What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-08 07:41:00 | Old Cyber Gang Uses New Crypter – ScrubCrypt (lien direct) | FortiGuard Labs elaborates on the details of ScrubCrypt malware that obfuscates and encrypts applications and makes them able to dodge to security programs. Read more. | Malware | ★★ | |
 |
2023-03-08 02:35:18 | ASEC Weekly Malware Statistics (February 27th, 2023 – March 5th, 2023) (lien direct) | The ASEC (AhnLab Security response Center) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 27th, 2023 (Monday) to March 5th, 2023 (Sunday). For the main category, backdoor ranked top with 51.4%, followed by Infostealer with 31.2%, downloader with 16.5%, and ransomware with 0.9%. Top 1 – RedLine RedLine ranked first place with 41.0%. The malware steals various information such as web browsers, FTP clients, cryptocurrency... | Ransomware Malware | ★★ | |
 |
2023-03-08 00:01:13 | These DrayTek routers are under actual attack – and there\'s no patch (lien direct) | Workaround: Throw away kit? If you're still running post-support DrayTek Vigor routers it may be time to junk them, or come up with some other workaround, as a cunning malware variant is setting up shop in the kit.… | Malware | ★★ | |
 |
2023-03-07 20:40:24 | Hiatus Campaign Infects DrayTek Gear for Cyber Espionage, Proxy Control (lien direct) | Two novel malware binaries, including "HiatusRAT," offer unique capabilities that point to the need for better security for companies' router infrastructure. | Malware | ★★ | |
 |
2023-03-07 17:49:02 | New malware variant has “radio silence” mode to evade detection (lien direct) | The Sharp Panda cyber-espionage hacking group was observed targeting high-profile government entities in Vietnam, Thailand, and Indonesia, using a new version of the 'Soul' malware framework. [...] | Malware | ★★ | |
 |
2023-03-07 16:51:12 | CrowdStrike: Attackers focusing on cloud exploits, data theft (lien direct) | >CrowdStrike's new threat report sees a big increase in data theft activity, as attackers move away from ransomware and other malware attacks, as defense gets better, and the value of data increases. | Ransomware Malware Threat Cloud | ★★ | |
 |
2023-03-07 16:30:00 | Anomali Cyber Watch: Mustang Panda Adopted MQTT Protocol, Redis Miner Optimization Risks Data Corruption, BlackLotus Bootkit Reintroduces Vulnerable UEFI Binaries (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Backdoors, Cryptojacking, Phishing, Ransomware, Secure boot bypass, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
MQsTTang: Mustang Panda’s Latest Backdoor Treads New Ground with Qt and MQTT
(published: March 2, 2023)
In early 2023, China-sponsored group Mustang Panda began experimenting with a new custom backdoor dubbed MQsTTang. The backdoor received its name based on the attribution and the unique use of the MQTT command and control (C2) communication protocol that is typically used for communication between IoT devices and controllers. To establish this protocol, MQsTTang uses the open source QMQTT library based on the Qt framework. MQsTTang is delivered through spearphishing malicious link pointing at a RAR archive with a single malicious executable. MQsTTang was delivered to targets in Australia, Bulgaria, Taiwan, and likely some other countries in Asia and Europe.
Analyst Comment: Mustang Panda is likely exploring this communication protocol in an attempt to hide its C2 traffic. Defense-in-depth approach should be used to stop sophisticated threats that evolve and utilize various techniques of defense evasion. Sensitive government sector workers should be educated on spearphishing threats and be wary of executable files delivered in archives.
