What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-06 14:36:51 | New ATM Malware \'FiXS\' Emerges (lien direct) | Metabase Q documents FiXS, a new malware family targeting ATMs in Latin America. | Malware | ★★★ | |
 |
2023-03-06 14:01:00 | Ransomware gang posts breast cancer patients\' clinical photographs (lien direct) |
The ALPHV ransomware group, also known as BlackCat, is attempting to extort a healthcare network in Pennsylvania by publishing photographs of breast cancer patients.
These clinical images, used by Lehigh Valley Health Network as part of radiotherapy to tackle malignant cells, were described as “nude photos” on the criminals' site.
Lehigh Valley Health Network disclosed on February 20 that it had been attacked by the BlackCat gang, which it described as linked to Russia, and stated that it would not pay a ransom.
“Based on our initial analysis, the attack was on the network supporting one physician practice located in Lackawanna County. We take this very seriously and protecting the data security and privacy of our patients, physicians and staff is critical,” said the network's president and chief executive, Brian Nester.
Nester added that the incident involved “a computer system used for clinically appropriate patient images for radiation oncology treatment and other sensitive information.”
At the time of the original statement, Nester said Lehigh Valley Health Network's services - including a cancer institute and a children's hospital - were not affected.
However the network's website is currently inaccessible. The Record was unable to contact the network for further comment following its listing on the ALPHV [.onion](https://en.wikipedia.org/wiki/Tor_(network)) website.
Onlookers have been revolted by the attempt to leverage the sensitivities around cancer treatment and intimate images to extort the organization.
Max Smeets, an academic at ETH Zurich - a public research university - and the director of the European Cyber Conflict Research Initiative, [wrote](https://twitter.com/Maxwsmeets/status/1632654116320075776): “This makes me so angry. I hope these barbarians will be held accountable for their heinous actions.”
"A new low. This is sickening," [wrote](https://twitter.com/rj_chap/status/1632465294580133888) malware analyst Ryan Chapman, while Nicholas Carroll, a cybersecurity professional, [said](https://twitter.com/sloppy_bear/status/1632468646873165824) the gang was “trying to set new standards in despicable.”
ALPHV itself celebrated the attack and the attention it brought.
“Our blog is followed by a lot of world media, the case will be widely publicized and will cause significant damage to your business. Your time is running out. We are ready to unleash our full power on you!”
Numerous healthcare organizations have been attacked by ransomware gangs in recent months. The criminal industry persists because of victims who pay, sometimes because their businesses face an existential threat, and sometimes to avoid the negative publicity.
Medibank, one of Australia's largest health insurance providers, stated last November that it would not be making a [ransom payment](https://therecord.media/medibank-says-it-will-not-pay-ransom-in-hack-that-impacted-9-7-million-customers/) after hackers gained access to the data of 9.7 million current and former customers, including 1.8 million international customers living abroad.
The information included sensitive healthcare claims data for around 480,000 individuals, including information about drug addiction treatments and abortions. Outrage at the attack prompted the government to [consider banning](https://therecord.media/australia-to-consider-banning-ransomware-payments/) ransomware payments in a bid to undermine the industry.
