What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-19 12:54:00 | Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware (lien direct) | A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware. Microsoft, which spotted the updated malware delivery method in late October 2022, is tracking the group under the name DEV-0569. "Observed DEV-0569 attacks show a pattern of continuous innovation, with | Ransomware Malware Threat | ||
 |
2022-11-19 09:22:01 | New improved versions of LodaRAT spotted in the wild (lien direct) | >Cisco Talos spotted multiple updated versions of LodaRAT that were deployed alongside other malware families, including RedLine and Neshta. Researchers from Cisco Talos have monitored the LodaRAT malware over the course of 2022 and recently discovered multiple updated versions that have been deployed alongside other malware families, including RedLine and Neshta. The versions include new […] | Malware | ||
|
2022-11-18 18:23:00 | LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities (lien direct) | The LodaRAT malware has resurfaced with new variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta. "The ease of access to its source code makes LodaRAT an attractive tool for any threat actor who is interested in its capabilities," Cisco Talos researcher Chris Neal said in a write-up published Thursday. Aside from being dropped | Malware Tool Threat | ★★★ | |
 |
2022-11-18 12:31:59 | Microsoft Warns of Cybercrime Group Delivering Royal Ransomware, Other Malware (lien direct) | A threat actor tracked as DEV-0569 and known for the distribution of various malicious payloads was recently observed updating its delivery methods, Microsoft warns. | Malware Threat | ||
 |
2022-11-18 12:25:50 | Magento E-commerce Attacks More Than Double In November (lien direct) | E-commerce malware detection firm Sansec is tracking a surge in cyberattacks targeting Magento stores. At least seven Magecart groups are injecting TrojanOrders at approximately 38% of Magento and Adobe Commerce websites in November. The trend in recent weeks paints a grim picture for ecommerce DevOps teams worldwide for the coming weeks. There is a big increase of […] | Malware | ||
|
2022-11-18 12:06:24 | Omron PLC Vulnerability Exploited by Sophisticated ICS Malware (lien direct) | A critical vulnerability has not received the attention it deserves | Malware Vulnerability | ||
 |
2022-11-18 11:00:56 | Beware this Cyber Monday: Shopping Securely Online as You Grab The Best Deals (lien direct) | >Phishing scams, fake domains and malware attacks increase during this time of year, according to Check Point Software. Webloyalty points out in a recent study that, Cyber Monday sales will grow this year by 11% and an average spend of about 155€ will be made, 5% more than in 2021. Cyber Monday emerged in 2005… | Malware | ||
|
2022-11-18 10:36:00 | W4SP Stealer Constantly Targeting Python Developers in Ongoing Supply Chain Attack (lien direct) | An ongoing supply chain attack has been leveraging malicious Python packages to distribute malware called W4SP Stealer, with over hundreds of victims ensnared to date. "The threat actor is still active and is releasing more malicious packages," Checkmarx researcher Jossef Harush said in a technical write-up, calling the adversary WASP. "The attack seems related to cybercrime as the attacker | Malware Threat | ||
 |
2022-11-18 10:24:41 | Chinese hackers use Google Drive to drop malware on govt networks (lien direct) | State-backed Chinese hackers launched a spearphishing campaign to deliver custom malware stored in Google Drive to government, research, and academic organizations worldwide. [...] | Malware | ||
|
2022-11-18 08:24:14 | Ongoing supply chain attack targets Python developers with WASP Stealer (lien direct) | >A threat actor tracked as WASP is behind an ongoing supply chain attack targeting Python developers with the WASP Stealer. Checkmarx researchers uncovered an ongoing supply chain attack conducted by a threat actor they tracked as WASP that is targeting Python developers. The attackers are using Python packages to distribute a polymorphic malware called W4SP […] | Malware Threat | ||
 |
2022-11-18 08:10:34 | (Déjà vu) IT threat evolution in Q3 2022. Non-mobile statistics (lien direct) | PC malware statistics for Q3 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. | Malware Threat | ||
 |
2022-11-18 00:00:00 | Earth Preta Spear-Phishing Governments Worldwide (lien direct) | We break down the cyberespionage activities of advanced persistent threat (APT) group Earth Preta, observed in large-scale attack deployments that began in March. We also show the infection routines of the malware families they use to infect multiple sectors worldwide: TONEINS, TONESHELL, and PUBLOAD. | Malware Threat | ||
