What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-02-03 00:14:56 | New Wave of Cyber Attacks Target Palestine with Political Bait and Malware (lien direct) | Cybersecurity researchers have turned the spotlight on a new wave of offensive cyberattacks targeting Palestinian activists and entities starting around October 2021 using politically-themed phishing emails and decoy documents. The intrusions are part of what Cisco Talos calls a longstanding espionage and information theft campaign undertaken by the Arid Viper hacking group using a Delphi-based | Malware | APT-C-23 | |
|
2022-02-02 04:09:19 | New Malware Used by SolarWinds Attackers Went Undetected for Years (lien direct) | The threat actor behind the supply chain compromise of SolarWinds has continued to expand its malware arsenal with new tools and techniques that were deployed in attacks as early as 2019, once indicative of the elusive nature of the campaigns and the adversary's ability to maintain persistent access for years. According to cybersecurity firm CrowdStrike, which detailed the novel tactics adopted | Malware Threat | ||
|
2022-02-01 05:30:16 | Solarmarker Malware Uses Novel Techniques to Persist on Hacked Systems (lien direct) | In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy tricks to establish long-term persistence on compromised systems. Cybersecurity firm Sophos, which spotted the new behavior, said that the remote access implants are still being detected on targeted | Malware Threat | ||
|
2022-02-01 02:28:30 | Iranian Hackers Using New PowerShell Backdoor in Cyber Espionage Attacks (lien direct) | An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason. The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor's | Malware Threat Conference | APT 35 APT 35 | |
|
2022-01-31 23:13:54 | Researchers Uncover New Iranian Hacking Campaign Targeting Turkish Users (lien direct) | Details have emerged about a previously undocumented malware campaign undertaken by the Iranian MuddyWater advanced persistent threat (APT) group targeting Turkish private organizations and governmental institutions. "This campaign utilizes malicious PDFs, XLS files and Windows executables to deploy malicious PowerShell-based downloaders acting as initial footholds into the target's enterprise," | Malware Threat | ||
|
2022-01-28 01:24:28 | North Korean Hackers Using Windows Update Service to Infect PCs with Malware (lien direct) | The notorious Lazarus Group actor has been observed mounting a new campaign that makes use of the Windows Update service to execute its malicious payload, expanding the arsenal of living-off-the-land (LotL) techniques leveraged by the APT group to further its objectives. The Lazarus Group, also known as APT38, Hidden Cobra, Whois Hacking Team, and Zinc, is the moniker assigned to the North | Malware Medical | APT 38 APT 28 | |
|
2022-01-28 01:00:56 | North Korean Hackers Return with Stealthier Variant of KONNI RAT Malware (lien direct) | A cyberespionage group with ties to North Korea has resurfaced with a stealthier variant of its remote access trojan called Konni to attack political institutions located in Russia and South Korea. "The authors are constantly making code improvements," Malwarebytes researcher Roberto Santos said. "Their efforts are aimed at breaking the typical flow recorded by sandboxes and making detection | Malware | ||
|
2022-01-27 04:37:34 | Chaes Banking Trojan Hijacks Chrome Browser with Malicious Extensions (lien direct) | A financially-motivated malware campaign has compromised over 800 WordPress websites to deliver a banking trojan dubbed Chaes targeting Brazilian customers of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago. First documented by Cybereason in November 2020, the info-stealing malware is delivered via a sophisticated infection chain that's engineered to harvest | Malware | ||
|
2022-01-27 02:15:12 | Widespread FluBot and TeaBot Malware Campaigns Targeting Android Devices (lien direct) | Researchers from the Bitdefender Mobile Threats team said they have intercepted more than 100,000 malicious SMS messages attempting to distribute Flubot malware since the beginning of December. "Findings indicate attackers are modifying their subject lines and using older yet proven scams to entice users to click," the Romanian cybersecurity firm detailed in a report published Wednesday. " | Malware | ||
|
2022-01-26 22:59:24 | Hackers Using New Evasive Technique to Deliver AsyncRAT Malware (lien direct) | A new, sophisticated phishing attack has been observed delivering the AsyncRAT trojan as part of a malware campaign that's believed to have commenced in September 2021. "Through a simple email phishing tactic with an html attachment, threat attackers are delivering AsyncRAT (a remote access trojan) designed to remotely monitor and control its infected computers through a secure, encrypted | Malware Threat | ||
|
