What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-01-05 05:50:00 | Focusing on Your Adversary (lien direct) | Every day, we hear news stories or read articles about data breaches and other cyber security threats. As malicious threat actors and the risk of cyber threats increase, protecting networks and valuable information becomes more critical. So what can organizations do to ensure their networks remain secure? Organizations must understand their adversaries’ identities to keep data safe and protect it from cyber-attacks. This article will explore the different types of threats facing enterprise organizations and what they can do to stay ahead of them. Evolving Cyber Attacks Cyber attacks are constantly evolving as attackers continue to find new ways to exploit vulnerabilities. This includes: Increased use of artificial intelligence (AI) and machine learning: Attackers are using AI and machine learning to automate and improve the effectiveness of their attacks. For example, AI can be used to generate convincing phishing emails or to bypass security systems. Rise of ransomware: Ransomware attacks, which involve encrypting a victim’s data and demanding a ransom to decrypt it, have become increasingly common in recent years. Ransomware attacks can significantly impact businesses, disrupting operations and resulting in financial losses. More targeted attacks: Rather than broad-based attacks that aim to compromise as many systems as possible, attackers are increasingly using targeted attacks designed to exploit a particular organization’s vulnerabilities. Increased focus on mobile devices: Mobile devices, such as smartphones and tablets, are becoming increasingly vulnerable to cyber-attacks. As a result, attackers focus more on exploiting these devices’ vulnerabilities. Increased use of cloud services: As more organizations move to the cloud, attackers are finding new ways to exploit vulnerabilities in these systems. For example, attackers may try to gain access to an organization’s cloud-based data or disrupt its cloud-based operations. It’s not only crucial for organizations to stay up-to-date on the latest trends in cyber attacks and to implement appropriate security measures to protect against them. It’s even more important to pinpoint your adversaries to understand their TTPs to protect and predict their next attack. Types of Adversaries There are many different types of cybersecurity adversaries that organizations have to deal with. Some common types of adversaries include: Hackers: Individuals or groups who attempt to gain unauthorized access to systems or networks for various reasons, such as stealing data, disrupting operations, or causing damage. Cybercriminals: Individuals or groups who use the internet to commit crimes, such as identity theft, fraud, or extortion. Cyber Terrorists: A group that’s goal is to disrupt operations, cause harm, and destroy data. Increasingly targeting critical infrastructures such as power plants, water treatment facilities, transportation systems, and healthcare providers. Nation-state actors: Governments or government-sponsored organizations that use cyber attacks as part of their foreign policy or military operations. Insider threats: Individuals with legitimate access to an organization’s systems or networks use that access to cause harm or steal sensitive information. Malicious insiders: These are individuals who are intentionally malicious and seek to cause harm to an organization’s systems or networks. Hacktivists: The term “hacktivists” refers to people who use hacking techniques to disrupt computer systems and networks in pursuit of political goals. Hackers often work alone, though some groups do exist. Script Kiddies: Originally used to describe young hackers, it now refer | Ransomware Malware Tool Vulnerability Threat Industrial Prediction | ★★★ | |
 |
2023-01-05 04:00:00 | NATO tests AI\'s ability to protect critical infrastructure against cyberattacks (lien direct) | Autonomous intelligence, artificial intelligence (AI) that can act without human intervention, can help identify critical infrastructure cyberattack patterns and network activity, and detect malware to enable enhanced decision-making about defensive responses. That's according to the preliminary findings of an international experiment of AI's ability to secure and defend systems, power grids and other critical assets by cyber experts at the North Atlantic Treaty Organization's (NATO) Cyber Coalition 2022 event late last year.The simulated experiment saw six teams of cyber defenders from NATO allies tasked with setting up computer-based systems and power grids at an imaginary military base and keeping them running during a cyberattack. If hackers interfered with system operations or the power went down for more than 10 minutes, critical systems could go offline. The differentiator was that three of the teams had access to a novel Autonomous Intelligence Cyberdefense Agent (AICA) prototype developed by the US Department of Energy's (DOE) Argonne National Laboratory, while the other three teams did not.To read this article in full, please click here | Malware | ★★★ | |