MITRE ATT&CK: [MITRE ATT&CK] T1583.003 - Acquire Infrastructure: Virtual Private Server | [MITRE ATT&CK] T1583.004 - Acquire Infrastructure: Server | [MITRE ATT&CK] T1587.001 - Develop Capabilities: Malware | [MITRE ATT&CK] T1588.002 - Obtain Capabilities: Tool | [MITRE ATT&CK] T1608.001 - Stage Capabilities: Upload Malware | [MITRE ATT&CK] T1608.002 - Stage Capabilities: Upload Tool | [MITRE ATT&CK] T1566.002 - Phishing: Spearphishing Link | [MITRE ATT&CK] T1106: Native API | [MITRE ATT&CK] T1204.002 - User Execution: Malicious File | [MITRE ATT&CK] T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder | [MITRE ATT&CK] T1036.004 - Masquerading: Masquerade Task Or Service | [MITRE ATT&CK] T1036.005 - Masquerading: Match Legitimate Name Or Location | [MITRE ATT&CK] T1480 - Execution Guardrails | [MITRE ATT&CK] T1622 - Debugger Evasion | |
Ransomware Malware Tool Vulnerability Threat Medical | ★ | |
|
2023-03-07 16:10:15 | Emotet malware attacks return after three-month break (lien direct) | The Emotet malware operation is again spamming malicious emails as of Tuesday morning after a three-month break, rebuilding its network and infecting devices worldwide. [...] | Malware | ★★ | |
 |
2023-03-07 16:01:57 | Utilisation de l'analyse de la mémoire pour détecter les logiciels malveillants nullifiants EDR Using Memory Analysis to Detect EDR-Nullifying Malware (lien direct) |
> Dans le paysage de cybersécurité en constante évolution, les acteurs de la menace sont obligés d'évoluer et de modifier continuellement les tactiques, les techniques et les procédures (TTP) qu'ils utilisent pour lancer et maintenir les attaques avec succès.Ils modifient continuellement leurs logiciels malveillants et leurs méthodes d'exécution de commande pour échapper à la détection.Les attaquants dans ces cas tentent d'obtenir une longueur d'avance sur le logiciel de sécurité au niveau le plus élémentaire.Cependant, certaines techniques adoptent une approche différente, en visant plus dans la pile et en prenant directement des logiciels de sécurité.Les méthodes les plus effrontées consistent à tirer parti de divers outils qui terminent directement ou d'arrêt du logiciel de sécurité.En cas de succès, cette méthode est efficace pour donner un règne sans attaquant sur un système.Cependant, il est au coût potentiel d'alerter les utilisateurs ou les administrateurs que le logiciel a cessé de signaler de manière inattendue ou a été éteint.Qu'en est-il d'une technique qui vole un peu plus sous le radar?En novembre 2022, Trend Micro a publié un [& # 8230;]
>In the ever-changing cybersecurity landscape, threat actors are forced to evolve and continually modify the tactics, techniques, and procedures (TTPs) they employ to launch and sustain attacks successfully. They are continually modifying their malware and command-execution methods to evade detection. The attackers in these cases are attempting to get a step ahead of security software at the most basic level. However, some techniques take a different approach, aiming further up the stack and directly taking on security software. The most brazen methods involve leveraging various tools that directly terminate or shutdown security software. If successful, this method is effective at giving an attacker free reign on a system. However, it comes at the potential cost of alerting users or administrators that the software unexpectedly stopped reporting or was shut off. What about a technique that potentially flies a bit more under the radar? In November 2022, Trend Micro published a […] |
Malware Tool Threat Prediction | ★★★ | |
 |
2023-03-07 13:26:02 | Chinese Espionage Campaign Expands to Target Vietnam, Thailand and Indonesia Governments (lien direct) | Chinese Espionage Campaign Expands to Target Vietnam, Thailand and Indonesia Governments Check Point Research (CPR) sees an ongoing cyber espionage campaign expand to target more Southeast Asian governments, including Vietnam, Thailand and Indonesia. Attributed to Chinese APT group SharpPanda, the campaign uses a malware framework called “Soul” to steal information and spy on government activities. CPR releases a new report that extensively details the infection chain of the Soul malware family. - Malware Update | Malware | ★★ | |
 |
2023-03-07 10:58:36 | “Sharp Panda”: Check Point Research puts a spotlight on Chinese origined espionage attacks against southeast asian government entities (lien direct) | >Highlights: CPR continues tracking Sharp Panda, a long-running Chinese cyber-espionage operation, targeting Southeast Asian government entities In late 2022, a campaign with an initial infection vector similar to previous Sharp Panda operations targeted a high-profile government entity in the Asian region. CPR zoomes in on the malware used in this campaign, dubbed “the Soul modular… | Malware | ★★★ | |
 |
2023-03-07 01:09:11 | Threat actors are using advanced malware to backdoor business-grade routers (lien direct) | Hiatus hacking campaign has infected roughly 100 Draytek routers. | Malware Threat | ★★★ | |
 |
2023-03-07 00:00:00 | Un atelier de cyber-gamme passionnant à Bath Spa University, Dubaï An Exciting Cyber Range Workshop at Bath Spa University, Dubai (lien direct) |
En mars, Cyber Skills a été heureux d'organiser un atelier passionnant à Bath Spa University, Dubaï, axé sur la cyber-gamme et l'importance des compétences en cybersécurité.Le Dr Thomas Newe et le Dr Kashif Naseer Qureshi, tous deux de l'Université de Limerick, ont fourni une discussion fascinante sur la façon de vous assurer que vous avez une longueur d'avance sur les attaquants potentiels dans ce monde en constante évolution de la cyber-menace et des logiciels malveillants.L'atelier de deux heures a aidé les participants à en savoir plus sur le concept de la cyber-gamme à travers des exercices pratiques qui se sont construits sur des outils, des attaques et des scénarios du monde réel.Les sujets clés comprenaient l'analyse des logiciels malveillants potentiels, l'identification des services et l'analyse du protocole.
