What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-08 20:42:52 | Hackers used fake websites to target state agencies in Ukraine and Poland (lien direct) |  Hackers attempted last week to infect Ukrainian government computer systems with malware hosted on fake websites impersonating legitimate state services. Ukraine's computer emergency response team, CERT-UA, attributed the attack to a group called WinterVivern. The group has been active since at least June and includes Russian-speaking members. In addition to its Ukrainian targets, it has [… |
Malware | ★★★ | |
 |
2023-02-08 18:54:03 | Hackers are selling a service that bypasses ChatGPT restrictions on malware (lien direct) | ChatGPT restrictions on the creation of illicit content are easy to circumvent. | Malware | ChatGPT | ★★★ |
 |
2023-02-08 16:33:06 | Attackers increasingly use Microsoft\'s OneNote to deliver QakBot malware (lien direct) | Pas de details / No more details | Malware | ★★ | |
 |
2023-02-08 16:31:00 | Russian Hackers Using Graphiron Malware to Steal Data from Ukraine (lien direct) | A Russia-linked threat actor has been observed deploying a new information-stealing malware in cyber attacks targeting Ukraine. Dubbed Graphiron by Broadcom-owned Symantec, the malware is the handiwork of an espionage group known as Nodaria, which is tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0056. "The malware is written in Go and is designed to harvest a wide | Malware Threat | ★★ | |
 |
2023-02-08 13:09:54 | (Déjà vu) Malicious Dota 2 game mods infected players with malware (lien direct) | Security researchers have discovered four malicious Dota 2 game mods that were used by a threat actor to backdoor the players' systems. [...] | Malware Threat | ★★★ | |
|
2023-02-08 13:09:54 | Malicious Dota 2 game modes infected players with malware (lien direct) | Security researchers have discovered four malicious Dota 2 game modes that were used by a threat actor to backdoor the players' systems. [...] | Malware Threat | ★★★ | |
|
2023-02-08 13:00:00 | Android 14 to block malware from abusing sensitive permissions (lien direct) | Google has announced the release of the first developer preview for Android 14, the next major version of the world's most popular mobile operating system, which comes with security and privacy enhancements, among other things. [...] | Malware | ★★★★ | |
 |
2023-02-08 12:41:00 | Supply Chain Attack via New Malicious Python Packages by Malware Author Core1337 (lien direct) | The FortiGuard Labs team recently discovered various new 0-day attacks in PyPI packages by malware author, "Core1337". Read to learn more about these malicious supply chain attacks. | Malware | ★★ | |
 |
2023-02-08 11:57:08 | A Deep Dive Into the Growing GootLoader Threat (lien direct) | >Cybereason GootLoader as a 'severe' threat, as the malware uses a combination of evasion and living off the land techniques, making its presence difficult to dectec. | Malware Threat | ★★ | |
 |
2023-02-08 11:13:00 | Threat group targets over 1,000 companies with screenshotting and infostealing malware (lien direct) | Researchers warn that a new threat actor has been targeting over a thousand organizations since October with the goal of deploying credential-stealing malware. The attack chain also involves reconnaissance components including a Trojan that takes screenshots of the desktops of infected computers.Tracked as TA866 by researchers from security firm Proofpoint, the group's tooling seems to have similarities to other campaigns reported in the past under different names going as far back as 2019. Even though this latest activity appears to be financially motivated, some of the possibly related attacks seen in the past suggest that espionage was also a motivation at the time.To read this article in full, please click here | Malware Threat | ★★★ | |
 |
