What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-15 17:45:33 | Sophos Endpoint Security Advancements Improve Cyberthreat Defenses and Streamline Management (lien direct) | Sophos Endpoint Security Advancements Improve Cyberthreat Defenses and Streamline Management Introduces Adaptive Active Adversary Protection, Linux Malware Protection Enhancements, Account Health Check Capabilities, Integrated ZTNA Agent, and More - Product Reviews | Malware | ★★ | |
 |
2023-03-15 17:30:00 | Tick APT Group Hacked East Asian DLP Software Firm (lien direct) | The hacker breached the DLP company's internal update servers to deliver malware within its network | Malware | ★★ | |
|
2023-03-15 17:00:00 | "FakeCalls" Android Malware Targets Financial Firms in South Korea (lien direct) | CPR discovered 2500 samples of the malware, impersonating 20 financial institutions in the region | Malware | ★★ | |
 |
2023-03-15 16:30:00 | GoatRAT Android Banking Trojan Targets Mobile Automated Payment System (lien direct) | The new malware was discovered targeting three banks in Brazil. | Malware | ★★★ | |
 |
2023-03-15 14:53:00 | Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company (lien direct) | A cyberespionage actor known as Tick has been attributed with high confidence to a compromise of an East Asian data-loss prevention (DLP) company that caters to government and military entities. "The attackers compromised the DLP company's internal update servers to deliver malware inside the software developer's network, and trojanized installers of legitimate tools used by the company, which | Malware Threat | ★★★ | |
 |
2023-03-15 12:00:05 | Fans of Last Of Us warned of rising phishing and malware scams (lien direct) | Security experts are warning consumers of two new scams that are circulating in the wild which are taking advantage of the buzz and hype surrounding HBO’s new adaption of the popular video game franchise The Last Of US. Technology expert Prateek Jha from VPNOverview.com initiated the warning which has also been supported by Kaspersky. Kaspersky researchers […] | Malware General Information | ★★★ | |
 |
2023-03-15 11:00:34 | Can your SASE solution block these top malware? (lien direct) | >Malware is a go-to tactic and essential tool for attackers. According to Check Point Research’s 2023 Cyber Security Report, 32% of cyber attacks globally are based on multipurpose malware with email as the attack vector in 86% of those attacks. The most vicious malware are wipers, whose only purpose is to cause irreversible damage and… | Malware Tool | ★★ | |
 |
2023-03-15 10:00:00 | 10 Ways B2B companies can improve mobile security (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Mobile security refers to the technologies and processes that are used to protect mobile devices from malicious attacks, data breaches, and other forms of cybercrime. It also includes measures taken to safeguard personal information stored on these devices, as well as protecting them from physical damage or theft. Mobile security is becoming increasingly important due to the rapid proliferation of smartphones and tablets being used for business purposes around the world. Businesses need to take steps to ensure their data remains secure when accessing company networks via mobile devices, including implementing a few key measures. Below are ten ways B2B companies can do better mobile security. 1. Use a secure email provider A secure domain email address is one of the most important ways to ensure that company emails and other sensitive data remain safe. Email providers such as Google, Microsoft, Zoho, and Postale offer secure domain email addresses which encrypt all emails sent and received in transit. This makes it more difficult for hackers to gain access to confidential information or launch attacks on vulnerable systems. Using a secure email provider is essential for any organization looking to maximize its data protection efforts. By taking advantage of these services, businesses can rest assured knowing their emails are secure and protected from malicious actors. 2. Implement strong authentication Strong authentication refers to the use of two or more forms of authentication to authenticate a user's identity. This could include using a one-time password for each login, biometric factors such as fingerprints, or utilizing an encrypted token. Strong authentication ensures that only authorized users can access company networks and confidential data. Having strong authentication measures in place is an essential step in protecting data, as it helps to prevent unauthorized access and keeps sensitive information secure. 3. Install mobile security software Mobile security software (also known as mobile device management or MDM) can help protect devices from malicious attacks. Mobile security software can be installed on all company-owned devices, providing a layer of protection by scanning for and blocking malicious applications. It can also offer additional layers of protection such as remote wiping capability, encryption, and the ability to remotely lock lost or stolen devices. 