L'atelier a réuni des étudiants et des professeurs, qui ont montré un grand engagement avec le sujet.Un récent article de blog du département de l'informatique créative de l'Université Bath Spa a capturé la réaction positive à l'atelier, avec l'auteur Iftikhar un Khan disant,
L'atelier en ligne sur la cyber-gamme a été un grand succès et a atteint son objectif de sensibilisation à la cyber-protection.Les orateurs ont pu partager leurs connaissances et leurs expériences, et les participants ont pu apprendre des solutions pratiques pour se protéger contre les cyberattaques.
Tout en fournissant une discussion approfondie de la cyber-gamme, Drs.Newe et Qureshi ont également donné aux participants aux ateliers un aperçu de ces concepts et technologies à travers un environnement simulé.Via une série d'activités interactives, les participants ont pu mieux comprendre comment les concepts et les systèmes de cyber-gamme peuvent être un atout inestimable lors du test et de l'amélioration d'un système de cybersécurité.Des ateliers interactifs bien conçus comme celui-ci sont un outil inestimable dans la lutte continue contre les cyberattaques.
In March, Cyber Skills was pleased to host an exciting workshop at Bath Spa University, Dubai, focused on the cyber range and the importance of cyber security skills. Dr. Thomas Newe and Dr. Kashif Naseer Qureshi, both of University of Limerick, provided a fascinating discussion about how to make sure you are one step ahead of potential attackers in this constantly evolving world of cyber threat and malware. The two-hour workshop supported participants to learn about the concept of the cyber range through hands-on exercises that built upon real-world tools, attacks, and scenarios. Key topics included the analysis of potential malware, service identification, and protocol analysis. The workshop was attended by both students and faculty, who showed great engagement with the topic. A recent blog post from the Bath Spa University Creative Computing Department captured the positive reaction to the workshop, with author Iftikhar A Khan saying, The online workshop on the Cyber Range was a great success and achieved its objective of creating awareness about cyber protection. The speakers were able to share their knowledge and experiences, and the attendees were able to learn practical solutions for protecting against cyber-attacks. While providing an in-depth discussion of the cyber range, Drs. Newe and Qureshi also gave the workshop participants a first-hand look at these concepts and technologies through a simulated environment. Via a series of interactive activities, attendees were able to gain a deeper insight into how cyber range concepts and systems can be an invaluable asset when testing and improving a cyber security system. Well-designed, interactive workshops such as this are an invaluable tool in the ongoing fight against cyber-attacks. |
Malware Tool Threat | ★★ | |
|
2023-03-06 23:30:00 | Lazarus Group Attack Case Using Vulnerability of Certificate Software Commonly Used by Public Institutions and Universities (lien direct) | Since two years ago (March 2021), the Lazarus group’s malware strains have been found in various Korean companies related to national defense, satellites, software, media press, etc. As such, ASEC (AhnLab Security Emergency Response Center) has been pursuing and analyzing the Lazarus threat group’s activities and related malware. The affected company in this case had been infiltrated by the Lazarus group in May 2022 and was re-infiltrated recently through the same software’s 0-Day vulnerability. During the infiltration in May 2022,... | Malware Vulnerability Threat Medical | APT 38 | ★★★ |
 |
2023-03-06 19:48:00 | New HiatusRAT Malware Targets Business-Grade Routers to Covertly Spy on Victims (lien direct) | A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022. The elusive campaign, dubbed Hiatus by Lumen Black Lotus Labs, has been found to deploy two malicious binaries, a remote access trojan dubbed HiatusRAT and a variant of tcpdump that makes it possible to capture packet capture on | Malware | ★★ | |
