What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-05-07 17:31:12 | Poulight Stealer, a new Comprehensive Stealer from Russia (lien direct) | Researchers from Cybaze-Yoroi ZLab monitored the evolution and the diffusion of an infostealer dubbed Poulight that most likely has a Russian origin. Introduction Nowadays, info-stealer is one of the most common threats. This category of malware includes famous malware like Azorult, Agent Tesla, and Hawkeye. Infostealer market is one of the most remunerative for cyber criminals, information gathered […] | Malware | ||
|
2020-05-07 11:00:11 | Brazilian trojan banker is targeting Portuguese users using browser overlay (lien direct) | Since the end of April 2020, a new trojan has been affecting Portuguese users from several bank organizations. The modus operandi of this piece of malware is not new in Portugal. At least since the year of 2014 that new variants have been observed, with minor changes, and with the objective of collecting bank details […] | Malware | ||
|
2020-05-05 20:36:39 | Recorded Future to Provide Free Access to Elite Intelligence Through New Browser Extension (lien direct) | Level up Your Security Program With the Same Security Intelligence Used by the World’s Largest Governments and Many of the Fortune 1000 Recorded Future, the largest global security intelligence provider, today released a free browser extension that helps prioritize SIEM alerts and vulnerability patching, in addition to providing enhanced malware analysis. With this release, Recorded […] | Malware Vulnerability | ||
|
2020-05-03 12:39:23 | Security Affairs newsletter Round 262 (lien direct) | A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Please give me your vote for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERShttps://docs.google.com/forms/d/e/1FAIpQLSe8AkYMfAAwJ4JZzYRm8GfsJCDON8q83C9_wu5u10sNAt_CcA/viewform Coronavirus-themed attacks April 19 – April 25, 2020 Crooks target US universities with malware used by nation-state actors Hackers exploit SQL injection zero-day […] | Malware | ||
|
2020-05-03 11:47:17 | Cyber Threats Observatory Gets Improvements (lien direct) | Today I am so happy to announce a big improvement in the cyber threats observatory (available for here). The main improvement sees the introduction of clustering stereotypes for each tracked malware family in three different behaviors: Domains, Files and Processes. Every malware does specific actions on domains, files and processes realms by meaning that every sample contacts several domain names, spawns specific processes and […] | Malware | ||
|
2020-04-30 21:19:07 | Crooks spread malware via pirated movies during COVID-19 outbreak (lien direct) | Microsoft warns of a spike in malware spreading via pirate streaming services and movie piracy sites during the COVID-19 pandemic. With most people forced to stay at home due to the ongoing COVID-19 pandemic, the popularity of pirate streaming services and movie piracy sites is rocketed. Crooks are attempting to take advantage of COVID-19 pandemic […] | Malware | ||
|
2020-04-30 10:43:22 | EventBot, a new Android mobile targets financial institutions across Europe (lien direct) | Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. Researchers from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe The malware first appeared in the threat landscape in March, in implements […] | Malware Threat | ||
|
2020-04-28 10:35:13 | Outlaw is Back, a New Crypto-Botnet Targets European Organizations (lien direct) | The Outlaw Hacking Group is back, malware researchers from Cybaze-Yoroi ZLab have uncovered a new botnet that is targeting European organizations Introduction During our daily monitoring activities, we intercepted a singular Linux malware trying to penetrate the network of some of our customers. The Linux malware is the well-known “Shellbot”, it is a crimetool belonging […] | Malware | ★★★ | |
|
2020-04-26 09:23:44 | (Déjà vu) Crooks target US universities with malware used by nation-state actors (lien direct) | Several US universities and colleges were targeted in phishing attacks aimed at delivering malware previously used by China-linked APT groups. Faculty and students at several U.S. universities and colleges were targeted in phishing attacks, threat actors attempted to infect the victims’ systems with a remote access Trojan (RAT) previously used by Chinese state-sponsored hackers. The […] | Malware Threat | ||
|
2020-04-20 16:36:29 | Threat Report Portugal Q1 2020 (lien direct) | Threat Report Portugal Q1 2020: Phishing and malware by numbers. The Portuguese Abuse Open Feed 0xSI_f33d is a novel open sharing database with the ability to collect indicators from multiple sources, developed by Segurança-Informática. This feed is based on automatic searches and also has a strong contribution from the community. This makes it a reliable and trustworthy and […] | Malware Threat | ||
|
2020-04-20 15:43:41 | Law enforcement and Microsoft join forces to dismantle botnet using LED Light Control Console (lien direct) | Cybercriminals have abused LED light control console to launch malicious attacks, Microsoft's security experts warn. Microsoft researchers shared details of a new incident discovered in Taiwan, where crooks abused LED light control consoles to launch malicious attacks. Threat actors used the consoles to deliver malware and ransomware through an IoT botnet that was also used […] | Ransomware Malware Threat | ||