4. Enforce use policies By having clear use policies in place, businesses can ensure their employees understand the importance of mobile security and that they are adhering to the established rules. These policies should include restrictions on downloading or installing unapproved apps, accessing unknown or suspicious websites, or sharing confidential information with unauthorized personnel. Enforcing use policies is essential for keeping company networks and data secure. By ensuring that all employees abide by the same set of rules, businesses can greatly reduce their risk of a data breach or other malicious attack. 5. Utilize cloud storage Cloud storage provides an effective way to store business data securely off-site. Data stored in the cloud is encrypted and kept safe from physical damage or theft. It also eliminates the need for large servers and other physical infrastructure, reducing both costs and the potential risk of data breaches. Additionally, cloud storage allows employees to access their data from any device, anytime and anywhere | Data Breach Malware Guideline Cloud | ★★★ | |
 |
2023-03-15 09:44:16 | Évolution inquiétante des outils pirates (lien direct) | En février 2022, les experts en sécurité de l'information ont détecté l'arrivée du banquier pirate Xenomorph. Armé pour usurper, par superposition, les applications de 56 banques, le malware a rapidement été propagé grâce à des droppers publiés sur Google Play. | Malware Threat | ★★★ | |
 |
2023-03-15 08:40:31 | Un nouveau code pirate pour distributeurs de billets de banque ! (lien direct) | La découverte d'un nouveau malware nommé FiXS met à mal la sécurité de distributeurs de billets de banque. Ce logiciel malveillant cible les guichets automatiques de billets en Amérique latine, notamment les banques mexicaines depuis le début du mois de février 2023.... | Malware Threat | ★★ | |
 |
2023-03-15 03:43:54 | What are Rootkits? How to prevent them (lien direct) | A Rootkit is a malicious program composed of malware that is created to provide prolonged root-level or privileged-level access to a computer. It remains hidden in the computer system while maintaining control of the system remotely. Rootkits have the ability to steal data, eavesdrop, change system configurations, create permanent backdoors, deactivate other security defensive programs, and conceal other types of malware. They spread through phishing emails, infected shared folders, executable documents, and pirated software or software on infected websites. Different types of Rootkits. 1... | Malware General Information | ★★ | |
|
2023-03-14 18:17:20 | New Android Vishing Malware Impersonates Leading Financial Institutions to Target Victims in South Korea (lien direct) | New Android Vishing Malware Impersonates Leading Financial Institutions to Target Victims in South Korea - Malware Update / affiche | Malware Guideline | ★★ | |
|
2023-03-14 17:39:15 | Beware of Fake Calls! It\'s not really your bank calling. Check Point Research draws attention to a new Android Malware (lien direct) | >Highlights: CPR alerts on an Android Trojan named “FakeCalls”, a voice phishing malware Malware can masquerade incoming calls as coming form known legitimate financial organizations, aiming to gain the victim's trust and extract personal and financial data “FakeCalls” malware targets the South Korean market, faking calls from over 20 leading financial organizations Background When malware… | Malware Guideline | ★★★ | |
 |
2023-03-14 17:32:00 | Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam (lien direct) |
Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam, and More.
The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Android, APT, DLL side-loading, Iran, Linux, Malvertising, Mobile, Pakistan, Ransomware, and Windows. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Xenomorph V3: a New Variant with ATS Targeting More Than 400 Institutions
(published: March 10, 2023)
Newer versions of the Xenomorph Android banking trojan are able to target 400 applications: cryptocurrency wallets and mobile banking from around the World with the top targeted countries being Spain, Turkey, Poland, USA, and Australia (in that order). Since February 2022, several small, testing Xenomorph campaigns have been detected. Its current version Xenomorph v3 (Xenomorph.C) is available on the Malware-as-a-Service model. This trojan version was delivered using the Zombinder binding service to bind it to a legitimate currency converter. Xenomorph v3 automatically collects and exfiltrates credentials using the ATS (Automated Transfer Systems) framework. The command-and-control traffic is blended in by abusing Discord Content Delivery Network.
