What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-14 17:32:00 | GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks (lien direct) | A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. "GoBruteforcer chose a Classless Inter-Domain Routing (CIDR) block for scanning the network during the attack, and it targeted all IP addresses within that CIDR range," Palo Alto Networks Unit 42 researchers said. "The threat actor | Malware Threat | ★★★ | |
 |
2023-03-14 15:54:30 | Emotet, QSnatch Malware Dominate Malicious DNS Traffic (lien direct) | An analysis of trillions of DNS requests shows a shocking amount of malicious traffic inside enterprise networks, with threats using DNS as a sort of malicious Autobahn. | Malware | ★★★★ | |
 |
2023-03-14 15:29:20 | South Korean Android Banking Menace – FakeCalls (lien direct) | >Research by: Bohdan Melnykov, Raman Ladutska When malware actors want to enter the business, they can choose markets where their profit is almost guaranteed to be worth the effort – according to past results. The malware does not need to be high profile, just careful selection of the audience and the right market can be […] | Malware | ★★ | |
 |
2023-03-14 14:50:00 | Les données DNS montrent qu'une organisation sur 10 a un trafic de logiciels malveillants sur leurs réseaux [DNS data shows one in 10 organizations have malware traffic on their networks] (lien direct) | Le rapport Akamai souligne à quel point les menaces de logiciels malveillants restent généralisées, notant les dangers des menaces spécifiques à l'infrastructure DNS.
Akamai report highlights how widespread malware threats remain, noting the dangers of threats specific to DNS infrastructure. |
Malware | ★★★ | |
 |
2023-03-14 14:11:00 | Hackers target South Asian government entities with KamiKakaBot malware (lien direct) |
Suspected government-backed hackers are attacking military and government organizations in South Asia with malware called KamiKakaBot that is designed to steal sensitive information. Researchers from Amsterdam-based cybersecurity firm EclecticIQ [attributed](https://blog.eclecticiq.com/dark-pink-apt-group-strikes-government-entities-in-south-asian-countries#A1) the attacks to the advanced persistent threat (APT) group Dark Pink. The group's previous victims include military, government, religious and non-profit organizations in Cambodia, Indonesia, |
Malware Threat | ★★ | |
 |
2023-03-14 13:00:00 | CyberheistNews Vol 13 #11 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears (lien direct) |
CyberheistNews Vol 13 #11 | March 14th, 2023
[Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears
Robert Lemos at DARKReading just reported on a worrying trend. The title said it all, and the news is that more than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information. Yikes.
I'm giving you a short extract of the story and the link to the whole article is below.
"Employees are submitting sensitive business data and privacy-protected information to large language models (LLMs) such as ChatGPT, raising concerns that artificial intelligence (AI) services could be incorporating the data into their models, and that information could be retrieved at a later date if proper data security isn't in place for the service.
"In a recent report, data security service Cyberhaven detected and blocked requests to input data into ChatGPT from 4.2% of the 1.6 million workers at its client companies because of the risk of leaking confidential info, client data, source code, or regulated information to the LLM.
"In one case, an executive cut and pasted the firm's 2023 strategy document into ChatGPT and asked it to create a PowerPoint deck. In another case, a doctor input his patient's name and their medical condition and asked ChatGPT to craft a letter to the patient's insurance company.
"And as more employees use ChatGPT and other AI-based services as productivity tools, the risk will grow, says Howard Ting, CEO of Cyberhaven.
"'There was this big migration of data from on-prem to cloud, and the next big shift is going to be the migration of data into these generative apps," he says. "And how that plays out [remains to be seen] - I think, we're in pregame; we're not even in the first inning.'"
Your employees need to be stepped through new-school security awareness training so that they understand the risks of doing things like this.