 |
2022-11-17 16:22:30 | Comment Emotet est revenu au premier plan des menaces cet automne (lien direct) | Comment Emotet est revenu au premier plan des menaces cet automne. TA542, un acteur malveillant qui distribue le malware Emotet, est (encore) de retour, après une longue pause dans la distribution d'emails malveillants. - Malwares | Malware | ||
|
2022-11-17 15:41:00 | FBI-Wanted Leader of the Notorious Zeus Botnet Gang Arrested in Geneva (lien direct) | A Ukrainian national who has been wanted by the U.S for over a decade has been arrested by Swiss authorities for his role in a notorious cybercriminal ring that stole millions of dollars from victims' bank accounts using malware called Zeus. Vyacheslav Igorevich Penchukov, who went by online pseudonyms "tank" and "father," is said to have been involved in the day-to-day operations of the group | Malware | ★★★★ | |
 |
2022-11-17 14:35:00 | Gartner Insights: How to Respond to the Cyberthreat Landscape (lien direct) | The digital transformation era has fundamentally changed how organizations operate, including how they manage information technology processes and systems. This change has been driven primarily by a desire to improve efficiency, reduce costs, and increase agility across multiple business areas. These changes are often accompanied by a shift from traditional physical environments to fully virtualized ones. While the benefits of virtualization are well documented, the adoption of virtualization leads to the creation of highly vulnerable network architecture, especially when combined with public cloud resources. The risk of cyberattacks is increasing across industries, impacting every aspect of modern life. This includes everything from financial institutions to healthcare providers, manufacturing companies to retail stores, government agencies to educational institutions, energy utilities to transportation systems, telecommunications carriers to media outlets, and many others. Gartner Cybersecurity Research In fact, according to Gartner, nearly 90% of large enterprises now face some form of cyberattack each month. And among those attacks, 40% are considered high severity. In addition, there are over 3,200 known malware families, ranging from simple viruses to sophisticated targeted attacks. Gartner found that most organizations understand the importance of addressing cybercrime, but only some know how to do it properly. They believe cybersecurity must address technology and people issues, but they don’t fully realize how much of a challenge this truly is. Gartner’s research found that the current cybersecurity approach is failing, and a shift is needed. The research recommends that organizations take a holistic view of the problem and ensure proper alignment of security to top emerging threats by: • Gaining a clear picture of the current state of play: What are the biggest threats facing companies today? Where do they lie within the context of the overall threat landscape? And can you identify the threats? • Understanding where the most significant risk lies: Which areas pose the greatest threat to businesses today? And why? • Implementing effective strategies for mitigating threats: What are effective ways to address the most significant threats? For example, what types of technologies can help protect against data breaches? And how do you protect against insider threats? Or secure cloud environments? Post-Covid Era Cybersecurity Even though we’re now past the COVID-19 crisis, there were many disruptions in the cybersecurity industry. Many large companies continue to focus on remote work, causing cloud-based operations to increase and expanding 5G networks connected devices at faster speeds and greater bandwidths. Cryptocurrencies exploded in popularity and are now bought, sold, and traded by individuals on a grander scale than ever before. Many organizations need more visibility into the full extent of the risks across their growing attack surface, making it challenging to identify and address vulnerabilities effectively. In addition, the rapid pace of innovation and sophistication in attacks makes it increasingly challenging for organizations to keep up with new threats. Organizations must ensure they have the right solutions, like a threat intelligence management or extended detection and response (XDR) platform, to defend against cyberattacks proactively. Cyber Attacks and Attackers are Evolving The stereotypical hacker working alone is no longer the main threat. Today’s attackers are more methodological and work within larger teams of individuals, often organized into hacking collectives known as advanced persistent threats (APTs). These groups are typically comprised of highly skilled professionals who spend months plannin | Malware Threat Guideline | ||
