What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-14 09:44:19 | New stealthy \'Beep\' malware focuses heavily on evading detection (lien direct) | A new stealthy malware named 'Beep' was discovered last week, featuring many features to evade analysis and detection by security software. [...] | Malware | ★★ | |
 |
2023-02-14 09:18:39 | New Picus Red Report warns of “Swiss Army knife” malware (lien direct) | New Picus Red Report warns of “Swiss Army knife” malware Latest multi-purpose malware is adept for evasion, lateral movement, and data encryption - Special Reports | Malware | ★★ | |
 |
2023-02-14 00:30:11 | Pepsi Bottling Ventures says info-stealing malware swiped sensitive data (lien direct) | That's not what I like Crooks have breached Pepsi Bottling Ventures' network and, after deploying info-stealing malware, made off with sensitive personal and financial information according to a notification sent to consumers.… | Malware | ★ | |
 |
2023-02-13 21:03:59 | ~11,000 sites have been infected with malware that\'s good at avoiding detection (lien direct) | It's not clear precisely how the WordPress sites become infected in the first place. | Malware | ★★ | |
 |
2023-02-13 17:17:33 | Pepsi Bottling Ventures Breached Following Malware Attack (lien direct) | Following a network intrusion in which information-stealing malware was installed, and data was extracted, Pepsi Bottling Ventures LLC, one of the largest bottlers of Pepsi-Cola beverages in the United States, experienced a data breach. Although the security lapse occurred on December 23, 2022, it was uncovered on January 10, 2023. The scope of the breach […] | Malware | ★★★ | |
 |
2023-02-13 13:14:00 | Hackers Targeting U.S. and German Firms Monitor Victims\' Desktops with Screenshotter (lien direct) | A previously unknown threat actor has been targeting companies in the U.S. and Germany with bespoke malware designed to steal confidential information. Enterprise security company Proofpoint, which is tracking the activity cluster under the name Screentime, said the group, dubbed TA866, is likely financially motivated. "TA866 is an organized actor able to perform well thought-out attacks at | Malware Threat | ★★★ | |
 |
2023-02-13 12:50:27 | Cybercriminals target fans of The Last of Us with recent malware and phishing scams (lien direct) | Hackers and scammers have recently been taking advantage of the excitement surrounding HBO's new adaption of the popular video game franchise The Last of Us. Technology expert Prateek Jha from VPNOverview.com warns fans of the franchise of the two scams circulating right now. Recently, Kaspersky researchers shared with VPNOverview details of two separate campaigns - a scam designed […] | Malware | ★★ | |
|
2023-02-13 12:38:07 | LockBit\'s Royal Mail ransom deadline flies by. No data released (lien direct) | Also: Russian wiper malware authors turn to data theft, plus this week's critical vulns in brief The notorious LockBit ransomware gang has taken credit for an attack on the Royal Mail – but a deadline it gave for payment has come and gone with nothing exposed to the web except the group's claims.… | Ransomware Malware | ★★ | |
 |
2023-02-13 11:00:23 | January 2023\'s Most Wanted Malware: Infostealer Vidar Makes a Return while Earth Bogle njRAT Malware Campaign Strikes (lien direct) | >Check Point Research reports that infostealer Vidar made its return to the top ten list in January, reaching seventh place, while major campaign dubbed Earth Bogle delivered njRAT malware to targets across the Middle East and North Africa Our latest Global Threat Index for January 2023 saw infostealer Vidar return to the top ten… | Malware Threat | ★★ | |
|
2023-02-13 05:33:19 | Pepsi Bottling Ventures suffers data breach after malware attack (lien direct) | Pepsi Bottling Ventures LLC suffered a data breach caused by a network intrusion that resulted in the installation of information-stealing malware and the extraction of data from its IT systems. [...] | Data Breach Malware | ★★ | |
 |
2023-02-13 00:10:00 | AsyncRAT Being Distributed as Windows Help File (*.chm) (lien direct) | The distribution method of malware has been diversifying as of late. Among these methods, a malware strain that uses the Windows Help file (*.chm) has been on the rise since last year, and has been covered multiple times in ASEC blog posts like the ones listed below. Recently, the distribution of AsyncRAT through CHM has been confirmed. The overall operation process is shown in Figure 1, and each step will be explained below. First, unlike the types covered in the... | Malware | ★★ | |