 |
2023-01-04 17:29:46 | New SHC-compiled Linux malware installs cryptominers, DDoS bots (lien direct) | A new Linux malware downloader created using SHC (Shell Script Compiler) has been spotted in the wild, infecting systems with Monero cryptocurrency miners and DDoS IRC bots. [...] | Malware | ★★ | |
|
2023-01-04 16:30:00 | Anomali Cyber Watch: Machine Learning Toolkit Targeted by Dependency Confusion, Multiple Campaigns Hide in Google Ads, Lazarus Group Experiments with Bypassing Mark-of-the-Web (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Backdoors, Data breaches, North Korea, Phishing, and Typosquatting. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
PyTorch Discloses Malicious Dependency Chain Compromise Over Holidays
(published: January 1, 2023)
Between December 25th and December 30th, 2022, users who installed PyTorch-nightly were targeted by a malicious library. The malicious torchtriton dependency on PyPI uses the dependency confusion attack by having the same name as the legitimate one on the PyTorch repository (PyPI takes precedence unless excluded). The actor behind the malicious library claims that it was part of ethical research and that he alerted some affected companies via HackerOne programs (Facebook was allegedly alerted). At the same time the library’s features are more aligned with being a malware than a research project. The code is obfuscated, it employs anti-VM techniques and doesn’t stop at fingerprinting. It exfiltrates passwords, certain files, and the history of Terminal commands. Stolen data is sent to the C2 domain via encrypted DNS queries using the wheezy[.]io DNS server.
Analyst Comment: The presence of the malicious torchtriton binary can be detected, and it should be uninstalled. PyTorch team has renamed the 'torchtriton' library to 'pytorch-triton' and reserved the name on PyPI to prevent similar attacks. Opensource repositories and apps are a valuable asset for many organizations but adoption of these must be security risk assessed, appropriately mitigated and then monitored to ensure ongoing integrity.
MITRE ATT&CK: [MITRE ATT&CK] T1195.001 - Supply Chain Compromise: Compromise Software Dependencies And Development Tools | [MITRE ATT&CK] T1027 - Obfuscated Files Or Information | [MITRE ATT&CK] Picus: The System Information Discovery Technique Explained - MITRE ATT&CK T1082 | [MITRE ATT&CK] T1003.008 - OS Credential Dumping: /Etc/Passwd And /Etc/Shadow | [MITRE ATT&CK] T1041 - Exfiltration Over C2 Channel
Tags: Dependency confusion, Dependency chain compromise, PyPI, PyTorch, torchtriton, Facebook, Meta AI, Exfiltration over DNS, Linux
Linux Backdoor Malware Infects WordPress-Based Websites
(published: December 30, 2022)
Doctor Web researchers have discovered a new Linux backdoor that attacks websites based on the WordPress content management system. The latest version of the backdoor exploits 30 vulnerabilities in outdated versions of WordPress add-ons (plugins and themes). The exploited website pages are injected with a malicious JavaScript that intercepts all users clicks on the infected page to cause a malicious redirect.
Analyst Comment: Owners of WordPress-based websites should keep all the components of the platform up-to-date, including third-party add-ons and themes. Use |
Malware Tool Vulnerability Threat Patching Medical | APT 38 LastPass | ★★ |
 |
2023-01-04 15:46:00 | BitRat Malware Gnaws at Victims With Bank Heist Data (lien direct) | Attackers have compromised a Colombian financial institution and are using a bevy of leaked customer details in further malicious activity to spread an info-gathering remote access Trojan (RAT). | Malware | ★★★ | |
 |
2023-01-04 14:02:00 | New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner (lien direct) | A new Linux malware developed using the shell script compiler (shc) has been observed deploying a cryptocurrency miner on compromised systems. "It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system," AhnLab Security Emergency Response Center (ASEC) said in a report published | Malware | ★★ | |
 |