Analyst Comment: Fraud chain automation makes Xenomorph v3 a dangerous malware that might significantly increase its prevalence on the threat landscape. Users should keep their mobile devices updated and avail of mobile antivirus and VPN protection services. Install only applications that you actually need, use the official store and check the app description and reviews. Organizations that publish applications for their customers are invited to use Anomali's Premium Digital Risk Protection service to discover rogue, malicious apps impersonating your brand that security teams typically do not search or monitor.
MITRE ATT&CK: [MITRE ATT&CK] T1417.001 - Input Capture: Keylogging | [MITRE ATT&CK] T1417.002 - Input Capture: Gui Input Capture
Tags: malware:Xenomorph, Mobile, actor:Hadoken Security Group, actor:HadokenSecurity, malware-type:Banking trojan, detection:Xenomorph.C, Malware-as-a-Service, Accessibility services, Overlay attack, Discord CDN, Cryptocurrency wallet, target-industry:Cryptocurrency, target-industry:Banking, target-country:Spain, target-country:ES, target-country:Turkey, target-country:TR, target-country:Poland, target-country:PL, target-country:USA, target-country:US, target-country:Australia, target-country:AU, malware:Zombinder, detection:Zombinder.A, Android
Cobalt Illusion Masquerades as Atlantic Council Employee
(published: March 9, 2023)
A new campaign by Iran-sponsored Charming Kitten (APT42, Cobalt Illusion, Magic Hound, Phosphorous) was detected targeting Mahsa Amini protests and researchers who document the suppression of women and minority groups i |
Ransomware Malware Tool Vulnerability Threat Guideline Conference | APT 35 ChatGPT ChatGPT APT 36 APT 42 | ★★ |
|
2023-03-14 17:32:00 | GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks (lien direct) | A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. "GoBruteforcer chose a Classless Inter-Domain Routing (CIDR) block for scanning the network during the attack, and it targeted all IP addresses within that CIDR range," Palo Alto Networks Unit 42 researchers said. "The threat actor | Malware Threat | ★★★ | |
|
2023-03-14 15:54:30 | Emotet, QSnatch Malware Dominate Malicious DNS Traffic (lien direct) | An analysis of trillions of DNS requests shows a shocking amount of malicious traffic inside enterprise networks, with threats using DNS as a sort of malicious Autobahn. | Malware | ★★★★ | |
|
2023-03-14 15:29:20 | South Korean Android Banking Menace – FakeCalls (lien direct) | >Research by: Bohdan Melnykov, Raman Ladutska When malware actors want to enter the business, they can choose markets where their profit is almost guaranteed to be worth the effort – according to past results. The malware does not need to be high profile, just careful selection of the audience and the right market can be […] | Malware | ★★ | |
 |
2023-03-14 14:50:00 | Les données DNS montrent qu'une organisation sur 10 a un trafic de logiciels malveillants sur leurs réseaux [DNS data shows one in 10 organizations have malware traffic on their networks] (lien direct) | Le rapport Akamai souligne à quel point les menaces de logiciels malveillants restent généralisées, notant les dangers des menaces spécifiques à l'infrastructure DNS.