Back in January, the hospital technology giant [NextGen Healthcare](https://therecord.media/electronic-health-record-giant-nextgen-dealing-with-cyberattack/) said it was responding to a cyberattack after ALPHV added the company to its list of victims. |
Ransomware Malware | ★★★ | |
 |
2023-03-06 13:18:07 | Sandbox blockchain game breached to send emails linking to malware (lien direct) | The Sandbox blockchain game is warnings its community that a security incident caused some users to receive fraudulent emails impersonating the game, trying to infect them with malware. [...] | Malware | ★★ | |
|
2023-03-06 10:03:24 | New malware infects business routers for data theft, surveillance (lien direct) | An ongoing hacking campaign called 'Hiatus' targets DrayTek Vigor router models 2960 and 3900 to steal data from victims and build a covert proxy network. [...] | Malware | ★ | |
 |
2023-03-06 03:23:45 | What is Malware as a Service (MaaS)? (lien direct) | Malware as a Service is the unlawful lease of software and hardware from the Dark Web to carry out cyber attacks. The threat actors who use this service are provided with botnet services and technical support by the MaaS owners. This service opens doors to anyone with minimal computer skills to use and distribute pre-made malware. The data that is stolen is often sold to the highest bidder or left for the service subscribers. MaaS is an illegal version of Software as a Service (SaaS). The system of Malware as a Service Malware development and distribution is more than the simple act of just... | Malware Threat | ★★★ | |
|
2023-03-05 15:23:51 | How to prevent Microsoft OneNote files from infecting Windows with malware (lien direct) | The seemingly innocuous Microsoft OneNote file has become a popular file format used by hackers to spread malware and breach corporate networks. Here's how to block malicious OneNote phishing attachments from infecting Windows. [...] | Malware | ★★ | |
 |
2023-03-04 16:48:00 | New FiXS ATM Malware Targeting Mexican Banks (lien direct) | A new ATM malware strain dubbed FiXS has been observed targeting Mexican banks since the start of February 2023. "The ATM malware is hidden inside another not-malicious-looking program," Latin American cybersecurity firm Metabase Q said in a report shared with The Hacker News. Besides requiring interaction via an external keyboard, the Windows-based ATM malware is also vendor-agnostic and is | Malware | ★★★ | |
 |
2023-03-03 18:30:40 | Frankenstein malware stitched together from code of others disguised as PyPI package (lien direct) | Crime-as-a-service vendors mix and match components as needed by client A malicious package discovered in the Python Package Index (PyPI) is the latest example of what threat hunters from Kroll called the continued "democratization of cybercrime," with the bad guys creating malware variants from the code of others.… | Malware Threat | ★★ | |
 |
2023-03-03 13:45:00 | CISA Warns Against Royal Ransomware in New Advisory (lien direct) | Malicious activity using a particular malware variant has been spotted since September 2022 | Ransomware Malware | ★★★ | |
|
2023-03-02 18:20:53 | BlackLotus bootkit bypasses UEFI Secure Boot on patched Windows 11 (lien direct) | The developers of the BlackLotus UEFI bootkit have improved the malware with Secure Boot bypass capabilities that allow it to infected even fully patched Windows 11 systems. [...] | Malware | ★★★ | |
 |
2023-03-02 17:14:06 | BlackLotus, ce malware qui met Secure Boot K.-O. (lien direct) | ESET attire l'attention sur BlackLotus, un malware capable de contourner Secure Boot. Comment fonctionne-t-il ? | Malware | ★★★ | |
|
2023-03-02 16:51:00 | Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI (lien direct) | A malicious Python package uploaded to the Python Package Index (PyPI) has been found to contain a fully-featured information stealer and remote access trojan. The package, named colourfool, was identified by Kroll's Cyber Threat Intelligence team, with the company calling the malware Colour-Blind. "The 'Colour-Blind' malware points to the democratization of cybercrime that could lead to an | Malware Threat Guideline | ★★ | |
 |
2023-03-02 14:55:30 | Malware Families CheatSheet (lien direct) | During talks and presentations people often ask me how do I remember so many names, different “artifacts” (a.k.a Malware) and groups. I actually ended up with a “hemmm … well… actually I just remember them since I read and write a lot about cyber threats”. So here it comes the Malware Family CheatSheet. This work […] | Malware | ★★★ | |
|
2023-03-02 13:33:00 | SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics (lien direct) | The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features designed to evade security software and resist reverse engineering. Cybersecurity company Trend Micro said | Malware Threat Prediction | APT 27 | ★★ |
