Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2023-01-06 15:44:09 |
Many of 13 New Mac Malware Families Discovered in 2022 Linked to China (lien direct) |
More than a dozen new Mac malware families were discovered in 2022, including information stealers, cryptocurrency miners, loaders, and backdoors, and many of them have been linked to China.
|
Malware
|
|
★★★★
|
|
2023-01-06 13:36:58 |
Russian Turla Cyberspies Leveraged Other Hackers\' USB-Delivered Malware (lien direct) |
In a recent attack against a Ukrainian organization, Russian state-sponsored threat actor Turla leveraged legacy Andromeda malware likely deployed by other hackers via an infected USB drive, Mandiant reports.
|
Malware
Threat
|
|
★★
|
|
2023-01-03 12:50:38 |
Malware Delivered to PyTorch Users in Supply Chain Attack (lien direct) |
Last week's nightly builds of the open source machine learning framework PyTorch were injected with malware following a supply chain attack.
Now part of the Linux Foundation umbrella, PyTorch is based on the Torch library and is used for applications in computer vision and natural language processing fields.
|
Malware
|
|
★
|
|
2022-12-20 11:41:31 |
New \'RisePro\' Infostealer Increasingly Popular Among Cybercriminals (lien direct) |
A recently identified information stealer named 'RisePro' is being distributed by pay-per-install malware downloader service 'PrivateLoader', cyberthreat firm Flashpoint reports.
Written in C++, RisePro harvests potentially sensitive information from the compromised machines and then attempts to exfiltrate it as logs.
|
Malware
|
|
★★
|
|
2022-12-01 17:17:52 |
Wipers Are Widening: Here\'s Why That Matters (lien direct) |
In the first half of this year, researchers saw a rising trend of wiper malware being deployed in parallel with the Russia-Ukraine war. However, those wipers haven't stayed in one place – they're emerging globally, which underscores the fact that cybercrime knows no borders.
|
Malware
|
|
★★★
|
|
2022-11-30 11:07:46 |
Self-Replicating Malware Used by Chinese Cyberspies Spreads via USB Drives (lien direct) |
A China-linked cyberespionage group tracked as UNC4191 has been observed using self-replicating malware on USB drives to infect targets, and the technique could allow them to steal data from air-gapped systems, Google-owned Mandiant reports.
|
Malware
|
|
★★★
|
|
2022-11-22 11:49:59 |
Cisco Secure Email Gateway Filters Bypassed Due to Malware Scanner Issue (lien direct) |
An anonymous researcher has disclosed several methods that can be used to bypass some of the filters in Cisco's Secure Email Gateway appliance and deliver malware using specially crafted emails.
|
Malware
|
|
★★★★
|
|
2022-11-18 12:31:59 |
Microsoft Warns of Cybercrime Group Delivering Royal Ransomware, Other Malware (lien direct) |
A threat actor tracked as DEV-0569 and known for the distribution of various malicious payloads was recently observed updating its delivery methods, Microsoft warns.
|
Malware
Threat
|
|
|
|
2022-11-18 12:06:24 |
Omron PLC Vulnerability Exploited by Sophisticated ICS Malware (lien direct) |
A critical vulnerability has not received the attention it deserves
|
Malware
Vulnerability
|
|
|
|
2022-11-17 09:39:05 |
Magento Vulnerability Increasingly Exploited to Hack Online Stores (lien direct) |
E-commerce malware and vulnerability detection firm Sansec warns of a surge in cyberattacks targeting CVE-2022-24086, a critical mail template vulnerability affecting Adobe Commerce and Magento stores.
|
Malware
Hack
Vulnerability
|
|
|
|
2022-11-09 19:18:30 |
Microsoft Patches MotW Zero-Day Exploited for Malware Delivery (lien direct) |
Microsoft's latest Patch Tuesday updates address six zero-day vulnerabilities, including one related to the Mark-of-the-Web (MotW) security feature that has been exploited by cybercriminals to deliver malware.
|
Malware
|
|
|
|
2022-11-09 14:01:34 |
Attackers Using IPFS for Distributed, Bulletproof Malware Hosting (lien direct) |
The InterPlanetary File System (IPFS), considered one of the building blocks of web3, is increasingly being used to provide hidden bulletproof hosting for malware.
“Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks,” say researchers at Cisco Talos.
|
Malware
|
|
|
|
2022-11-07 18:14:23 |
Microsoft: China Flaw Disclosure Law Part of Zero-Day Exploit Surge (lien direct) |
The world's largest software maker is warning that China-based nation state threat actors are taking advantage of a one-year-old law to “stockpile” zero-days for use in sustained malware attacks.
|
Malware
Threat
|
|
|
|
2022-11-03 19:14:10 |
Offense Gets the Glory, but Defense Wins the Game (lien direct) |
When it comes to cybercriminals, defense evasion remains the top tactic globally. In fact, it was the most employed tactic by malware developers in the past six months – and they're often using system binary proxy execution to do so. Hiding malicious intentions is one of the most important actions for adversaries. Therefore, they are attempting to evade defenses by masking malicious intention and attempting to hide commands using a legitimate certificate.
|
Malware
|
|
|
|
2022-11-03 10:14:02 |
Over 250 US News Websites Deliver Malware via Supply Chain Attack (lien direct) |
Hundreds of regional and national news websites in the United States are delivering malware as a result of a supply chain attack involving one of their service providers.
|
Malware
|
|
|
|
2022-10-25 21:05:19 |
US Charges Ukrainian \'Raccoon Infostealer\' With Cybercrimes (lien direct) |
A Ukrainian man has been charged with computer fraud for allegedly infecting millions of computers with malware in a cybercrime operation known as "Raccoon Infostealer," the US Justice Department said Tuesday.
|
Malware
|
|
|
|
2022-10-21 10:28:32 |
CISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by Malware (lien direct) |
The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a Linux kernel flaw to its Known Exploited Vulnerabilities Catalog and instructed federal agencies to address it within three weeks.
|
Malware
Vulnerability
|
|
|
|
2022-10-17 15:55:24 |
Zimbra Patches Under-Attack Code Execution Bug (lien direct) |
Messaging and collaboration software maker Zimbra has rushed out patches to provide cover for a code execution flaw that has already been exploited to plant malware on target machines.
|
Malware
|
|
|
|
2022-10-12 12:19:36 |
QBot Malware Infects Over 800 Corporate Users in New, Ongoing Campaign (lien direct) |
More than 800 corporate users have been infected in a new QBot malware distribution campaign since September 28, Kaspersky warns.
|
Malware
|
|
|
|
2022-09-29 17:05:59 |
North Korean Gov Hackers Caught Rigging Legit Software (lien direct) |
Threat hunters at Microsoft have intercepted a notorious North Korean government hacking group lacing legitimate open source software with custom malware capable of data theft, espionage, financial gain and network destruction.
|
Malware
|
|
|
|
2022-09-27 18:44:39 |
Researchers Crowdsourcing Effort to Identify Mysterious Metador APT (lien direct) |
Cybersecurity sleuths at SentinelLabs are calling on the wider threat hunting community to help decipher a new mysterious malware campaign hitting telcos, ISPs and universities in the Middle East and Africa.
|
Malware
Threat
|
|
|
|
2022-09-27 13:24:21 |
New Infostealer Malware \'Erbium\' Offered as MaaS for Thousands of Dollars (lien direct) |
Security researchers are warning of a new information stealer named Erbium being distributed under the Malware-as-a-Service (MaaS) model.
The threat made its initial appearance in late July, when a Russian speaking threat actor started advertising it on a dark web forum.
|
Malware
Threat
|
|
|
|
2022-09-21 10:14:28 |
VMware Warns of \'ChromeLoader\' Delivering Ransomware, Destructive Malware (lien direct) |
VMware's Carbon Black team warns that the ChromeLoader malware is now delivering malware such as ZipBomb and the Enigma ransomware to business services and government organizations.
|
Ransomware
Malware
|
|
|
|
2022-09-14 11:45:00 |
Malware Infects Magento-Powered Stores via FishPig Distribution Server (lien direct) |
For the past several weeks, Magento stores have been injected with malware via a supply chain attack that targeted the FishPig distribution server.