Akamai report highlights how widespread malware threats remain, noting the dangers of threats specific to DNS infrastructure. |
Malware | ★★★ | |
 |
2023-03-14 14:11:00 | Hackers target South Asian government entities with KamiKakaBot malware (lien direct) |
Suspected government-backed hackers are attacking military and government organizations in South Asia with malware called KamiKakaBot that is designed to steal sensitive information. Researchers from Amsterdam-based cybersecurity firm EclecticIQ [attributed](https://blog.eclecticiq.com/dark-pink-apt-group-strikes-government-entities-in-south-asian-countries#A1) the attacks to the advanced persistent threat (APT) group Dark Pink. The group's previous victims include military, government, religious and non-profit organizations in Cambodia, Indonesia, |
Malware Threat | ★★ | |
 |
2023-03-14 13:00:00 | CyberheistNews Vol 13 #11 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears (lien direct) |
CyberheistNews Vol 13 #11 | March 14th, 2023
[Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears
Robert Lemos at DARKReading just reported on a worrying trend. The title said it all, and the news is that more than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information. Yikes.
I'm giving you a short extract of the story and the link to the whole article is below.
"Employees are submitting sensitive business data and privacy-protected information to large language models (LLMs) such as ChatGPT, raising concerns that artificial intelligence (AI) services could be incorporating the data into their models, and that information could be retrieved at a later date if proper data security isn't in place for the service.
"In a recent report, data security service Cyberhaven detected and blocked requests to input data into ChatGPT from 4.2% of the 1.6 million workers at its client companies because of the risk of leaking confidential info, client data, source code, or regulated information to the LLM.
"In one case, an executive cut and pasted the firm's 2023 strategy document into ChatGPT and asked it to create a PowerPoint deck. In another case, a doctor input his patient's name and their medical condition and asked ChatGPT to craft a letter to the patient's insurance company.
"And as more employees use ChatGPT and other AI-based services as productivity tools, the risk will grow, says Howard Ting, CEO of Cyberhaven.
"'There was this big migration of data from on-prem to cloud, and the next big shift is going to be the migration of data into these generative apps," he says. "And how that plays out [remains to be seen] - I think, we're in pregame; we're not even in the first inning.'"
Your employees need to be stepped through new-school security awareness training so that they understand the risks of doing things like this.
Blog post with links:https://blog.knowbe4.com/employees-are-feeding-sensitive-biz-data-to-chatgpt-raising-security-fears
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blockl |
Ransomware Data Breach Spam Malware Threat Guideline Medical | ChatGPT ChatGPT | ★★ |
|
2023-03-14 11:49:15 | Le développeur de NetWire arrêté (lien direct) | En Croatie, le développeur de NetWire RAT, Mario Žanko, a été arrêté et l’infrastructure du malware a été saisie par les autorités. Mario Žanko, 40 ans, est un informaticien recherché par le FBI depuis des années. Il faut dire aussi que son logiciel pas comme les autres a permis d’orchestrer des dizaines de milliers de … Continue reading Le développeur de NetWire arrêté | Malware | ★★★ | |
 |
2023-03-13 23:31:00 | Mallox Ransomware Being Distributed in Korea (lien direct) | AhnLab Security Emergency response Center (ASEC) has recently discovered the distribution of the Mallox ransomware during the team’s monitoring. As covered before, Mallox, which targets vulnerable MS-SQL servers, has historically been distributed at a consistently high rate based on AhnLab’s statistics. The malware disguised as a program related to DirectPlay is a file built in .NET which, as shown in Figure 3, connects to a certain address, downloads additional malware, and runs it in the memory. If this address cannot... | Ransomware Malware | ★★★ | |
|
2023-03-13 21:52:00 | 200-300% Increase in AI-Generated YouTube Videos to Spread Stealer Malware (lien direct) | Pas de details / No more details | Malware | ★★★ | |
 |
2023-03-13 20:44:03 | New Hiatus malware campaign targets routers (lien direct) | >A new malware dubbed HiatusRAT infects routers to spy on its targets, mostly in Europe and in the U.S. Learn which router models are primarily targeted and how to protect from this security threat. | Malware | ★★ | |