 |
2023-03-02 11:00:00 | 8 Common Cybersecurity issues when purchasing real estate online: and how to handle them (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. More and more, people are completing the entire real estate transaction process online. From searching for properties to signing documents, online convenience can make the process easier and more efficient. However, with all of this activity taking place on the internet, it is important to be aware of the potential security risks that come along with it. Here are the eight common cybersecurity issues that can arise during the purchase of real estate online and how you can protect yourself against them. 1. Cybercrime This is, unfortunately, the world we live in - and it makes sense, given the large sums of money involved. Cybercriminals may attempt to hack into the system and gain access to private information. They may even try to interfere with the transaction process itself, delaying or preventing it from taking place at all. To combat this threat, make sure you are using a secure online platform when completing the transaction and be sure to only provide personal information when necessary. When you are completing a real estate transaction online, a lot of your personal information will be requested. This can include anything from your address and phone number to your bank account information. If this information is not properly secured, it could be at risk of being accessed by cybercriminals. To keep yourself safe, it is important to know what to look out for. You should watch for the commonly attempted ways that remote real estate buyers might be targeted and understand what you should do in the event of a breach. 2. Data breaches Buying real estate remotely involves a number of different tools, like online payment gateways and other web services. All of these tools can be vulnerable to data breaches, which means that hackers could gain access to your personal information stored on their servers. To protect yourself, research a service’s security standards before providing any sensitive information or look for an alternative if the security measures are inadequate. Always make sure you are observing best practices during and after an online purchase, which include doing things like updating your passwords as appropriate and monitoring your credit cards for any suspicious activity. By following these tips, you can help ensure that your online real estate transaction is secure. 3. Phishing scams These are attempts to obtain your personal information by pretending to be a legitimate source and they are on the rise. Be sure to only provide your information on secure websites and look for signs of legitimacy, such as “https” in the web address or a padlock icon in the URL bar. Phishing scams that target real estate buyers might include emails, text messages, and voicemails asking you to provide your credit card details or other personal information to make a purchase. Make sure to always look for signs of legitimacy before providing any sensitive information. They might also include bogus emails from lawyers or other professionals with malicious links or attachments. Be sure to only open emails from verified sources and never click on suspicious links. 4. Malware threats Malicious software can be used to steal your personal information, such as banking credentials and passwords, or to install ransomware that locks you out from accessing your own files. To protect yourself from malware, make sure to install | Ransomware Malware Hack | ★★ | |
 |
2023-03-02 10:03:36 | SonicWall Cyber Threat Report 2023 untersucht die neuen Cyberfronten und das veränderte Verhalten von Bedrohungsakteuren (lien direct) | SonicWall Cyber Threat Report 2023 untersucht die neuen Cyberfronten und das veränderte Verhalten von Bedrohungsakteuren • Malware insgesamt um 2 % gestiegen, mit Zunahmen bei IoT-Malware (+87 %) und Cryptojacking (+43 %) • Trotz globalem Rückgang der Ransomware-Aktivitäten um 21 % ist 2022 das Jahr mit den zweitmeisten weltweiten Ransomware-Angriffen überhaupt (493,3 Millionen) • Bereiche Bildung (+157 %), Finanzen (+86 %) und Einzelhandel (+50 %) am schwersten von Malware getroffen • Ukraine verzeichnete Rekordzahlen von Malware (25,6 Millionen) und Ransomware (7,1 Millionen) • SonicWall identifizierte im Jahr 2022 465.501 bis dahin unbekannte Malware-Varianten • Zahl der Eindringversuche über Log4j-Schwachstellen überstieg 1 Milliarde - Sonderberichte | Ransomware Malware Threat | ★ | |
|