Specialized in Magento optimizations and Magento-WordPress integrations, FishPig offers various Magento extensions that have gathered over 200,000 downloads.
|
Malware
|
|
|
|
2022-09-13 10:15:39 |
Spyware, Ransomware, Cryptojacking Malware Increasingly Detected on ICS Devices (lien direct) |
Spyware, ransomware and cryptojacking malware have been increasingly detected on industrial control system (ICS) computers, according to data collected in the first half of 2022 by cybersecurity firm Kaspersky.
|
Ransomware
Malware
|
|
|
|
2022-09-08 18:01:32 |
New \'Shikitega\' Linux Malware Grabs Complete Control of Infected Systems (lien direct) |
Security researchers with AT&T Alien Labs are warning of a new piece of malware that can take full control of infected Linux systems, including Internet of Things (IoT) devices.
|
Malware
|
|
|
|
2022-08-25 10:16:06 |
Microsoft Details New Post-Compromise Malware Used by Russian Cyberspies (lien direct) |
Microsoft this week published technical details on 'MagicWeb', a new post-exploitation tool used by Russia-linked cyberespionage group APT29.
|
Malware
Tool
|
APT 29
|
|
|
2022-08-18 12:54:17 |
North Korean Hackers Use Fake Job Offers to Deliver New macOS Malware (lien direct) |
Researchers with cybersecurity company ESET have observed a new macOS malware sample developed by the infamous North Korean advanced persistent threat (APT) actor Lazarus.
|
Malware
Threat
|
APT 38
|
|
|
2022-08-18 11:41:44 |
Evasive \'DarkTortilla\' Crypter Delivers RATs, Targeted Malware (lien direct) |
Secureworks security researchers have analyzed 'DarkTortilla', a .NET-based crypter used to deliver both popular malware and targeted payloads.
|
Malware
|
|
|
|
2022-08-17 14:25:29 |
81% of Malware Seen on USB Drives in Industrial Facilities Can Disrupt ICS: Honeywell (lien direct) |
|
Malware
|
|
|
|
2022-08-15 09:59:25 |
Chinese Cyberspies Use Supply Chain Attack to Deliver Windows, macOS Malware (lien direct) |
China-linked cyberespionage group Iron Tiger was observed using the compromised servers of a chat application for the delivery of malware to Windows and macOS systems, Trend Micro reports.
|
Malware
|
APT 27
|
|
|
2022-08-08 13:29:22 |
Meta Disrupted Two Cyberespionage Operations in South Asia (lien direct) |
Facebook's parent company Meta took action earlier this year against two cross-platform cyberespionage operations that relied on various online services for malware distribution.
|
Malware
|
|
|
|
2022-08-08 11:17:56 |
(Déjà vu) US, Australian Cybersecurity Agencies Publish List of 2021\'s Top Malware (lien direct) |
The US Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) have published a joint advisory to detail the top malware strains of 2021.
|
Malware
|
|
|
|
2022-08-04 10:33:22 |
VirusTotal Data Shows How Malware Distribution Leverages Legitimate Sites, Apps (lien direct) |
Google-owned malware analysis service VirusTotal has published a report showing how threat actors abuse trust to bypass defenses and deliver their malware.
According to data collected by VirusTotal, legitimate websites and applications are often leveraged for malware delivery.
|
Malware
Threat
|
|
|
|
2022-07-27 11:15:16 |
Dozens of \'Luca Stealer\' Malware Samples Emerge After Source Code Made Public (lien direct) |
Security researchers have observed an uptick in new Luca Stealer samples after the malware's source code was made public.
Coded in Rust, the malware was initially observed in early July 2022, when its developer posted the source code on cybercrime forums, likely in an effort to boost their reputation.
|
Malware
|
|
|
|
2022-07-22 15:22:47 |
Intezer Documents Powerful \'Lightning Framework\' Linux Malware (lien direct) |
Security researchers at Intezer are documenting the discovery of a powerful piece of Linux malware that can stay undetected and has the ability to install rootkits.
|
Malware
|
|
|
|
2022-07-21 13:31:37 |
USCYBERCOM Releases IoCs for Malware Targeting Ukraine (lien direct) |
The United States Cyber Command (USCYBERCOM) this week released indicators of compromise (IoCs) associated with malware families identified in recent attacks targeting Ukraine.
|
Malware
|
|
|
|
2022-07-20 15:03:45 |
Google, EU Warn of Malicious Russian Cyber Activity (lien direct) |
Russia-linked Turla threat actor spotted using Android malware for first time
Google and the European Union have issued separate warnings this week over Russian cyberattacks and misinformation campaigns.
