What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-16 03:54:28 | (Déjà vu) ASEC Weekly Malware Statistics (November 7th, 2022 – November 13th, 2022) (lien direct) | The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from November 7th, 2022 (Monday) to November 13th (Sunday). For the main category, downloader ranked top with 37.8%, followed by Infostealer with 27.1%, banking malware with 22.9%, backdoor with 11.2%, ransomware with 0.5%, and CoinMiner with 0.5%. Top 1 – Emotet Emotet which has resurfaced after six months ranked first place with 22.9%. Emotet... | Ransomware Malware | ||
 |
2022-11-16 03:26:00 | Anomali Cyber Watch: Amadey Bot Started Delivering LockBit 3.0 Ransomware, StrelaStealer Delivered by a HTML/DLL Polyglot, Spymax RAT Variant Targeted Indian Defense, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, DDoS, Infostealers, Maldocs, Phishing, Ransomware, and Wipers. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
KmsdBot: The Attack and Mine Malware
(published: November 10, 2022)
KmsdBot is a cryptominer written in GO with distributed denial-of-service (DDoS) functionality. This malware was performing DDoS attacks via either Layer 4 TCP/UDP packets or Layer 7 HTTP consisting of GET and POST. KmsdBot was seen performing targeted DDoS attacks against the gaming industry, luxury car manufacturers, and technology industry. The malware spreads by scanning for open SSH ports and trying a list of weak username and password combinations.
Analyst Comment: Network administrators should not use weak or default credentials for servers or deployed applications. Keep your systems up-to-date and use public key authentication for your SSH connections.
MITRE ATT&CK: [MITRE ATT&CK] Network Denial of Service - T1498 | [MITRE ATT&CK] Resource Hijacking - T1496
Tags: detection:KmsdBot, SSH, Winx86, Arm64, mips64, x86_64, malware-type:DDoS, malware-type:Cryptominer, xmrig, Monero, Golang, target-industry:Gaming, target-industry:Car manufacturing, target-industry:Technology, Layer 4, Layer 7
Massive ois[.]is Black Hat Redirect Malware Campaign
(published: November 9, 2022)
Since September 2022, a new WordPress malware redirects website visitors via ois[.]is. To conceal itself from administrators, the redirect will not occur if the wordpress_logged_in cookie is present, or if the current page is wp-login.php. The malware infects .php files it finds – on average over 100 files infected per website. A .png image file is initiating a redirect using the window.location.href function to redirect to a Google search result URL of a spam domain of actors’ choice. Sucuri researchers estimate 15,000 affected websites that were redirecting visitors to fake Q&A sites.
Analyst Comment: WordPress site administrators should keep their systems updated and secure the wp-admin administrator panel with 2FA or other access restrictions. If your site was infected, perform a core file integrity check, query for any files containing the same injection, and check any recently modified or added files.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190
Tags: file-type:PHP, SEO poisoning, WordPress, Google Search, Google Ads
LockBit 3.0 Being Distributed via Amadey Bot
(published: November 8, 2022)
Discovered in 2018, Amadey Bot is a commodity malware that functions as infostealer and loader. Ahnlab researchers detected a new campaign where it is used to deliver the LockBit 3.0 ransomware. It is likely a part of a larger 2022 campaign delivering LockBit to South Korean users. The actors used phishing attachments with two variants of Amadey B |
Ransomware Spam Malware Tool Threat | ||
 |
2022-11-16 00:00:00 | Pilfered Keys: Free App Infected by Malware Steals Keychain Data (lien direct) | Open-source applications are a practical way to save money while keeping up with your productivity. However, this can be abused by threat actors to steal your data. Find out how one app was used to gather information of Apple users. | Malware Threat | ||
 |
2022-11-15 21:15:36 | CVE-2022-30772 (lien direct) | Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel memory. This issue was discovered by Insyde engineering during a security review. This issue is fixed in: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 https://www.insyde.com/security-pledge/SA-2022065 | Malware | ||
 |
2022-11-15 20:08:00 | Tips and Tricks: Debugging .NET Malware in a Multi-Stage Malware Deployment (lien direct) | FortiGuard Labs recently analyzed a fake phishing email that drops the Warzone RAT. Read a deeper analysis in our blog that provides more detail on technical challenges we faced during the analysis. | Malware | ||
 |
2022-11-15 17:24:49 | North Korean hackers target European orgs with updated malware (lien direct) | North Korean hackers are using a new version of the DTrack backdoor to attack organizations in Europe and Latin America. [...] | Malware | ||