|
2022-11-17 13:19:17 | QBot phishing abuses Windows Control Panel EXE to infect devices (lien direct) | Phishing emails distributing the QBot malware are using a DLL hijacking flaw in the Windows 10 Control Panel to infect computers, likely as an attempt to evade detection by security software. [...] | Malware | ||
 |
2022-11-17 13:01:13 | Get a Loda This: LodaRAT meets new friends (lien direct) | LodaRAT samples were deployed alongside other malware families, including RedLine and Neshta.Cisco Talos identified several variants and altered versions of LodaRAT with updated functionality have been identified in the wild.Changes in these LodaRAT variants include new functionality allowing proliferation to attached removable storage, a new string encoding algorithm | Malware | ||
 |
2022-11-17 11:39:21 | Chasse, prévention et réponse au malware IcedID avec Logpoint (lien direct) | >Par Nilaa Maharjan, Security ResearchIndex· Pourquoi cette menace est-elle sérieuse ?Ice-breaker #1 : diffusion d'IcedID via le formulaire de contactIce-breaker #2 : diffusion d'IcedID via des factures falsifiées· Ajout de menaces de poursuites judiciaires aux tactiques d'ingénierie sociale· Se défendre contre les attaques sophistiquées grâce à une défense coordonnéeRésumé: · IcedID, alias BokBot, est un cheval [...] | Malware | ★★ | |
|
2022-11-17 11:39:21 | (Déjà vu) Emerging Threats: IcedID Beacon – Hunting, Preventing, and Responding to IcedID Malware using Logpoint (lien direct) | >By Nilaa Maharjan, Security Research Index Why is this threat noteworthy? Ice-breaker #1. Delivering IcedID via contact form Ice-breaker #2. Delivering IcedID via Spoofed Invoices Adding legal threats to social engineering tactics Defending against sophisticated attacks through a coordinated defense Executive Summary: IcedID, aka BokBot, is a banking trojan that has evolved multiple times [...] | Malware Threat | ★★ | |
|
2022-11-17 11:39:21 | IcedID-IcedID Beacon – Hunting, Preventing, and Responding to IcedID Malware using Logpoint (lien direct) | >Index Why is this threat noteworthy? Ice-breaker #1. Delivering IcedID via contact form Ice-breaker #2. Delivering IcedID via Spoofed Invoices Adding legal threats to social engineering tactics Defending against sophisticated attacks through a coordinated defense Executive Summary: IcedID, aka BokBot, is a banking trojan that has evolved multiple times and is now used as [...] | Malware Threat | ||
|
2022-11-17 09:39:05 | Magento Vulnerability Increasingly Exploited to Hack Online Stores (lien direct) | E-commerce malware and vulnerability detection firm Sansec warns of a surge in cyberattacks targeting CVE-2022-24086, a critical mail template vulnerability affecting Adobe Commerce and Magento stores. | Malware Hack Vulnerability | ||
 |
2022-11-17 08:30:10 | Notorious Emotet botnet returns after a few months off (lien direct) | And it's been sending out hundreds of thousands of malicious emails a day The Emotet malware-delivery botnet is back after a short hiatus, quickly ramping up the number of malicious emails it's sending and sporting additional capabilities, including changes to its binary and delivering a new version of the IcedID malware dropper.… | Malware | ||
|
2022-11-17 02:00:00 | L\'équipe zLabs de Zimperium découvre Cloud9, une extension de navigateur malveillante (lien direct) | L'équipe zLabs de Zimperium découvre Cloud9, une extension de navigateur malveillante Ce malware utilise des extensions malveillantes pour prendre le contrôle des navigateurs et de Windows - Malwares | Malware | ||
|
2022-11-16 19:30:56 | (Déjà vu) China-Based Sophisticated Phishing Campaign Uses 42,000 Domains (lien direct) | It has been reported that security researchers have uncovered a sophisticated phishing campaign using tens of thousands of malicious domains to spread malware and generate advertising revenue. Dubbed “Fangxiao,” the group directs unsuspecting users to the domains via WhatsApp messages telling them they've won a prize, according to security vendor Cyjax. The phishing site landing pages apparently impersonate […] | Malware | ||
|
2022-11-16 19:30:07 | WASP malware puts a sting in Python developers (lien direct) | Info-stealing trojan is hidden in malicious PyPI packages on GitHub WASP malware is using steganography and polymorphism to evade detection with malicious Python packages designed to steal credentials, personal information, and cryptocurrency.… | Malware | ||
 |