|
Malware
Threat
|
|
|
|
2022-07-19 15:28:29 |
New \'CloudMensis\' macOS Spyware Used in Targeted Attacks (lien direct) |
Researchers at cybersecurity company ESET have analyzed a previously undocumented macOS malware that appears to have been used in targeted attacks to steal valuable information from compromised systems.
|
Malware
|
|
★★★★
|
|
2022-07-19 13:20:21 |
Ongoing \'Roaming Mantis\' Smishing Campaign Hits Over 70,000 Users in France (lien direct) |
A Chinese threat actor named Roaming Mantis has been targeting Android users in France with the MoqHao malware in a new smishing campaign, security researchers with Sekoia warn.
|
Malware
Threat
|
|
|
|
2022-07-18 12:10:24 |
PLC and HMI Password Cracking Tools Deliver Malware (lien direct) |
Tools advertised as being capable of cracking passwords for HMIs, PLCs and other industrial products have been found to exploit a zero-day vulnerability, and threat actors are using these tools to deliver malware.
|
Malware
Threat
|
|
|
|
2022-07-11 12:07:04 |
\'Raspberry Robin\' Windows Worm Abuses QNAP Devices (lien direct) |
A recently discovered Windows worm is abusing compromised QNAP network-attached storage (NAS) devices as stagers to spread to new systems, according to Cybereason.
Dubbed Raspberry Robin, the malware was initially spotted in September 2021, spreading mainly via removable devices, such as USB drives.
|
Malware
|
|
|
|
2022-07-06 15:51:48 |
Is an Infrastructure War on the Horizon? (lien direct) |
On February 24, Russia launched its full-scale assault on Ukraine. The invader's weapons included tanks, heavy artillery… and software. On April 8, attackers armed with Industroyer2, a species of malware designed to incapacitate power stations and plunge whole cities into darkness, managed to briefly penetrate Ukrainian defenses, putting two million homes at risk.
|
Malware
|
|
|
|
2022-06-30 12:31:52 |
SOHO Routers in North America and Europe Targeted With \'ZuoRAT\' Malware (lien direct) |
A remote access trojan (RAT) targeting small office/home office (SOHO) devices has remained undetected for nearly two years, according to security researchers with Black Lotus Labs, the threat intelligence arm of Lumen Technologies.
|
Malware
Threat
|
|
|
|
2022-06-16 17:53:41 |
\'MaliBot\' Android Malware Steals Financial, Personal Information (lien direct) |
Researchers at F5 Labs have nabbed a new Android malware family capable of exfiltrating financial and personal information after taking control of infected devices.
|
Malware
|
|
|
|
2022-06-16 17:19:09 |
Volexity Blames \'DriftingCloud\' APT For Sophos Firewall Zero-Day (lien direct) |
Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors and launch man-in-the-middle attacks.
|
Malware
|
|
|
|
2022-06-14 12:10:06 |
Chinese Cyberespionage Group Starts Using New \'PingPull\' Malware (lien direct) |
A Chinese state-sponsored threat actor known as Gallium has been using new malware in recent attacks that have been targeting organizations in the telecommunications, financial, and government sectors, Palo Alto Networks reports.
|
Malware
Threat
|
|
|
|
2022-06-10 10:08:04 |
Highly-Evasive Linux Malware \'Symbiote\' Infects All Running Processes (lien direct) |
Security researchers with BlackBerry and Intezer have shared details on a new Linux malware that “parasitically” infects all running processes on a target machine.
|
Malware
|
|
|
|
2022-06-09 13:51:23 |
\'Follina\' Vulnerability Exploited to Deliver Qbot, AsyncRAT, Other Malware (lien direct) |
Several malware families are being delivered using the recently disclosed Windows vulnerability identified as Follina and CVE-2022-30190, which remains without an official patch.
|
Malware
Vulnerability
|
|
|
|
2022-06-01 11:44:02 |
Europol Announces Takedown of FluBot Mobile Spyware (lien direct) |
Europol today announced the takedown of FluBot, a piece of mobile malware targeting both Android and iOS devices that has been fast-spreading via SMS messages.
|
Malware
|
|
|