Blog post with links:https://blog.knowbe4.com/employees-are-feeding-sensitive-biz-data-to-chatgpt-raising-security-fears
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blockl |
Ransomware Data Breach Spam Malware Threat Guideline Medical | ChatGPT ChatGPT | ★★ |
 |
2023-03-14 11:49:15 | Le développeur de NetWire arrêté (lien direct) | En Croatie, le développeur de NetWire RAT, Mario Žanko, a été arrêté et l’infrastructure du malware a été saisie par les autorités. Mario Žanko, 40 ans, est un informaticien recherché par le FBI depuis des années. Il faut dire aussi que son logiciel pas comme les autres a permis d’orchestrer des dizaines de milliers de … Continue reading Le développeur de NetWire arrêté | Malware | ★★★ | |
 |
2023-03-13 23:31:00 | Mallox Ransomware Being Distributed in Korea (lien direct) | AhnLab Security Emergency response Center (ASEC) has recently discovered the distribution of the Mallox ransomware during the team’s monitoring. As covered before, Mallox, which targets vulnerable MS-SQL servers, has historically been distributed at a consistently high rate based on AhnLab’s statistics. The malware disguised as a program related to DirectPlay is a file built in .NET which, as shown in Figure 3, connects to a certain address, downloads additional malware, and runs it in the memory. If this address cannot... | Ransomware Malware | ★★★ | |
|
2023-03-13 21:52:00 | 200-300% Increase in AI-Generated YouTube Videos to Spread Stealer Malware (lien direct) | Pas de details / No more details | Malware | ★★★ | |
 |
2023-03-13 20:44:03 | New Hiatus malware campaign targets routers (lien direct) | >A new malware dubbed HiatusRAT infects routers to spy on its targets, mostly in Europe and in the U.S. Learn which router models are primarily targeted and how to protect from this security threat. | Malware | ★★ | |
|
2023-03-13 18:38:00 | Hike in AI-Created YouTube Videos Loaded With Malware (lien direct) | AI-generated videos pose as tutorials on how to get cracked versions of Photoshop, Premiere Pro, and more. | Malware | ★★ | |
 |
2023-03-13 17:46:14 | Persistance à long terme d\'un malware chinois sur des dipositifs SonicWall, l\'importance du monitoring en continue (lien direct) | Persistance à long terme d'un malware chinois sur des dipositifs SonicWall, l'importance du monitoring en continue Mandiant, en partenariat avec SonicWall Product Security and Incident Response Team (PSIRT), a identifié une campagne chinoise suspecte qui consiste à maintenir une présence à long terme en exécutant un logiciel malveillant sur une application SonicWall Secure Mobile Access (SMA) qui n'a pas été patchée. - Malwares | Malware | ★★ | |
|
2023-03-13 17:17:00 | Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (lien direct) | Threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar. "The videos lure users by pretending to be tutorials on how to download cracked versions of software such as Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and other products that are licensed products available only to paid users," | Malware Threat | ★★ | |
|
2023-03-13 11:45:00 | KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets (lien direct) | The Dark Pink advanced persistent threat (APT) actor has been linked to a fresh set of attacks targeting government and military entities in Southeast Asian countries with a malware called KamiKakaBot. Dark Pink, also called Saaiwc, was first profiled by Group-IB earlier this year, describing its use of custom tools such as TelePowerBot and KamiKakaBot to run arbitrary commands and exfiltrate | Malware Threat | ★★★ | |
 |
2023-03-13 10:00:00 | Insights from an external incident response team: Strategies to reduce the impact of cybersecurity attacks (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. "Why are you here if you cannot decrypt our data?" This is how people sometimes react to the arrival of the external incident response team. In this article, I will try to answer this question, but at the same time, I am going to describe the stages of incident response, list the main mistakes that play into the hands of hackers, and give basic advice on how to respond. Let's start by defining what a security incident is. Although the concept is straightforward, various companies may interpret it differently. For instance, some companies may consider incidents to include situations such as a power supply failure or a hard drive malfunction, while others may only classify malicious actions as incidents. In theory, an incident is a moment when some kind of undesirable event occurs. In practice, the definition of an "undesirable event" is determined by each company's own interpretation and perspective. For one organization, the discovery of a phishing email is what requires investigation. Other companies may not see the point in worrying about such incidents. For instance, they may not be concerned about a phishing email being opened on an employee device in a remote location not connected to the main infrastructure since it poses no immediate threat. There are also interesting cases here. For example, online traders consider a drop in the speed of interaction with the online exchange by 1% to be a serious incident. In many