What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-04 09:00:00 | Roadsweep Ransomware - Un acteur de menace iranienne probable mène une activité perturbatrice à motivation politique contre les organisations gouvernementales albanaises ROADSWEEP Ransomware - Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations (lien direct) |
résumé exécutif
Mandiant a identifié la famille des ransomwares routiers et un personnage télégramme qui a ciblé le gouvernement albanais dans une opération perturbatrice politiquement motivée avant une conférence de l'organisation d'opposition iranienne à la fin de juillet 2022.
Une chimneysweep de porte dérobée auparavant inconnue et une nouvelle variante de l'essuie-glace Zeroclear peuvent également avoir été impliquées.
Les données de distribution de logiciels malveillants Chimneysweep et le contenu de leurre, le timing de l'opération \\ et le contenu à thème politiquement, et l'implication possible de l'essuie-glace zérocléaire indique qu'un acteur de menace iranien est probablement responsable.
Executive Summary Mandiant identified the ROADSWEEP ransomware family and a Telegram persona which targeted the Albanian government in a politically motivated disruptive operation ahead of an Iranian opposition organization\'s conference in late July 2022. A previously unknown backdoor CHIMNEYSWEEP and a new variant of the ZEROCLEAR wiper may also have been involved. CHIMNEYSWEEP malware distribution data and decoy content, the operation\'s timing and politically themed content, and the possible involvement of the ZEROCLEAR wiper indicate an Iranian threat actor is likely responsible. |
Ransomware Malware Threat Conference | ★★★ | |
 |
2022-08-04 08:00:13 | Attackers leveraging Dark Utilities "C2aaS" platform in malware campaigns (lien direct) |  By Edmund Brumaghin, Azim Khodjibaev and Matt Thaxton, with contributions from Arnaud Zobec.Executive SummaryDark Utilities, released in early 2022, is a platform that provides full-featured C2 capabilities to adversaries.It is marketed as a means to enable remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems.Payloads provided by the platform support Windows, Linux and Python-based implementations and are hosted within the Interplanetary File System (IPFS), making them resilient to content moderation or law enforcement intervention.Since its initial release, we've observed malware samples in the wild leveraging it to facilitate remote access and cryptocurrency mining.What is "Dark Utilities?"In early 2022, a new C2 platform called "Dark Utilities" was established, offering a variety of services such as remote system access, DDoS capabilities and cryptocurrency mining. The operators of the service also established Discord and Telegram communities where they provide technical support and assistance for customers on the platform.  Dark Utilities provides payloads consisting of code that is executed on victim systems, allowing them to be registered with the service and establish a command and control (C2) communications channel. The platform currently supports Windows, Linux and Python-based payloads, allowing adversaries to target multiple architectures without requiring significant development resources. During our analysis, we observed efforts underway to expand OS and system architecture support as the platform continues to see ongoing develo |
Spam Malware Hack Tool Threat Guideline | APT 19 | |
 |
2022-08-04 05:55:40 | New Woody RAT Malware Being Used to Target Russian Organizations (lien direct) | An unknown threat actor has been targeting Russian entities with a newly discovered remote access trojan called Woody RAT for at least a year as part of a spear-phishing campaign. The advanced custom backdoor is said to be delivered via either of two methods: archive files and Microsoft Office documents leveraging the now-patched "Follina" support diagnostic tool vulnerability (CVE-2022-30190) | Malware Tool Vulnerability Threat | ★★★★★ | |
 |
2022-08-04 00:00:00 | A Reverse Engineering Guide for Rust Binaries (lien direct) | Introduction The Rust programming language is like rust on a vehicle for malware analysts and reverse engineers. The adoption of the language by malware authors spreads like cancer the longer it is in active development. This is due to convenient static linking and support for many operating systems, yielding a binary with little to no dependencies. These features are excellent for the distribution of malware. Every time we need to reverse engineer a Rust binary, we would rather embrace the sweet release of death. | Malware | ★★★ | |