2022-01-25 05:42:03 | TrickBot Malware Using New Techniques to Evade Web Injection Attacks (lien direct) | The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defense to slip past antimalware products. "As part of that escalation, malware injections have been fitted with added protection to keep researchers out and get through security controls," IBM Trusteer said in a report. "In most cases, these | Malware | ★★★★★ | |
|
2022-01-25 04:32:25 | Hackers Infect macOS with New DazzleSpy Backdoor in Watering-Hole Attacks (lien direct) | A previously undocumented cyber-espionage malware aimed at Apple's macOS operating system leveraged a Safari web browser exploit as part of a watering hole attack targeting politically active, pro-democracy individuals in Hong Kong. Slovak cybersecurity firm ESET attributed the intrusion to an actor with "strong technical capabilities," calling out the campaign's overlaps to that of a similar | Malware | ★★★★ | |
|
2022-01-25 03:51:50 | Mobile Banking Trojan BRATA Gains New, Dangerous Capabilities (lien direct) | The Android malware tracked as BRATA has been updated with new features that grants it the ability to track device locations and even perform a factory reset in an apparent bid to cover up fraudulent wire transfers. The latest variants, detected late last year, are said to be distributed through a downloader to avoid being detected by security software, Italian cybersecurity firm Cleafy said in | Malware | ★★★★★ | |
|
2022-01-24 22:47:00 | Hackers Using New Malware Packer DTPacker to Avoid Analysis, Detection (lien direct) | A previously undocumented malware packer named DTPacker has been observed distributing multiple remote access trojans (RATs) and information stealers such as Agent Tesla, Ave Maria, AsyncRAT, and FormBook to plunder information and facilitate follow-on attacks. "The malware uses multiple obfuscation techniques to evade antivirus, sandboxing, and analysis," enterprise security company Proofpoint | Malware | ||
|
2022-01-23 23:10:39 | Emotet Now Using Unconventional IP Address Formats to Evade Detection (lien direct) | Social engineering campaigns involving the deployment of the Emotet malware botnet have been observed using "unconventional" IP address formats for the first time in a bid to sidestep detection by security solutions. This involves the use of hexadecimal and octal representations of the IP address that, when processed by the underlying operating systems, get automatically converted "to the dotted | Malware | ||
|
2022-01-22 06:47:43 | Experts Find Strategic Similarities b/w NotPetya and WhisperGate Attacks on Ukraine (lien direct) | Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to NotPetya malware that was unleashed against the country's infrastructure and elsewhere in 2017. The malware, dubbed WhisperGate, was discovered by Microsoft last week, which said it observed the destructive cyber campaign targeting government, non-profit, | Malware | NotPetya NotPetya | |
|
2022-01-22 02:57:39 | Molerats Hackers Hiding New Espionage Attacks Behind Public Cloud Infrastructure (lien direct) | An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East. The cyber offensive is believed to have been underway since at least July 2021, according to cloud-based information | Malware Threat | ||
|
2022-01-21 03:40:40 | Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks (lien direct) | A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group (APT41). Kaspersky, which codenamed the rootkit MoonBounce, characterized the malware as the "most advanced UEFI firmware implant discovered in the wild to date," adding "the purpose of the | Malware Threat Guideline | APT 41 APT 41 | |
|
2022-01-19 23:54:23 | DoNot Hacking Team Targeting Government and Military Entities in South Asia (lien direct) | A threat actor with potential links to an Indian cybersecurity company has been nothing if remarkably persistent in its attacks against military organizations based in South Asia, including Bangladesh, Nepal, and Sri Lanka, since at least September 2020 by deploying different variants of its bespoke malware framework. Slovak cybersecurity firm ESET attributed the highly targeted attack to a | Malware Threat | ||
|
2022-01-19 21:26:42 | New BHUNT Password Stealer Malware Targeting Cryptocurrency Wallets (lien direct) | A new evasive crypto wallet stealer named BHUNT has been spotted in the wild with the goal of financial gain, adding to a list of digital currency stealing malware such as CryptBot, Redline Stealer, and WeSteal. "BHUNT is a modular stealer written in .NET, capable of exfiltrating wallet (Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, Litecoin wallets) contents, passwords stored in the | Malware | ||
|
