What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-11 11:26:33 | New BadBazaar Android malware linked to Chinese cyberspies (lien direct) | A previously undocumented Android spyware tool named 'BadBazaar' has been discovered targeting ethnic and religious minorities in China, most notably the Uyghurs in Xinjiang. [...] | Malware Tool | ||
 |
2022-11-11 05:38:02 | Emotet Being Distributed Again via Excel Files After 6 Months (lien direct) | Over multiple blog posts, the ASEC analysis team has released information on the distribution of Emotet which had been modified in many different ways. It has recently been identified that the Emotet malware has become active again. Around six months have elapsed since the last active distribution. This post will examine the differences between the current Excel file and the one that had been distributed in the past. The common characteristics include the fact that it is distributed through an... | Malware | ||
|
2022-11-11 05:26:49 | (Déjà vu) HackHound IRC Bot Being Distributed via Webhards (lien direct) | Webhards are the main platforms that the attackers targeting Korean users exploit to distribute malware. The ASEC analysis team has been monitoring malware types distributed through webhards and uploaded multiple blog posts about them in the past. Generally, attackers distribute malware through illegal programs such as adult games and crack versions of games. Those who use webhards as a distribution path typically install RAT type malware such as njRAT, UdpRAT, and DDoS IRC Bot. As shown in the cases covered... | Malware | ||
 |
2022-11-10 21:20:00 | Warning: New Massive Malicious Campaigns Targeting Top Indian Banks\' Customers (lien direct) | Cybersecurity researchers are warning of "massive phishing campaigns" that distribute five different malware targeting banking users in India. "The bank customers targeted include account subscribers of seven banks, including some of the most well-known banks located in the country and potentially affecting millions of customers," Trend Micro said in a report published this week. Some of the | Malware | ||
|
2022-11-10 17:58:42 | Phishing drops IceXLoader malware on thousands of home, corporate devices (lien direct) | A ongoing phishing campaign has infected thousands of home and corporate users with a new version of the 'IceXLoader' malware. [...] | Malware | ||
|
2022-11-10 17:18:10 | (Déjà vu) Microsoft fixes Windows zero-day bug exploited to push malware (lien direct) | Windows has fixed a bug that prevented Mark of the Web flags from propagating to files within downloaded ISO files, dealing a massive blow to malware distributors and developers. [...] | Malware | ||
|
2022-11-10 17:18:10 | Microsoft fixes MoTW zero-day used to drop malware via ISO files (lien direct) | Windows has fixed a bug that prevented Mark of the Web flags from propagating to files within downloaded ISO files, dealing a massive blow to malware distributors and developers. [...] | Malware | ||
 |
2022-11-10 16:15:55 | Researchers warn of malicious packages on PyPI using steganography (lien direct) | >Experts discovered a malicious package on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. CheckPoint researchers discovered a malicious package, named ‘apicolor,’ on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. The malicious package infects PyPI users through open-source projects on Github. The […] | Malware | ||
 |
2022-11-10 15:21:29 | Update your Lenovo laptop\'s firmware now! Flaws could help malware survive a hard disk wipe (lien direct) | PC manufacturer Lenovo has been forced to push out a security update to more than two dozen of its laptop models, following the discovery of high severity vulnerabilities that could be exploited by malicious hackers. Security researchers at ESET discovered flaws in 25 of its laptop models - including IdeaPads, Slims, and ThinkBooks - that could be used to disable the UEFI Secure Boot process. Read more in my article on the Tripwire State of Security blog. | Malware | ||
|
2022-11-10 14:17:25 | Worok hackers hide new malware in PNGs using steganography (lien direct) | A threat group tracked as 'Worok' hides malware within PNG images to infect victims' machines with information-stealing malware without raising alarms. [...] | Malware Threat | ||
 |
2022-11-10 13:40:53 | Advanced RAT AgentTesla Revealed As Most Widespread Malware In October (lien direct) | It has been reported that info-stealing malware accounted for the three most widespread variants in October, comprising nearly a fifth (16%) of global detections, according to Check Point. The security vendor's Global Threat Index for October 2022 is compiled from hundreds of millions of its own threat intelligence sensors, installed across customer networks, endpoints and mobile devices. | Malware Threat | ||
|
2022-11-10 13:28:52 | Security Expert On IceXLoader Malware (lien direct) | A new version of IceXLoader that has compromised thousands of personal and enterprise Windows machines, security experts reacted below. | Malware | ||
 |