2023-02-08 11:09:54 | (Déjà vu) Check Point 2023 Security Report: Cyberattacks reach an all-time high in response to geo-political conflict, and the rise of \'disruption and destruction\' malware (lien direct) | >The 2023 Security Report is reflecting on a chaotic year in cybersecurity. The report looks back on a tumultuous 2022, which saw cyberattacks reach an all-time high in response to the Russo-Ukrainian war. Education and Research remains the most targeted sector, but attacks on the healthcare sector registered a 74% increase year-on-year. According to the… | Malware | ★★ | |
|
2023-02-08 11:00:31 | 2023 Security Report: Cyberattacks reach an all-time high in response to geo-political conflict, and the rise of \'disruption and destruction\' malware (lien direct) | >The 2023 Security Report is reflecting on a chaotic year in cybersecurity. The report looks back on a tumultuous 2022, which saw cyberattacks reach an all-time high in response to the Russo-Ukrainian war. Education and Research remains the most targeted sector, but attacks on the healthcare sector registered a 74% increase year-on-year. According to the […] | Malware | ★★ | |
 |
2023-02-08 07:30:02 | (Déjà vu) ASEC Weekly Malware Statistics (January 30th, 2023 – February 5th, 2023) (lien direct) | The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 30th, 2023 (Monday) to February 5th, 2023 (Sunday). For the main category, downloader ranked top with 39.3%, followed by Infostealer with 28.8%, backdoor with 27.0%, ransomware with 2.6%, and CoinMiner with 2.2%. Top 1 – SmokeLoader SmokeLoader is an Infostealer/downloader malware that is distributed via exploit kits. This week, it ranked first place... | Ransomware Malware | ★★ | |
|
2023-02-08 06:00:00 | Russian hackers using new Graphiron information stealer in Ukraine (lien direct) | The Russian hacking group known as 'Nodaria' (UAC-0056) is using a new information-stealing malware called 'Graphiron' to steal data from Ukrainian organizations. [...] | Malware | ★★ | |
 |
2023-02-07 19:18:00 | New Banking Trojan Targeting 100M Pix Payment Platform Accounts (lien direct) | New malware demonstrates how threat actors are pivoting toward payment platform attacks, researchers say. | Malware Threat | ★★★ | |
 |
2023-02-07 17:23:00 | Anomali Cyber Watch: MalVirt Obfuscates with KoiVM Virtualization, IceBreaker Overlay Hides V8 Bytecode Runtime Interpretation, Sandworm Deploys Multiple Wipers in Ukraine (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Data leak, Malvertising, North Korea, Proxying, Russia, Typosquatting, Ukraine, and Wipers. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
(published: February 2, 2023)
In August-November 2022, North Korea-sponsored group Lazarus has been engaging in cyberespionage operations targeting defense, engineering, healthcare, manufacturing, and research organizations. The group has shifted their infrastructure from using domains to be solely IP-based. For initial compromise the group exploited known vulnerabilities in unpatched Zimbra mail servers (CVE-2022-27925 and CVE-2022-37042). Lazarus used off the shelf malware (Cobalt Strike, JspFileBrowser, JspSpy webshell, and WSO webshell), abused legitimate Windows and Unix tools (such as Putty SCP), and tools for proxying (3Proxy, Plink, and Stunnel). Two custom malware unique to North Korea-based advanced persistent threat actors were a new Grease version that enables RDP access on the host, and the Dtrack infostealer.
Analyst Comment: Organizations should keep their mail server and other publicly-facing systems always up-to-date with the latest security features. Lazarus Group cyberespionage attacks are often accompanied by stages of multi-gigabyte exfiltration traffic. Suspicious connections and events should be monitored, detected and acted upon. Use the available YARA signatures and known indicators.