industries, proper incident response steps and cybersecurity in general, cannot be overestimated. But if we are talking about serious incidents, then most often, these are events related to the penetration of an attacker into the corporate network. This annoys the vast majority of business leaders. Incident response stages While the interpretation of certain events as security incidents may vary depending on various factors such as context and threat model, the response steps are often the same. These response steps are primarily based on the old SANS standard, which is widely used by many security professionals. SANS identifies six stages of incident response: Preparation Identification Containment Eradication Recovery Lessons learned It is important to note that the external response team is not immediately involved in this process. Preparation Preparation involves properly aligning organizational and technical processes. These are universal measures that should be implemented effectively across all areas: Inventory networks Build subnets correctly Use correct security controls and tools Hire the right people All this is not directly related to the external response team and, at the same time, affects its work significantly. The response is based on preparatory steps. For example, it relies heavily on the log retention policy. Each attack has its own dwell time - the time from an attacker entering the network until their activity is detected. If the attack has an extended dwell time (three-four months) and the logs are kept for seven days, it will be much more difficult for the investigation team to fin | Spam Malware Vulnerability Threat Guideline | ★★★ | |
|
2023-03-13 00:49:37 | CHM Malware Disguised as North Korea-related Questionnaire (Kimsuky) (lien direct) | AhnLab Security Emergency response Center (ASEC) has recently discovered a CHM malware which is assumed to have been created by the Kimsuky group. This malware type is the same as the one covered in the following ASEC blog posts and the analysis report on the malware distributed by the Kimsuky group, its goal being the exfiltration of user information. Analysis Report on Malware Distributed by the Kimsuky Group – Oct 20, 2022 APT Attack Being Distributed as Windows Help File (*.chm) –... | Malware | ★★★ | |
 |
2023-03-12 00:03:36 | List of clean mutexes and mutants (lien direct) | A few years ago I released a list of ‘bad’ mutexes/mutants. That list was generated from my malware sandbox reports. I thought that it may be good to revisit the […] | Malware | ★★★★ | |
|
2023-03-11 19:02:00 | BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (lien direct) | The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif. According to cybersecurity company eSentire, malicious ads are used to spoof a wide range of legitimate apps and services such as Adobe, OpenAPI's ChatGPT, Spotify, Tableau, and Zoom. BATLOADER, as the name suggests, is a loader that's responsible for | Malware | ChatGPT | ★★ |
|
2023-03-10 21:01:30 | BlackLotus Secure Boot Bypass Malware Set to Ramp Up (lien direct) | BlackLotus is the first in-the-wild malware to exploit a vulnerability in the Secure Boot process on Windows, and experts expect copycats and imminent increased activity. | Malware Vulnerability | ★★★ | |
 |
2023-03-10 20:34:34 | Xenomorph Android Malware Steals Data From 400 Banks (lien direct) | A new automatic transfer system (ATS) framework and the capacity to steal login information for 400 banks are two of the main capabilities added to the Xenomorph Android virus in this new iteration. ThreatFabric found the initial iteration in February 2022. The banking malware has amassed over 50,000 downloads on the Google Play store. Using […] | Malware | ★ | |
|
2023-03-10 19:32:00 | New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (lien direct) | An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed in 2016, is a modular botnet that features a large repertoire of components and several proliferation | Malware | ★★★ | |
|
2023-03-10 19:20:00 | China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware (lien direct) | A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access (SMA) 100 appliances to drop malware and establish long-term persistence. "The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades," cybersecurity company Mandiant said in a technical report published this week. The | Malware | ★★ | |
 |
2023-03-10 17:30:00 | Hadoken Security Group Upgrades Xenomorph Mobile Malware (lien direct) | The trojan can now start specified applications, show push notifications, steal cookies and more | Malware | ★★★ | |
 |
2023-03-10 16:27:40 | Microsoft OneNote to get enhanced security after recent malware abuse (lien direct) | Microsoft is working on introducing improved protection against phishing attacks pushing malware via malicious Microsoft OneNote files. [...] | Malware | ★★★ | |
|
2023-03-10 15:33:00 | Xenomorph Android Banking Trojan Returns with a New and More Powerful Variant (lien direct) | A new variant of the Android banking trojan named Xenomorph has surfaced in the wild, the latest findings from ThreatFabric reveal. Named "Xenomorph 3rd generation" by the Hadoken Security Group, the threat actor behind the operation, the updated version comes with new features that allow it to perform financial fraud in a seamless manner. "This new version of the malware adds many new | Malware Threat | ★★ | |