2022-11-10 11:49:00 | The Need for More Data in Security Operations (lien direct) | The increasing reliance on big data has created a broader scope for hackers to exploit. But, it’s also made opportunities for cybersecurity professionals to help identify threats. Recent ESG research found that survey respondents want to use more data for security operations, driving the need for scalable, high-performance, cloud-based back-end data repositories. The research found that 80% of organizations use more than 10 data sources as part of security operations to detect malicious activities, believing the most important to be: endpoint security data, threat intelligence feeds, security device logs, cloud security data, and network flow logs. While these are all valuable in their own right, they can also be difficult to collect, store, analyze, and correlate across multiple systems. Big data analytics has made it possible for organizations to combine multiple sources of information into one unified view of an event or incident. Though there have been advanced, many security tools still lack the ability to integrate, especially if they are from multiple vendors. This makes sharing information harder and highlights the need for better integration between telemetry sources and analysis tools. Challenges with Big Data There is no shortage of hype surrounding big data. Many companies are already reaping the benefits of big data and applying it to improve their operations. Big data is often described as “dense,” meaning that it contains a lot of information and is hard to analyze. While this makes it easier to collect, it also challenges organizations to figure out what information is relevant and how to apply it. The same goes for cybersecurity threats. There is a lot of buzz about the potential of big data to help identify attackers, but the reality is that it doesn’t just work like that. Instead, big data also provides a way for attackers to hide within vast amounts of information. They can further exploit this to avoid detection and even change their identity multiple times before unleashing a cyber attack. Using Data for Cybersecurity Even though data is the most appetizing and easily accessible target for attackers, that doesn’t mean you shouldn’t collect and analyze it. Data analysis can provide insights into how attackers target your organization for a cyber attack and what they might do next. According to the ESG Research, SOC teams collect, process, and analyze a variety of security telemetry to help them determine detection weaknesses where custom rules are needed. Security teams customize vendor rule sets to meet their needs and develop custom rules to detect threats targeting their industry or organization. Data Visualization & Analytics Big data analytics allows an organization to visualize attacks, detect anomalies, and discover relationships between different data sets. Machine Learning & Predictive Modeling Machine learning helps identify potential threats and behavior patterns by analyzing the data collected during the attack and comparing it with patterns we know about. We can even build predictive models based on our experience to detect similar attacks in the future. Security Controls Automation Artificial intelligence can help quickly automate threat intelligence to security controls to protect against security breaches. For example, machine learning could help identify activities related to a particular type of event and block access to those actions or events. The Need to Understand the Attacker Threat actors use three main attack vectors: social engineering, malware, and brute force. Social engineering occurs when someone attempts to trick another person into disclosing confidential information or giving up control | Malware Vulnerability Threat | ||
 |
2022-11-10 11:00:00 | The pros and cons of the digital transformation in banking (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Digital transformation in banking began following the creation of the internet in the 1990s as a way for banks to deliver services to their customers more conveniently. Today, it has completely changed how most people interact with their banks. From opening a new account to making transactions and applying for loans, you can access all banking services directly from your computer or smartphone. According to an FDIC survey on banking behavior, over 80% of account holders engage in some form of digital banking. The popularity of digital banking stems from the convenience and level of personalization that it offers. But is digital banking good for you, or do the risks, such as cybersecurity issues, outweigh the benefits? Below, let’s explore some of the pros and cons of digital transformation in banking. Pros of digital transformation in banking Digital banking offers several advantages to the modern banking customer. Here are a few: 24/7 Access to your bank One of the most significant benefits of digital banking is that it gives you round-the-clock access to your account. You don’t have to wait for working hours to deposit your funds, get an account statement, change your account details, or transact funds. You can do it at any time from wherever you are. Additionally, you don’t have to waste time in long queues in the banking hall. Digital banking is like having your personal bank right in your pocket. Better rates, lower fees Banks typically charge account maintenance and transaction fees to cover expenses like employees, bank premises, etc. Since digital banking allows customers to serve themselves directly over the internet, there’s less demand for bank employees and multiple brick-and-mortar branches. Therefore, banks embracing digital transformation have lower overheads and can offer their customers lower fees and higher interest rates. These benefits are especially pronounced for purely digital banks without