MITRE ATT&CK: [MITRE ATT&CK] T1587.002 - Develop Capabilities: Code Signing Certificates | [MITRE ATT&CK] T1190 - Exploit Public-Facing Application | [MITRE ATT&CK] picus-security: The Most Used ATT&CK Technique—T1059 Command and Scripting Interpreter | [MITRE ATT&CK] T1569.002: Service Execution | [MITRE ATT&CK] T1106: Native API | [MITRE ATT&CK] T1505.003 - Server Software Component: Web Shell | [MITRE ATT&CK] T1037.005 - Boot or Logon Initialization Scripts: Startup Items | [MITRE ATT&CK] T1053.005 - Scheduled Task/Job: Scheduled Task | [MITRE ATT&CK] T1036.005 - Masquerading: Match Legitimate Name Or Location | [MITRE ATT&CK] T1553 - Subvert Trust Controls | [MITRE ATT&CK] T1070.004 - Indicator Removal on Host: File Deletion | [MITRE ATT&CK] T1070.007 - Indicator Removal: Clear Network Connection History And Configurations | |
Malware Tool Threat Medical Medical | APT 38 | ★★★ |
|
2023-02-07 17:21:02 | New QakNote attacks push QBot malware via Microsoft OneNote files (lien direct) | A new QBot malware campaign dubbed "QakNote" has been observed in the wild since last week, using malicious Microsoft OneNote' .one' attachments to infect systems with the banking trojan. [...] | Malware | ★★★ | |
 |
2023-02-07 12:23:54 | Malware Delivered through Google Search (lien direct) | Criminals using Google search ads to deliver malware isn’t new, but Ars Technica declared that the problem has become much worse recently. The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader. In the past, these families typically relied on phishing and malicious spam that attached Microsoft Word documents with booby-trapped macros. Over the past month, Google Ads has become the go-to place for criminals to spread their malicious wares that are disguised as legitimate downloads by impersonating brands such as Adobe Reader, Gimp, Microsoft Teams, OBS, Slack, Tor, and Thunderbird... | Spam Malware | ★★ | |
 |
2023-02-07 11:00:00 | How to protect your car dealership from cyber-attacks (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Recent trends show that car dealerships are becoming a prime target for cyber-attacks, partly due to the rise in autonomous and connected vehicles. This is in addition to more traditional attacks such as phishing. Therefore, car dealerships are urged to take measures to improve their cybersecurity posture. Throughout this article, we will focus on how to protect your car dealership from cyber-attacks, from technological solutions to raising staff awareness, and more. Why are car dealerships being targeted by cybercriminals? Car dealerships collect a significant amount of data which is often stored on-site. This data includes things like names, addresses, email addresses, phone numbers, and perhaps more importantly, financial information such as bank details and social security numbers. Gaining access to this database can be very lucrative for criminals. A cybercriminal’s life is also made much easier if a car dealership uses outdated IT infrastructure and lacks sufficient processes in terms of protecting employee login details. How are car dealerships vulnerable to cyber-attacks? Before we discuss how to protect your car dealership from a cyber-attack, it is important to know what makes a car dealership vulnerable, and what sort of attacks it could be subjected to. Open Wi-Fi networks - Many car dealerships have open Wi-Fi networks for their customers to use freely. However, this provides an opportunity for hackers who can potentially access other areas of the network that store sensitive data. Malware - Malware is possibly the most likely form of cyber-attack, targeting individuals within your organization with malicious email attachments that execute software onto the victim’s device. This software can then grant the attacker remote access to the system. Phishing - Phishing emails are much more sophisticated than they used to be, appearing much more legitimate, and targeting individuals within the company. If an email seems suspicious or is from an unknown contact, then it is advised to avoid clicking any links. User error - Unfortunately, anyone working for the car dealership, even the owner, could pose a risk to security. Perhaps using lazy passwords, or not storing log-in details in a safe place. This is why cyber security training is now becoming mandatory at most businesses. The consequences of cyber-attacks on car dealerships If a small-to-medium-sized car dealership is the victim of a cyber-attack, then it can have a much bigger impact than just a short-term financial loss. Many smaller businesses that suffer a data breach are said to go out of business within six months of such an event, losing the trust of their customer base, and failing to recover from the financial impact. Research suggests that most consumers would not purchase a car from a dealership that has had a security breach in the past. Failing to prevent a cyber-attack and a criminal from gaining access to customer information is extremely detrimental to a business’s public image. How to protect your car dealership from cyber-attacks Regardl | Data Breach Malware Vulnerability | ★★ | |