 |
2022-11-14 21:39:10 | Get instant malware filtering with Gryphon Guardian (lien direct) | TechRepublic readers can get this tiny mesh router that blocks security threats for only $79. | Malware | ||
 |
2022-11-14 12:52:52 | KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks (lien direct) | >Researchers spotted a new evasive malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak credentials. Akamai Security Research discovered a new evasive Golang-based malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak login credentials. The malware was employed in cryptocurrency mining campaigns and to launch […] | Malware | ||
 |
2022-11-14 12:44:00 | New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks (lien direct) | A newly discovered evasive malware leverages the Secure Shell (SSH) cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service (DDoS) attacks. Dubbed KmsdBot by the Akamai Security Intelligence Response Team (SIRT), the Golang-based malware has been found targeting a variety of companies ranging from gaming to | Malware | ||
|
2022-11-14 11:35:00 | Worok Hackers Abuse Dropbox API to Exfiltrate Data via Backdoor Hidden in Images (lien direct) | A recently discovered cyber espionage group dubbed Worok has been found hiding malware in seemingly innocuous image files, corroborating a crucial link in the threat actor's infection chain. Czech cybersecurity firm Avast said the purpose of the PNG files is to conceal a payload that's used to facilitate information theft. "What is noteworthy is data collection from victims' machines using | Malware Threat | ||
 |
2022-11-14 09:30:00 | Ukrainian CERT Discloses New Data-Wiping Campaign (lien direct) | Somnia malware hijacks Telegram and VPN accounts | Malware | ||
|
2022-11-14 01:42:56 | A Dropper-Type Malware Bomb Being Distributed Again in the Disguise of Cracks (lien direct) | The dropper malware which camouflaged itself as a crack is being actively distributed again after a period of dormancy. When this malware is executed, the affected system becomes infected with numerous malware programs simultaneously. This is effectively a malware “bomb.” Malware disguised as cracks for commercial software have been prevalent, which were either distributed in a “singular malware” format or “dropper malware” format. The ASEC analysis team is closely monitoring such malware distribution activities and has covered them multiple times... | Malware | ||
|
2022-11-12 14:53:58 | Malicious app in the Play Store spotted distributing Xenomorph Banking Trojan (lien direct) | Experts discovered two new malicious dropper apps on the Google Play Store distributing the Xenomorph banking malware. Zscaler ThreatLabz researchers discovered a couple of malicious dropper apps on the Play Store distributing the Xenomorph banking malware. Xenomorph was first spotted by ThreatFabric researchers in February 2022, at the time the malware was employed in attacks […] | Malware | ||
|
2022-11-12 05:15:12 | CVE-2022-38652 (lien direct) | ** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of the Hyperic Agent process (often SYSTEM on Windows platforms). NOTE: prior exploitation of CVE-2022-38650 results in the disclosure of the authentication material required to exploit this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | Malware Vulnerability | ★★ | |
|
2022-11-12 05:15:11 | CVE-2022-38650 (lien direct) | ** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | Malware Vulnerability | ★★★★ | |
|
2022-11-11 21:07:03 | Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware (lien direct) | >Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. The threat actors behind the campaigns used two Android spyware to spy on the victims and steal sensitive information. The campaigns involved a new piece of malware called […] | Malware Threat | ||
|
2022-11-11 19:56:00 | Experts Uncover Two Long-Running Android Spyware Campaigns Targeting Uyghurs (lien direct) | Two long-running surveillance campaigns have been found targeting the Uyghur community in China and elsewhere with Android spyware tools designed to harvest sensitive information and track their whereabouts. This encompasses a previously undocumented malware strain called BadBazaar and updated variants of an espionage artifact dubbed MOONSHINE by researchers from the University of Toronto's | Malware | ||
 |
2022-11-11 11:55:16 | Malware Campaign Redirects 15,000 Sites (lien direct) | It has been reported that security researchers have spotted an intriguing malware campaign designed to increase the search engine rankings of spam websites under the control of threat actors. | Spam Malware Threat | ||
|