 |
2022-08-03 23:06:28 | GitHub blighted by “researcher” who created thousands of malicious projects (lien direct) | If you spew projects laced with hidden malware into an open source repository, don't waste your time telling us "no harm done" afterwards. | Malware | ||
 |
2022-08-03 21:25:52 | Woody RAT: A new feature-rich malware spotted in the wild (lien direct) | >The Malwarebytes Threat Intelligence team has discovered a new Remote Access Trojan that we dubbed Woody Rat used to target Russian entities. | Malware Threat | ||
 |
2022-08-03 19:57:48 | School Kid Uploads Ransomware Scripts to PyPI Repository as \'Fun\' Project (lien direct) | The malware packages had names that were common typosquats of a legitimate widely used Python library. One was downloaded hundreds of times. | Ransomware Malware | ||
 |
2022-08-03 18:35:14 | Russian organizations attacked with new Woody RAT malware (lien direct) | Unknown attackers target Russian entities with newly discovered malware that allows them to control and steal information from compromised devices remotely. [...] | Malware | ||
|
2022-08-03 17:43:59 | Cloned Atomic Wallet website is pushing Mars Stealer malware (lien direct) | A fake website impersonating the official portal for the Atomic wallet, a popular decentralized wallet that also operates as a cryptocurrency exchange portal, is, in reality, distributing copies of the Mars Stealer information-stealing malware. [...] | Malware | ||
|
2022-08-03 16:35:51 | Windows 11 Smart App Control blocks files used to push malware (lien direct) | Smart App Control, a Windows 11 security feature that blocks threats at the process level, now comes with support for blocking several new file types threat actors have recently adopted to infect targets with malware in phishing attacks. [...] | Malware Threat | ||
 |
2022-08-03 16:16:00 | So RapperBot, What Ya Bruting For? (lien direct) | FortiGuard Labs is tracking a rapidly evolving IoT malware family known as RapperBot. Read to learn how this threat infects and persists on a victim's device. | Malware Threat | ||
|
2022-08-03 05:36:55 | VirusTotal Reveals Most Impersonated Software in Malware Attacks (lien direct) | Threat actors are increasingly mimicking legitimate applications like Skype, Adobe Reader, and VLC Player as a means to abuse trust relationships and increase the likelihood of a successful social engineering attack. Other most impersonated legitimate apps by icon include 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp, an analysis from VirusTotal has revealed. "One of the | Malware Threat | CCleaner | |
|
2022-08-03 05:11:19 | 35,000 code repos not hacked-but clones flood GitHub to serve malware (lien direct) | Thousands of GitHub repositories were forked (cloned) and altered to include malware, a software engineer discovered. [...] | Malware | ★★★★ | |
 |
2022-08-03 02:20:00 | (Déjà vu) ASEC Weekly Malware Statistics (July 25th, 2022 – July 31st, 2022) (lien direct) | The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 25th, 2022 (Monday) to July 31st, 2022 (Sunday). For the main category, info-stealer ranked top with 38.6%, followed by backdoor with 38.1%, and downloader with 23.3%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 23.8%. It is an info-stealer that leaks user credentials saved in web... | Malware | ||
|
2022-08-02 22:03:15 | Large Language AI Models Have Real Security Benefits (lien direct) | Complex neural networks, including GPT-3, can deliver useful cybersecurity capabilities such as explaining malware and quickly classifying websites, researchers find. | Malware | ★★★★ | |
 |
2022-08-02 19:31:35 | No SOCKS, No Shoes, No Malware Proxy Services! (lien direct) | With the recent demise of several popular "proxy" services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet. Compounding the problem, several remaining malware-based proxy services have chosen to block new registrations to avoid swamping their networks with a sudden influx of customers. | Malware | ★★ | |
 |
2022-08-02 17:22:51 | Nouveau rapport de Google sur les tendances en matière de malware (lien direct) | VirusTotal, le service de détection des menaces de Google Cloud, vient de publier son rapport sur les dernières tendances en matière d'attaques de malwares. Basé à Malaga, en Espagne, VirusTotal est à la fois le premier scanner de malware et la première plateforme de partage d'informations sur les menaces au monde. Grâce à son moteur de recherche dédié aux échantillons de malware, aux domaines et aux modèles comportementaux des acteurs malveillants, VirusTotal aide des millions de personnes et (...) - Malwares | Malware | ||