|
2023-02-12 10:12:24 | Devs targeted by W4SP Stealer malware in malicious PyPi packages (lien direct) | Five malicious packages were found on the Python Package Index (PyPI), stealing passwords, Discord authentication cookies, and cryptocurrency wallets from unsuspecting developers. [...] | Malware | ★★ | |
|
2023-02-11 16:41:00 | Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users (lien direct) | Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts. The attackers "use several highly obfuscated and under-development custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer," Trend Micro researchers Aliakbar | Malware Threat Prediction | ★★ | |
 |
2023-02-10 16:05:20 | Microsoft OneNote Abuse for Malware Delivery Surges (lien direct) | >Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns. | Malware | ★★ | |
 |
2023-02-10 16:00:00 | Malicious Npm Package Uses Typosquatting, Downloads Malware (lien direct) | Reversing Labs said aabquerys was able to download second- and third-stage malware payloads | Malware | ★★★ | |
 |
2023-02-10 14:00:00 | Six Common Ways That Malware Strains Get Their Names (lien direct) | >You’re likely familiar with the names of common malware strains such as MOUSEISLAND, Agent Tesla and TrickBot. But do you know how new malware threats get their names? As a cybersecurity writer, I quickly add new strains to my vocabulary. But I never knew how they came to have those names in the first place. […] | Malware | ★★★ | |
|
2023-02-10 07:24:07 | US, UK slap sanctions on Russians linked to Conti, Ryuk, Trickbot malware (lien direct) | Any act that sends so much as a ruble to seven named netizens now forbidden The US and UK have sanctioned seven Russians for their alleged roles in disseminating Conti and Ryuk ransomware and the Trickbot banking trojan.… | Ransomware Malware | ★★ | |
|
2023-02-09 17:05:17 | Hackers Bypass ChatGPT Restrictions Via Telegram Bots (lien direct) | Researchers revealed on Wednesday that hackers had found a means to get beyond ChatGPT’s limitations and are using it to market services that let users produce malware and phishing emails. ChatGPT is a chatbot that imitates human output by using artificial intelligence to respond to inquiries and carry out tasks. People can use it to […] | Malware | ChatGPT | ★★ |
|
2023-02-09 16:34:47 | Hackers use fake crypto job offers to push info-stealing malware (lien direct) | A campaign operated by Russian threat actors uses fake job offers to target Eastern Europeans working in the cryptocurrency industry, aiming to infect them with a modified version of the Stealerium malware named 'Enigma.' [...] | Malware Threat | ★★ | |
|
2023-02-09 16:08:00 | Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms (lien direct) | The Gootkit malware is prominently going after healthcare and finance organizations in the U.S., U.K., and Australia, according to new findings from Cybereason. The cybersecurity firm said it investigated a Gootkit incident in December 2022 that adopted a new method of deployment, with the actors abusing the foothold to deliver Cobalt Strike and SystemBC for post-exploitation. "The threat actor | Malware Threat | ★★★ | |
|
2023-02-09 15:48:25 | Check Point Software Releases its 2023 Security Report Highlighting Rise in Cyberattacks and Disruptive Malware (lien direct) | Check Point Software Releases its 2023 Security Report Highlighting Rise in Cyberattacks and Disruptive Malware Geo-political conflict triggers increase in cyberattacks and the rise of 'disruption and destruction' malware - Malware Update | Malware | ★ | |
|
2023-02-09 15:30:00 | US and UK Sanction Seven Russian Cyber-Criminals (lien direct) | The seven Russian nationals are members of the notorious Trickbot malware gang | Malware | ★★ | |
 |
2023-02-09 13:52:13 | Malware Analysis: LummaC2 Stealer (lien direct) | >By SOCRadar Research In our article about Stealer-as-a-Service, as the SOCRadar Research team, we looked at Lumma... | Malware | ★★★★ | |
|