2022-11-11 11:44:00 | Microsoft Blames Russian Hackers for Prestige Ransomware Attacks on Ukraine and Poland (lien direct) | Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group. The attacks, which were disclosed by the tech giant last month, involved a strain of previously undocumented malware called Prestige and is said to have taken place | Ransomware Malware Threat | ||
|
2022-11-11 11:26:33 | New BadBazaar Android malware linked to Chinese cyberspies (lien direct) | A previously undocumented Android spyware tool named 'BadBazaar' has been discovered targeting ethnic and religious minorities in China, most notably the Uyghurs in Xinjiang. [...] | Malware Tool | ||
|
2022-11-11 05:38:02 | Emotet Being Distributed Again via Excel Files After 6 Months (lien direct) | Over multiple blog posts, the ASEC analysis team has released information on the distribution of Emotet which had been modified in many different ways. It has recently been identified that the Emotet malware has become active again. Around six months have elapsed since the last active distribution. This post will examine the differences between the current Excel file and the one that had been distributed in the past. The common characteristics include the fact that it is distributed through an... | Malware | ||
|
2022-11-11 05:26:49 | (Déjà vu) HackHound IRC Bot Being Distributed via Webhards (lien direct) | Webhards are the main platforms that the attackers targeting Korean users exploit to distribute malware. The ASEC analysis team has been monitoring malware types distributed through webhards and uploaded multiple blog posts about them in the past. Generally, attackers distribute malware through illegal programs such as adult games and crack versions of games. Those who use webhards as a distribution path typically install RAT type malware such as njRAT, UdpRAT, and DDoS IRC Bot. As shown in the cases covered... | Malware | ||
|
2022-11-10 21:20:00 | Warning: New Massive Malicious Campaigns Targeting Top Indian Banks\' Customers (lien direct) | Cybersecurity researchers are warning of "massive phishing campaigns" that distribute five different malware targeting banking users in India. "The bank customers targeted include account subscribers of seven banks, including some of the most well-known banks located in the country and potentially affecting millions of customers," Trend Micro said in a report published this week. Some of the | Malware | ||
|
2022-11-10 17:58:42 | Phishing drops IceXLoader malware on thousands of home, corporate devices (lien direct) | A ongoing phishing campaign has infected thousands of home and corporate users with a new version of the 'IceXLoader' malware. [...] | Malware | ||
|
2022-11-10 17:18:10 | (Déjà vu) Microsoft fixes Windows zero-day bug exploited to push malware (lien direct) | Windows has fixed a bug that prevented Mark of the Web flags from propagating to files within downloaded ISO files, dealing a massive blow to malware distributors and developers. [...] | Malware | ||
|
2022-11-10 17:18:10 | Microsoft fixes MoTW zero-day used to drop malware via ISO files (lien direct) | Windows has fixed a bug that prevented Mark of the Web flags from propagating to files within downloaded ISO files, dealing a massive blow to malware distributors and developers. [...] | Malware | ||
|
2022-11-10 16:15:55 | Researchers warn of malicious packages on PyPI using steganography (lien direct) | >Experts discovered a malicious package on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. CheckPoint researchers discovered a malicious package, named ‘apicolor,’ on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. The malicious package infects PyPI users through open-source projects on Github. The […] | Malware | ||
 |
2022-11-10 15:21:29 | Update your Lenovo laptop\'s firmware now! Flaws could help malware survive a hard disk wipe (lien direct) | PC manufacturer Lenovo has been forced to push out a security update to more than two dozen of its laptop models, following the discovery of high severity vulnerabilities that could be exploited by malicious hackers. Security researchers at ESET discovered flaws in 25 of its laptop models - including IdeaPads, Slims, and ThinkBooks - that could be used to disable the UEFI Secure Boot process. Read more in my article on the Tripwire State of Security blog. | Malware | ||
|
2022-11-10 14:17:25 | Worok hackers hide new malware in PNGs using steganography (lien direct) | A threat group tracked as 'Worok' hides malware within PNG images to infect victims' machines with information-stealing malware without raising alarms. [...] | Malware Threat | ||
|