2023-01-04 12:40:40 | New malware campaign using stolen bank info as phishing bait (lien direct) | An unidentified actor or actors are tricking victims into opening malicious Excel attachments in phishing emails by showing them stolen sensitive information, reports The Hacker News. | Malware | ★★ | |
|
2023-01-04 12:16:37 | Hackers abuse Windows error reporting tool to deploy malware (lien direct) | Hackers are abusing the Windows Problem Reporting (WerFault.exe) error reporting tool for Windows to load malware into a compromised system's memory using a DLL sideloading technique. [...] | Malware Tool | ★★ | |
 |
2023-01-04 11:53:15 | The Week in Dark Web – 4 January 2023 – Access Sales, Data, and Malware Leakes (lien direct) | Powered by DarkMirror™ Entering the first week of the year, the most sensational incident on... | Malware | ★★★ | |
 |
2023-01-04 01:52:19 | Shc Linux Malware Installing CoinMiner (lien direct) | The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl. 1. Shc (Shell Script Compiler) Shc is an abbreviation for Shell Script Compiler and is responsible for... | Malware | ★★ | |
|
2023-01-03 23:01:09 | New York county cyberattack under investigation (lien direct) | Patch reports that New York's Rockland County had its County Clerk's Office's record management servers disconnected following a malware attack against database software administrator Cott Systems around Christmas. | Malware | ★★ | |
|
2023-01-03 19:03:00 | WordPress Sites Under Attack from Newly Found Linux Trojan (lien direct) | Researchers who discovered the backdoor Linux malware say it may have been around for more than three years - and it targets 30+ plugin bugs. | Malware | ★★ | |
|
2023-01-03 17:02:00 | Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware (lien direct) | A new malware campaign has been observed using sensitive information stolen from a bank as a lure in phishing emails to drop a remote access trojan called BitRAT. The unknown adversary is believed to have hijacked the IT infrastructure of a Colombian cooperative bank, using the information to craft convincing decoy messages to lure victims into opening suspicious Excel attachments. The discovery | Malware | ★★★ | |
|
2023-01-03 16:55:17 | Raspberry Robin Worm Hatches a Highly Complex Upgrade (lien direct) | The Evil Corp-linked malware family has undergone an evolution, becoming more obfuscated and "several times more complex," as the group behind it tests how far the worm can be spread. | Malware | ★★★ | |
 |
2023-01-03 16:10:00 | Researchers Discover New Linux Malware Targeting WordPress Sites (lien direct) | The Trojan exploits known vulnerabilities in outdated WordPress plugins and themes | Malware | ★★ | |
|
2023-01-03 15:43:00 | Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe (lien direct) | Financial and insurance sectors in Europe have been targeted by the Raspberry Robin worm, as the malware continues to evolve its post-exploitation capabilities while remaining under the radar. "What is unique about the malware is that it is heavily obfuscated and highly complex to statically disassemble," Security Joes said in a new report published Monday. The intrusions, observed against | Malware | ★★★ | |
|
2023-01-03 13:10:01 | BitRAT malware campaign uses stolen bank data for phishing (lien direct) | Threat actors behind a recent malware campaign have been using the stolen information of bank customers in Colombia as lures in phishing emails designed to infect targets with the BitRAT remote access trojan, according to cloud security firm Qualys. [...] | Malware Threat | ★★ | |
 |
2023-01-03 12:50:38 | Malware Delivered to PyTorch Users in Supply Chain Attack (lien direct) | Last week's nightly builds of the open source machine learning framework PyTorch were injected with malware following a supply chain attack. Now part of the Linux Foundation umbrella, PyTorch is based on the Torch library and is used for applications in computer vision and natural language processing fields. | Malware | ★ | |
 |
2023-01-03 12:10:05 | Nouvelles attaques du groupe BlueNoroff : l\'acteur APT se faisant passer pour une société de capital-risque étend son arsenal stratégique (lien direct) | >Les experts de Kaspersky ont découvert que le groupe APT BlueNoroff dispose désormais de nouvelles souches de malware sophistiquées pour déployer ses attaques. Tribune Kaspersky – BlueNoroff, acteur bien connu du paysage de la menace ciblant les crypto-monnaies des entités financières dans le monde entier, vise notamment les sociétés de capital-risque, les start-ups crypto et […] The post Nouvelles attaques du groupe BlueNoroff : l'acteur APT se faisant passer pour une société de capital-risque étend son arsenal stratégique first appeared on UnderNews. | Malware | ★★★ | |
 |