2023-02-09 13:01:38 | Russian Hackers Steal Data In Ukraine With New Graphiron Malware (lien direct) | There is evidence that hackers with ties to Russia are using new software designed to steal information to launch attacks against Ukraine. This malware, discovered by the Computer Emergency Response Team of Ukraine (CERT-UA) and dubbed Graphiron by Broadcom-owned Symantec, was developed by an espionage group called Nodaria and is known as UAC-0056. According to […] | Malware | ★★ | |
|
2023-02-09 12:39:25 | Hacker develops new \'Screenshotter\' malware to find high-value targets (lien direct) | A new threat actor tracked as TA886 targets organizations in the United States and Germany with new custom malware to perform surveillance and data theft on infected systems. [...] | Malware Threat | ★★ | |
|
2023-02-09 11:00:00 | ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware (lien direct) | >There have been some new developments in the case of the ESXiArgs ransomware attacks, including related to the encryption method used by the malware, victims, and the vulnerability exploited by the hackers. After the US Cybersecurity and Infrastructure Security Agency (CISA) announced the availability of an open source tool designed to help some victims of […] | Ransomware Malware Tool Vulnerability | ★★★ | |
|
2023-02-09 10:21:02 | U.S. and U.K. sanction TrickBot and Conti ransomware operation members (lien direct) | The United States and the United Kingdom have sanctioned seven Russian individuals for their involvement in the TrickBot cybercrime group, whose malware was used to support attacks by the Conti and Ryuk ransomware operation. [...] | Ransomware Malware | ★ | |
 |
2023-02-09 09:45:00 | Transforming Threat Data into Actionable Intelligence (lien direct) | Introduction In today's digital age, the threat of cyber-attacks is greater than ever. Traditional security operations, which have focused on reactive measures such as patching vulnerabilities and responding to breaches, are no longer sufficient to meet the challenges of the modern threat landscape. As a result, security organizations are shifting their focus to proactive measures to stay ahead of emerging threats. This shift towards proactive security operations is the focus of a new five-article series written by analysts at TAG Cyber. The series examines the latest trends and challenges for cybersecurity teams and explores the cutting-edge solutions that are helping security organizations become more proactive in their defense against cyber-attacks. Anomali's solutions are important in helping security operations (secops) teams move from a reactive to a proactive security program. Anomali, a leading threat intelligence provider and incident management software, offers a viable solution. Anomali's platform enables security teams to quickly and easily identify and respond to emerging threats by providing real-time visibility into the latest cyber threats and vulnerabilities, allowing organizations to take proactive measures to protect themselves from potential attacks instead of simply reacting to breaches after they have occurred. The series also delves into the strategies and technologies that can help CISOs and secops teams improve their operations. Anomali's platform is a key element in integrating threat intelligence with other technologies, such as Extended Detection and Response (XDR) and Attack Surface Management (ASM), to enhance the overall security posture of an organization. Additionally, Anomali's solutions assist with digital risk protection (DRP) in identifying and mitigating the risks associated with third-party vendors and partners. In summary, the series provides an in-depth look at the latest strategies and technologies to help CISOs and security teams become more proactive in their defense against cyber attacks. Anomali's solutions play a crucial role in this shift and assist organizations in identifying and mitigating emerging threats, integrating with other technologies, while addressing the skills gap. Article 1: Transforming Threat Data into Actionable Intelligence Christopher R. Wilder, TAG Cyber This article is the first in a series of guest blogs written by TAG Cyber analysts in conjunction with our colleagues at Anomali. Our five-part series of blogs focus on how threat-intelligence management integrates with extended detection and response (XDR) to increase operational efficiencies in an enterprise security operations environment and drive actionable prevention, detection, and response. The commercial Anomali platform demonstrates how integration between