|
2023-03-10 14:46:12 | Use of Malware Decreases in Cyber Attacks as Exploit Usage Skyrockets (lien direct) |
|
Malware | ★★ | |
|
2023-03-10 14:02:23 | New GoBruteforcer malware targets phpMyAdmin, MySQL, FTP, Postgres (lien direct) | A newly discovered Golang-based botnet malware scans for and infects web servers running phpMyAdmin, MySQL, FTP, and Postgres services. [...] | Malware | ★★★ | |
|
2023-03-10 13:13:00 | North Korean UNC2970 Hackers Expands Operations with New Malware Families (lien direct) | A North Korean espionage group tracked as UNC2970 has been observed employing previously undocumented malware families as part of a spear-phishing campaign targeting U.S. and European media and technology organizations since June 2022. Google-owned Mandiant said the threat cluster shares "multiple overlaps" with a long-running operation dubbed "Dream Job" that employs job recruitment lures in | Malware Threat | ★★ | |
|
2023-03-10 12:58:14 | SoulSearcher Malware Released By Chinese Sharp Panda Group (lien direct) | Sharp Panda’s new “SoulSearcher” malware framework is targeting high-profile government agencies in Vietnam, Thailand, and Indonesia. Chinese APTs used the virus to spy on vital Southeast Asian organizations. Check Point found a spear-phishing-based malware campaign that started in late 2022 and continues into 2023. The latest Sharp Panda operation sends spear-phishing emails with malicious DOCX […] | Malware | ★★ | |
|
2023-03-10 12:48:07 | Security researchers targeted with new malware via job offers on LinkedIn (lien direct) | A suspected North Korean hacking group is targeting security researchers and media organizations in the U.S. and Europe with fake job offers that lead to the deployment of three new, custom malware families. [...] | Malware Guideline | ★★★ | |
|
2023-03-10 10:54:50 | Police Seize Netwire RAT Malware Framework, Detains Admin (lien direct) | After seizing the website and bringing down the infrastructure used by criminals connected to the NetWire remote access malware, international law enforcement authorities have declared another triumph over cybercriminals (RAT). A guy who allegedly ran the worldwiredlabs website, which has long sold the NetWire malware, was detained by Croatian police on Tuesday. Swiss law enforcement […] | Malware | ★★★ | |
|
2023-03-10 05:24:00 | Xenomorph Android malware now steals data from 400 banks (lien direct) | The Xenomorph Android malware has released a new version that adds significant capabilities to conduct malicious attacks, including a new automated transfer system (ATS) framework and the ability to steal credentials for 400 banks. [...] | Malware | ★★★ | |
 |
2023-03-10 01:33:57 | Another Malware with Persistence (lien direct) | Here’s a piece of Chinese malware that infects SonicWall security appliances and survives firmware updates. On Thursday, security firm Mandiant published a report that said threat actors with a suspected nexus to China were engaged in a campaign to maintain long-term persistence by running malware on unpatched SonicWall SMA appliances. The campaign was notable for the ability of the malware to remain on the devices even after its firmware received new firmware. “The attackers put significant effort into the stability and persistence of their tooling,” Mandiant researchers Daniel Lee, Stephen Eckels, and Ben Read wrote. “This allows their access to the network to persist through firmware updates and maintain a foothold on the network through the SonicWall Device.”... | Malware Threat | ★★★ | |
|
2023-03-10 00:55:42 | Netcat Attack Cases Targeting MS-SQL Servers (LOLBins) (lien direct) | ASEC (AhnLab Security Emergency response Center) has recently discovered the distribution of the Netcat malware targeting poorly managed MS-SQL servers. Netcat is a utility that allows users to send and receive data from specific destinations on a network connected by the TCP/UDP protocol. Due to its various features and ability to be used on both Linux and Windows, it is utilized by network managers and threat actors alike. 1. Netcat From a malware standpoint, a characteristic of Netcat is its... | Malware Threat | ★★★ | |
 |
2023-03-09 23:20:13 | Malware infecting widely used security appliance survives firmware updates (lien direct) | Update-resistant malware is part of a pattern by highly motivated threat actors. | Malware Threat | ★★★ | |
|
2023-03-09 20:24:00 | Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware (lien direct) | Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center (ASEC), in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on compromised systems. This includes the Sliver post-exploitation framework, XMRig cryptocurrency | Malware Threat | ★★★ | |
 |
2023-03-09 18:27:06 | Refreshed from its holiday, Emotet has gone phishing (lien direct) | Notorious botnet starts spamming again after a three-month pause Emotet is back. After another months-long lull since a spate of attacks in November 2022, the notorious malware operation that has already survived a law enforcement takedown and various periods of inactivity began sending out malicious emails on Tuesday morning.… | Malware | ★★ | |