2023-01-03 03:37:37 | What are sandboxes? How to create your own sandbox (lien direct) | In the language of technology, a sandbox is a safe testing environment that is isolated from the rest of your network or system. Developers use sandboxes to test their code before deployment. In cybersecurity, suspicious and potentially unsafe programs, software, and attachments are executed in sandboxes to detect malware and to avoid any harm implicated by them. The use of a sandbox enables you to safely download, open, examine, or run unknown files, providing an additional layer of security. Benefits of Sandboxes. Spiceworks lists some benefits of sandboxing in cybersecurity: Prevents zero... | Malware | ★★ | |
|
2023-01-03 00:36:00 | How Infostealer Threat Actors Make a Profit (lien direct) | Infostealer is a type of information-stealing malware with the goal of stealing user credentials such as the user account information, cryptocurrency wallet address, and files that are saved in programs such as web browsers and email clients. According to the ASEC report for Q3 2022, Infostealers make up more than half of malware types with executable formats reported by client companies or collected by AhnLab. As the downloader types also actually install Infostealers or backdoor-type malware, it can be said... | Malware Threat | ★★ | |
 |
2023-01-02 22:15:18 | CVE-2022-4417 (lien direct) | The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users | Malware | ||
 |
2023-01-02 15:05:06 | Linux Malware Exploits 30+ Plugins Into WordPress Sites (lien direct) | A new strain of Linux malware is targeting WordPress sites and exploiting vulnerabilities in over two dozen plugins and themes to compromise systems. Russian security firm Doctor Web discovered the malware, which has been tracked as Linux.BackDoor.WordPressExploit.1. It targets both 32-bit and 64-bit versions of Linux and has backdoor capabilities that allow it to attack […] | Malware | ★★★ | |
|
2023-01-02 13:20:00 | WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws (lien direct) | WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. "If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts," Russian security vendor Doctor Web said in a report published last week. "As a result, | Malware | ★★★ | |
|
2023-01-02 01:18:00 | (Déjà vu) ASEC Weekly Malware Statistics (December 19th, 2022 – December 25th, 2022) (lien direct) | The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 19th, 2022 (Monday) to December 25th, 2022 (Sunday). For the main category, Infostealer ranked top with 37.3%, followed by downloader with 35.7%, backdoor with 23.9%, and ransomware with 3.1%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 23.3%. The malware is distributed via malware disguised as PUP installer.... | Ransomware Malware | ★★ | |
|
2022-12-30 10:41:11 | New Linux malware uses 30 plugin exploits to backdoor WordPress sites (lien direct) | A previously unknown Linux malware has been exploiting 30 vulnerabilities in multiple outdated WordPress plugins and themes to inject malicious JavaScript. [...] | Malware | ★★★ | |
|
2022-12-29 16:30:00 | Anomali Cyber Watch: Zerobot Added New Exploits and DDoS Methods, Gamaredon Group Bypasses DNS, ProxyNotShell Exploited Prior to DLL Side-Loading Attacks, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Botnet, Bypassing DNS, DDoS, Infostealers, Layoffs, Spearphishing, Supply chain, and Zero-day vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
New RisePro Stealer Distributed by the Prominent PrivateLoader
(published: December 22, 2022)
RisePro is a new commodity infostealer that is being sold and supported by Telegram channels. Log credentials derived from RisePro are for sale on illicit markets since December 13, 2022. RisePro targets password stores and particular file patterns to extract cookies, credit card information, cryptocurrency wallets, installed software credentials, and passwords. RisePro was delivered by PrivateLoader and these two malware families have significant code similarity. It also shares similarity with the Vidar stealer in a way that both use dropped DLL dependencies.
Analyst Comment: Infostealers are a continually rising threat for organizations especially with hybrid workers utilizing their own and other non-corporate devices to access cloud based resources and applications. Information from these sessions, useful to attackers, can be harvested unknown to the worker or end organization. In addition, the rise of threat actor reliance on potent commodity malware is one of the trends that Anomali analysts observe going into 2023 (see Predictions below). Network defenders are advised to block known PrivateLoader and RisePro indicators (available on the Anomali platform).