2022-01-19 06:39:32 | Russian Hackers Heavily Using Malicious Traffic Direction System to Distribute Malware (lien direct) | Potential connections between a subscription-based crimeware-as-a-service (Caas) solution and a cracked copy of Cobalt Strike have been established in what the researchers suspect is being offered as a tool for its customers to stage post-exploitation activities. Prometheus, as the service is called, first came to light in August 2021 when cybersecurity company Group-IB disclosed details of | Malware Tool | ||
|
2022-01-18 23:32:41 | DDoS IRC Bot Malware Spreading Through Korean WebHard Platforms (lien direct) | An IRC (Internet Relay Chat) bot strain programmed in GoLang is being used to launch distributed denial-of-service (DDoS) attacks targeting users in Korea. "The malware is being distributed under the guise of adult games," researchers from AhnLab's Security Emergency-response Center (ASEC) said in a new report published on Wednesday. "Additionally, the DDoS malware was installed via downloader | Malware | ★★★★★ | |
|
2022-01-18 22:56:23 | Ukraine: Recent Cyber Attacks Part of Wider Plot to Sabotage Critical Infrastructure (lien direct) | The coordinated cyberattacks targeting Ukrainian government websites and the deployment of a data-wiper malware called WhisperGate on select government systems are part of a broader wave of malicious activities aimed at sabotaging critical infrastructure in the country. The Secret Service of Ukraine on Monday confirmed that the two incidents are related, adding the breaches also exploited the | Malware | ||
|
2022-01-16 01:28:50 | A New Destructive Malware Targeting Ukrainian Government and Business Entities (lien direct) | Cybersecurity teams from Microsoft on Saturday disclosed they identified evidence of a new destructive malware operation targeting government, non-profit, and information technology entities in Ukraine amid brewing geopolitical tensions between the country and Russia. "The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable," | Ransomware Malware | ||
|
2022-01-13 06:23:34 | GootLoader Hackers Targeting Employees of Law and Accounting Firms (lien direct) | Operators of the GootLoader campaign are setting their sights on employees of accounting and law firms as part of a fresh onslaught of widespread cyberattacks to deploy malware on infected systems, an indication that the adversary is expanding its focus to other high-value targets. "GootLoader is a stealthy initial access malware, which after getting a foothold into the victim's computer system, | Malware | ||
|
2022-01-12 05:09:28 | Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware (lien direct) | Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans (RATs) such as Nanocore, Netwire, and AsyncRAT to siphon sensitive information from compromised systems. The spear-phishing attacks, which commenced in October 2021, have primarily targeted entities located in the U.S., Canada, Italy, | Malware | ||
|
2022-01-12 02:54:38 | New SysJoker Espionage Malware Targeting Windows, macOS, and Linux Users (lien direct) | A new cross-platform backdoor called "SysJoker" has been observed targeting machines running Windows, Linux, and macOS operating systems as part of an ongoing espionage campaign that's believed to have been initiated during the second half of 2021. "SysJoker masquerades as a system update and generates its [command-and-control server] by decoding a string retrieved from a text file hosted on | Malware | ||
|
2022-01-09 22:05:18 | BADNEWS! Patchwork APT Hackers Score Own Goal in Recent Malware Attacks (lien direct) | Threat hunters have shed light on the tactics, techniques, and procedures embraced by an Indian-origin hacking group called Patchwork as part of a renewed campaign that commenced in late November 2021, targeting Pakistani government entities and individuals with a research focus on molecular medicine and biological science. "Ironically, all the information we gathered was possible thanks to the | Malware | ||
|
2022-01-06 02:45:40 | (Déjà vu) New Trick Could Let Malware Fake iPhone Shutdown to Spy on Users Secretly (lien direct) | Researchers have disclosed a novel technique by which malware on iOS can achieve persistence on an infected device by faking its shutdown process, making it impossible to physically determine if an iPhone is off or otherwise. The discovery - dubbed "NoReboot" - comes courtesy of mobile security firm ZecOps, which found that it's possible to block and then simulate an iOS rebooting operation, | Malware | ||
|
2022-01-05 03:01:48 | New Zloader Banking Malware Campaign Exploiting Microsoft Signature Verification (lien direct) | An ongoing ZLoader malware campaign has been uncovered exploiting remote monitoring tools and Microsoft's digital signature verification to siphon user credentials and sensitive information. Israeli cybersecurity company Check Point Research, which has been tracking the sophisticated infection chain since November 2021, attributed it to a cybercriminal group dubbed Malsmoke, citing similarities | Malware | ||
|