physical premises. Better customer experience A 2021 survey by Deloitte Insights found that digital-first banks routinely outperform traditional banks in multiple areas that matter most to customers, including simplicity of transactions, transaction speed, and the overall quality of the banking experience. Digital banks provide a smoother experience compared to traditional banks. For instance, transacting on a digital bank takes just a few minutes on your smartphone or laptop. In contrast, simply making a transaction in a traditional bank could take close to an hour as you must get to the physical bank, wait in line, fill out transaction forms, and speak to a teller. In addition, digital banks offer features like budgeting tools that make it easier to manage your money. They also update you on every aspect of your account with text and email alerts, such as when you make transactions, when you don’t have enough money for an upcoming bill, and so on. This makes the digital banking experience much better than what you get with a traditional bank. Automated payments With digital banks, it’s amazingly easy to automate your payments. You can set up payments that you want to make from your account every month, s | Ransomware Malware Tool | Deloitte Deloitte | |
 |
2022-11-10 10:48:11 | Do you collect "Observables" or "IOCs"?, (Thu, Nov 10th) (lien direct) | Indicators of Compromise, or IOCs,&#;x26;#;xc2;&#;x26;#;xa0;are key elements in blue team activities. IOCs are mainly small pieces of technical information that have been collected during investigations, threat hunting activities&#;x26;#;xc2;&#;x26;#;xa0;or malware analysis. About the last example, the&#;x26;#;xc2;&#;x26;#;xa0;malware analyst&#;x26;#;39;s goal is&#;x26;#;xc2;&#;x26;#;xa0;identify how the malware is behaving and how to indentify it. | Malware Threat | ||
|
2022-11-10 05:50:39 | (Déjà vu) ASEC Weekly Malware Statistics (October 31st, 2022 – November 6th, 2022) (lien direct) | The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from October 31st, 2022 (Monday) to November 6th (Sunday). For the main category, downloader ranked top with 64.8%, followed by infostealer with 25.9%, backdoor with 6.6%, ransomware with 2.2%, and CoinMiner with 0.4%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 39.6%. The malware is distributed via malware disguised... | Ransomware Malware | ||
|
2022-11-10 05:49:52 | Distribution of Word File (External + RTF) Modified to Avoid Detection (lien direct) | Malicious MS Office Word documents have long been used for the distribution of additional RTF malware by exploiting the fact that Word files allow external connection. However, AhnLab has identified the files that seem to have been made to avoid anti-malware detection are being distributed in Korea. Similar to past cases, an email disguised as a work email with a Word document attachment is used, but a unique factor exists in the webSettings.xml.rels file which can be identified within the... | Malware | ||
 |
2022-11-10 04:46:41 | Windows breaks under upgraded IceXLoader malware (lien direct) | We're the malware of Nim! A malware loader deemed in June to be a "work in progress" is now fully functional and infecting thousands of Windows corporate and home PCs.… | Malware | ||
 |
2022-11-09 19:18:30 | Microsoft Patches MotW Zero-Day Exploited for Malware Delivery (lien direct) | Microsoft's latest Patch Tuesday updates address six zero-day vulnerabilities, including one related to the Mark-of-the-Web (MotW) security feature that has been exploited by cybercriminals to deliver malware. | Malware | ||
|
2022-11-09 18:36:00 | Several Cyber Attacks Observed Leveraging IPFS Decentralized Network (lien direct) | A number of phishing campaigns are leveraging the decentralized Interplanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure, and facilitate other attacks. "Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks," Cisco Talos researcher Edmund Brumaghin said in an analysis shared with The Hacker News. | Malware | ||
|
2022-11-09 17:51:08 | New StrelaStealer malware steals your Outlook, Thunderbird accounts (lien direct) | A new information-stealing malware named 'StrelaStealer' is actively stealing email account credentials from Outlook and Thunderbird, two widely used email clients. [...] | Malware | ||
|
2022-11-09 16:31:00 | Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network (lien direct) | The Keksec threat actor has been linked to a previously undocumented malware strain, which has been observed in the wild masquerading as an extension for Chromium-based web browsers to enslave compromised machines into a botnet. Called Cloud9 by security firm Zimperium, the malicious browser add-on comes with a wide range of features that enables it to siphon cookies, log keystrokes, inject | Malware Threat | ||
|
2022-11-09 15:45:00 | New IceXLoader Malware Loader Variant Infected Thousands of Victims Worldwide (lien direct) | An updated version of a malware loader codenamed IceXLoader is suspected of having compromised thousands of personal and enterprise Windows machines across the world. IceXLoader is a commodity malware that's sold for $118 on underground forums for a lifetime license. It's chiefly employed to download and execute additional malware on breached hosts. This past June, Fortinet FortiGuard Labs said | Malware | ||
|