2022-11-10 13:40:53 | Advanced RAT AgentTesla Revealed As Most Widespread Malware In October (lien direct) | It has been reported that info-stealing malware accounted for the three most widespread variants in October, comprising nearly a fifth (16%) of global detections, according to Check Point. The security vendor's Global Threat Index for October 2022 is compiled from hundreds of millions of its own threat intelligence sensors, installed across customer networks, endpoints and mobile devices. | Malware Threat | ||
|
2022-11-10 13:28:52 | Security Expert On IceXLoader Malware (lien direct) | A new version of IceXLoader that has compromised thousands of personal and enterprise Windows machines, security experts reacted below. | Malware | ||
|
2022-11-10 11:49:00 | The Need for More Data in Security Operations (lien direct) | The increasing reliance on big data has created a broader scope for hackers to exploit. But, it’s also made opportunities for cybersecurity professionals to help identify threats. Recent ESG research found that survey respondents want to use more data for security operations, driving the need for scalable, high-performance, cloud-based back-end data repositories. The research found that 80% of organizations use more than 10 data sources as part of security operations to detect malicious activities, believing the most important to be: endpoint security data, threat intelligence feeds, security device logs, cloud security data, and network flow logs. While these are all valuable in their own right, they can also be difficult to collect, store, analyze, and correlate across multiple systems. Big data analytics has made it possible for organizations to combine multiple sources of information into one unified view of an event or incident. Though there have been advanced, many security tools still lack the ability to integrate, especially if they are from multiple vendors. This makes sharing information harder and highlights the need for better integration between telemetry sources and analysis tools. Challenges with Big Data There is no shortage of hype surrounding big data. Many companies are already reaping the benefits of big data and applying it to improve their operations. Big data is often described as “dense,” meaning that it contains a lot of information and is hard to analyze. While this makes it easier to collect, it also challenges organizations to figure out what information is relevant and how to apply it. The same goes for cybersecurity threats. There is a lot of buzz about the potential of big data to help identify attackers, but the reality is that it doesn’t just work like that. Instead, big data also provides a way for attackers to hide within vast amounts of information. They can further exploit this to avoid detection and even change their identity multiple times before unleashing a cyber attack. Using Data for Cybersecurity Even though data is the most appetizing and easily accessible target for attackers, that doesn’t mean you shouldn’t collect and analyze it. Data analysis can provide insights into how attackers target your organization for a cyber attack and what they might do next. According to the ESG Research, SOC teams collect, process, and analyze a variety of security telemetry to help them determine detection weaknesses where custom rules are needed. Security teams customize vendor rule sets to meet their needs and develop custom rules to detect threats targeting their industry or organization. Data Visualization & Analytics Big data analytics allows an organization to visualize attacks, detect anomalies, and discover relationships between different data sets. Machine Learning & Predictive Modeling Machine learning helps identify potential threats and behavior patterns by analyzing the data collected during the attack and comparing it with patterns we know about. We can even build predictive models based on our experience to detect similar attacks in the future. Security Controls Automation Artificial intelligence can help quickly automate threat intelligence to security controls to protect against security breaches. For example, machine learning could help identify activities related to a particular type of event and block access to those actions or events. The Need to Understand the Attacker Threat actors use three main attack vectors: social engineering, malware, and brute force. Social engineering occurs when someone attempts to trick another person into disclosing confidential information or giving up control | Malware Vulnerability Threat | ||
 |