 |
2023-03-06 17:30:00 | Almost Half of Industrial Sector Computers Affected By Malware in 2022 (lien direct) | Kaspersky said the figures represented a 1.5 increase compared with the second half of 2021 | Malware Industrial | ★★ | |
 |
2023-03-06 16:58:35 | Unkillable UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw (lien direct) | BlackLotus represents a major milestone in the continuing evolution of UEFI bootkits. | Malware | ★★ | |
|
2023-03-06 16:34:14 | Old Windows \'Mock Folders\' UAC bypass used to drop malware (lien direct) | A new phishing campaign targets organizations in Eastern European countries with the Remcos RAT malware with aid from an old Windows User Account Control bypass discovered over two years ago. [...] | Malware | ★★ | |
 |
2023-03-06 14:36:51 | New ATM Malware \'FiXS\' Emerges (lien direct) | Metabase Q documents FiXS, a new malware family targeting ATMs in Latin America. | Malware | ★★★ | |
 |
2023-03-06 14:01:00 | Ransomware gang posts breast cancer patients\' clinical photographs (lien direct) |
The ALPHV ransomware group, also known as BlackCat, is attempting to extort a healthcare network in Pennsylvania by publishing photographs of breast cancer patients.
These clinical images, used by Lehigh Valley Health Network as part of radiotherapy to tackle malignant cells, were described as “nude photos” on the criminals' site.
Lehigh Valley Health Network disclosed on February 20 that it had been attacked by the BlackCat gang, which it described as linked to Russia, and stated that it would not pay a ransom.
“Based on our initial analysis, the attack was on the network supporting one physician practice located in Lackawanna County. We take this very seriously and protecting the data security and privacy of our patients, physicians and staff is critical,” said the network's president and chief executive, Brian Nester.
Nester added that the incident involved “a computer system used for clinically appropriate patient images for radiation oncology treatment and other sensitive information.”
At the time of the original statement, Nester said Lehigh Valley Health Network's services - including a cancer institute and a children's hospital - were not affected.
However the network's website is currently inaccessible. The Record was unable to contact the network for further comment following its listing on the ALPHV [.onion](https://en.wikipedia.org/wiki/Tor_(network)) website.
Onlookers have been revolted by the attempt to leverage the sensitivities around cancer treatment and intimate images to extort the organization.
Max Smeets, an academic at ETH Zurich - a public research university - and the director of the European Cyber Conflict Research Initiative, [wrote](https://twitter.com/Maxwsmeets/status/1632654116320075776): “This makes me so angry. I hope these barbarians will be held accountable for their heinous actions.”
"A new low. This is sickening," [wrote](https://twitter.com/rj_chap/status/1632465294580133888) malware analyst Ryan Chapman, while Nicholas Carroll, a cybersecurity professional, [said](https://twitter.com/sloppy_bear/status/1632468646873165824) the gang was “trying to set new standards in despicable.”
ALPHV itself celebrated the attack and the attention it brought.
“Our blog is followed by a lot of world media, the case will be widely publicized and will cause significant damage to your business. Your time is running out. We are ready to unleash our full power on you!”
Numerous healthcare organizations have been attacked by ransomware gangs in recent months. The criminal industry persists because of victims who pay, sometimes because their businesses face an existential threat, and sometimes to avoid the negative publicity.
Medibank, one of Australia's largest health insurance providers, stated last November that it would not be making a [ransom payment](https://therecord.media/medibank-says-it-will-not-pay-ransom-in-hack-that-impacted-9-7-million-customers/) after hackers gained access to the data of 9.7 million current and former customers, including 1.8 million international customers living abroad.