|
2022-08-02 16:00:00 | VirusTotal: Threat Actors Mimic Legitimate Apps, Use Stolen Certs to Spread Malware (lien direct) | Attackers are turning to stolen credentials and posing as trusted applications to socially engineer victims, according to Google study of malware submitted to VirusTotal. | Malware Threat | ||
 |
2022-08-02 15:17:00 | Anomali Cyber Watch: Velvet Chollima Steals Emails from Browsers, Austrian Mercenary Leverages Zero-Days, China-Sponsored Group Uses CosmicStrand UEFI Firmware Rootkit, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Cyber mercenaries, Phishing, Rootkits, Spyware, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
SharpTongue Deploys Clever Mail-Stealing Browser Extension “SHARPEXT”
(published: July 28, 2022)
Volexity researchers discovered SharpExt, a new malicious browser app used by the North-Korea sponsored Velvet Chollima (Kimsuky, SharpTongue, Thallium) group. SharpExt inspects and exfiltrates data from a victim's webmail (AOL or Gmail) account as they browse it. Velvet Chollima continues to add new features to the app, the latest known version (3.0) supports three browsers: Microsoft Edge, Google Chrome, and Whale, the latter almost exclusively used in South Korea. Following the initial compromise, Velvet Chollima deploy SharpExt and to avoid warning the victim they manually exfiltrate settings files to change the settings and generate a valid "super_mac" security check value. They also hide the newly opened DevTools window and any other warning windows such as a warning regarding extensions running in developer mode.
Analyst Comment: Velvet Chollima is known for its tactic of deploying malicious browser extensions, but in the past it was concentrating on stealing credentials instead of emails. The group continues aggressive cyberespionage campaigns exfiltrating military and industrial technologies from Europe, South Korea, and the US. Network defenders should monitor for suspicious instances of PowerShell execution, as well as for traffic to and from known Velvet Chollima infrastructure (available in Anomali Match).
MITRE ATT&CK: [MITRE ATT&CK] Browser Extensions - T1176 | [MITRE ATT&CK] Email Collection - T1114 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Hide Artifacts - T1564
Tags: SharpExt, Velvet Chollima, Kimsuky, SharpTongue, Thallium, APT, North Korea, source-country:KP, South Korea, target-country:KR, USA, target-country:US, target-region:Europe, AOL, Gmail, Edge, Chrome, Whale, PowerShell, VBS, Browser extension
Untangling KNOTWEED: European Private-Sector Offensive Actor Using 0-Day Exploits
(published: July 27, 2022)
Microsoft researchers detail activity of DSIRF, Austrian private-sector offensive actor (PSOA). In 2021, this actor, tracked as Knotweed, used four Windows and Adobe 0-day exploits. In 2022, DSIRF was exploiting another Adobe Reader vulnerability, CVE-2022-22047, which was patched in July 2022. DSIRF attacks rely on their malware toolset called Subzero. The initial downloader shellcode is executed from either the exploit chains or malicious Excel documents. It downloads a JPG image file with extra encrypted data, extracts, decrypts and loads to the memory the Corelump memory-only infostealer. For persistence, Corelump creates trojanized copies of legitimate Windows DLLs that se |
Malware Tool Vulnerability Threat Patching Guideline Cloud | APT 37 APT 28 | |
|
2022-08-02 14:50:20 | BlackCloak Bolsters Malware Protection With QR Code Scanner and Malicious Calendar Detection Features (lien direct) | In conjunction with Black Hat 2022, pioneer of digital executive protection also announces new security innovations and SOC 2 Type II certification. | Malware | ||
|
2022-08-02 12:00:00 | Wolf in sheep\'s clothing: how malware tricks users and antivirus (lien direct) | One of the primary methods used by malware distributors to infect devices is by deceiving people into downloading and running malicious files, and to achieve this deception, malware authors are using a variety of tricks. [...] | Malware | ★★★★★ | |
|