2022-11-10 11:00:00 | The pros and cons of the digital transformation in banking (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Digital transformation in banking began following the creation of the internet in the 1990s as a way for banks to deliver services to their customers more conveniently. Today, it has completely changed how most people interact with their banks. From opening a new account to making transactions and applying for loans, you can access all banking services directly from your computer or smartphone. According to an FDIC survey on banking behavior, over 80% of account holders engage in some form of digital banking. The popularity of digital banking stems from the convenience and level of personalization that it offers. But is digital banking good for you, or do the risks, such as cybersecurity issues, outweigh the benefits? Below, let’s explore some of the pros and cons of digital transformation in banking. Pros of digital transformation in banking Digital banking offers several advantages to the modern banking customer. Here are a few: 24/7 Access to your bank One of the most significant benefits of digital banking is that it gives you round-the-clock access to your account. You don’t have to wait for working hours to deposit your funds, get an account statement, change your account details, or transact funds. You can do it at any time from wherever you are. Additionally, you don’t have to waste time in long queues in the banking hall. Digital banking is like having your personal bank right in your pocket. Better rates, lower fees Banks typically charge account maintenance and transaction fees to cover expenses like employees, bank premises, etc. Since digital banking allows customers to serve themselves directly over the internet, there’s less demand for bank employees and multiple brick-and-mortar branches. Therefore, banks embracing digital transformation have lower overheads and can offer their customers lower fees and higher interest rates. These benefits are especially pronounced for purely digital banks without physical premises. Better customer experience A 2021 survey by Deloitte Insights found that digital-first banks routinely outperform traditional banks in multiple areas that matter most to customers, including simplicity of transactions, transaction speed, and the overall quality of the banking experience. Digital banks provide a smoother experience compared to traditional banks. For instance, transacting on a digital bank takes just a few minutes on your smartphone or laptop. In contrast, simply making a transaction in a traditional bank could take close to an hour as you must get to the physical bank, wait in line, fill out transaction forms, and speak to a teller. In addition, digital banks offer features like budgeting tools that make it easier to manage your money. They also update you on every aspect of your account with text and email alerts, such as when you make transactions, when you don’t have enough money for an upcoming bill, and so on. This makes the digital banking experience much better than what you get with a traditional bank. Automated payments With digital banks, it’s amazingly easy to automate your payments. You can set up payments that you want to make from your account every month, s | Ransomware Malware Tool | Deloitte Deloitte | |
 |
2022-11-10 10:48:11 | Do you collect "Observables" or "IOCs"?, (Thu, Nov 10th) (lien direct) | Indicators of Compromise, or IOCs,&#;x26;#;xc2;&#;x26;#;xa0;are key elements in blue team activities. IOCs are mainly small pieces of technical information that have been collected during investigations, threat hunting activities&#;x26;#;xc2;&#;x26;#;xa0;or malware analysis. About the last example, the&#;x26;#;xc2;&#;x26;#;xa0;malware analyst&#;x26;#;39;s goal is&#;x26;#;xc2;&#;x26;#;xa0;identify how the malware is behaving and how to indentify it. | Malware Threat | ||
|
2022-11-10 05:50:39 | (Déjà vu) ASEC Weekly Malware Statistics (October 31st, 2022 – November 6th, 2022) (lien direct) | The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from October 31st, 2022 (Monday) to November 6th (Sunday). For the main category, downloader ranked top with 64.8%, followed by infostealer with 25.9%, backdoor with 6.6%, ransomware with 2.2%, and CoinMiner with 0.4%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 39.6%. The malware is distributed via malware disguised... | Ransomware Malware | ||
|
2022-11-10 05:49:52 | Distribution of Word File (External + RTF) Modified to Avoid Detection (lien direct) | Malicious MS Office Word documents have long been used for the distribution of additional RTF malware by exploiting the fact that Word files allow external connection. However, AhnLab has identified the files that seem to have been made to avoid anti-malware detection are being distributed in Korea. Similar to past cases, an email disguised as a work email with a Word document attachment is used, but a unique factor exists in the webSettings.xml.rels file which can be identified within the... | Malware | ||
 |
2022-11-10 04:46:41 | Windows breaks under upgraded IceXLoader malware (lien direct) | We're the malware of Nim! A malware loader deemed in June to be a "work in progress" is now fully functional and infecting thousands of Windows corporate and home PCs.… | Malware | ||
