What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-08 20:22:00 | Amadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines (lien direct) | The Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. "Amadey bot, the malware that is used to install LockBit, is being distributed through two methods: one using a malicious Word document file, and the other using an executable that takes the disguise of the Word file icon," AhnLab Security Emergency Response Center (ASEC) said in a | Ransomware Malware | ||
|
2022-11-08 19:10:00 | New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader (lien direct) | Cryptocurrency users are being targeted with a new clipper malware strain dubbed Laplas by means of another malware known as SmokeLoader. SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other commodity trojans like SystemBC and Raccoon Stealer 2.0, according to an analysis from Cyble. Observed in | Malware | ||
 |
2022-11-08 18:22:33 | SmokeLoader campaign distributes new Laplas Clipper malware (lien direct) | >Researchers observed a SmokeLoader campaign that is distributing a new clipper malware dubbed Laplas Clipper that targets cryptocurrency users. Cyble researchers uncovered a SmokeLoader campaign that is distributing community malware, such as SystemBC and Raccoon Stealer 2.0, along with a new clipper malware tracked as Laplas. The experts detected more than 180 different samples of the clipper […] | Malware | ||
 |
2022-11-08 17:56:13 | LockBit affiliate uses Amadey Bot malware to deploy ransomware (lien direct) | A LockBit 3.0 ransomware affiliate is using phishing emails that install the Amadey Bot to take control of a device and encrypt devices. [...] | Ransomware Malware | ||
 |
2022-11-08 16:00:00 | Anomali Cyber Watch: Active Probing Revealed Cobalt Strike C2s, Black Basta Ransomware Connected to FIN7, Robin Banks Phishing-as-a-Service Became Stealthier, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Active scanning, EDR evasion, Infostealers, Phishing, and Typosquatting. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild
(published: November 3, 2022)
Cobalt Strike remains a popular post-exploitation tool for threat actors trying to evade threat detection. Cobalt Strike’s Beacons use advanced, flexible command-and-control (C2) communication profiles for stealth communication with an attacker-controlled Linux application called Team Server. Beacon implants can covertly utilize the DNS protocol or communicate via HTTP/HTTPs using the the default Malleable C2 profile or Malleable C2 Gmail profile. Palo Alto researchers probed the Internet for these three types of communication to find previously-unknown active Team Server instances. Researchers were preselecting suspicious IP addresses with Shodan, actively probing them with stager requests and initializing a connection with the netcat tool to test, verify and extract communication profile settings (such as the served stager bytes).
Analyst Comment: Network fingerprinting and active scanning technologies allow for proactive identification of threats such as Cobalt Strike’s C2 IP addresses. Network defenders and intelligence feed providers can get better coverage by improving their collaboration and coverage via threat intelligence platforms such as ThreatStream provided by Anomali.
MITRE ATT&CK: [MITRE ATT&CK] Application Layer Protocol - T1071
Tags: detection:Cobalt Strike Beacon, detection:Cobalt Strike, detection:Cobalt Strike Team Server, Cobalt Strike stager, Active scanning, Shodan, netcat, Post-exploitation tool, Gmail, DNS, TCP, HTTP, Windows
Abusing Microsoft Customer Voice to Send Phishing Links
(published: November 3, 2022)
Avanan researchers detected a phishing campaign that abuses Microsoft Dynamics 365 Customer Voice since at least September 2022. These phishing emails come from legitimate email address surveys@email.formspro.microsoft.com, and clicking the link opens the Microsoft’s Customer Voice domain on a page with URL starting with: customervoice.microsoft.com/Pages/ResponsePage.aspx?id=... At the same time, a user clicking on the embedded “Play Voicemail” link redirects to an attacker-controlled phishing page asking for Microsoft account login credentials.
Analyst Comment: Organizations can use services like Anomali Digital Risk Protection, which defends your brand against brand abuse and continuously monitors domains for cybersquatters and domain hijacking to prevent phishing and malware attacks. Users are advised to always check the current domain by hovering over the URL, especially before entering credentials.
MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566
Tags: Customer Voice, Phishing, Microsoft, Forms Pro
Black Basta Ransomware |
Ransomware Malware Tool Threat | ||
 |
2022-11-08 14:18:48 | New updated IceXLoader claims thousands of victims around the world (lien direct) | >IceXLoader was discovered last June by FortiGuard Labs. It is a commercial malware used to download and deploy additional malware on infected machines. While the version discovered in June (v3.0) looked like a work-in-progress, we recently observed a newer v3.3.3 loader which looks to be fully functionable and includes a multi-stage delivery chain. Figure 1. […] | Malware | ★★★ | |
 |
2022-11-08 11:00:39 | October\'s Most Wanted Malware: AgentTesla Knocks Formbook off Top Spot and New Text4Shell Vulnerability Disclosed (lien direct) | >Check Point Research reports a significant increase in Lokibot attacks in October, taking it to third place for the first time in five months. New vulnerability, Text4Shell, was disclosed for the first time, and AgentTesla took the top spot as the most prevalent malware Our latest Global Threat Index for October 2022 reports that keylogger… | Malware Vulnerability Threat | ||
 |
2022-11-08 00:35:33 | (Déjà vu) LockBit 3.0 Being Distributed via Amadey Bot (lien direct) | The ASEC analysis team has confirmed that attackers are using Amadey Bot to install LockBit. Amadey Bot, a malware that was first discovered in 2018, is capable of stealing information and installing additional malware by receiving commands from the attacker. Like other malware strains, it is being sold in illegal forums and still being used by various attackers. It was used in the past to install ransomware by attackers of GandCrab or to install FlawedAmmyy by the TA505 group which... | Ransomware Malware | ||
 |
2022-11-07 18:14:23 | Microsoft: China Flaw Disclosure Law Part of Zero-Day Exploit Surge (lien direct) | The world's largest software maker is warning that China-based nation state threat actors are taking advantage of a one-year-old law to “stockpile” zero-days for use in sustained malware attacks. | Malware Threat | ||
 |
2022-11-07 17:29:50 | How the Mac OS X Trojan Flashback Changed Cybersecurity (lien direct) | >Not so long ago, the Mac was thought to be impervious to viruses. In fact, Apple once stated on its website that “it doesn’t get PC viruses”. But that was before the Mac OS X Trojan Flashback malware appeared in 2012. Since then, Mac and iPhone security issues have changed dramatically — and so has […] | Malware | ||
 |
2022-11-07 15:30:08 | Oh, look: More malware in the Google Play store (lien direct) | Also, US media hit with JavaScript supply chain attack, while half of govt employees use out-of-date mobile OSes in brief A quartet of malware-laden Android apps from a single developer have been caught with malicious code more than once, yet the infected apps remain on Google Play and have collectively been downloaded more than one million times. … | Malware | ★★★★★ | |
 |
2022-11-07 13:54:49 | Socgholish diversifie et étend son infrastructure de mise en scène de logiciels malveillants pour contrer les défenseurs SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders (lien direct) |
Les opérateurs de Socgholish continuent d'infecter les sites Web à grande échelle, et l'acteur de menace accélère son infrastructure.
SocGholish operators continue to infect websites at a massive scale, and the threat actor is ramping up its infrastructure to match. |
Malware Threat | ★★★ | |
 |
2022-11-07 00:00:00 | Massive Phishing Campaigns Target India Banks\' Clients (lien direct) | We found five banking malware families targeting customers of seven banks in India to steal personal and credit card information via phishing campaigns. | Malware | ||
 |
2022-11-05 22:02:59 | Windows Malware with VHD Extension, (Sat, Nov 5th) (lien direct) | Windows 10 supports various virtual drives natively and can recognize and use ISO, VHD and VHDX files. The file included as an attachment with this email, when extracted appears in the email as a PDF but is is in fact a VHD file. | Malware | ||
|