2022-08-02 08:00:14 | Manjusaka: A Chinese sibling of Sliver and Cobalt Strike (lien direct) |  By Asheer Malhotra and Vitor Ventura.Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework.The implants for the new malware family are written in the Rust language for Windows and Linux.A fully functional version of the command and control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors.We recently discovered a campaign in the wild using lure documents themed around COVID-19 and the Haixi Mongol and Tibetan Autonomous Prefecture, Qinghai Province. These maldocs ultimately led to the delivery of Cobalt Strike beacons on infected endpoints.We have observed the same threat actor using the Cobalt Strike beacon and implants from the Manjusaka framework.IntroductionCisco Talos has discovered a relatively new attack framework called "Manjusaka" (which can be translated to "cow flower" from the Simplified Chinese writing) by their authors, being used in the wild.As defenders, it is important to keep track of offensive frameworks such as Cobalt Strike and Sliver so that enterprises can effectively defend against attacks employing these tools. Although we haven't observed widespread usage of this framework in the wild, it has the potential to be adopted by threat actors all over the world. This disclosure from Talos intends to provide early notification of the usage of Manjusaka. We also detail the framework's capabilities and the campaign that led to the discovery of this attack framework in the wild.The research started with a malicious Microsoft Word document (maldoc) that contained a Cobalt Strike (CS) beacon. The lure on this document mentioned a COVID-19 outbreak in Golmud City, one of the largest cities in the Haixi Mongol and Tibetan Autonomous Prefecture, Qinghai Province. During the investigation, Cisco Talos found no direct link between the campaign and the framework developers, aside from the usage of the framework (which is freely available on GitHub). However, we could not find any data that could support victimology definition. This is justifiable considering there's a low number of victims, indicating the early stages of the campaign, further supported by the maldoc metadata that indicates it was created in the second half of June 2022.While investigating the maldoc infection chain, we found an implant used to instrument Manjusaka infections, contacting the same IP address as the CS beacon. This implant is written in the Rust programming language and we found samples for Windows and Linux operating systems. The Windows implant included test samples, which had non-internet-routable IP addresses as command and control (C2). Talos also discovered the Manjusaka C2 executable - a fully functional C2 ELF binary written in GoLang with a User Interface in Simplified Chinese - on GitHub. While analyzing the C2, we generated implants by specifying our configurations. The developer advertises it has an advers |
Malware Threat Guideline | APT 19 | |
 |
2022-08-02 07:44:54 | Gootkit AaaS malware is still active and uses updated tactics (lien direct) | >Gootkit access-as-a-service (AaaS) malware is back with tactics and fileless delivery of Cobalt Strike beacons. Gootkit runs on an access-a-as-a-service model, it is used by different groups to drop additional malicious payloads on the compromised systems. Gootkit has been known to use fileless techniques to deliver threats such as the SunCrypt, and REvil (Sodinokibi) ransomware, Kronos trojans, […] | Malware | ★★ | |
|
2022-08-02 04:25:05 | What is ransomware and how can you defend your business from it? (lien direct) | Ransomware is a kind of malware used by cybercriminals to stop users from accessing their systems or files; the cybercriminals then threaten to leak, destroy or withhold sensitive information unless a ransom is paid. Ransomware attacks can target either the data held on computer systems (known as locker ransomware) or devices (crypto-ransomware). In both instances, once a ransom is paid, threat | Ransomware Malware | ||
 |
2022-08-01 18:00:00 | Credential Stealer Malware Raccoon Updated to Obtain Passwords More Efficiently (lien direct) | Raccoon Stealer 2.0 features a new back-end and front-end, and other additional features | Malware | ||
|
2022-08-01 13:21:00 | Austrian Investigation Reveals Spyware Targeting Law Firms, Finance Institutions (lien direct) | The news comes days after Microsoft found malware called Subzero made by an Austrian company | Malware | ||
|
2022-08-01 12:50:00 | Fileless Malware: What It Is and How It Works (lien direct) | Read about the what fileless malware is along with the stages of an attack, the common techniques used by cybercriminals, and tips for detecting these types of threats. | Malware | ||