 |
2022-11-09 19:18:30 | Microsoft Patches MotW Zero-Day Exploited for Malware Delivery (lien direct) | Microsoft's latest Patch Tuesday updates address six zero-day vulnerabilities, including one related to the Mark-of-the-Web (MotW) security feature that has been exploited by cybercriminals to deliver malware. | Malware | ||
|
2022-11-09 18:36:00 | Several Cyber Attacks Observed Leveraging IPFS Decentralized Network (lien direct) | A number of phishing campaigns are leveraging the decentralized Interplanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure, and facilitate other attacks. "Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks," Cisco Talos researcher Edmund Brumaghin said in an analysis shared with The Hacker News. | Malware | ||
|
2022-11-09 17:51:08 | New StrelaStealer malware steals your Outlook, Thunderbird accounts (lien direct) | A new information-stealing malware named 'StrelaStealer' is actively stealing email account credentials from Outlook and Thunderbird, two widely used email clients. [...] | Malware | ||
|
2022-11-09 16:31:00 | Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network (lien direct) | The Keksec threat actor has been linked to a previously undocumented malware strain, which has been observed in the wild masquerading as an extension for Chromium-based web browsers to enslave compromised machines into a botnet. Called Cloud9 by security firm Zimperium, the malicious browser add-on comes with a wide range of features that enables it to siphon cookies, log keystrokes, inject | Malware Threat | ||
|
2022-11-09 15:45:00 | New IceXLoader Malware Loader Variant Infected Thousands of Victims Worldwide (lien direct) | An updated version of a malware loader codenamed IceXLoader is suspected of having compromised thousands of personal and enterprise Windows machines across the world. IceXLoader is a commodity malware that's sold for $118 on underground forums for a lifetime license. It's chiefly employed to download and execute additional malware on breached hosts. This past June, Fortinet FortiGuard Labs said | Malware | ||
|
2022-11-09 14:01:34 | Attackers Using IPFS for Distributed, Bulletproof Malware Hosting (lien direct) | The InterPlanetary File System (IPFS), considered one of the building blocks of web3, is increasingly being used to provide hidden bulletproof hosting for malware. “Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks,” say researchers at Cisco Talos. | Malware | ||
|
2022-11-09 13:31:43 | Experts observed Amadey malware deploying LockBit 3.0 Ransomware (lien direct) | >Experts noticed that the Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems. Researchers from AhnLab Security Emergency Response Center (ASEC) reported that the Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows […] | Ransomware Malware | ||
 |
2022-11-09 13:00:17 | Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns (lien direct) | The InterPlanetary File System (IPFS) is an emerging Web3 technology that is currently seeing widespread abuse by threat actors.Cisco Talos has observed multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure while facilitating other attacks.IPFS is often used for legitimate | Malware Threat | ||
 |
2022-11-09 10:53:00 | Researchers show techniques for malware persistence on F5 and Citrix load balancers (lien direct) | Tests show that deploying malware in a persistent manner on load balancer firmware is within reach of less sophisticated attackers. | Malware | ||
|
2022-11-09 10:30:00 | Advanced RAT AgentTesla Most Prolific Malware in October (lien direct) | Info-stealers take top three spots, says Check Point | Malware | ||
 |
2022-11-09 10:03:50 | Classement Top Malware Check Point du mois d\'octobre 2022 : IcedID prend la tête du classement en France (lien direct) | Classement Top Malware Check Point du mois d'octobre 2022 : IcedID prend la tête du classement en France. IcedID est un cheval de Troie bancaire qui a fait son apparition en septembre 2017. Vidar et Lokibot occupent respectivement les 2ème et 3ème places. - Malwares | Malware | ||
|
2022-11-09 02:27:20 | Another Script-Based Ransomware, (Wed, Nov 9th) (lien direct) | In the past, I already found some script-based ransomware samples written in Python or Powershell[1]. The last one I found was only a “proof-of-concept†(my guess) but it demonstrates how easy such malware can be developed and how they remain undetected by most antivirus products. | Ransomware Malware | ||
 |
2022-11-09 01:50:14 | Patch Tuesday, November 2022 Election Edition (lien direct) | Let's face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we've patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November's patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild. | Malware | ★★★ |
To see everything:
Our RSS (filtrered)