|
2023-03-13 18:38:00 | Hike in AI-Created YouTube Videos Loaded With Malware (lien direct) | AI-generated videos pose as tutorials on how to get cracked versions of Photoshop, Premiere Pro, and more. | Malware | ★★ | |
|
2023-03-13 17:46:14 | Persistance à long terme d\'un malware chinois sur des dipositifs SonicWall, l\'importance du monitoring en continue (lien direct) | Persistance à long terme d'un malware chinois sur des dipositifs SonicWall, l'importance du monitoring en continue Mandiant, en partenariat avec SonicWall Product Security and Incident Response Team (PSIRT), a identifié une campagne chinoise suspecte qui consiste à maintenir une présence à long terme en exécutant un logiciel malveillant sur une application SonicWall Secure Mobile Access (SMA) qui n'a pas été patchée. - Malwares | Malware | ★★ | |
|
2023-03-13 17:17:00 | Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (lien direct) | Threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar. "The videos lure users by pretending to be tutorials on how to download cracked versions of software such as Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and other products that are licensed products available only to paid users," | Malware Threat | ★★ | |
|
2023-03-13 11:45:00 | KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets (lien direct) | The Dark Pink advanced persistent threat (APT) actor has been linked to a fresh set of attacks targeting government and military entities in Southeast Asian countries with a malware called KamiKakaBot. Dark Pink, also called Saaiwc, was first profiled by Group-IB earlier this year, describing its use of custom tools such as TelePowerBot and KamiKakaBot to run arbitrary commands and exfiltrate | Malware Threat | ★★★ | |
|
2023-03-13 10:00:00 | Insights from an external incident response team: Strategies to reduce the impact of cybersecurity attacks (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. "Why are you here if you cannot decrypt our data?" This is how people sometimes react to the arrival of the external incident response team. In this article, I will try to answer this question, but at the same time, I am going to describe the stages of incident response, list the main mistakes that play into the hands of hackers, and give basic advice on how to respond. Let's start by defining what a security incident is. Although the concept is straightforward, various companies may interpret it differently. For instance, some companies may consider incidents to include situations such as a power supply failure or a hard drive malfunction, while others may only classify malicious actions as incidents. In theory, an incident is a moment when some kind of undesirable event occurs. In practice, the definition of an "undesirable event" is determined by each company's own interpretation and perspective. For one organization, the discovery of a phishing email is what requires investigation. Other companies may not see the point in worrying about such incidents. For instance, they may not be concerned about a phishing email being opened on an employee device in a remote location not connected to the main infrastructure since it poses no immediate threat. There are also interesting cases here. For example, online traders consider a drop in the speed of interaction with the online exchange by 1% to be a serious incident. In many industries, proper incident response steps and cybersecurity in general, cannot be overestimated. But if we are talking about serious incidents, then most often, these are events related to the penetration of an attacker into the corporate network. This annoys the vast majority of business leaders. Incident response stages While the interpretation of certain events as security incidents may vary depending on various factors such as context and threat model, the response steps are often the same. These response steps are primarily based on the old SANS standard, which is widely used by many security professionals. SANS identifies six stages of incident response: Preparation Identification Containment Eradication Recovery Lessons learned It is important to note that the external response team is not immediately involved in this process. Preparation Preparation involves properly aligning organizational and technical processes. These are universal measures that should be implemented effectively across all areas: Inventory networks Build subnets correctly Use correct security controls and tools Hire the right people All this is not directly related to the external response team and, at the same time, affects its work significantly. The response is based on preparatory steps. For example, it relies heavily on the log retention policy. Each attack has its own dwell time - the time from an attacker entering the network until their activity is detected. If the attack has an extended dwell time (three-four months) and the logs are kept for seven days, it will be much more difficult for the investigation team to fin | Spam Malware Vulnerability Threat Guideline | ★★★ | |