threat intelligence and XDR can work in the field. Threat intelligence is divided into three main categories: strategic, operational, and tactical. Strategic threat intelligence focuses on understanding the overall threat landscape and identifying long-term trends. It informs strategic decisions and helps organizations understand the potential risks they face. Operational threat intelligence identifies and responds to specific threats in real-time. It informs an organization’s day-to-day operations and helps protect against immediate threats. Tactical threat intelligence provides detailed information about specific threats, such as the tools, techniques, and procedures used by attackers. It also apprises tactical decisions and helps organizations respond to incidents. Threat intelligence is essential to any security program, providing organizations with the information they need to identify and respond to potential threats proactively. Threat intelligence provides operational and tactical threat intelligence to help organizations respond to specific dangers in real-time an | Malware Threat Patching Guideline | ★★★ | |
 |
2023-02-09 09:00:00 | VMware ESXi server ransomware evolves, after recovery script released (lien direct) | After the FBI and CISA on Wednesday released a recovery script for organizations affected by a massive ransomware attack targeting VMWare ESXi servers worldwide, reports surfaced that the malware evolved in a way that made earlier recovery procedures ineffective.The attacks, aimed at VMware's ESXi bare metal hypervisor, were first made public February 3 by the French Computer Emergency Response Team (CERT-FR), and target ESXi instances running older versions of the software, or those that have not been patched to current standards. Some 3,800 servers have been affected globally, CISA and the FBI said.To read this article in full, please click here | Ransomware Malware | ★★★ | |
 |
2023-02-09 07:58:00 | HTML smuggling campaigns impersonate well-known brands to deliver malware (lien direct) | Trustwave SpiderLabs researchers have cited an increased prevalence of HTML smuggling activity whereby cybercriminal groups abuse the versatility of HTML in combination with social engineering to distribute malware. The firm has detailed four recent HTML smuggling campaigns attempting to lure users into saving and opening malicious payloads, impersonating well-known brands such as Adobe Acrobat, Google Drive, and the US Postal Service to increase the chances of users falling victim.HTML smuggling uses HTML5 attributes that can work offline by storing a binary in an immutable blob of data (or embedded payload) within JavaScript code, which is decoded into a file object when opened via a web browser. It is not a new attack method, but it has grown in popularity since Microsoft started blocking macros in documents from the internet by default, Trustwave SpiderLabs wrote. The four malware strains that have recently been detected using HTML smuggling in their infection chain are Cobalt Strike, Qakbot, IcedID, and Xworm RAT, the firm added.To read this article in full, please click here | Malware | ★★ | |
 |
2023-02-08 22:31:00 | CISA Releases Recovery Script for Victims of ESXiArgs Ransomware (lien direct) | The malware has affected thousands of VMware ESXi hypervisors in the last few days. | Ransomware Malware | ★★★ | |
|
2023-02-08 21:30:12 | Among the thousands of ESXiArgs ransomware victim orgs? FBI and CISA to the rescue (lien direct) | The malware has hit more than 3,800 servers globally, according to the Feds The US Cybersecurity and Infrastructure Security Agency (CISA) has released a recovery script to help companies whose servers were scrambled in the recent ESXiArgs ransomware outbreak.… | Ransomware Malware | ★★★ | |
 |
2023-02-08 21:17:09 | New info-stealing malware used against Ukraine organizations (lien direct) |  A new information-stealing malware named Graphiron is being used against a wide range of targets in Ukraine, according to new research. Researchers from Symantec declined to say which sorts of organizations are being targeted but confirmed that the attacks are being launched by an espionage group named Nodaria. They added that there is “limited evidence” [… |
Malware | ★★★ | |
|