2022-11-09 14:01:34 | Attackers Using IPFS for Distributed, Bulletproof Malware Hosting (lien direct) | The InterPlanetary File System (IPFS), considered one of the building blocks of web3, is increasingly being used to provide hidden bulletproof hosting for malware. “Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks,” say researchers at Cisco Talos. | Malware | ||
|
2022-11-09 13:31:43 | Experts observed Amadey malware deploying LockBit 3.0 Ransomware (lien direct) | >Experts noticed that the Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems. Researchers from AhnLab Security Emergency Response Center (ASEC) reported that the Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows […] | Ransomware Malware | ||
 |
2022-11-09 13:00:17 | Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns (lien direct) | The InterPlanetary File System (IPFS) is an emerging Web3 technology that is currently seeing widespread abuse by threat actors.Cisco Talos has observed multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure while facilitating other attacks.IPFS is often used for legitimate | Malware Threat | ||
 |
2022-11-09 10:53:00 | Researchers show techniques for malware persistence on F5 and Citrix load balancers (lien direct) | Tests show that deploying malware in a persistent manner on load balancer firmware is within reach of less sophisticated attackers. | Malware | ||
 |
2022-11-09 10:30:00 | Advanced RAT AgentTesla Most Prolific Malware in October (lien direct) | Info-stealers take top three spots, says Check Point | Malware | ||
 |
2022-11-09 10:03:50 | Classement Top Malware Check Point du mois d\'octobre 2022 : IcedID prend la tête du classement en France (lien direct) | Classement Top Malware Check Point du mois d'octobre 2022 : IcedID prend la tête du classement en France. IcedID est un cheval de Troie bancaire qui a fait son apparition en septembre 2017. Vidar et Lokibot occupent respectivement les 2ème et 3ème places. - Malwares | Malware | ||
|
2022-11-09 02:27:20 | Another Script-Based Ransomware, (Wed, Nov 9th) (lien direct) | In the past, I already found some script-based ransomware samples written in Python or Powershell[1]. The last one I found was only a “proof-of-concept†(my guess) but it demonstrates how easy such malware can be developed and how they remain undetected by most antivirus products. | Ransomware Malware | ||
 |
2022-11-09 01:50:14 | Patch Tuesday, November 2022 Election Edition (lien direct) | Let's face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we've patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November's patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild. | Malware | ★★★ | |
|
2022-11-08 20:22:00 | Amadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines (lien direct) | The Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. "Amadey bot, the malware that is used to install LockBit, is being distributed through two methods: one using a malicious Word document file, and the other using an executable that takes the disguise of the Word file icon," AhnLab Security Emergency Response Center (ASEC) said in a | Ransomware Malware | ||
|
2022-11-08 19:10:00 | New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader (lien direct) | Cryptocurrency users are being targeted with a new clipper malware strain dubbed Laplas by means of another malware known as SmokeLoader. SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other commodity trojans like SystemBC and Raccoon Stealer 2.0, according to an analysis from Cyble. Observed in | Malware | ||
|
2022-11-08 18:22:33 | SmokeLoader campaign distributes new Laplas Clipper malware (lien direct) | >Researchers observed a SmokeLoader campaign that is distributing a new clipper malware dubbed Laplas Clipper that targets cryptocurrency users. Cyble researchers uncovered a SmokeLoader campaign that is distributing community malware, such as SystemBC and Raccoon Stealer 2.0, along with a new clipper malware tracked as Laplas. The experts detected more than 180 different samples of the clipper […] | Malware | ||
|
2022-11-08 17:56:13 | LockBit affiliate uses Amadey Bot malware to deploy ransomware (lien direct) | A LockBit 3.0 ransomware affiliate is using phishing emails that install the Amadey Bot to take control of a device and encrypt devices. [...] | Ransomware Malware | ||
|
2022-11-08 16:00:00 | Anomali Cyber Watch: Active Probing Revealed Cobalt Strike C2s, Black Basta Ransomware Connected to FIN7, Robin Banks Phishing-as-a-Service Became Stealthier, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Active scanning, EDR evasion, Infostealers, Phishing, and Typosquatting. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild
(published: November 3, 2022)
Cobalt Strike remains a popular post-exploitation tool for threat actors trying to evade threat detection. Cobalt Strike’s Beacons use advanced, flexible command-and-control (C2) communication profiles for stealth communication with an attacker-controlled Linux application called Team Server. Beacon implants can covertly utilize the DNS protocol or communicate via HTTP/HTTPs using the the default Malleable C2 profile or Malleable C2 Gmail profile. Palo Alto researchers probed the Internet for these three types of communication to find previously-unknown active Team Server instances. Researchers were preselecting suspicious IP addresses with Shodan, actively probing them with stager requests and initializing a connection with the netcat tool to test, verify and extract communication profile settings (such as the served stager bytes).