2022-01-04 21:13:47 | Microsoft Warns of Continued Attacks Exploiting Apache Log4j Vulnerabilities (lien direct) | Microsoft is warning of continuing attempts by nation-state adversaries and commodity attackers to take advantage of security vulnerabilities uncovered in the Log4j open-source logging framework to deploy malware on vulnerable systems. "Exploitation attempts and testing have remained high during the last weeks of December," Microsoft Threat Intelligence Center (MSTIC) said in revised guidance | Malware Threat | ||
|
2022-01-03 22:59:15 | Beware of Fake Telegram Messenger App Hacking PCs with Purple Fox Malware (lien direct) | Trojanized installers of the Telegram messaging application are being used to distribute the Windows-based Purple Fox backdoor on compromised systems. That's according to new research published by Minerva Labs, describing the attack as different from intrusions that typically take advantage of legitimate software for dropping malicious payloads. "This threat actor was able to leave most parts of | Malware Threat | ||
|
2022-01-03 03:51:38 | Detecting Evasive Malware on IoT Devices Using Electromagnetic Emanations (lien direct) | Cybersecurity researchers have proposed a novel approach that leverages electromagnetic field emanations from the Internet of Things (IoT) devices as a side-channel to glean precise knowledge about the different kinds of malware targeting the embedded systems, even in scenarios where obfuscation techniques have been applied to hinder analysis. With the rapid adoption of IoT appliances presenting | Malware | ||
|
2021-12-30 02:22:06 | New iLOBleed Rootkit Targeting HP Enterprise Servers with Data Wiping Attacks (lien direct) | A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise's Integrated Lights-Out (iLO) server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data off the infected systems. The discovery, which is the first instance of real-world malware in iLO firmware, was documented by Iranian cybersecurity | Malware | ||
|
2021-12-29 06:27:53 | Ongoing Autom Cryptomining Malware Attacks Using Upgraded Evasion Tactics (lien direct) | An ongoing crypto mining campaign has upgraded its arsenal while adding new defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has revealed. Since first detected in 2019, a total of 84 attacks against its honeypot servers have been recorded to date, four of which transpired in 2021, according to researchers from | Malware Threat | ||
|
2021-12-28 01:47:25 | Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers (lien direct) | Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature that's dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group. DanderSpritz came to light on April 14, 2017, when a hacking group known as the Shadow Brokers leaked the exploit tool, among | Malware Tool | ||
|
2021-12-27 03:32:03 | \'Spider-Man: No Way Home\' Pirated Downloads Contain Crypto-Mining Malware (lien direct) | Peter Parker might not be a mastermind cryptocurrency criminal, but the name Spiderman is quickly becoming more associated with the mining landscape. ReasonLabs, a leading provider of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into customer computers in the guise of the latest Spiderman movie. As perhaps the most talked-about movie for | Malware Guideline | ||
|
2021-12-27 00:07:05 | New Android Malware Targeting Brazil\'s Itaú Unibanco Bank Customers (lien direct) | Researchers have discovered a new Android banking malware that targets Brazil's Itaú Unibanco with the help of lookalike Google Play Store pages to carry out fraudulent financial transactions on victim devices without their knowledge. “This application has a similar icon and name that could trick users into thinking it is a legitimate app related to Itaú Unibanco,” Cyble researchers said in a | Malware | ||
|
2021-12-24 05:07:16 | Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security (lien direct) | Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to "trivially and reliably" bypass a "myriad of foundational macOS security mechanisms" and run arbitrary code. Security researcher Patrick Wardle detailed the discovery in a series of tweets on Thursday. Tracked as CVE-2021-30853 (CVSS score: 5.5), the issue relates | Malware Vulnerability Threat | ||
|
2021-12-24 03:32:57 | New Ransomware Variants Flourish Amid Law Enforcement Actions (lien direct) | Ransomware groups continue to evolve their tactics and techniques to deploy file-encrypting malware on compromised systems, notwithstanding law enforcement's disruptive actions against the cybercrime gangs to prevent them from victimizing additional companies. "Be it due to law enforcement, infighting amongst groups or people abandoning variants altogether, the RaaS [ransomware-as-a-service] | Ransomware Malware | ||
|