MITRE ATT&CK: [MITRE ATT&CK] T1213 - Data From Information Repositories | [MITRE ATT&CK] T1113 - Screen Capture | [MITRE ATT&CK] T1555.004 - Credentials from Password Stores: Windows Credential Manager | [MITRE ATT&CK] T1140 - Deobfuscate/Decode Files Or Information | [MITRE ATT&CK] T1222: File and Directory Permissions Modification | [MITRE ATT&CK] T1027 - Obfuscated Files Or Information | [MITRE ATT&CK] T1027.005 - Obfuscated Files or Information: Indicator Removal From Tools | [MITRE ATT&CK] T1087 - Account Discovery | [MITRE ATT&CK] T1083 - File And Directory Discovery | [MITRE ATT&CK] T1057 - Process Discovery | [MITRE ATT&CK] T1012: Query Registry | [MITRE ATT&CK] T1518 - Software Discovery | [MITRE ATT&CK] Picus: The System Information Discovery Technique Explained - MITRE ATT&CK T1082 | |
Malware Tool Threat | ★★ | |
|
2022-12-29 11:56:34 | Malware increasingly spread through Google Ads exploits (lien direct) | More threat actors have been distributing malware through fraudulent websites of widely used software products that are being promoted by exploiting the Google Ads platform, according to BleepingComputer. | Malware Threat | ★★ | |
|
2022-12-28 14:12:16 | Hackers abuse Google Ads to spread malware in legit software (lien direct) | Malware operators have been increasingly abusing the Google Ads platform to spread malware to unsuspecting users searching for popular software products. [...] | Malware | ★★★ | |
|
2022-12-28 12:42:00 | APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector (lien direct) | Microsoft's decision to block Visual Basic for Applications (VBA) macros by default for Office files downloaded from the internet has led many threat actors to improvise their attack chains in recent months. Now according to Cisco Talos, advanced persistent threat (APT) actors and commodity malware families alike are increasingly using Excel add-in (.XLL) files as an initial intrusion vector. | Malware Threat | ★ | |
|
2022-12-27 23:35:42 | Types of Recent .NET Packers and Their Distribution Trends in Korea (lien direct) | 0. Overview This post is a summary of the TI report, ‘Report on the Trends and Types of Recent .NET Packers.’ Please refer to the report in the hyperlink for more details on the topic. Recently, packers made with .NET are being found in various places both in and outside Korea. Thus, the ASEC analysis team aims to introduce the five most commonly distributed .NET packers and their distribution trends in Korea. We will overview the types of malware distributed... | Malware | ★★★★ | |
 |
2022-12-27 17:13:27 | 4 Mac Malware Finds in 2022 (lien direct) | >Mac malware in 2022: An overview of four important macOS malware variants found in 2022 and tips on staying safe. | Malware | ★★★ | |
 |
2022-12-27 14:20:16 | (Déjà vu) QBot Malware Attacks Use SVG files to Perform HTML Smuggling (lien direct) |
|
Malware | ★ | |
|
2022-12-27 13:35:58 | (Déjà vu) RisePro info-stealer distributed through PrivateLoader PPI service (lien direct) | New information-stealing malware RisePro is being distributed using the PrivateLoader pay-per-install malware downloader service | Malware | ★ | |
|
2022-12-27 13:34:53 | Security system bypass techniques added to GuLoader malware downloader (lien direct) | Advanced malware downloader GuLoader, also known as CloudEyE, was discovered by CrowdStrike researchers to be leveraging new techniques for bypassing security software. | Malware | ★★★ | |
 |
2022-12-27 08:00:26 | BlueNoroff introduces new methods bypassing MoTW (lien direct) | We continue to track the BlueNoroff group's activities and this October we observed the adoption of new malware strains in its arsenal. | Malware | ★★ | |
|
2022-12-26 17:57:00 | GuLoader Malware Utilizing New Techniques to Evade Security Software (lien direct) | Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called GuLoader to evade security software. "New shellcode anti-analysis technique attempts to thwart researchers and hostile environments by scanning entire process memory for any virtual machine (VM)-related strings," CrowdStrike researchers Sarang Sonawane and Donato Onofri said in a | Malware | ★★★ | |
|
2022-12-26 17:42:00 | PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware (lien direct) | The pay-per-install (PPI) malware downloader service known as PrivateLoader is being used to distribute a previously documented information-stealing malware dubbed RisePro. Flashpoint spotted the newly identified stealer on December 13, 2022, after it discovered "several sets of logs" exfiltrated using the malware on an illicit cybercrime marketplace called Russian Market. A C++-based malware, | Malware | ★★ | |