Analyst Comment: Network fingerprinting and active scanning technologies allow for proactive identification of threats such as Cobalt Strike’s C2 IP addresses. Network defenders and intelligence feed providers can get better coverage by improving their collaboration and coverage via threat intelligence platforms such as ThreatStream provided by Anomali.
MITRE ATT&CK: [MITRE ATT&CK] Application Layer Protocol - T1071
Tags: detection:Cobalt Strike Beacon, detection:Cobalt Strike, detection:Cobalt Strike Team Server, Cobalt Strike stager, Active scanning, Shodan, netcat, Post-exploitation tool, Gmail, DNS, TCP, HTTP, Windows
Abusing Microsoft Customer Voice to Send Phishing Links
(published: November 3, 2022)
Avanan researchers detected a phishing campaign that abuses Microsoft Dynamics 365 Customer Voice since at least September 2022. These phishing emails come from legitimate email address surveys@email.formspro.microsoft.com, and clicking the link opens the Microsoft’s Customer Voice domain on a page with URL starting with: customervoice.microsoft.com/Pages/ResponsePage.aspx?id=... At the same time, a user clicking on the embedded “Play Voicemail” link redirects to an attacker-controlled phishing page asking for Microsoft account login credentials.
Analyst Comment: Organizations can use services like Anomali Digital Risk Protection, which defends your brand against brand abuse and continuously monitors domains for cybersquatters and domain hijacking to prevent phishing and malware attacks. Users are advised to always check the current domain by hovering over the URL, especially before entering credentials.
MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566
Tags: Customer Voice, Phishing, Microsoft, Forms Pro
Black Basta Ransomware |
Ransomware Malware Tool Threat | ||
 |
2022-11-08 14:18:48 | New updated IceXLoader claims thousands of victims around the world (lien direct) | >IceXLoader was discovered last June by FortiGuard Labs. It is a commercial malware used to download and deploy additional malware on infected machines. While the version discovered in June (v3.0) looked like a work-in-progress, we recently observed a newer v3.3.3 loader which looks to be fully functionable and includes a multi-stage delivery chain. Figure 1. […] | Malware | ★★★ | |
 |
2022-11-08 11:00:39 | October\'s Most Wanted Malware: AgentTesla Knocks Formbook off Top Spot and New Text4Shell Vulnerability Disclosed (lien direct) | >Check Point Research reports a significant increase in Lokibot attacks in October, taking it to third place for the first time in five months. New vulnerability, Text4Shell, was disclosed for the first time, and AgentTesla took the top spot as the most prevalent malware Our latest Global Threat Index for October 2022 reports that keylogger… | Malware Vulnerability Threat | ||
|
2022-11-08 00:35:33 | (Déjà vu) LockBit 3.0 Being Distributed via Amadey Bot (lien direct) | The ASEC analysis team has confirmed that attackers are using Amadey Bot to install LockBit. Amadey Bot, a malware that was first discovered in 2018, is capable of stealing information and installing additional malware by receiving commands from the attacker. Like other malware strains, it is being sold in illegal forums and still being used by various attackers. It was used in the past to install ransomware by attackers of GandCrab or to install FlawedAmmyy by the TA505 group which... | Ransomware Malware | ||
|
2022-11-07 18:14:23 | Microsoft: China Flaw Disclosure Law Part of Zero-Day Exploit Surge (lien direct) | The world's largest software maker is warning that China-based nation state threat actors are taking advantage of a one-year-old law to “stockpile” zero-days for use in sustained malware attacks. | Malware Threat | ||
 |
2022-11-07 17:29:50 | How the Mac OS X Trojan Flashback Changed Cybersecurity (lien direct) | >Not so long ago, the Mac was thought to be impervious to viruses. In fact, Apple once stated on its website that “it doesn’t get PC viruses”. But that was before the Mac OS X Trojan Flashback malware appeared in 2012. Since then, Mac and iPhone security issues have changed dramatically — and so has […] | Malware | ||
|
2022-11-07 15:30:08 | Oh, look: More malware in the Google Play store (lien direct) | Also, US media hit with JavaScript supply chain attack, while half of govt employees use out-of-date mobile OSes in brief A quartet of malware-laden Android apps from a single developer have been caught with malicious code more than once, yet the infected apps remain on Google Play and have collectively been downloaded more than one million times. … | Malware | ★★★★★ | |
 |
2022-11-07 13:54:49 | Socgholish diversifie et étend son infrastructure de mise en scène de logiciels malveillants pour contrer les défenseurs SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders (lien direct) |
Les opérateurs de Socgholish continuent d'infecter les sites Web à grande échelle, et l'acteur de menace accélère son infrastructure.