2023-03-02 10:00:29 | 2023 SonicWall Cyber Threat Report Casts New Light on Shifting Front Lines, Threat Actor Behavior (lien direct) | 2023 SonicWall Cyber Threat Report Casts New Light on Shifting Front Lines, Threat Actor Behavior • Overall malware up 2%, with surges in IoT malware (+87%) and cryptojacking (+43%) • Ransomware attacks dipped 21% globally, but 2022 still second-highest year on record for global ransomware attempts (493.3 million) • Education (+157%), finance (+86%) and retail (+50%) verticals hit hardest by malware • Ukraine saw record levels of malware (25.6 million) and ransomware (7.1 million) • SonicWall discovered 465,501 'never-before-seen' malware variants in 2022 • Intrusion attempts against Log4j vulnerabilities eclipsed 1 billion - Special Reports | Ransomware Malware Threat | ★★ | |
 |
2023-03-01 23:39:11 | (Déjà vu) ASEC Weekly Malware Statistics (February 20th, 2023 – February 26th, 2023) (lien direct) | The ASEC (AhnLab Security response Center) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 20th, 2023 (Monday) to February 26th, 2023 (Sunday). For the main category, backdoor ranked top with 51.0%, followed by downloader with 24.7%, Infostealer with 22.7%, ransomware with 1.4%, and CoinMiner with 0.2%. Top 1 – RedLine RedLine ranked first place with 46.9%. The malware steals various information such as web browsers,... | Ransomware Malware | ★★ | |
|
2023-03-01 21:30:06 | It\'s official: BlackLotus malware can bypass Secure Boot on Windows machines (lien direct) | The myth 'is now a reality' BlackLotus, a UEFI bootkit that's sold on hacking forums for about $5,000, can now bypass Secure Boot, making it the first known malware to run on Windows systems even with the firmware security feature enabled.… | Malware | ★★ | |
 |
2023-03-01 19:34:00 | Linux Support Expands Cyber Spy Group\'s Arsenal (lien direct) | An infamous Chinese cyber-hacking team has extended its SysUpdate malware framework to target Linux systems. | Malware | ★★★ | |
|
2023-03-01 19:32:00 | Cybercriminals Targeting Law Firms with GootLoader and FakeUpdates Malware (lien direct) | Six different law firms were targeted in January and February 2023 as part of two disparate threat campaigns distributing GootLoader and FakeUpdates (aka SocGholish) malware strains. GootLoader, active since late 2020, is a first-stage downloader that's capable of delivering a wide range of secondary payloads such as Cobalt Strike and ransomware. It notably employs search engine optimization ( | Malware Threat | ★★ | |
|
2023-03-01 18:45:28 | Cybercriminals Targets Law Firms With GootLoader & FakeUpdates (lien direct) | According to cybersecurity company eSentire, six law firms were the targets of distinct GootLoader and SocGholish malware attacks in January and February 2023. The first effort, which targeted employees of legal firms, sought to infect victims’ machines with GootLoader, a malware family known for installing the Cobalt Strike implant, REvil ransomware, and GootKit remote access […] | Malware | ★★ | |
|
2023-03-01 17:02:00 | BlackLotus Becomes First UEFI Bootkit Malware to Bypass Secure Boot on Windows 11 (lien direct) | A stealthy Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus has become the first publicly known malware capable of bypassing Secure Boot, making it a potent threat in the cyber landscape. "This bootkit can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled," Slovak cybersecurity company ESET said in a report shared with The Hacker News. UEFI | Malware Threat | ★★★★ | |
|
2023-03-01 13:44:37 | Iron Tiger hackers create Linux version of their custom malware (lien direct) | The APT27 hacking group, aka "Iron Tiger," has prepared a new Linux version of its SysUpdate custom remote access malware, allowing the Chinese cyberespionage group to target more services used in the enterprise. [...] | Malware | APT 27 | ★★★ |
|
2023-03-01 13:31:27 | Several Law Firms Targeted in Malware Attacks (lien direct) | >In January and February 2023, six law firms were targeted with the GootLoader and SocGholish malware in two separate campaigns. | Malware | ★★ | |
 |
2023-03-01 11:59:44 | 8 ways to secure Chrome browser for Google Workspace users (lien direct) | Posted by Kiran Nair, Product Manager, Chrome Browser Your journey towards keeping your Google Workspace users and data safe, starts with bringing your Chrome browsers under Cloud Management at no additional cost. Chrome Browser Cloud Management is a single destination for applying Chrome Browser policies and security controls across Windows, Mac, Linux, iOS and Android. You also get deep visibility into your browser fleet including which browsers are out of date, which extensions your users are using and bringing insight to potential security blindspots in your enterprise. Managing Chrome from the cloud allows Google Workspace admins to enforce enterprise protections and policies to the whole browser on fully managed devices, which no longer requires a user to sign into Chrome to have policies enforced. You can also enforce policies that apply when your managed users sign in to Chrome browser on any Windows, Mac, or Linux computer (via Chrome Browser user-level management) --not just on corporate managed devices.  