|
2022-07-31 21:51:16 | Gootkit Loader Resurfaces with Updated Tactic to Compromise Targeted Computers (lien direct) | The operators of the Gootkit access-as-a-service (AaaS) malware have resurfaced with updated techniques to compromise unsuspecting victims. "In the past, Gootkit used freeware installers to mask malicious files; now it uses legal documents to trick users into downloading these files," Trend Micro researchers Buddy Tancio and Jed Valderama said in a write-up last week. The findings | Malware | ||
 |
2022-07-30 14:37:29 | Uninstall These Android Apps To Avoid Stealing Of Money And Passwords (lien direct) | >Beware Android users! Google recently removed 17 malicious apps from the Play Store after they were found stealing users' banking information from the devices. According to a report from Trend Micro, a security research firm, these malware apps are aimed at stealing users' data, including banking credentials, PIN numbers, passwords, and any other information. These apps […] | Malware | ||
|
2022-07-30 02:53:43 | Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers (lien direct) | Microsoft on Friday disclosed a potential connection between the Raspberry Robin USB-based worm and an infamous Russian cybercrime group tracked as Evil Corp. The tech giant said it observed the FakeUpdates (aka SocGholish) malware being delivered via existing Raspberry Robin infections on July 26, 2022. Raspberry Robin, also called QNAP Worm, is known to spread from a compromised system via | Malware | ||
|
2022-07-29 21:20:43 | North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts (lien direct) | A threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers that's capable of stealing email content from Gmail and AOL. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, which is said to share overlaps with an adversarial collective publicly referred to under the name | Malware Threat | ||
|
2022-07-29 16:55:15 | Amazon Adds Malware Detection to GuardDuty TDR Service (lien direct) | The new GuardDuty Malware Protection and Amazon Detective were among 10 products and services unveiled at AWS re:Inforce in Boston this week. | Malware | ||
|
2022-07-29 14:06:33 | Malicious npm Packages Scarf Up Discord Tokens, Credit Card Info (lien direct) | The campaign uses four malicious packages to spread "Volt Stealer" and "Lofy Stealer" malware in the open source npm software package repository. | Malware | ||
|
2022-07-29 13:55:57 | Microsoft experts linked the Raspberry Robin malware to Evil Corp operation (lien direct) | >Microsoft linked the recently discovered Raspberry Robin Windows malware to the notorious Evil Corp operation. On July 26, 2022, Microsoft researchers discovered that the FakeUpdates malware was being distributed via Raspberry Robin malware. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code […] | Malware | ||
|
2022-07-29 08:06:44 | (Déjà vu) Malware-laced npm packages used to target Discord users (lien direct) | >Threat actors used multiple npm packages to target Discord users with malware designed to steal their payment card data. A malicious campaign targeting Discord users leverages multiple npm packages to deliver malware that steals their payment card information, Kaspersky researchers warn. The malicious code hidden in the packages, and tracked as Lofy Stealer, is a […] | Malware | ||
|
2022-07-29 08:00:00 | Malicious Npm Packages Designed to Steal Discord Tokens (lien direct) | Kaspersky claims malware also steals card data | Malware | ★★★★ | |
|
2022-07-29 07:31:00 | Microsoft links Raspberry Robin malware to Evil Corp attacks (lien direct) | Microsoft has discovered that an access broker it tracks as DEV-0206 uses the Raspberry Robin Windows worm to deploy a malware downloader on networks where it also found evidence of malicious activity matching Evil Corp tactics. [...] | Malware | ||
|
2022-07-29 06:25:15 | Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware (lien direct) | A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with banking malware. These 17 dropper apps, collectively dubbed DawDropper by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code readers, VPN services, and call recorders, among others. All these apps in question have been | Malware | ||
 |
2022-07-29 03:32:01 | New HiddenAds malware affects 1M+ users and hides on the Google Play Store (lien direct) | >
Authored by Dexter Shin McAfee’s Mobile Research Team has identified new malware on the Google Play Store. Most of them...