2022-11-16 17:32:00 | Disneyland Malware Team: It\'s a Puny World After All (lien direct) | A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic and Ukrainian. | Malware | ||
|
2022-11-16 15:15:45 | Updated RapperBot malware targets game servers in DDoS attacks (lien direct) | The Mirai-based botnet 'RapperBot' has re-emerged via a new campaign that infects IoT devices for DDoS (Distributed Denial of Service) attacks against game servers. [...] | Malware | ||
|
2022-11-16 13:05:00 | Warning: New RapperBot Campaign Aims to Launch DDoS Attacks at Game Servers (lien direct) | Cybersecurity researchers have unearthed new samples of malware called RapperBot that are being used to build a botnet capable of launching Distributed Denial of Service (DDoS) attacks against game servers. "In fact, it turns out that this campaign is less like RapperBot than an older campaign that appeared in February and then mysteriously disappeared in the middle of April," Fortinet | Malware | ||
 |
2022-11-16 13:00:14 | Stop Zero-Day Malware With Zero Stress With PAN-OS 11.0 Nova (lien direct) | >Announcing PAN-OS 11.0 Nova – the next evolution of network security to stop zero-day malware. Nova extends inline deep learning capabilities. | Malware | ||
|
2022-11-16 11:39:15 | New RapperBot Campaign targets game servers with DDoS attacks (lien direct) | >Fortinet researchers discovered new samples of RapperBot used to build a botnet to launch Distributed DDoS attacks against game servers. Fortinet FortiGuard Labs researchers have discovered new samples of the RapperBot malware that are being used to build a DDoS botnet to target game servers. Researchers from FortiGuard Labs discovered the previously undetected RapperBot IoT […] | Malware | ||
 |
2022-11-16 08:52:00 | Palo Alto targets zero-day threats with new firewall software (lien direct) | Palo Alto Networks has released next-generation firewall (NGFW) software that includes some 50 new features aimed at helping enterprise organizations battle zero-day threats and advanced malware attacks.The new features are built into the latest version of Palo Alto's firewall operating system – PAN 11.0 Nova – and include upgraded malware sandboxing for the company's WildFire malware-analysis service, advanced threat prevention (ATP), and a new cloud access security broker (CASB).WildFire is Palo Alto's on-prem or cloud-based malware sandbox that is closely integrated with Palo Alto's firewalls. When a firewall detects anomalies, it sends data to WildFire for analysis. WildFire uses machine learning, static analysis, and other analytics to discover threats, malware and zero-day threats, according to the vendor.To read this article in full, please click here | Malware Threat | ||
 |
2022-11-16 08:47:00 | BrandPost: Insider Risk vs. Malware – Why Insider Risk Requires a New Approach (lien direct) | Security teams focused on mitigating data loss threats are increasingly facing challenges that come from the way their own coworkers across the business get their jobs done. Years of digitization, hybrid and remote work, and empowering employees to collaborate effectively from anywhere has changed the structure of data in most organizations.Annual Code42 Data Exposure Report research shows the Insider Risk problem keeps getting bigger. Employees are 85% more likely to leak or take data today than pre-pandemic, and there's a 1 in 3 chance that you're losing critical intellectual property every time an employee leaves the company. But it's not just the proliferation of cloud tools and remote work that's accelerating the problem. In many ways, the mindset and strategies that security teams use to attack insider threats are actually aggravating the issue.To read this article in full, please click here | Malware | ||
|
2022-11-16 05:15:00 | Palo Alto releases PAN-OS 11.0 Nova with new evasive malware, injection attack protection (lien direct) | Palo Alto Networks has announced PAN-OS 11.0 Nova, the latest version of its PAN-OS software, featuring new product updates and features. These include the Advanced WildFire cloud-delivered security service to help protect against evasive malware and the Advanced Threat Prevention (ATP) service, which protects against injection attacks. The cybersecurity vendor also revealed new web proxy support and enhanced cloud access security broker (CASB) integration with new SaaS security posture management (SSPM) capabilities.In a press release, Anand Oswal, senior VP network security at Palo Alto Networks, said that the new version of Nova is now able to stop 26% more zero-day malware than traditional sandboxes and detect 60% more injection attacks. The updates are the latest in a series of security releases from Palo Alto in 2022.To read this article in full, please click here | Malware Threat | ||