This enables you to keep your corporate data and users safe, whether they are accessing work resources from fully managed, personal, or unmanaged devices used by your vendors. Getting started is easy. If your organization hasn't already, check out this guide for steps on how to enroll your devices. 2. Enforce built-in protections against Phishing, Ransomware & Malware Chrome uses Google's Safe Browsing technology to help protect billions of devices every day by showing warnings to users when they attempt to navigate to dangerous sites or download dangerous files. Safe Browsing is enabled by default for all users when they download Chrome. As an administrator, you can prevent your users from disabling Safe Browsing by enforcing the SafeBrowsingProtectionLevel policy.  Over the past few years, we've seen threats on the web becoming increasingly sophisticated. Turning on Enhanced Safe Browsing will substantially increase protection |
Ransomware Malware Tool Threat Guideline Cloud | ★★★ | |
|
2023-03-01 11:41:00 | Parallax RAT Targeting Cryptocurrency Firms with Sophisticated Injection Techniques (lien direct) | Cryptocurrency companies are being targeted as part of a new campaign that delivers a remote access trojan called Parallax RAT. The malware "uses injection techniques to hide within legitimate processes, making it difficult to detect," Uptycs said in a new report. "Once it has been successfully injected, attackers can interact with their victim via Windows Notepad that likely serves as a | Malware | ★★ | |
 |
2023-03-01 10:30:00 | Just Because It\'s Old Doesn\'t Mean You Throw It Away (Including Malware!) (lien direct) | There are still fresh infections of MyDoom (also known as Novarg and Mimail) occurring along with corresponding phishing events. Learn how this malware is continuing to operate in 2023. | Malware | ★★★ | |
 |
2023-03-01 07:00:00 | Why Organisations Must Get to Grips With Cloud Delivered Malware (lien direct) | >Netskope has just published the Monthly Threat Report for February, with this month's report focused on what is going on in Europe. I don't intend to summarise the report in this blog, instead I want to zoom in and study a continuing trend that was highlighted in there; one that is unfortunately heading in the […] | Malware Threat Prediction Cloud | ★★★ | |
|
2023-03-01 00:34:26 | Victims of MortalKombat ransomware can now decrypt their locked files for free (lien direct) |  Cybersecurity firm Bitdefender released a universal decryptor for the MortalKombat ransomware – a strain first observed by threat researchers in January 2023. The malware has been used on dozens of victims across the U.S., United Kingdom, Turkey and the Philippines, according to a recent report from Cisco. Bogdan Botezatu, director of threat research and reporting [… |
Ransomware Malware Threat | ★★ | |
 |
2023-03-01 00:00:00 | Iron Tiger\'s SysUpdate Reappears, Adds Linux Targeting (lien direct) | We detail the update that advanced persistent threat (APT) group Iron Tiger made on the custom malware family SysUpdate. In this version, we also found components that enable the malware to compromise Linux systems. | Malware Threat | APT 27 | ★ |
 |
2023-02-28 20:12:31 | Intelligence Insight: Tax-themed phishing emails delivering GuLoader (lien direct) | Red Canary is detecting adversaries delivering tax season-themed phishing emails to distribute GuLoader malware | Malware | ★★ | |
|
2023-02-28 18:55:00 | WannaCry Hero & Kronos Malware Author Named Cybrary Fellow (lien direct) | Marcus Hutchins, who set up a "kill switch" that stopped WannaCry's spread, later pled guilty to creating the infamous Kronos banking malware. | Malware | Wannacry Wannacry | ★★★ |
 |
2023-02-28 16:15:00 | Anomali Cyber Watch: Newly-Discovered WinorDLL64 Backdoor Has Code Similarities with Lazarus GhostSecret, Atharvan Backdoor Can Be Restricted to Communicate on Certain Days (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Backdoors, DLL sideloading, Infostealers, Phishing, Social engineering, and Tunneling. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
WinorDLL64: A Backdoor From The Vast Lazarus Arsenal?
(published: February 23, 2023)
When the Wslink downloader (WinorLoaderDLL64.dll) was first discovered in 2021, it had no known payload and no known attribution. Now ESET researchers have discovered a Wslink payload dubbed WinorDLL64. This backdoor uses some of Wslink functions and the Wslink-established TCP connection encrypted with 256-bit AES-CBC cipher. WinorDLL64 has some code similarities with the GhostSecret malware used by North Korea-sponsored Lazarus Group.