2022-11-05 21:34:11 | 29 malicious PyPI packages spotted delivering the W4SP Stealer (lien direct) | >Cybersecurity researchers discovered 29 malicious PyPI packages delivering the W4SP stealer to developers’ systems. Cybersecurity researchers have discovered 29 packages in the official Python Package Index (PyPI) repository designed to infect developers’ systems with an info-stealing malware dubbed W4SP Stealer. “It appears that these packages are a more sophisticated attempt to deliver the W4SP Stealer on […] | Malware | ||
|
2022-11-05 14:05:00 | Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer (lien direct) | Cybersecurity researchers have uncovered 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming language, that aim to infect developers' machines with a malware called W4SP Stealer. "The main attack seems to have started around October 12, 2022, slowly picking up steam to a concentrated effort around October 22," software supply chain | Malware | ★★ | |
 |
2022-11-05 09:55:10 | (Déjà vu) Emotet revient après un an d\'inactivité (lien direct) | >D'un simple cheval de Troie bancaire à un botnet en passant par une infrastructure de diffusion de contenu, le malware Emotet a bien évolué au fil des années et réapparaît malgré son démantèlement en janvier 2021 par des autorités internationales (États-Unis, Pays-Bas, Royaume-Uni, France, Ukraine, Lituanie et Canada). The post Emotet revient après un an d'inactivité first appeared on UnderNews. | Malware | ||
|
2022-11-04 19:13:00 | Researchers Detail New Malware Campaign Targeting Indian Government Employees (lien direct) | The Transparent Tribe threat actor has been linked to a new campaign aimed at Indian government organizations with trojanized versions of a two-factor authentication solution called Kavach. "This group abuses Google advertisements for the purpose of malvertising to distribute backdoored versions of Kavach multi-authentication (MFA) applications," Zscaler ThreatLabz researcher Sudeep Singh said | Malware Threat | APT 36 | |
 |
2022-11-04 11:27:14 | Emotet revient après un an d\'inactivité : réaction d\'Infoblox (lien direct) | D'un simple cheval de Troie bancaire à un botnet en passant par une infrastructure de diffusion de contenu, le malware Emotet a bien évolué au fil des années et réapparaît malgré son démantèlement en janvier 2021 par des autorités internationales (États-Unis, Pays-Bas, Royaume-Uni, France, Ukraine, Lituanie et Canada). - Malwares | Malware | ||
|
2022-11-03 19:14:10 | Offense Gets the Glory, but Defense Wins the Game (lien direct) | When it comes to cybercriminals, defense evasion remains the top tactic globally. In fact, it was the most employed tactic by malware developers in the past six months – and they're often using system binary proxy execution to do so. Hiding malicious intentions is one of the most important actions for adversaries. Therefore, they are attempting to evade defenses by masking malicious intention and attempting to hide commands using a legitimate certificate. | Malware | ||
|
2022-11-03 16:28:32 | 250+ U.S. news sites spotted spreading FakeUpdates malware in a supply-chain attack (lien direct) | >Threat actors compromised a media company to deliver FakeUpdates malware through the websites of hundreds of newspapers in the US. Researchers at Proofpoint Threat Research observed threat actor TA569 intermittently injecting malicious code on a media company that serves many major news outlets. The media company serves The media company provides video content and advertising […] | Malware Threat | ||
|
2022-11-03 15:36:50 | RomCom RAT malware campaign impersonates KeePass, SolarWinds NPM, Veeam (lien direct) | The threat actor behind the RomCom RAT (remote access trojan) has refreshed its attack vector and is now abusing well-known software brands for distribution. [...] | Malware Threat | ||
 |
2022-11-03 12:34:53 | More than 250 US news sites inject malware in possible supply chain attack (lien direct) | Pas de details / No more details | Malware | ||
|
2022-11-03 11:14:30 | Crime group hijacks hundreds of US news websites to push malware (lien direct) | Pas de details / No more details | Malware | ||
 |