SocGholish operators continue to infect websites at a massive scale, and the threat actor is ramping up its infrastructure to match. |
Malware Threat | ★★★ | |
 |
2022-11-07 00:00:00 | Massive Phishing Campaigns Target India Banks\' Clients (lien direct) | We found five banking malware families targeting customers of seven banks in India to steal personal and credit card information via phishing campaigns. | Malware | ||
|
2022-11-05 22:02:59 | Windows Malware with VHD Extension, (Sat, Nov 5th) (lien direct) | Windows 10 supports various virtual drives natively and can recognize and use ISO, VHD and VHDX files. The file included as an attachment with this email, when extracted appears in the email as a PDF but is is in fact a VHD file. | Malware | ||
|
2022-11-05 21:34:11 | 29 malicious PyPI packages spotted delivering the W4SP Stealer (lien direct) | >Cybersecurity researchers discovered 29 malicious PyPI packages delivering the W4SP stealer to developers’ systems. Cybersecurity researchers have discovered 29 packages in the official Python Package Index (PyPI) repository designed to infect developers’ systems with an info-stealing malware dubbed W4SP Stealer. “It appears that these packages are a more sophisticated attempt to deliver the W4SP Stealer on […] | Malware | ||
|
2022-11-05 14:05:00 | Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer (lien direct) | Cybersecurity researchers have uncovered 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming language, that aim to infect developers' machines with a malware called W4SP Stealer. "The main attack seems to have started around October 12, 2022, slowly picking up steam to a concentrated effort around October 22," software supply chain | Malware | ★★ | |
 |
2022-11-05 09:55:10 | (Déjà vu) Emotet revient après un an d\'inactivité (lien direct) | >D'un simple cheval de Troie bancaire à un botnet en passant par une infrastructure de diffusion de contenu, le malware Emotet a bien évolué au fil des années et réapparaît malgré son démantèlement en janvier 2021 par des autorités internationales (États-Unis, Pays-Bas, Royaume-Uni, France, Ukraine, Lituanie et Canada). The post Emotet revient après un an d'inactivité first appeared on UnderNews. | Malware | ||
|
2022-11-04 19:13:00 | Researchers Detail New Malware Campaign Targeting Indian Government Employees (lien direct) | The Transparent Tribe threat actor has been linked to a new campaign aimed at Indian government organizations with trojanized versions of a two-factor authentication solution called Kavach. "This group abuses Google advertisements for the purpose of malvertising to distribute backdoored versions of Kavach multi-authentication (MFA) applications," Zscaler ThreatLabz researcher Sudeep Singh said | Malware Threat | APT 36 | |
|
2022-11-04 11:27:14 | Emotet revient après un an d\'inactivité : réaction d\'Infoblox (lien direct) | D'un simple cheval de Troie bancaire à un botnet en passant par une infrastructure de diffusion de contenu, le malware Emotet a bien évolué au fil des années et réapparaît malgré son démantèlement en janvier 2021 par des autorités internationales (États-Unis, Pays-Bas, Royaume-Uni, France, Ukraine, Lituanie et Canada). - Malwares | Malware |
To see everything:
Our RSS (filtrered)