2023-02-08 20:42:52 | Hackers used fake websites to target state agencies in Ukraine and Poland (lien direct) |  Hackers attempted last week to infect Ukrainian government computer systems with malware hosted on fake websites impersonating legitimate state services. Ukraine's computer emergency response team, CERT-UA, attributed the attack to a group called WinterVivern. The group has been active since at least June and includes Russian-speaking members. In addition to its Ukrainian targets, it has [… |
Malware | ★★★ | |
 |
2023-02-08 18:54:03 | Hackers are selling a service that bypasses ChatGPT restrictions on malware (lien direct) | ChatGPT restrictions on the creation of illicit content are easy to circumvent. | Malware | ChatGPT | ★★★ |
 |
2023-02-08 16:33:06 | Attackers increasingly use Microsoft\'s OneNote to deliver QakBot malware (lien direct) | Pas de details / No more details | Malware | ★★ | |
|
2023-02-08 16:31:00 | Russian Hackers Using Graphiron Malware to Steal Data from Ukraine (lien direct) | A Russia-linked threat actor has been observed deploying a new information-stealing malware in cyber attacks targeting Ukraine. Dubbed Graphiron by Broadcom-owned Symantec, the malware is the handiwork of an espionage group known as Nodaria, which is tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0056. "The malware is written in Go and is designed to harvest a wide | Malware Threat | ★★ | |
|
2023-02-08 13:09:54 | (Déjà vu) Malicious Dota 2 game mods infected players with malware (lien direct) | Security researchers have discovered four malicious Dota 2 game mods that were used by a threat actor to backdoor the players' systems. [...] | Malware Threat | ★★★ | |
|
2023-02-08 13:09:54 | Malicious Dota 2 game modes infected players with malware (lien direct) | Security researchers have discovered four malicious Dota 2 game modes that were used by a threat actor to backdoor the players' systems. [...] | Malware Threat | ★★★ | |
|
2023-02-08 13:00:00 | Android 14 to block malware from abusing sensitive permissions (lien direct) | Google has announced the release of the first developer preview for Android 14, the next major version of the world's most popular mobile operating system, which comes with security and privacy enhancements, among other things. [...] | Malware | ★★★★ | |
 |
2023-02-08 12:41:00 | Supply Chain Attack via New Malicious Python Packages by Malware Author Core1337 (lien direct) | The FortiGuard Labs team recently discovered various new 0-day attacks in PyPI packages by malware author, "Core1337". Read to learn more about these malicious supply chain attacks. | Malware | ★★ | |
|
2023-02-08 11:57:08 | A Deep Dive Into the Growing GootLoader Threat (lien direct) | >Cybereason GootLoader as a 'severe' threat, as the malware uses a combination of evasion and living off the land techniques, making its presence difficult to dectec. | Malware Threat | ★★ | |
|
2023-02-08 11:13:00 | Threat group targets over 1,000 companies with screenshotting and infostealing malware (lien direct) | Researchers warn that a new threat actor has been targeting over a thousand organizations since October with the goal of deploying credential-stealing malware. The attack chain also involves reconnaissance components including a Trojan that takes screenshots of the desktops of infected computers.Tracked as TA866 by researchers from security firm Proofpoint, the group's tooling seems to have similarities to other campaigns reported in the past under different names going as far back as 2019. Even though this latest activity appears to be financially motivated, some of the possibly related attacks seen in the past suggest that espionage was also a motivation at the time.To read this article in full, please click here | Malware Threat | ★★★ | |
|
2023-02-08 11:09:54 | (Déjà vu) Check Point 2023 Security Report: Cyberattacks reach an all-time high in response to geo-political conflict, and the rise of \'disruption and destruction\' malware (lien direct) | >The 2023 Security Report is reflecting on a chaotic year in cybersecurity. The report looks back on a tumultuous 2022, which saw cyberattacks reach an all-time high in response to the Russo-Ukrainian war. Education and Research remains the most targeted sector, but attacks on the healthcare sector registered a 74% increase year-on-year. According to the… | Malware | ★★ | |
|