 |
2022-11-16 03:54:28 | (Déjà vu) ASEC Weekly Malware Statistics (November 7th, 2022 – November 13th, 2022) (lien direct) | The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from November 7th, 2022 (Monday) to November 13th (Sunday). For the main category, downloader ranked top with 37.8%, followed by Infostealer with 27.1%, banking malware with 22.9%, backdoor with 11.2%, ransomware with 0.5%, and CoinMiner with 0.5%. Top 1 – Emotet Emotet which has resurfaced after six months ranked first place with 22.9%. Emotet... | Ransomware Malware | ||
|
2022-11-16 03:26:00 | Anomali Cyber Watch: Amadey Bot Started Delivering LockBit 3.0 Ransomware, StrelaStealer Delivered by a HTML/DLL Polyglot, Spymax RAT Variant Targeted Indian Defense, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, DDoS, Infostealers, Maldocs, Phishing, Ransomware, and Wipers. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
KmsdBot: The Attack and Mine Malware
(published: November 10, 2022)
KmsdBot is a cryptominer written in GO with distributed denial-of-service (DDoS) functionality. This malware was performing DDoS attacks via either Layer 4 TCP/UDP packets or Layer 7 HTTP consisting of GET and POST. KmsdBot was seen performing targeted DDoS attacks against the gaming industry, luxury car manufacturers, and technology industry. The malware spreads by scanning for open SSH ports and trying a list of weak username and password combinations.
Analyst Comment: Network administrators should not use weak or default credentials for servers or deployed applications. Keep your systems up-to-date and use public key authentication for your SSH connections.
MITRE ATT&CK: [MITRE ATT&CK] Network Denial of Service - T1498 | [MITRE ATT&CK] Resource Hijacking - T1496
Tags: detection:KmsdBot, SSH, Winx86, Arm64, mips64, x86_64, malware-type:DDoS, malware-type:Cryptominer, xmrig, Monero, Golang, target-industry:Gaming, target-industry:Car manufacturing, target-industry:Technology, Layer 4, Layer 7
Massive ois[.]is Black Hat Redirect Malware Campaign
(published: November 9, 2022)
Since September 2022, a new WordPress malware redirects website visitors via ois[.]is. To conceal itself from administrators, the redirect will not occur if the wordpress_logged_in cookie is present, or if the current page is wp-login.php. The malware infects .php files it finds – on average over 100 files infected per website. A .png image file is initiating a redirect using the window.location.href function to redirect to a Google search result URL of a spam domain of actors’ choice. Sucuri researchers estimate 15,000 affected websites that were redirecting visitors to fake Q&A sites.
Analyst Comment: WordPress site administrators should keep their systems updated and secure the wp-admin administrator panel with 2FA or other access restrictions. If your site was infected, perform a core file integrity check, query for any files containing the same injection, and check any recently modified or added files.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190
Tags: file-type:PHP, SEO poisoning, WordPress, Google Search, Google Ads
LockBit 3.0 Being Distributed via Amadey Bot
(published: November 8, 2022)
Discovered in 2018, Amadey Bot is a commodity malware that functions as infostealer and loader. Ahnlab researchers detected a new campaign where it is used to deliver the LockBit 3.0 ransomware. It is likely a part of a larger 2022 campaign delivering LockBit to South Korean users. The actors used phishing attachments with two variants of Amadey B |
Ransomware Spam Malware Tool Threat | ||
 |
2022-11-16 00:00:00 | Pilfered Keys: Free App Infected by Malware Steals Keychain Data (lien direct) | Open-source applications are a practical way to save money while keeping up with your productivity. However, this can be abused by threat actors to steal your data. Find out how one app was used to gather information of Apple users. | Malware Threat | ||
 |
2022-11-15 21:15:36 | CVE-2022-30772 (lien direct) | Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel memory. This issue was discovered by Insyde engineering during a security review. This issue is fixed in: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 https://www.insyde.com/security-pledge/SA-2022065 | Malware | ||
 |
2022-11-15 20:08:00 | Tips and Tricks: Debugging .NET Malware in a Multi-Stage Malware Deployment (lien direct) | FortiGuard Labs recently analyzed a fake phishing email that drops the Warzone RAT. Read a deeper analysis in our blog that provides more detail on technical challenges we faced during the analysis. | Malware | ||