The information included sensitive healthcare claims data for around 480,000 individuals, including information about drug addiction treatments and abortions. Outrage at the attack prompted the government to [consider banning](https://therecord.media/australia-to-consider-banning-ransomware-payments/) ransomware payments in a bid to undermine the industry.
Back in January, the hospital technology giant [NextGen Healthcare](https://therecord.media/electronic-health-record-giant-nextgen-dealing-with-cyberattack/) said it was responding to a cyberattack after ALPHV added the company to its list of victims. |
Ransomware Malware | ★★★ | |
|
2023-03-06 13:18:07 | Sandbox blockchain game breached to send emails linking to malware (lien direct) | The Sandbox blockchain game is warnings its community that a security incident caused some users to receive fraudulent emails impersonating the game, trying to infect them with malware. [...] | Malware | ★★ | |
|
2023-03-06 10:03:24 | New malware infects business routers for data theft, surveillance (lien direct) | An ongoing hacking campaign called 'Hiatus' targets DrayTek Vigor router models 2960 and 3900 to steal data from victims and build a covert proxy network. [...] | Malware | ★ | |
 |
2023-03-06 03:23:45 | What is Malware as a Service (MaaS)? (lien direct) | Malware as a Service is the unlawful lease of software and hardware from the Dark Web to carry out cyber attacks. The threat actors who use this service are provided with botnet services and technical support by the MaaS owners. This service opens doors to anyone with minimal computer skills to use and distribute pre-made malware. The data that is stolen is often sold to the highest bidder or left for the service subscribers. MaaS is an illegal version of Software as a Service (SaaS). The system of Malware as a Service Malware development and distribution is more than the simple act of just... | Malware Threat | ★★★ | |
|
2023-03-05 15:23:51 | How to prevent Microsoft OneNote files from infecting Windows with malware (lien direct) | The seemingly innocuous Microsoft OneNote file has become a popular file format used by hackers to spread malware and breach corporate networks. Here's how to block malicious OneNote phishing attachments from infecting Windows. [...] | Malware | ★★ | |
|
2023-03-04 16:48:00 | New FiXS ATM Malware Targeting Mexican Banks (lien direct) | A new ATM malware strain dubbed FiXS has been observed targeting Mexican banks since the start of February 2023. "The ATM malware is hidden inside another not-malicious-looking program," Latin American cybersecurity firm Metabase Q said in a report shared with The Hacker News. Besides requiring interaction via an external keyboard, the Windows-based ATM malware is also vendor-agnostic and is | Malware | ★★★ | |
|
2023-03-03 18:30:40 | Frankenstein malware stitched together from code of others disguised as PyPI package (lien direct) | Crime-as-a-service vendors mix and match components as needed by client A malicious package discovered in the Python Package Index (PyPI) is the latest example of what threat hunters from Kroll called the continued "democratization of cybercrime," with the bad guys creating malware variants from the code of others.… | Malware Threat | ★★ | |
|
2023-03-03 13:45:00 | CISA Warns Against Royal Ransomware in New Advisory (lien direct) | Malicious activity using a particular malware variant has been spotted since September 2022 | Ransomware Malware | ★★★ | |
|
2023-03-02 18:20:53 | BlackLotus bootkit bypasses UEFI Secure Boot on patched Windows 11 (lien direct) | The developers of the BlackLotus UEFI bootkit have improved the malware with Secure Boot bypass capabilities that allow it to infected even fully patched Windows 11 systems. [...] | Malware | ★★★ | |
 |
2023-03-02 17:14:06 | BlackLotus, ce malware qui met Secure Boot K.-O. (lien direct) | ESET attire l'attention sur BlackLotus, un malware capable de contourner Secure Boot. Comment fonctionne-t-il ? | Malware | ★★★ | |
|
2023-03-02 16:51:00 | Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI (lien direct) | A malicious Python package uploaded to the Python Package Index (PyPI) has been found to contain a fully-featured information stealer and remote access trojan. The package, named colourfool, was identified by Kroll's Cyber Threat Intelligence team, with the company calling the malware Colour-Blind. "The 'Colour-Blind' malware points to the democratization of cybercrime that could lead to an | Malware Threat Guideline | ★★ | |
 |