2023-02-08 11:00:31 | 2023 Security Report: Cyberattacks reach an all-time high in response to geo-political conflict, and the rise of \'disruption and destruction\' malware (lien direct) | >The 2023 Security Report is reflecting on a chaotic year in cybersecurity. The report looks back on a tumultuous 2022, which saw cyberattacks reach an all-time high in response to the Russo-Ukrainian war. Education and Research remains the most targeted sector, but attacks on the healthcare sector registered a 74% increase year-on-year. According to the […] | Malware | ★★ | |
|
2023-02-08 07:30:02 | (Déjà vu) ASEC Weekly Malware Statistics (January 30th, 2023 – February 5th, 2023) (lien direct) | The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 30th, 2023 (Monday) to February 5th, 2023 (Sunday). For the main category, downloader ranked top with 39.3%, followed by Infostealer with 28.8%, backdoor with 27.0%, ransomware with 2.6%, and CoinMiner with 2.2%. Top 1 – SmokeLoader SmokeLoader is an Infostealer/downloader malware that is distributed via exploit kits. This week, it ranked first place... | Ransomware Malware | ★★ | |
|
2023-02-08 06:00:00 | Russian hackers using new Graphiron information stealer in Ukraine (lien direct) | The Russian hacking group known as 'Nodaria' (UAC-0056) is using a new information-stealing malware called 'Graphiron' to steal data from Ukrainian organizations. [...] | Malware | ★★ | |
|
2023-02-07 19:18:00 | New Banking Trojan Targeting 100M Pix Payment Platform Accounts (lien direct) | New malware demonstrates how threat actors are pivoting toward payment platform attacks, researchers say. | Malware Threat | ★★★ | |
|
2023-02-07 17:23:00 | Anomali Cyber Watch: MalVirt Obfuscates with KoiVM Virtualization, IceBreaker Overlay Hides V8 Bytecode Runtime Interpretation, Sandworm Deploys Multiple Wipers in Ukraine (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Data leak, Malvertising, North Korea, Proxying, Russia, Typosquatting, Ukraine, and Wipers. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
(published: February 2, 2023)
In August-November 2022, North Korea-sponsored group Lazarus has been engaging in cyberespionage operations targeting defense, engineering, healthcare, manufacturing, and research organizations. The group has shifted their infrastructure from using domains to be solely IP-based. For initial compromise the group exploited known vulnerabilities in unpatched Zimbra mail servers (CVE-2022-27925 and CVE-2022-37042). Lazarus used off the shelf malware (Cobalt Strike, JspFileBrowser, JspSpy webshell, and WSO webshell), abused legitimate Windows and Unix tools (such as Putty SCP), and tools for proxying (3Proxy, Plink, and Stunnel). Two custom malware unique to North Korea-based advanced persistent threat actors were a new Grease version that enables RDP access on the host, and the Dtrack infostealer.
Analyst Comment: Organizations should keep their mail server and other publicly-facing systems always up-to-date with the latest security features. Lazarus Group cyberespionage attacks are often accompanied by stages of multi-gigabyte exfiltration traffic. Suspicious connections and events should be monitored, detected and acted upon. Use the available YARA signatures and known indicators.
MITRE ATT&CK: [MITRE ATT&CK] T1587.002 - Develop Capabilities: Code Signing Certificates | [MITRE ATT&CK] T1190 - Exploit Public-Facing Application | [MITRE ATT&CK] picus-security: The Most Used ATT&CK Technique—T1059 Command and Scripting Interpreter | [MITRE ATT&CK] T1569.002: Service Execution | [MITRE ATT&CK] T1106: Native API | [MITRE ATT&CK] T1505.003 - Server Software Component: Web Shell | [MITRE ATT&CK] T1037.005 - Boot or Logon Initialization Scripts: Startup Items | [MITRE ATT&CK] T1053.005 - Scheduled Task/Job: Scheduled Task | [MITRE ATT&CK] T1036.005 - Masquerading: Match Legitimate Name Or Location | [MITRE ATT&CK] T1553 - Subvert Trust Controls | [MITRE ATT&CK] T1070.004 - Indicator Removal on Host: File Deletion | [MITRE ATT&CK] T1070.007 - Indicator Removal: Clear Network Connection History And Configurations | |
Malware Tool Threat Medical Medical | APT 38 | ★★★ |
|
2023-02-07 17:21:02 | New QakNote attacks push QBot malware via Microsoft OneNote files (lien direct) | A new QBot malware campaign dubbed "QakNote" has been observed in the wild since last week, using malicious Microsoft OneNote' .one' attachments to infect systems with the banking trojan. [...] | Malware | ★★★ |
To see everything:
Our RSS (filtrered)