|
2022-11-15 17:24:49 | North Korean hackers target European orgs with updated malware (lien direct) | North Korean hackers are using a new version of the DTrack backdoor to attack organizations in Europe and Latin America. [...] | Malware | ||
 |
2022-11-14 21:39:10 | Get instant malware filtering with Gryphon Guardian (lien direct) | TechRepublic readers can get this tiny mesh router that blocks security threats for only $79. | Malware | ||
|
2022-11-14 12:52:52 | KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks (lien direct) | >Researchers spotted a new evasive malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak credentials. Akamai Security Research discovered a new evasive Golang-based malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak login credentials. The malware was employed in cryptocurrency mining campaigns and to launch […] | Malware | ||
|
2022-11-14 12:44:00 | New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks (lien direct) | A newly discovered evasive malware leverages the Secure Shell (SSH) cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service (DDoS) attacks. Dubbed KmsdBot by the Akamai Security Intelligence Response Team (SIRT), the Golang-based malware has been found targeting a variety of companies ranging from gaming to | Malware | ||
|
2022-11-14 11:35:00 | Worok Hackers Abuse Dropbox API to Exfiltrate Data via Backdoor Hidden in Images (lien direct) | A recently discovered cyber espionage group dubbed Worok has been found hiding malware in seemingly innocuous image files, corroborating a crucial link in the threat actor's infection chain. Czech cybersecurity firm Avast said the purpose of the PNG files is to conceal a payload that's used to facilitate information theft. "What is noteworthy is data collection from victims' machines using | Malware Threat | ||
 |
2022-11-14 09:30:00 | Ukrainian CERT Discloses New Data-Wiping Campaign (lien direct) | Somnia malware hijacks Telegram and VPN accounts | Malware | ||
|
2022-11-14 01:42:56 | A Dropper-Type Malware Bomb Being Distributed Again in the Disguise of Cracks (lien direct) | The dropper malware which camouflaged itself as a crack is being actively distributed again after a period of dormancy. When this malware is executed, the affected system becomes infected with numerous malware programs simultaneously. This is effectively a malware “bomb.” Malware disguised as cracks for commercial software have been prevalent, which were either distributed in a “singular malware” format or “dropper malware” format. The ASEC analysis team is closely monitoring such malware distribution activities and has covered them multiple times... | Malware | ||
|
2022-11-12 14:53:58 | Malicious app in the Play Store spotted distributing Xenomorph Banking Trojan (lien direct) | Experts discovered two new malicious dropper apps on the Google Play Store distributing the Xenomorph banking malware. Zscaler ThreatLabz researchers discovered a couple of malicious dropper apps on the Play Store distributing the Xenomorph banking malware. Xenomorph was first spotted by ThreatFabric researchers in February 2022, at the time the malware was employed in attacks […] | Malware | ||
|
2022-11-12 05:15:12 | CVE-2022-38652 (lien direct) | ** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of the Hyperic Agent process (often SYSTEM on Windows platforms). NOTE: prior exploitation of CVE-2022-38650 results in the disclosure of the authentication material required to exploit this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | Malware Vulnerability | ★★ | |
|
2022-11-12 05:15:11 | CVE-2022-38650 (lien direct) | ** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | Malware Vulnerability | ★★★★ | |
|
2022-11-11 21:07:03 | Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware (lien direct) | >Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. The threat actors behind the campaigns used two Android spyware to spy on the victims and steal sensitive information. The campaigns involved a new piece of malware called […] | Malware Threat | ||
|
2022-11-11 19:56:00 | Experts Uncover Two Long-Running Android Spyware Campaigns Targeting Uyghurs (lien direct) | Two long-running surveillance campaigns have been found targeting the Uyghur community in China and elsewhere with Android spyware tools designed to harvest sensitive information and track their whereabouts. This encompasses a previously undocumented malware strain called BadBazaar and updated variants of an espionage artifact dubbed MOONSHINE by researchers from the University of Toronto's | Malware |
To see everything:
Our RSS (filtrered)