Analyst Comment: Wslink and WinorDLL64 use a well-developed cryptographic protocol to protect the exchanged data. Innovating advanced persistent groups like Lazarus often come out with new versions of their custom malware. It makes it important for network defenders to leverage the knowledge of a wider security community by adding relevant premium feeds and leveraging the controls automation via Anomali Platform integrations.
MITRE ATT&CK: [MITRE ATT&CK] T1587.001 - Develop Capabilities: Malware | [MITRE ATT&CK] T1059.001: PowerShell | [MITRE ATT&CK] T1106: Native API | [MITRE ATT&CK] T1134.002 - Access Token Manipulation: Create Process With Token | [MITRE ATT&CK] T1070.004 - Indicator Removal on Host: File Deletion | [MITRE ATT&CK] T1087.001 - Account Discovery: Local Account | [MITRE ATT&CK] T1087.002 - Account Discovery: Domain Account | [MITRE ATT&CK] T1083 - File And Directory Discovery | [MITRE ATT&CK] T1135 - Network Share Discovery | [MITRE ATT&CK] T1057 - Process Discovery | [MITRE ATT&CK] T1012: Query Registry | [MITRE ATT&CK] Picus: The System Information Discovery Technique Explained - MITRE ATT&CK T1082 | [MITRE ATT&CK] T1614 - System Location Discovery | [MITRE ATT&CK] T1614.001 - System Location Discovery: System Language Discovery | [MITRE ATT&CK] T1016 - System Network Configuration Discovery | [MITRE ATT&CK] T1049 - System Network Connections Discovery | |
Ransomware Malware Tool Threat Medical Medical Cloud | APT 38 | ★ |
 |
2023-02-28 14:00:00 | CyberheistNews Vol 13 #09 [Eye Opener] Should You Click on Unsubscribe? (lien direct) |
CyberheistNews Vol 13 #09 | February 28th, 2023
[Eye Opener] Should You Click on Unsubscribe?
By Roger A. Grimes.
Some common questions we get are "Should I click on an unwanted email's 'Unsubscribe' link? Will that lead to more or less unwanted email?"
The short answer is that, in general, it is OK to click on a legitimate vendor's unsubscribe link. But if you think the email is sketchy or coming from a source you would not want to validate your email address as valid and active, or are unsure, do not take the chance, skip the unsubscribe action.
In many countries, legitimate vendors are bound by law to offer (free) unsubscribe functionality and abide by a user's preferences. For example, in the U.S., the 2003 CAN-SPAM Act states that businesses must offer clear instructions on how the recipient can remove themselves from the involved mailing list and that request must be honored within 10 days.
Note: Many countries have laws similar to the CAN-SPAM Act, although with privacy protection ranging the privacy spectrum from very little to a lot more protection. The unsubscribe feature does not have to be a URL link, but it does have to be an "internet-based way." The most popular alternative method besides a URL link is an email address to use.
In some cases, there are specific instructions you have to follow, such as put "Unsubscribe" in the subject of the email. Other times you are expected to craft your own message. Luckily, most of the time simply sending any email to the listed unsubscribe email address is enough to remove your email address from the mailing list.