|
2022-12-26 04:51:42 | (Déjà vu) ASEC Weekly Malware Statistics (December 12th, 2022 – December 18th, 2022) (lien direct) | The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 12th, 2022 (Monday) to December 18th, 2022 (Sunday). For the main category, downloader ranked top with 61.9%, followed by Infostealer with 24.7%, backdoor with 12.5%, and ransomware with 0.9%. Top 1 – SmokeLoader SmokeLoader is an Infostealer/downloader malware that is distributed via exploit kits. This week, it ranked first place with 28.9%. Like... | Ransomware Malware | ★★ | |
|
2022-12-26 04:08:49 | Caution! Malware Signed With Microsoft Certificate (lien direct) | Microsoft announced details on the distribution of malware signed with a Microsoft certificate.[1] According to the announcement, a driver authenticated with the Windows Hardware Developer Program had been abused due to the leakage of multiple Windows developer accounts. To prevent damage, Microsoft blocked the related accounts and applied a security update (Microsoft Defender 1.377.987.0 or later). To prevent security risks, Windows only allows the loading of kernel mode drivers that are signed. If a driver is not signed, it cannot... | Malware | ★★★ | |
|
2022-12-24 18:21:00 | W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names (lien direct) | Threat actors have published yet another round of malicious packages to Python Package Index (PyPI) with the goal of delivering information-stealing malware on compromised developer machines. Interestingly, while the malware goes by a variety of names like ANGEL Stealer, Celestial Stealer, Fade Stealer, Leaf $tealer, PURE Stealer, Satan Stealer, and @skid Stealer, cybersecurity company Phylum | Malware Threat | ★★★ | |
|
2022-12-24 10:08:16 | New info-stealer malware infects software pirates via fake cracks sites (lien direct) | A new information-stealing malware named 'RisePro' is being distributed through fake cracks sites operated by the PrivateLoader pay-per-install (PPI) malware distribution service. [...] | Malware | ★★ | |
 |
2022-12-23 00:00:00 | IcedID Botnet Distributors Abuse Google PPC to Distribute Malware (lien direct) | We analyze the latest changes in IcedID botnet from a campaign that abuses Google pay per click (PPC) ads to distribute IcedID via malvertising attacks. | Malware | ★★★ | |
 |
2022-12-22 18:34:52 | Zerobot malware now shooting for Apache systems (lien direct) | Upgraded threat, time to patch The Zerobot botnet, first detected earlier this month, is expanding the types of Internet of Things (IoT) devices it can compromise by going after Apache systems.… | Malware | ★★★ | |
 |
2022-12-22 18:25:13 | Cisco Talos report: Threat actors use known Excel vulnerability (lien direct) | >The use of .XLL Excel files by threat actors to infect computers with malware is growing fast. Learn more about this relatively new technique and how to protect from it. | Malware Vulnerability Threat | ★ | |
 |
2022-12-22 15:43:07 | Intelligence Insights: December 2022 (lien direct) | The ghost of malware past, Yellow Cockatoo, returns from hiatus while Gootloader unwraps new TTPs in this month's Intelligence Insights | Malware | ★★★ | |
|
2022-12-22 14:44:21 | New Polymorphic Wiper Malware Leaves Attacked Environments “Unrecoverable” (lien direct) |
|
Malware | ★★ | |
|
2022-12-22 14:03:30 | Brazilian Bank Users Are the Target of a New BrasDex Malware (lien direct) | Cybercriminals have recently launched a new Android trojan called BrasDex that targets Brazilian bank users. This trojan is part of a more extensive, ongoing multi-platform campaign that has been attributed to the threat players behind the Windows banking malware Casbaneiro. Dutch security firm ThreatFabric published a report last week stating that BrasDex has “a very […] | Malware Threat | ★★ | |
 |
2022-12-22 13:00:50 | (Déjà vu) Black Hat Europe 2022 NOC: When planning meets execution (lien direct) | Cisco is a Premium Partner of the Black Hat NOC, and is the Official Wired & Wireless Network Equipment, Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider. | Malware | ★★★ | |
|
2022-12-22 13:00:22 | (Déjà vu) Black Hat Europe 2022 NOC: The SOC Inside the NOC (lien direct) | Cisco is a Premium Partner of the Black Hat NOC, and is the Official Wired & Wireless Network Equipment, Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider. | Malware | ★★★ |
To see everything:
Our RSS (filtrered)