2022-11-03 10:41:00 | Mondelez and Zurich\'s NotPetya cyber-attack insurance settlement leaves behind no legal precedent (lien direct) | Multinational food and beverage company Mondelez International and Zurich American Insurance have settled their multiyear litigation surrounding the cyberattack coverage – or lack of such coverage – following the NotPetya malware attack that damaged the Mondelez network and infrastructure. The specifics of the settlement are unknown, but that it would come mid-trial has caught everyone's attention.The pain was felt on June 27, 2017, when NotPetya wiped out 24,000 laptops and 1,700 servers within the Mondelez network. The malware, designed to destroy, did just that. Mondelez estimated damages would approach $100 million USD.To read this article in full, please click here | Malware | NotPetya NotPetya | ★★★★ |
|
2022-11-03 10:14:02 | Over 250 US News Websites Deliver Malware via Supply Chain Attack (lien direct) | Hundreds of regional and national news websites in the United States are delivering malware as a result of a supply chain attack involving one of their service providers. | Malware | ||
|
2022-11-03 05:23:46 | (Déjà vu) ASEC Weekly Malware Statistics (October 24th, 2022 – October 30th, 2022) (lien direct) | The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from October 24th, 2022 (Monday) to October 30th (Sunday). For the main category, Infostealer ranked top with 43.2%, followed by downloader with 34.7%, backdoor with 19.4%, and ransomware with 2.2%. Top 1 – Agent Tesla AgentTesla is an Infostealer that ranked first place with 22.1%. It is an Infostaler that leaks user credentials saved in... | Ransomware Malware | ||
|
2022-11-02 18:55:55 | SandStrike, a previously undocumented Android malware targets a Persian-speaking religion minority (lien direct) | >Threat actors are using previously undocumented Android spyware, dubbed SandStrike, to spy on a Persian-speaking religion minority. In Q3 2022, Kaspersky researchers uncovered a previously undocumented Android spyware, dubbed SandStrike, employed in an espionage campaign targeting the Persian-speaking religion minority, Baháʼí. The threat actors were distributing a VPN app embedding a highly sophisticated spyware. The […] | Malware Threat | ||
|
2022-11-02 16:58:00 | Inside Raccoon Stealer V2 (lien direct) | Raccoon Stealer is back on the news again. US officials arrested Mark Sokolovsky, one of the malware actors behind this program. In July 2022, after several months of the shutdown, a Raccoon Stealer V2 went viral. Last week, the Department of Justice's press release stated that the malware collected 50 million credentials. This article will give a quick guide to the latest info stealer's version | Malware | ||
|
2022-11-02 16:35:15 | (Déjà vu) Hundreds of U.S. news sites push malware in supply-chain attack (lien direct) | The compromised infrastructure of an undisclosed media company is being used by threat actors to deploy the SocGholish JavaScript malware framework (also known as FakeUpdates) on the websites of hundreds of newspapers across the U.S. [...] | Malware Threat | ||
|
2022-11-02 16:35:15 | Hundreds of U.S. news sites hit in SocGholish supply-chain attack (lien direct) | The compromised infrastructure of an undisclosed media company is being used by threat actors to deploy the SocGholish JavaScript malware framework (also known as FakeUpdates) on the websites of hundreds of newspapers across the U.S. [...] | Malware Threat | ||
 |
2022-11-02 15:22:01 | (Déjà vu) Une nouvelle version d\'un logiciel espion visant les citoyens iraniens, Furball, caché dans une application de traduction (lien direct) | Une nouvelle version du malware Android FurBall utilisée dans une campagne " Domestic Kitten " impacte les citoyens iraniens. Et cela dure depuis 2016 ! | Malware | ||
|
2022-11-02 14:41:42 | (Déjà vu) Emotet botnet starts blasting malware again after 4 month break (lien direct) | The Emotet malware operation is again spamming malicious emails after almost a four-month "vacation" that saw little activity from the notorious cybercrime operation. [...] | Malware | ||
|
2022-11-02 14:41:42 | Emotet botnet starts blasting malware again after 5 month break (lien direct) | The Emotet malware operation is again spamming malicious emails after almost a five-month "vacation" that saw little activity from the notorious cybercrime operation. [...] | Malware | ||
|
2022-11-02 13:21:26 | Dozens of PyPI packages caught dropping \'W4SP\' info-stealing malware (lien direct) | Researchers have discovered over two dozen Python packages on the PyPI registry that are pushing info-stealing malware. [...] | Malware | ||
 |