[CONTINUED] at the KnowBe4 blog:https://blog.knowbe4.com/should-you-click-on-unsubscribe
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, March 1, @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces a new-school approac |
Malware Hack Tool Vulnerability Threat Guideline Prediction | APT 38 ChatGPT | ★★★ |
|
2023-02-28 10:00:00 | Experts Spot Half a Million Novel Malware Variants in 2022 (lien direct) | Overall malware detections also rise after three years of decline | Malware | ★★ | |
|
2023-02-27 20:40:16 | LastPass Says DevOps Engineer Home Computer Hacked (lien direct) | >LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud storage resources. | Malware Cloud | LastPass | ★ |
|
2023-02-27 18:30:46 | Mobile Banking Trojans Surge, Doubling in Volume (lien direct) | Mobile malware developers were busy bees in 2022, flooding the cybercrime landscape with twice the number of banking trojans than the year before. | Malware | ★★★ | |
|
2023-02-27 16:23:00 | ChromeLoader Malware Targeting Gamers via Fake Nintendo and Steam Game Hacks (lien direct) | A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk (VHD) files, marking a deviation from the ISO optical disc image format. "These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games," AhnLab Security Emergency response Center (ASEC) said in a report last week. ChromeLoader (aka | Malware | ★★★★ | |
|
2023-02-27 16:00:00 | ChromeLoader Malware Poses as Steam, Nintendo Game Mods (lien direct) | Asec said the malicious activity observed relied on VHD disk image files | Malware | ★★ | |
|
2023-02-27 15:52:00 | (Déjà vu) PureCrypter Malware Targets Government Entities in Asia-Pacific and North America (lien direct) | Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware. "The PureCrypter campaign uses the domain of a compromised non-profit organization as a command-and-control (C2) to deliver a secondary payload," Menlo Security researcher | Malware Threat | ★★ | |
|
2023-02-27 14:56:57 | Etude Threat Labs Netskope : les entreprises européennes ciblées par des chevaux de Troie (lien direct) | Etude Threat Labs Netskope : les entreprises européennes ciblées par des chevaux de Troie ● Les attaquants utilisent de plus en plus les applications cloud comme vecteurs de diffusion de malwares en Europe avec une hausse de 33 % à 53 % en une année. ● Totalisant 78 % des menaces bloquées en 2022, les chevaux de Troie ont constitué le type de malware le plus répandu en Europe, suivis par les exploits, les backdoors et les téléchargements furtifs. ● Microsoft OneDrive est l'application cloud la plus populaire en Europe, talonnée par Google Drive. Les produits et services qui forment Google Workspace sont davantage utilisés en Europe que dans le reste du monde. - Malwares | Malware Threat Cloud | ★★★ | |
|
2023-02-27 14:13:43 | \'PureCrypter\' Downloader Used to Deliver Malware to Governments (lien direct) | Threat actor uses the PureCrypter downloader to deliver malware to government entities in Asia-Pacific and North America. | Malware | ★★ | |
 |
2023-02-27 10:05:35 | The mobile malware threat landscape in 2022 (lien direct) | Android threat report by Kaspersky for 2022: malware on Google Play and inside the Vidmate in-app store, mobile malware statistics. | Malware Threat | ★★★ | |
|
2023-02-27 10:00:00 | Governments Targeted by Discord-Based Threat Campaign (lien direct) | Threat actor delivers multiple malware types via PureCrypter | Malware Threat | ★★ | |
 |
2023-02-27 04:15:15 | When Low-Tech Hacks Cause High-Impact Breaches (lien direct) | Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy's admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But it's worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website. | Malware | ★★ | |
 |
2023-02-27 02:30:00 | War tests Ukrainian telecom, internet resilience (lien direct) | One year after Russia's invasion of Ukraine, the country's overall resilience and defiance has been inspiring, but telecommunications and internet connectivity has grown much more difficult.Initially the country's internet network mostly withstood with some outages and slowdowns, but that has changed over time as the aggressors devote more effort in destroying physical locations and deploying malware and other cybersecurity weapons.For example, researchers at Top10VPN recently reported some distressing analysis including:To read this article in full, please click here | Malware | ★★ | |
|
2023-02-25 10:16:22 | PureCrypter malware hits govt orgs with ransomware, info-stealers (lien direct) | A threat actor has been targeting government entities with PureCrypter malware downloader that has been seen delivering multiple information stealers and ransomware strains. [...] | Ransomware Malware Threat | ★★ | |
 |
2023-02-24 20:24:50 | Desde Chile con Malware (From Chile with Malware) (lien direct) | Spoiler Alert: They weren't actually from Chile. Introduction This blog post provides a short update on our ongoing tracking of... | Malware | ★★★★ | |
|
2023-02-24 16:07:11 | New S1deload Malware Hijacking Youtube And Facebook Accounts (lien direct) | A new malware campaign called S1deload Stealer has been discovered by Bitdefender’s Advanced Threat Control (ATC) team, targeting YouTube and Facebook users. The malware infects computers, hijacks social media accounts, and uses devices to mine cryptocurrency. Security researchers discovered that the malware uses DLL sideloading to evade detection. Bitdefender products detected over 600 unique users […] | Malware Threat | ★★★ |
To see everything:
Our RSS (filtrered)