2023-03-02 14:55:30 | Malware Families CheatSheet (lien direct) | During talks and presentations people often ask me how do I remember so many names, different “artifacts” (a.k.a Malware) and groups. I actually ended up with a “hemmm … well… actually I just remember them since I read and write a lot about cyber threats”. So here it comes the Malware Family CheatSheet. This work […] | Malware | ★★★ | |
|
2023-03-02 13:33:00 | SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics (lien direct) | The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features designed to evade security software and resist reverse engineering. Cybersecurity company Trend Micro said | Malware Threat Prediction | APT 27 | ★★ |
 |
2023-03-02 11:00:00 | 8 Common Cybersecurity issues when purchasing real estate online: and how to handle them (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. More and more, people are completing the entire real estate transaction process online. From searching for properties to signing documents, online convenience can make the process easier and more efficient. However, with all of this activity taking place on the internet, it is important to be aware of the potential security risks that come along with it. Here are the eight common cybersecurity issues that can arise during the purchase of real estate online and how you can protect yourself against them. 1. Cybercrime This is, unfortunately, the world we live in - and it makes sense, given the large sums of money involved. Cybercriminals may attempt to hack into the system and gain access to private information. They may even try to interfere with the transaction process itself, delaying or preventing it from taking place at all. To combat this threat, make sure you are using a secure online platform when completing the transaction and be sure to only provide personal information when necessary. When you are completing a real estate transaction online, a lot of your personal information will be requested. This can include anything from your address and phone number to your bank account information. If this information is not properly secured, it could be at risk of being accessed by cybercriminals. To keep yourself safe, it is important to know what to look out for. You should watch for the commonly attempted ways that remote real estate buyers might be targeted and understand what you should do in the event of a breach. 2. Data breaches Buying real estate remotely involves a number of different tools, like online payment gateways and other web services. All of these tools can be vulnerable to data breaches, which means that hackers could gain access to your personal information stored on their servers. To protect yourself, research a service’s security standards before providing any sensitive information or look for an alternative if the security measures are inadequate. Always make sure you are observing best practices during and after an online purchase, which include doing things like updating your passwords as appropriate and monitoring your credit cards for any suspicious activity. By following these tips, you can help ensure that your online real estate transaction is secure. 3. Phishing scams These are attempts to obtain your personal information by pretending to be a legitimate source and they are on the rise. Be sure to only provide your information on secure websites and look for signs of legitimacy, such as “https” in the web address or a padlock icon in the URL bar. Phishing scams that target real estate buyers might include emails, text messages, and voicemails asking you to provide your credit card details or other personal information to make a purchase. Make sure to always look for signs of legitimacy before providing any sensitive information. They might also include bogus emails from lawyers or other professionals with malicious links or attachments. Be sure to only open emails from verified sources and never click on suspicious links. 4. Malware threats Malicious software can be used to steal your personal information, such as banking credentials and passwords, or to install ransomware that locks you out from accessing your own files. To protect yourself from malware, make sure to install | Ransomware Malware Hack | ★★ | |
|