2022-11-02 09:00:23 | Could Threat Actors Be Downgrading Their Malware to Evade Detection? (lien direct) | >Threat actors are known to modify their malware to evade detection and make additional profits. They do this by changing the file name and IP address, along with other features. This gives them an advantage, as it makes detection more difficult and helps them stay under the radar. The modifications are so common that we […] | Malware Threat | ||
|
2022-11-02 01:49:15 | Appleseed Being Distributed to Nuclear Power Plant-Related Companies (lien direct) | The ASEC analysis team has recently discovered a case of AppleSeed being distributed to nuclear power plant-related companies. AppleSeed is a backdoor malware used by Kimsuky, one of the organizations affiliated with North Korea, and this malware is being actively distributed to many companies. The filenames of the AppleSeed dropper were identified by the ASEC analysis team as follows, and a double file extension was used to deceive users. When the file is executed, the encoded data inside is decoded... | Malware | ||
|
2022-11-01 20:45:00 | Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware (lien direct) | The Chinese state-sponsored threat actor known as Stone Panda has been observed employing a new stealthy infection chain in its attacks aimed at Japanese entities. Targets include media, diplomatic, governmental and public sector organizations and think-tanks in Japan, according to twin reports published by Kaspersky. Stone Panda, also called APT10, Bronze Riverside, Cicada, and Potassium, is a | Malware Threat | APT 10 | |
|
2022-11-01 15:00:00 | Anomali Cyber Watch: Active Probing Revealed ShadowPad C2s, Fodcha Hides Behind Obscure TLDs, Awaiting OpenSSL 3.0 Patch, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, DDoS, OpenSSL, Ransomware, Russia, Spyware, and Ukraine. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Threat Analysis: Active C2 Discovery Using Protocol Emulation Part3 (ShadowPad)
(published: October 27, 2022)
ShadowPad is a custom, modular malware in use by multiple China-sponsored groups since 2015. VMware researchers analyzed the command-and-control (C2) protocol in recent ShadowPad samples. They uncovered decoding routines and protocol/port combinations such as HTTP/80, HTTP/443, TCP/443, UDP/53, and UDP/443. Active probing revealed 83 likely ShadowPad C2 servers (during September 2021 to September 2022). Additional samples communicating with this infrastructure included Spyder (used by APT41) and ReverseWindow (used by the LuoYu group).
Analyst Comment: Researchers can use reverse engineering and active probing to map malicious C2 infrastructure. At the same time, the ShadowPad malware changes the immediate values used in the packet encoding per variant, so finding new samples is crucial for this monitoring.
MITRE ATT&CK: [MITRE ATT&CK] Application Layer Protocol - T1071 | [MITRE ATT&CK] Exfiltration Over Alternative Protocol - T1048 | [MITRE ATT&CK] System Information Discovery - T1082 | [MITRE ATT&CK] Ingress Tool Transfer - T1105
Tags: detection:ShadowPad, C2, APT, China, source-country:CN, actor:APT41, actor:LuoYu, detection:Spyder, detection:ReverseWindow, TCP, HTTP, HTTPS, UDP
Raspberry Robin Worm Part of Larger Ecosystem Facilitating Pre-Ransomware Activity
(published: October 27, 2022)
The Raspberry Robin USB-drive-targeting worm is an increasingly popular infection and delivery method. Raspberry Robin works as a three-file infection: Raspberry Robin LNK file on an USB drive, Raspberry Robin DLL (aka Roshtyak) backdoor, and a heavily-obfuscated .NET DLL that writes LNKs to USB drives. Microsoft researchers analyzed several infection chains likely centered around threat group EvilCorp (aka DEV-0206/DEV-0243). Besides being the initial infection vector, Raspberry Robin was seen delivered by the Fauppod malware, which shares certain code similarities both with Raspberry Robin and with EvilCorp’s Dridex malware. Fauppod/Raspberry Robin infections were followed by additional malware (Bumblebee, Cobalt Strike, IcedID, TrueBot), and eventually led to a ransomware infection (LockBit, Clop).
Analyst Comment: Organizations are advised against enabling Autorun of removable media on Windows by default, as it allows automated activation of an inserted, Raspberry Robin-infected USB drive. Apply best practices related to credential hygiene, network segmentation, and attack surface reduction.