|
Malware | ||
 |
2022-07-29 02:00:00 | July was a hot month for cybersecurity research (lien direct) | While summer may be vacation season, criminals never take a day off. Researchers are also always busy following their methods and digging into their possible path for exploit. Here are a few interesting research initiatives making headlines this month.Fake Android apps keep popping up in Google Play When folks download mobile applications from a trusted app source, obviously the expectation is the apps with be safe to use. But unfortunately, that is not always the case.While it is not a new issue, recent findings from both Zscaler ThreatLabz and Pradeo reveal that malware-laden Android apps in Google's app store-Google Play-continue to be a problem. The latest findings point to multiple instances of apps with the Joker, Facestealer, and Coper malware families in the marketplace. To read this article in full, please click here | Malware | ||
 |
2022-07-28 21:15:08 | CVE-2021-41556 (lien direct) | sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine. | Malware Guideline | ||
|
2022-07-28 11:04:36 | European firm DSIRF behind the attacks with Subzero surveillance malware (lien direct) | >Microsoft linked a private-sector offensive actor (PSOA) to attacks using multiple zero-day exploits for its Subzero malware. The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. The […] | Malware Threat | ||
|
2022-07-28 10:13:54 | Malicious npm packages steal Discord users\' payment card info (lien direct) | Multiple npm packages are being used in an ongoing malicious campaign to infect Discord users with malware that steals their payment card information. [...] | Malware | ||
 |
2022-07-28 09:20:39 | Microsoft Threat Intelligence Center Links Threat Group to Austrian Spyware Vendor DSRIF (lien direct) | Microsoft has linked the efforts of the threat group Knotweed to an Austrian spyware vendor. The group has so far used the malware dubbed ‘SubZero’ to attack groups in Europe and Central America. The Subzero malware, as used by Knotweed, can be used to hack a target’s phone, computers, network, and internet-connected devices. DSRIF markets […] | Malware Hack Threat | ||
 |
2022-07-28 09:00:41 | How attackers are adapting to a post-macro world (lien direct) | >Since Microsoft's shutdown of macros in Office apps, attackers are using container file types to deliver malware in one of the largest threat landscape shifts in recent history. | Malware Threat | ||
|
2022-07-28 09:00:00 | In a Post-Macro World, Container Files Emerge as Malware-Delivery Replacement (lien direct) | With Microsoft disabling Office macros by default, threat actors are increasingly using ISO, RAR, LNK, and similar files to deliver malware because they can get around Windows protections. | Malware Threat | ||
 |
2022-07-28 08:28:53 | Malware on IBM Power Systems: What You Need to Know (lien direct) | >Malware – what are the threats? Malware can come from and in a variety of attack vectors. Besides using 'traditional' methods of spreading malware, adversaries can leverage more sophisticated methods to turn your Power System into a 'malware host'. The key target is your data. Data is valuable, and organisations have paid at least $602 […]… Read More | Malware | ||
|
2022-07-28 05:48:00 | (Déjà vu) ASEC Weekly Malware Statistics (July 18th, 2022 – July 24th, 2022) (lien direct) | The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 18th, 2022 (Monday) to July 24th, 2022 (Sunday). For the main category, info-stealer ranked top with 44.7%, followed by backdoor with 40.3%, downloader with 14.5%, and ransomware with 0.6%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 27.0%. It is an info-stealer that leaks user credentials... | Ransomware Malware | ||
|
2022-07-28 05:27:47 | AppleSeed Being Distributed to Maintenance Company of Military Bases (lien direct) | The ASEC analysis team has recently discovered a case of AppleSeed being distributed to a certain maintenance company of military bases. AppleSeed is a backdoor malware mainly used by the Kimsuky group and is actively being distributed to multiple attack targets as of late. In this case, the malware was distributed with a file under the name of a military base. 20220713_**** base_installation planned dateV004_*** edited_6.xls AppleSeed was distributed as an Excel file (XLS) and protected with a password to... | Malware | ||
|
2022-07-28 05:00:00 | As Microsoft blocks Office macros, hackers find new attack vectors (lien direct) | Hackers who normally distributed malware via phishing attachments with malicious macros gradually changed tactics after Microsoft Office began blocking them by default, switching to new file types such as ISO, RAR, and Windows Shortcut (LNK) attachments. [...] | Malware |
To see everything:
Our RSS (filtrered)