2023-03-02 10:03:36 | SonicWall Cyber Threat Report 2023 untersucht die neuen Cyberfronten und das veränderte Verhalten von Bedrohungsakteuren (lien direct) | SonicWall Cyber Threat Report 2023 untersucht die neuen Cyberfronten und das veränderte Verhalten von Bedrohungsakteuren • Malware insgesamt um 2 % gestiegen, mit Zunahmen bei IoT-Malware (+87 %) und Cryptojacking (+43 %) • Trotz globalem Rückgang der Ransomware-Aktivitäten um 21 % ist 2022 das Jahr mit den zweitmeisten weltweiten Ransomware-Angriffen überhaupt (493,3 Millionen) • Bereiche Bildung (+157 %), Finanzen (+86 %) und Einzelhandel (+50 %) am schwersten von Malware getroffen • Ukraine verzeichnete Rekordzahlen von Malware (25,6 Millionen) und Ransomware (7,1 Millionen) • SonicWall identifizierte im Jahr 2022 465.501 bis dahin unbekannte Malware-Varianten • Zahl der Eindringversuche über Log4j-Schwachstellen überstieg 1 Milliarde - Sonderberichte | Ransomware Malware Threat | ★ | |
|
2023-03-02 10:00:29 | 2023 SonicWall Cyber Threat Report Casts New Light on Shifting Front Lines, Threat Actor Behavior (lien direct) | 2023 SonicWall Cyber Threat Report Casts New Light on Shifting Front Lines, Threat Actor Behavior • Overall malware up 2%, with surges in IoT malware (+87%) and cryptojacking (+43%) • Ransomware attacks dipped 21% globally, but 2022 still second-highest year on record for global ransomware attempts (493.3 million) • Education (+157%), finance (+86%) and retail (+50%) verticals hit hardest by malware • Ukraine saw record levels of malware (25.6 million) and ransomware (7.1 million) • SonicWall discovered 465,501 'never-before-seen' malware variants in 2022 • Intrusion attempts against Log4j vulnerabilities eclipsed 1 billion - Special Reports | Ransomware Malware Threat | ★★ | |
|
2023-03-01 23:39:11 | (Déjà vu) ASEC Weekly Malware Statistics (February 20th, 2023 – February 26th, 2023) (lien direct) | The ASEC (AhnLab Security response Center) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 20th, 2023 (Monday) to February 26th, 2023 (Sunday). For the main category, backdoor ranked top with 51.0%, followed by downloader with 24.7%, Infostealer with 22.7%, ransomware with 1.4%, and CoinMiner with 0.2%. Top 1 – RedLine RedLine ranked first place with 46.9%. The malware steals various information such as web browsers,... | Ransomware Malware | ★★ | |
|
2023-03-01 21:30:06 | It\'s official: BlackLotus malware can bypass Secure Boot on Windows machines (lien direct) | The myth 'is now a reality' BlackLotus, a UEFI bootkit that's sold on hacking forums for about $5,000, can now bypass Secure Boot, making it the first known malware to run on Windows systems even with the firmware security feature enabled.… | Malware | ★★ | |
|
2023-03-01 19:34:00 | Linux Support Expands Cyber Spy Group\'s Arsenal (lien direct) | An infamous Chinese cyber-hacking team has extended its SysUpdate malware framework to target Linux systems. | Malware | ★★★ | |
|
2023-03-01 19:32:00 | Cybercriminals Targeting Law Firms with GootLoader and FakeUpdates Malware (lien direct) | Six different law firms were targeted in January and February 2023 as part of two disparate threat campaigns distributing GootLoader and FakeUpdates (aka SocGholish) malware strains. GootLoader, active since late 2020, is a first-stage downloader that's capable of delivering a wide range of secondary payloads such as Cobalt Strike and ransomware. It notably employs search engine optimization ( | Malware Threat | ★★ | |
|
2023-03-01 18:45:28 | Cybercriminals Targets Law Firms With GootLoader & FakeUpdates (lien direct) | According to cybersecurity company eSentire, six law firms were the targets of distinct GootLoader and SocGholish malware attacks in January and February 2023. The first effort, which targeted employees of legal firms, sought to infect victims’ machines with GootLoader, a malware family known for installing the Cobalt Strike implant, REvil ransomware, and GootKit remote access […] | Malware | ★★ | |
|
2023-03-01 17:02:00 | BlackLotus Becomes First UEFI Bootkit Malware to Bypass Secure Boot on Windows 11 (lien direct) | A stealthy Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus has become the first publicly known malware capable of bypassing Secure Boot, making it a potent threat in the cyber landscape. "This bootkit can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled," Slovak cybersecurity company ESET said in a report shared with The Hacker News. UEFI | Malware Threat | ★★★★ | |
|
2023-03-01 13:44:37 | Iron Tiger hackers create Linux version of their custom malware (lien direct) | The APT27 hacking group, aka "Iron Tiger," has prepared a new Linux version of its SysUpdate custom remote access malware, allowing the Chinese cyberespionage group to target more services used in the enterprise. [...] | Malware | APT 27 | ★★★ |
|
2023-03-01 13:31:27 | Several Law Firms Targeted in Malware Attacks (lien direct) | >In January and February 2023, six law firms were targeted with the GootLoader and SocGholish malware in two separate campaigns. | Malware | ★★ | |