MITRE ATT&CK: [MITRE ATT&CK] Replicat |
Ransomware Malware Hack Tool Vulnerability Threat Guideline | APT 41 | |
|
2022-11-01 06:48:34 | Google ad for GIMP.org served info-stealing malware via lookalike site (lien direct) | Searching for 'GIMP' on Google as recently as last week would show visitors an ad for 'GIMP.org,' the official website of the well known graphics editor, GNU Image Manipulation Program. But clicking on it drove visitors to a lookalike phishing website that provided them with a 700 MB executable disguised as GIMP which was malware. [...] | Malware | ||
 |
2022-10-31 20:53:27 | Accused \'Raccoon\' Malware Developer Fled Ukraine After Russian Invasion (lien direct) | A 26-year-old Ukrainian man is awaiting extradition to the United States on charges that he acted as a core developer for Raccoon, a "malware-as-a-service" offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. KrebsOnSecurity has learned that the defendant was busted in March 2022, after fleeing mandatory military service in Ukraine in the weeks following the Russian invasion. | Malware | ||
|
2022-10-31 16:30:08 | Ordinary web access request or command to malware? (lien direct) | Cranefly group unleashes nasty little technique using Microsoft Internet Information Services (IIS) logs A threat group that targets corporate emails is delivering dropper malware through a novel technique that uses Microsoft Internet Information Services (IIS) logs to send commands disguised as web access requests.… | Malware Threat | ||
|
2022-10-31 14:37:01 | Wannacry, the hybrid malware that brought the world to its knees (lien direct) | >Reflecting on the Wannacry ransomware attack, which is the lesson learnt e why most organizations are still ignoring it. In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding […] | Ransomware Malware | Wannacry Wannacry | ★★ |
|
2022-10-31 11:34:52 | Hacking group abuses antivirus software to launch LODEINFO malware (lien direct) | The Chinese Cicada hacking group, tracked as APT10, was observed abusing security software to install a new version of the LODEINFO malware against Japanese organizations. [...] | Malware | APT 10 | |
|
2022-10-31 01:57:31 | A Case of Malware Infection by the Lazarus Attack Group Disabling Anti-Malware Programs With the BYOVD Technique (lien direct) | In the ASEC blog post uploaded on April 2022 (New Malware of Lazarus Threat Actor Group Exploiting INITECH Process, https://asec.ahnlab.com/en/33801/), the team discussed the fact that the Lazarus attack group had been exploiting the INITECH process to infect systems with malware. This article aims to cover the details of the Lazarus group using the watering hole technique to hack into systems before exploiting the vulnerability of the MagicLine4NX product from Dream Security in order to additionally hack into systems in... | Malware Hack Vulnerability Threat Medical | APT 38 | |
|
2022-10-28 16:31:00 | Researchers Uncover Stealthy Techniques Used by Cranefly Espionage Hackers (lien direct) | A recently discovered hacking group known for targeting employees dealing with corporate transactions has been linked to a new backdoor called Danfuan. This hitherto undocumented malware is delivered via another dropper called Geppei, researchers from Symantec, by Broadcom Software, said in a report shared with The Hacker News. The dropper "is being used to install a new backdoor and other tools | Malware | ||
|
2022-10-28 16:08:28 | The Week in Ransomware - October 28th 2022 - Healthcare leaks (lien direct) | This week, we learned of healthcare data leaks out of Australia, information about existing attacks, and reports on how ransomware gangs operate and partner with malware developers for initial access. [...] | Ransomware Malware | ||
 |
2022-10-28 16:00:00 | Cranefly Hackers Use Stealthy Techniques to Deliver and Control Malware (lien direct) | These attackers reportedly spent at least 18 months on victim networks | Malware | ||
|
2022-10-28 15:48:00 | Raspberry Robin Operators Selling Cybercriminals Access to Thousands of Endpoints (lien direct) | The Raspberry Robin worm is becoming an access-as-a-service malware for deploying other payloads, including IcedID, Bumblebee, TrueBot (aka Silence), and Clop ransomware. It is "part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread," the Microsoft Security Threat Intelligence Center (MSTIC | Malware Threat | ||
|
2022-10-28 10:01:00 | Phishing attacks increase by over 31% in third quarter: Report (lien direct) | Email security and threat detection company Vade has found that phishing emails in the third quarter this year increased by more than 31% quarter on quarter, with the number of emails containing malware in the first three quarters surpassing the 2021 level by 55.8 million.Malware emails in the third quarter of 2022 alone increased by 217% compared to same period in 2021. Malware email volume peaked in July, reaching 19.2 million, before month-over-month declines in August and September, with numbers dropping to 16.8 million and 16.5 million respectively.To read this article in full, please click here | Malware Threat | ★★★★ |
To see everything:
Our RSS (filtrered)