|
2023-03-13 00:49:37 | CHM Malware Disguised as North Korea-related Questionnaire (Kimsuky) (lien direct) | AhnLab Security Emergency response Center (ASEC) has recently discovered a CHM malware which is assumed to have been created by the Kimsuky group. This malware type is the same as the one covered in the following ASEC blog posts and the analysis report on the malware distributed by the Kimsuky group, its goal being the exfiltration of user information. Analysis Report on Malware Distributed by the Kimsuky Group – Oct 20, 2022 APT Attack Being Distributed as Windows Help File (*.chm) –... | Malware | ★★★ | |
 |
2023-03-12 00:03:36 | List of clean mutexes and mutants (lien direct) | A few years ago I released a list of ‘bad’ mutexes/mutants. That list was generated from my malware sandbox reports. I thought that it may be good to revisit the […] | Malware | ★★★★ | |
|
2023-03-11 19:02:00 | BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (lien direct) | The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif. According to cybersecurity company eSentire, malicious ads are used to spoof a wide range of legitimate apps and services such as Adobe, OpenAPI's ChatGPT, Spotify, Tableau, and Zoom. BATLOADER, as the name suggests, is a loader that's responsible for | Malware | ChatGPT | ★★ |
|
2023-03-10 21:01:30 | BlackLotus Secure Boot Bypass Malware Set to Ramp Up (lien direct) | BlackLotus is the first in-the-wild malware to exploit a vulnerability in the Secure Boot process on Windows, and experts expect copycats and imminent increased activity. | Malware Vulnerability | ★★★ | |
 |
2023-03-10 20:34:34 | Xenomorph Android Malware Steals Data From 400 Banks (lien direct) | A new automatic transfer system (ATS) framework and the capacity to steal login information for 400 banks are two of the main capabilities added to the Xenomorph Android virus in this new iteration. ThreatFabric found the initial iteration in February 2022. The banking malware has amassed over 50,000 downloads on the Google Play store. Using […] | Malware | ★ | |
|
2023-03-10 19:32:00 | New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (lien direct) | An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed in 2016, is a modular botnet that features a large repertoire of components and several proliferation | Malware | ★★★ | |
|
2023-03-10 19:20:00 | China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware (lien direct) | A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access (SMA) 100 appliances to drop malware and establish long-term persistence. "The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades," cybersecurity company Mandiant said in a technical report published this week. The | Malware | ★★ | |
|
2023-03-10 17:30:00 | Hadoken Security Group Upgrades Xenomorph Mobile Malware (lien direct) | The trojan can now start specified applications, show push notifications, steal cookies and more | Malware | ★★★ | |
 |
2023-03-10 16:27:40 | Microsoft OneNote to get enhanced security after recent malware abuse (lien direct) | Microsoft is working on introducing improved protection against phishing attacks pushing malware via malicious Microsoft OneNote files. [...] | Malware | ★★★ | |
|
2023-03-10 15:33:00 | Xenomorph Android Banking Trojan Returns with a New and More Powerful Variant (lien direct) | A new variant of the Android banking trojan named Xenomorph has surfaced in the wild, the latest findings from ThreatFabric reveal. Named "Xenomorph 3rd generation" by the Hadoken Security Group, the threat actor behind the operation, the updated version comes with new features that allow it to perform financial fraud in a seamless manner. "This new version of the malware adds many new | Malware Threat | ★★ | |
|
2023-03-10 14:46:12 | Use of Malware Decreases in Cyber Attacks as Exploit Usage Skyrockets (lien direct) |
|
Malware | ★★ | |
|