|
2023-02-07 06:00:00 | Clop ransomware flaw allowed Linux victims to recover files for months (lien direct) | The Clop ransomware gang is now also using a malware variant that explicitly targets Linux servers, but a flaw in the encryption scheme has allowed victims to quietly recover their files for free for months. [...] | Ransomware Malware | ★★★ | |
|
2023-02-06 22:11:00 | Global Ransomware Attack on VMware EXSi Hypervisors Continues to Spread (lien direct) | The fresh "ESXiArgs" malware is exploiting a 2-year-old RCE security vulnerability (tracked as CVE-2021-21974), resulting in thousands of unpatched servers falling prey to the campaign. | Ransomware Malware Vulnerability | ★★ | |
|
2023-02-06 18:06:00 | GuLoader Malware Using Malicious NSIS Executable to Target E-Commerce Industry (lien direct) | E-commerce industries in South Korea and the U.S. are at the receiving end of an ongoing GuLoader malware campaign, cybersecurity firm Trellix disclosed late last month. The malspam activity is notable for transitioning away from malware-laced Microsoft Word documents to NSIS executable files for loading the malware. Other countries targeted as part of the campaign include Germany, Saudi Arabia, | Malware | ★★ | |
 |
2023-02-06 16:41:07 | TrickGate crypter discovered after 6 years of infections (lien direct) | >New research from Check Point Research exposes a crypter that stayed undetected for six years and is responsible for several major malware infections around the globe. | Malware | ★★★ | |
|
2023-02-06 13:41:00 | FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection (lien direct) | An ongoing malvertising campaign is being used to distribute virtualized .NET loaders that are designed to deploy the FormBook information-stealing malware. "The loaders, dubbed MalVirt, use obfuscated virtualization for anti-analysis and evasion along with the Windows Process Explorer driver for terminating processes," SentinelOne researchers Aleksandar Milenkoski and Tom Hegel said in a | Malware | ★★ | |
 |
2023-02-06 12:21:32 | Album Stealer zielt auf Facebook-Nutzer ab, die nach pornografischen Inhalten suchen (lien direct) | Das Zscaler ThreatLabz-Team deckt regelmäßig neue Arten von Infostealer-Familien in verschiedenen Angriffskampagnen auf. Kürzlich stießen die Forscher auf den Infostealer namens „Album“. Die Malware ist als Fotoalbum getarnt, dass pornografische Inhalte als Köder verwendet, während im Hintergrund bösartige Aktivitäten ausgeführt werden. Dazu setzt die Malware auf eine Side-Loading-Technik, bei der legitime Anwendungen zur Ausführung bösartiger DLLs verwendet werden, um die Entdeckung zu vermeiden. Die eigentliche Aufgabe ist jedoch das Stehlen von Cookies und Anmeldeinformationen, die von den Opfern in ihren Webbrowsern gespeichert wurden. Darüber hinaus werden Informationen von Facebook Ads Manager, Facebook Business-Konten und Facebook API Graph-Seiten gestohlen. Die auf einem infizierten System gesammelten Informationen werden schließlich an einen Command-and-Control-Server geschickt. - Malware / cybersecurite_home_droite | Malware | ★ | |
 |
2023-02-06 09:04:22 | A BOLDMOVE by the Chinese Hackers: Exploiting Fortinet Systems (lien direct) | >By Nilaa MaharjanContentsKey FindingsWhich Products and Versions are Affected?Making a BOLD statementBoldly going where no malware has gone beforeDetecting BOLDMOVE using LogpointInvestigation and response with LogpointRemediation and mitigation best practicesFinal ThoughtsTL;DRFortinet disclosed a zero-day vulnerability in its FortiOS SSL-VPN products in December 2022, which was discovered to have been exploited by ransomware gangs.The vulnerability, a [...] | Ransomware Malware Vulnerability | ★★ | |
|