|
2023-03-09 18:24:20 | Police seize Netwire RAT malware infrastructure, arrest admin (lien direct) | An international law enforcement operation involving the FBI and police agencies worldwide led to the arrest of the suspected administrator of the NetWire remote access trojan and the seizure of the service's web domain and hosting server. [...] | Malware | ★★★ | |
 |
2023-03-09 17:59:30 | Custom Chinese Malware Found on SonicWall Appliance (lien direct) | >Malware deployed by Chinese hackers on a SonicWall SMA appliance includes credential theft, shell access, and persistence functionality. | Malware | ★★ | |
|
2023-03-09 17:30:00 | Remcos Trojan Returns to Most Wanted Malware List After Ukraine Attacks (lien direct) | Weekly attacks targeting Ukraine decreased by 44% between October 2022 and February 2023 | Malware | ★★ | |
|
2023-03-09 17:00:00 | 8220 Gang Behind ScrubCrypt Attack Targeting Oracle Weblogic Server (lien direct) | ScrubCrypt malware obfuscates and encrypts applications to evade antivirus detection | Malware | ★★ | |
|
2023-03-09 16:23:20 | Black Lotus Labs uncovers another new malware that targets compromised routers (lien direct) | Black Lotus Labs uncovers another new malware that targets compromised routers HiatusRAT has been targeting business-grade routers to covertly spy on victims since July 2022 - Malware Update | Malware | ★★ | |
|
2023-03-09 12:40:37 | SonicWall devices infected by malware that survives firmware upgrades (lien direct) | A suspected Chinese hacking campaign has been targeting unpatched SonicWall Secure Mobile Access (SMA) appliances to install custom malware that establish long-term persistence for cyber espionage campaigns. [...] | Malware | ★★ | |
|
2023-03-09 11:00:28 | February 2023\'s Most Wanted Malware: Remcos Trojan Linked to Cyberespionage Operations Against Ukrainian Government (lien direct) | >Researchers report that Remcos Trojan was used by threat actors to target Ukrainian government entities through phishing attacks as part of wider cyberespionage operations. Meanwhile, Formbook and Emotet returned to the top three most prevalent malware families, and Education/Research remained the most targeted industry Our latest Global Threat Index for February 2023 saw Remcos Trojan… | Malware Threat | ★★★ | |
|
2023-03-09 10:35:58 | There\'s A RAT In mi Note, What Am I Gonna Do? (lien direct) | Cybercriminals use Microsoft OneNote attachments in phishing emails to spread malware and password stealers. Phishing campaigns are one of the most typical ways criminals obtain private or sensitive information. According to Verizon Data Breach Investigations Report, 94% of the malware is delivered by email. Malicious Word and Excel attachments for phishing have been prevalent for […] | Data Breach Malware | ★★★ | |
|
2023-03-09 02:26:12 | Suspected Chinese cyber spies target unpatched SonicWall devices (lien direct) | They've been lurking in networks since at least 2021 Suspected Chinese cyber criminals have zeroed in on unpatched SonicWall gateways and are infecting the devices with credential-stealing malware that persists through firmware upgrades, according to Mandiant.… | Malware | ★★★ | |
|
2023-03-09 00:00:00 | PlugX Malware Being Distributed via Vulnerability Exploitation (lien direct) | The ASEC (AhnLab Security Emergency response Center) has recently discovered the installation of the PlugX malware through the Chinese remote control programs Sunlogin and Awesun’s remote code execution vulnerability. Sunlogin’s remote code execution vulnerability (CNVD-2022-10270 / CNVD-2022-03672) is still being used for attacks even now ever since its exploit code was disclosed. The team previously made a post about how Sliver C2, XMRig CoinMiner, and Gh0st RAT were being distributed through the Sunlogin RCE vulnerability. Additionally, since Gh0st RAT was... | Malware Vulnerability | ★★★ | |
|
2023-03-08 23:30:00 | CHM Malware Disguised as Security Email from a Korean Financial Company: Redeyes (Scarcruft) (lien direct) | The ASEC (AhnLab Security Emergency response Center) analysis team has discovered that the CHM malware, which is assumed to have been created by the RedEyes threat group (also known as APT37, ScarCruft), is being distributed to Korean users. The team has confirmed that the command used in the “2.3. Persistence” stage of the RedEyes group’s M2RAT malware attack, which was reported back in February, has the same format as the command used in this attack. This information, as well as... | Malware Threat Cloud | APT 37 | ★★ |
|
2023-03-08 20:14:00 | 40% of Global ICS Systems Attacked With Malware in 2022 (lien direct) | Led by growth in Russia, more than 40% of global ICS systems faced malicious activity in the second half of 2022. | Malware | ★★ | |
|
2023-03-08 16:50:40 | AI-Powered \'BlackMamba\' Keylogging Attack Evades Modern EDR Security (lien direct) | Researchers warn that polymorphic malware created with ChatGPT and other LLMs will force a reinvention of security automation. | Malware | ChatGPT ChatGPT | ★★ |
To see everything:
Our RSS (filtrered)