 |
2023-03-01 11:59:44 | 8 ways to secure Chrome browser for Google Workspace users (lien direct) | Posted by Kiran Nair, Product Manager, Chrome Browser Your journey towards keeping your Google Workspace users and data safe, starts with bringing your Chrome browsers under Cloud Management at no additional cost. Chrome Browser Cloud Management is a single destination for applying Chrome Browser policies and security controls across Windows, Mac, Linux, iOS and Android. You also get deep visibility into your browser fleet including which browsers are out of date, which extensions your users are using and bringing insight to potential security blindspots in your enterprise. Managing Chrome from the cloud allows Google Workspace admins to enforce enterprise protections and policies to the whole browser on fully managed devices, which no longer requires a user to sign into Chrome to have policies enforced. You can also enforce policies that apply when your managed users sign in to Chrome browser on any Windows, Mac, or Linux computer (via Chrome Browser user-level management) --not just on corporate managed devices.  This enables you to keep your corporate data and users safe, whether they are accessing work resources from fully managed, personal, or unmanaged devices used by your vendors. Getting started is easy. If your organization hasn't already, check out this guide for steps on how to enroll your devices. 2. Enforce built-in protections against Phishing, Ransomware & Malware Chrome uses Google's Safe Browsing technology to help protect billions of devices every day by showing warnings to users when they attempt to navigate to dangerous sites or download dangerous files. Safe Browsing is enabled by default for all users when they download Chrome. As an administrator, you can prevent your users from disabling Safe Browsing by enforcing the SafeBrowsingProtectionLevel policy.  Over the past few years, we've seen threats on the web becoming increasingly sophisticated. Turning on Enhanced Safe Browsing will substantially increase protection |
Ransomware Malware Tool Threat Guideline Cloud | ★★★ | |
|
2023-03-01 11:41:00 | Parallax RAT Targeting Cryptocurrency Firms with Sophisticated Injection Techniques (lien direct) | Cryptocurrency companies are being targeted as part of a new campaign that delivers a remote access trojan called Parallax RAT. The malware "uses injection techniques to hide within legitimate processes, making it difficult to detect," Uptycs said in a new report. "Once it has been successfully injected, attackers can interact with their victim via Windows Notepad that likely serves as a | Malware | ★★ | |
|
2023-03-01 10:30:00 | Just Because It\'s Old Doesn\'t Mean You Throw It Away (Including Malware!) (lien direct) | There are still fresh infections of MyDoom (also known as Novarg and Mimail) occurring along with corresponding phishing events. Learn how this malware is continuing to operate in 2023. | Malware | ★★★ | |
 |
2023-03-01 07:00:00 | Why Organisations Must Get to Grips With Cloud Delivered Malware (lien direct) | >Netskope has just published the Monthly Threat Report for February, with this month's report focused on what is going on in Europe. I don't intend to summarise the report in this blog, instead I want to zoom in and study a continuing trend that was highlighted in there; one that is unfortunately heading in the […] | Malware Threat Prediction Cloud | ★★★ | |
|
2023-03-01 00:34:26 | Victims of MortalKombat ransomware can now decrypt their locked files for free (lien direct) |  Cybersecurity firm Bitdefender released a universal decryptor for the MortalKombat ransomware – a strain first observed by threat researchers in January 2023. The malware has been used on dozens of victims across the U.S., United Kingdom, Turkey and the Philippines, according to a recent report from Cisco. Bogdan Botezatu, director of threat research and reporting [… |
Ransomware Malware Threat | ★★ | |
 |
2023-03-01 00:00:00 | Iron Tiger\'s SysUpdate Reappears, Adds Linux Targeting (lien direct) | We detail the update that advanced persistent threat (APT) group Iron Tiger made on the custom malware family SysUpdate. In this version, we also found components that enable the malware to compromise Linux systems. | Malware Threat | APT 27 | ★ |
 |
2023-02-28 20:12:31 | Intelligence Insight: Tax-themed phishing emails delivering GuLoader (lien direct) | Red Canary is detecting adversaries delivering tax season-themed phishing emails to distribute GuLoader malware | Malware | ★★ |
To see everything:
Our RSS (filtrered)