2023-02-06 01:00:00 | Sliver Malware With BYOVD Distributed Through Sunlogin Vulnerability Exploitations (lien direct) | Sliver is an open-source penetration testing tool developed in the Go programming language. Cobalt Strike and Metasploit are major examples of penetration testing tools used by many threat actors, and various attack cases involving these tools have been covered here on the ASEC blog. Recently, there have been cases of threat actors using Sliver in addition to Cobalt Strike and Metasploit. The ASEC (AhnLab Security Emergency response Center) analysis team is monitoring attacks against systems with either unpatched vulnerabilities or... | Malware Tool Vulnerability Threat | ★★ | |
|
2023-02-05 10:15:32 | Linux version of Royal Ransomware targets VMware ESXi servers (lien direct) | Royal Ransomware is the latest ransomware operation to add support for encrypting Linux devices to its most recent malware variants, specifically targeting VMware ESXi virtual machines. [...] | Ransomware Malware | ★★ | |
 |
2023-02-05 00:00:00 | Hunting Opaque Predicates with YARA (lien direct) |
Introduction Malware tends to obfuscate itself using many different techniques from opaque predicates, garbage code, control flow manipulation with the stack and more. These techniques definitely make analysis more challening for reverse engineers. However, from a detection and hunting standpoint to find interesting samples to reverse engineer we can leverage our knowlege of these techniques to hunt for obfuscated code. In our case today, we will be developing a yara signature to hunt for one specific technique of opaque predicates, there are many variations and situations where this does not match and should only serve as a hunting signatures as more heuristic and programitic approaches for this are better for detection. |
Malware | ★★★ | |
|
2023-02-04 19:09:00 | PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions (lien direct) | A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of 2023, is tracking it under the name PixPirate. "PixPirate belongs to the newest generation of Android banking trojan, as it can perform ATS ( | Malware | ★★★ | |
 |
2023-02-04 08:17:56 | Onenote Malware: Classification and Personal Notes (lien direct) | During the past 4 months Microsoft Onenote file format has been (ab)used as Malware carrier by different criminal groups. While the main infection vector is still on eMail side – so nothing really relevant to write on – the used techniques, the templates and the implemented code to inoculate Malware changed a lot. So it […] | Malware | ★★★ | |
 |
2023-02-04 00:27:06 | HeadCrab bots pinch 1,000+ Redis servers to mine coins (lien direct) | We devoting full time to floating under /etc A sneaky botnet dubbed HeadCrab that uses bespoke malware to mine for Monero has infected at least 1,200 Redis servers in the last 18 months.… | Malware | ★★★ | |
|
2023-02-03 20:33:00 | Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware (lien direct) | In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Some of the notable malware families that are being distributed using this method include AsyncRAT, RedLine Stealer, Agent Tesla, DOUBLEBACK, Quasar RAT, XWorm, Qakbot, BATLOADER, and FormBook. | Malware Threat | ★★ | |
|
2023-02-03 20:25:08 | Fast-evolving Prilex POS malware can block contactless payments (lien direct) | ... forcing users to insert their cards into less-secure PIN systems The reasons businesses and consumers like contactless payment transactions – high security and speed – are what make those systems bad for cybercriminals.… | Malware | ★★ | |
|
2023-02-03 16:00:00 | Scores of Redis Servers Infested by Sophisticated Custom-Built Malware (lien direct) | At least 1,200 Redis servers worldwide have been infected with "HeadCrab" cryptominers since 2021. | Malware | ★ | |
 |
2023-02-03 16:00:00 | New Credential-Stealing Campaign By APT34 Targets Middle East Firms (lien direct) | The malware had additional exfiltration techniques compared to previously studied variants | Malware | APT 34 | ★★ |
|
2023-02-03 15:26:22 | (Déjà vu) Nouveau malware SwiftSlicer déployé dans une cyberattaque contre Ukraine le Commentaire de Quest Software (lien direct) | Le 25 janvier, le groupe de recherche ESET a découvert une nouvelle cyberattaque en Ukraine. Les attaquants du groupe Sandworm ont déployé un nouveau malware nommé SwiftSlicer, qui vise à détruire l'Active Directory. Nouveau malware SwiftSlicer déployé dans une cyberattaque contre Ukraine le Commentaire de Quest Software - Malwares | Malware | ★ | |
|
2023-02-03 15:14:07 | Check Point Software Technologies Achieves... (lien direct) | Check Point Software Technologies Achieves Highest Ranking in Miercom Next Generation Firewall Benchmark Report Check Point achieves 99.7% malware block rate, 99.9% phishing prevention, and ultra-low 0.1% False Positive Detection rate - Business News | Malware | ★ | |