2021-12-24 00:57:00 | New BLISTER Malware Using Code Signing Certificates to Evade Detection (lien direct) | Cybersecurity researchers have disclosed details of an evasive malware campaign that makes use of valid code signing certificates to sneak past security defenses and stay under the radar with the goal of deploying Cobalt Strike and BitRAT payloads on compromised systems. The binary, a loader, has been dubbed "Blister" by researchers from Elastic Security, with the malware samples having | Malware | ||
|
2021-12-21 23:45:57 | New Exploit Lets Malware Attackers Bypass Patch for Critical Microsoft MSHTML Flaw (lien direct) | A short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with the goal of delivering Formbook malware. "The attachments represent an escalation of the attacker's abuse of the CVE-2021-40444 bug and demonstrate that even a patch can't always | Malware Vulnerability | ||
|
2021-12-19 23:47:27 | Over 500,000 Android Users Downloaded a New Joker Malware App from Play Store (lien direct) | A malicious Android app with more than 500,000 downloads from the Google Play app store has been found hosting malware that stealthily exfiltrates users' contact lists to an attacker-controlled server and signs up users to unwanted paid premium subscriptions without their knowledge. The latest Joker malware was found in a messaging-focused app named Color Message ("com.guo.smscolor.amessage"), | Malware | ||
|
2021-12-17 03:05:10 | New PseudoManuscrypt Malware Infected Over 35,000 Computers in 2021 (lien direct) | Industrial and government organizations, including enterprises in the military-industrial complex and research laboratories, are the targets of a new malware botnet dubbed PseudoManyscrypt that has infected roughly 35,000 Windows computers this year alone. The name comes from its similarities to the Manuscrypt malware, which is part of the Lazarus APT group's attack toolset, Kaspersky | Malware | APT 38 | |
|
2021-12-16 02:19:19 | New Fileless Malware Uses Windows Registry as Storage to Evade Detection (lien direct) | A new JavaScript-based remote access Trojan (RAT) propagated via a social engineering campaign has been observed employing sneaky "fileless" techniques as part of its detection-evasion methods to elude discovery and analysis. Dubbed DarkWatchman by researchers from Prevailion's Adversarial Counterintelligence Team (PACT), the malware uses a resilient domain generation algorithm (DGA) to identify | Malware | ||
|
2021-12-14 23:14:45 | Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware (lien direct) | Microsoft has rolled out Patch Tuesday updates to address multiple security vulnerabilities in Windows and other software, including one actively exploited flaw that's being abused to deliver Emotet, TrickBot, or Bazaloader malware payloads. The latest monthly release for December fixes a total of 67 flaws, bringing the total number of bugs patched by the company this year to 887, according to | Malware | ||
|
2021-12-13 00:10:11 | Microsoft Details Building Blocks of Widely Active Qakbot Banking Trojan (lien direct) | Infection chains associated with the multi-purpose Qakbot malware have been broken down into "distinct building blocks," an effort that Microsoft said will help to detect and block the threat in an effective manner proactively. The Microsoft 365 Defender Threat Intelligence Team dubbed Qakbot a "customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize | Malware Threat | ||
|
2021-12-10 06:25:41 | BlackCat: A New Rust-based Ransomware Malware Spotted in the Wild (lien direct) | Details have emerged about what's the first Rust-language-based ransomware strain spotted in the wild that has already amassed "some victims from different countries" since its launch last month. The ransomware, dubbed BlackCat, was disclosed by MalwareHunterTeam. "Victims can pay with Bitcoin or Monero," the researchers said in a series of tweets detailing the file-encrypting malware. "Also | Ransomware Malware | ||
|
2021-12-08 03:00:26 | 140,000 Reasons Why Emotet is Piggybacking on TrickBot in its Return from the Dead (lien direct) | The operators of TrickBot malware have infected an estimated 140,000 victims across 149 countries a little over a year after attempts were to dismantle its infrastructure, even as the malware is fast becoming an entry point for Emotet, another botnet that was taken down at the start of 2021. Most of the victims detected since November 1, 2020, are from Portugal (18%), the U.S. (14%), and India ( | Malware | ||
|
2021-12-07 22:33:02 | Warning: Yet Another Bitcoin Mining Malware Targeting QNAP NAS Devices (lien direct) | Network-attached storage (NAS) appliance maker QNAP on Tuesday released a new advisory warning of a cryptocurrency mining malware targeting its devices, urging customers to take preventive steps with immediate effect. "A bitcoin miner has been reported to target QNAP NAS. Once a NAS is infected, CPU usage becomes unusually high where a process named '[oom_reaper]' could occupy around 50% of the | Malware Cloud | APT 37 |
To see everything:
Our RSS (filtrered)
