed is a backdoor malware mainly used by the Kimsuky group. It stays in the system and performs malicious behaviors by receiving commands from attackers. The malware is currently being distributed under the following filenames. Purchase order-**-2022****-001-National Tax Service additionally implementing security sensors in 5 regional tax offices_***.jse Request form(general manager ***).jse The JSE (JScript Encoded File) file consists of JavaScript, and... | Malware | ||
|
2022-07-09 10:04:58 | Ongoing Raspberry Robin campaign leverages compromised QNAP devices (lien direct) | >Cybereason researchers are warning of a wave of attacks spreading the wormable Windows malware Raspberry Robin. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL. The malware uses […] | Malware | ||
|
2022-07-09 00:49:23 | Hackers Exploiting Follina Bug to Deploy Rozena Backdoor (lien direct) | A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor on Windows systems. "Rozena is a backdoor malware that is capable of injecting a remote shell connection back to the attacker's machine," Fortinet FortiGuard Labs researcher Cara Lin said in a report this week. Tracked as CVE-2022-30190, the | Malware Vulnerability | ||
 |
2022-07-08 21:42:25 | Callback Malware Campaigns Impersonate CrowdStrike and Other Cybersecurity Companies (lien direct) | Today CrowdStrike sent the following Tech Alert to our customers: On July 8, 2022, CrowdStrike Intelligence identified a callback phishing campaign impersonating prominent cybersecurity companies, including CrowdStrike. The phishing email implies the recipient's company has been breached and insists the victim call the included phone number. This campaign leverages similar social-engineering tactics to those employed […] | Malware | ||
 |
2022-07-08 14:45:47 | Sneaky Orbit Malware Backdoors Linux Devices (lien direct) | The novel threat steals data and can affect all processes running on the OS, stealing information from different commands and utilities and then storing it on the affected machine. | Malware Threat | ||
 |
2022-07-08 13:08:00 | Feds wave red flag over Maui ransomware (lien direct) | A cybersecurity advisory about the ransomware known as Maui has been issued by the FBI, CISA and U.S. Treasury Department. The agencies assert that North Korean state-sponsored cyber actors have used the malware since at least May 2021 to target healthcare and public health sector organizations.The FBI surmises that the threat actors are targeting healthcare organizations because those entities are critical to human life and health, so they're more likely to pay ransoms rather than risk disruption to their services. For that reason, the FBI and other agencies issuing the advisory maintain the state-sponsored actors will continue to target healthcare organizations.To read this article in full, please click here | Ransomware Malware Threat | ||
|
2022-07-08 10:53:03 | Researchers Warn of Raspberry Robin\'s Worm Targeting Windows Users (lien direct) | Cybersecurity researchers are drawing attention to an ongoing wave of attacks linked to a threat cluster tracked as Raspberry Robin that's behind a Windows malware with worm-like capabilities. Describing it as a "persistent" and "spreading" threat, Cybereason said it observed a number of victims in Europe. The infections involve a worm that propagates over removable USB devices containing | Malware Threat | ||
|
2022-07-08 10:25:18 | Russian Cybercrime Trickbot Group is systematically attacking Ukraine (lien direct) | >The operators behind the TrickBot malware are systematically targeting Ukraine since the beginning of the war in February 2022. IBM researchers collected evidence indicating that the Russia-based cybercriminal Trickbot group (aka Wizard Spider, DEV-0193, ITG23) has been systematically attacking Ukraine since the beginning of the Russian invasion of the country. Since February, the Conti ransomware […] | Ransomware Malware | ||
|
2022-07-08 02:50:19 | Experts Uncover 350 Browser Extension Variants Used in ABCsoup Adware Campaign (lien direct) | A malicious browser extension with 350 variants is masquerading as a Google Translate add-on as part of an adware campaign targeting Russian users of Google Chrome, Opera, and Mozilla Firefox browsers. Mobile security firm Zimperium dubbed the malware family ABCsoup, stating the "extensions are installed onto a victim's machine via a Windows-based executable, bypassing most endpoint security | Malware | ||
|
2022-07-07 21:24:24 | Un groupe APT utilise la porte dérobée ShadowPad et la vulnérabilité de Microsoft Exchange pour attaquer des entreprises via des systèmes d\'automatisation des bâtiments (lien direct) | Mi-octobre 2021, l'équipe ICS CERT de Kaspersky a découvert un nouvel acteur malveillant sinophone ciblant les organisations de transport, de production, et de télécommunications dans plusieurs pays d'Asie. Pendant les attaques initiales, le groupe a exploité la vulnérabilité de MS Exchange pour déployer le malware ShadowPad et a infiltré les systèmes d'automatisation du bâtiment de l'une des victimes. Un système d'automatisation du bâtiment (BAS) connecte toutes les fonctions présentes à l'intérieur du (...) - Malwares | Malware |
To see everything:
Our RSS (filtrered)