 |
2023-02-03 12:50:18 | Nouveau malware SwiftSlicer déployé dans une cyberattaque contre Ukraine (lien direct) | >Le 25 janvier, le groupe de recherche ESET a découvert une nouvelle cyberattaque en Ukraine. Les attaquants du groupe Sandworm ont déployé un nouveau malware nommé SwiftSlicer, qui vise à détruire l'Active Directory. The post Nouveau malware SwiftSlicer déployé dans une cyberattaque contre Ukraine first appeared on UnderNews. | Malware | ★★★ | |
 |
2023-02-03 00:00:00 | TgToxic Malware\'s Automated Framework Targets Southeast Asia Android Users (lien direct) | We look into an ongoing malware campaign we named TgToxic, targeting Android mobile users in Taiwan, Thailand, and Indonesia since July 2022. The malware steals users' credentials and assets such as cryptocurrency from digital wallets, as well as money from bank and finance apps. Analyzing the automated features of the malware, we found that the threat actor abused legitimate test framework Easyclick to write a Javascript-based automation script for functions such as clicks and gestures. | Malware Threat | ★★ | |
|
2023-02-02 19:27:14 | Malvertising attacks are distributing .NET malware loaders (lien direct) | The campaign illustrates another option for miscreants who had relied on Microsoft macros Malvertising attacks are being used to distribute virtualized .NET loaders that are highly obfuscated and dropping info-stealer malware.… | Malware | ★★ | |
|
2023-02-02 19:04:42 | Google ads push \'virtualized\' malware made for antivirus evasion (lien direct) | An ongoing Google ads malvertising campaign is spreading malware installers that leverage KoiVM virtualization technology to evade detection when installing the Formbook data stealer. [...] | Malware | ★★ | |
|
2023-02-02 15:47:00 | Supply Chain Attack by New Malicious Python Package, “web3-essential” (lien direct) | FortiGuard Labs team discovers another 0-day attack in a malicious PyPI package called “web3-essential”. See how this malware avoids suspicion and other observations. | Malware | ★★★ | |
|
2023-02-02 15:35:41 | Prilex POS malware evolves to block contactless transactions (lien direct) | >A new version of the Prilex POS malware has found a novel way to steal your credit card information. | Malware | ★★ | |
|
2023-02-02 15:23:18 | Hackers weaponize Microsoft Visual Studio add-ins to push malware (lien direct) | Security researchers warn that hackers may start using Microsoft Visual Studio Tools for Office (VSTO) more often as method to achieve persistence and execute code on a target machine via malicious Office add-ins. [...] | Malware | ★★★★★ | |
|
2023-02-02 12:59:06 | MalVirt | .NET virtualisation thrives in new malvertising attacks (lien direct) | While investigating recent malvertising (malicious advertising) attacks, SentinelLabs spotted a cluster of virtualised malware loaders that has joined the trend. Referred to as MalVirt, the loaders are implemented in .NET and use virtualisation, based on the KoiVM virtualising protector of .NET applications, in order to obfuscate their implementation and execution. Although virtualisation is popular for hacking tools and cracks, the use of KoiVM virtualisation is not often seen as an obfuscation method utilised by cybercrime threat actors. - Malware Update | Malware Threat | ★★ | |
 |
2023-02-02 12:37:34 | 1,200 Redis Servers Infected by New HeadCrab Malware for Cryptomining Operations (lien direct) | A new malware has appeared on the frontlines, targeting online Redis servers. The malware, named... | Malware | ★★ | |
|
2023-02-02 12:28:04 | HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining (lien direct) | >The sophisticated HeadCrab malware has infected at least 1,200 Redis servers and abused them for cryptomining. | Malware | ★★ | |
|
2023-02-02 12:17:00 | New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers (lien direct) | At least 1,200 Redis database servers worldwide have been corralled into a botnet using an "elusive and severe threat" dubbed HeadCrab since early September 2021. "This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers," Aqua security researcher Asaf Eitani | Malware Threat | ★ | |
|
2023-02-02 12:07:55 | Cisco fixes bug allowing malware persistence between reboots (lien direct) | Cisco has released security updates this week to address a high-severity vulnerability in the Cisco IOx application hosting environment that can be exploited in command injection attacks. [...] | Malware Vulnerability | ★★★ |
To see everything:
Our RSS (filtrered)