2023-03-10 14:02:23 | New GoBruteforcer malware targets phpMyAdmin, MySQL, FTP, Postgres (lien direct) | A newly discovered Golang-based botnet malware scans for and infects web servers running phpMyAdmin, MySQL, FTP, and Postgres services. [...] | Malware | ★★★ | |
|
2023-03-10 13:13:00 | North Korean UNC2970 Hackers Expands Operations with New Malware Families (lien direct) | A North Korean espionage group tracked as UNC2970 has been observed employing previously undocumented malware families as part of a spear-phishing campaign targeting U.S. and European media and technology organizations since June 2022. Google-owned Mandiant said the threat cluster shares "multiple overlaps" with a long-running operation dubbed "Dream Job" that employs job recruitment lures in | Malware Threat | ★★ | |
|
2023-03-10 12:58:14 | SoulSearcher Malware Released By Chinese Sharp Panda Group (lien direct) | Sharp Panda’s new “SoulSearcher” malware framework is targeting high-profile government agencies in Vietnam, Thailand, and Indonesia. Chinese APTs used the virus to spy on vital Southeast Asian organizations. Check Point found a spear-phishing-based malware campaign that started in late 2022 and continues into 2023. The latest Sharp Panda operation sends spear-phishing emails with malicious DOCX […] | Malware | ★★ | |
|
2023-03-10 12:48:07 | Security researchers targeted with new malware via job offers on LinkedIn (lien direct) | A suspected North Korean hacking group is targeting security researchers and media organizations in the U.S. and Europe with fake job offers that lead to the deployment of three new, custom malware families. [...] | Malware Guideline | ★★★ | |
|
2023-03-10 10:54:50 | Police Seize Netwire RAT Malware Framework, Detains Admin (lien direct) | After seizing the website and bringing down the infrastructure used by criminals connected to the NetWire remote access malware, international law enforcement authorities have declared another triumph over cybercriminals (RAT). A guy who allegedly ran the worldwiredlabs website, which has long sold the NetWire malware, was detained by Croatian police on Tuesday. Swiss law enforcement […] | Malware | ★★★ | |
|
2023-03-10 05:24:00 | Xenomorph Android malware now steals data from 400 banks (lien direct) | The Xenomorph Android malware has released a new version that adds significant capabilities to conduct malicious attacks, including a new automated transfer system (ATS) framework and the ability to steal credentials for 400 banks. [...] | Malware | ★★★ | |
 |
2023-03-10 01:33:57 | Another Malware with Persistence (lien direct) | Here’s a piece of Chinese malware that infects SonicWall security appliances and survives firmware updates. On Thursday, security firm Mandiant published a report that said threat actors with a suspected nexus to China were engaged in a campaign to maintain long-term persistence by running malware on unpatched SonicWall SMA appliances. The campaign was notable for the ability of the malware to remain on the devices even after its firmware received new firmware. “The attackers put significant effort into the stability and persistence of their tooling,” Mandiant researchers Daniel Lee, Stephen Eckels, and Ben Read wrote. “This allows their access to the network to persist through firmware updates and maintain a foothold on the network through the SonicWall Device.”... | Malware Threat | ★★★ | |
|
2023-03-10 00:55:42 | Netcat Attack Cases Targeting MS-SQL Servers (LOLBins) (lien direct) | ASEC (AhnLab Security Emergency response Center) has recently discovered the distribution of the Netcat malware targeting poorly managed MS-SQL servers. Netcat is a utility that allows users to send and receive data from specific destinations on a network connected by the TCP/UDP protocol. Due to its various features and ability to be used on both Linux and Windows, it is utilized by network managers and threat actors alike. 1. Netcat From a malware standpoint, a characteristic of Netcat is its... | Malware Threat | ★★★ | |
 |
2023-03-09 23:20:13 | Malware infecting widely used security appliance survives firmware updates (lien direct) | Update-resistant malware is part of a pattern by highly motivated threat actors. | Malware Threat | ★★★ | |
|
2023-03-09 20:24:00 | Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware (lien direct) | Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center (ASEC), in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on compromised systems. This includes the Sliver post-exploitation framework, XMRig cryptocurrency | Malware Threat | ★★★ |
To see everything:
Our RSS (filtrered)