|
2020-04-18 08:36:58 | Trickbot is the most prolific malware operation using COVID-19 themed lures (lien direct) | TrickBot is the malware that most of all is involved in COVID-19-themed attacks, Microsoft’s Office 365 Advanced Threat Protection (ATP) data reveals. The analysis of Microsoft Office 365 ATP data revealed that TrickBot is, at the moment, the malware operation with the highest number of unique COVID-19-themed malicious emails and attachments. Microsoft experts revealed that this campaign […] | Malware Threat | ||
|
2020-04-17 11:01:37 | Gmail blocked 18 Million phishing and malware emails using COVID-19 lures in a week (lien direct) | Google says that the Gmail malware scanners have blocked around 18 million phishing and malware emails using COVID-19 lures in just one week. Google announced that its anti-malware solutions implemented to defend its Gmail users have blocked around 18 million phishing and malware emails using COVID-19 lures within the last seven days. The IT giant also […] | Malware | ||
|
2020-04-12 10:43:39 | A new e-skimmer found on WordPress site using the WooCommerce plugin (lien direct) | Experts discovered a new e-skimmer employed in MageCart attacks against WordPress websites using the WooCommerce plugin. Experts from security firm Sucuri discovered a new e-skimmer software that is different from similar malware used in Magecart attacks. The new software skimmed was employed in attacks on the WordPress-based e-store using the WooCommerce plugin. The e-skimmer doesn't […] | Malware | ||
|
2020-04-09 21:24:17 | (Déjà vu) Travelex paid $2.3 Million ransom to restore after a ransomware attack (lien direct) | Travelex reportedly paid a $2.3 million ransom to decrypt its files after being encrypted by the infamous Sodinokibi ransomware. The UK-based currency exchange Travelex currency exchange has been forced offline following a malware attack launched on New Year's Eve. The London-based company, which operates more than 1,500 stores globally, suffered the attack on December 31, 2019, […] | Ransomware Malware | ||
|
2020-04-09 13:08:29 | Phishers prefer Tesla, top 3 malware strains in Coronavirus phishing campaigns (lien direct) | Group-IB's CERT-GIB analyzed hundreds of coronavirus-related phishing emails and discovered top malware strains in COVID-19 campaigns Group-IB's Computer Emergency Response Team (CERT-GIB) analyzed hundreds of coronavirus-related phishing emails between February 13 and April 1, 2020. Spyware turned out to be the most common malware class hiding in fraudulent COVID-19 emails, with AgentTesla topping the list of phishers' favorite strains. Group-IB researchers also discovered that coronavirus […] | Malware | ||
|
2020-04-07 19:50:22 | xHelper, the Unkillable Android malware that re-Installs after factory reset (lien direct) | xHelper, a new strain of Android malware is able to re-install itself on infected devices even after victims delete it or force a factory reset. xHelper is a piece of malware that was first spotted in October 2019 by experts from security firm Symantec, it is a persistent Android dropper app that is able to reinstall itself even […] | Malware | ★★★ | |
|
2020-04-06 07:50:04 | Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner (lien direct) | Experts uncovered a hacking campaign that is breaching Docker clusters to deploy a new crypto-mining malware tracked as Kinsing. Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password. Then the attackers break into the […] | Malware | ||
|
2020-04-02 14:28:13 | New COVID19 wiper overwrites MBR making computers unusable (lien direct) | A recently discovered strain of malware exploits the current COVID19 pandemic to render computers unusable by overwriting the MBR. SonicWall's security researchers have discovered a new piece of malware that exploits the current COVID19 outbreak to render computers unusable by overwriting the master boot record (MBR). Unfortunately, this is one of the numerous attacks conducted by […] | Malware | ||
|
2020-04-01 09:38:59 | New Raccoon Stealer uses Google Cloud Services to evade detection (lien direct) | Researchers found a piece of Raccoon Stealer that abuse of Google Cloud Services and leverages multiple delivery techniques. Racoon malware (aka Legion, Mohazo, and Racealer) is an info-stealer that recently appeared in the threat landscape that is advertised in hacking forums. The malware is cheap compared to similar threats, it is able to steal sensitive data from about […] | Malware Threat | ||
|
2020-04-01 08:00:10 | LimeRAT malware delivered using 8-year-old VelvetSweatshop trick (lien direct) | Researchers spotted a campaign using Excel files to spread LimeRAT malware using the 8-year-old and well-known VelvetSweatshop bug. Researchers at the Mimecast Threat Center spotted a new campaign using Excel files to spread LimeRAT malware using the 8-year-old VelvetSweatshop bug. LimeRAT is a powerful Remote Administration Tool publicly available as an open-source project on Github, it […] | Malware Tool Threat | ||
|
2020-03-31 11:20:03 | FBI warns of nation-state actors using the Kwampirs malware (lien direct) | For the third time in a few weeks, the FBI has issued an alert about supply chain attacks carried out by nation-state actors using the Kwampirs malware. The FBI has issued an alert about supply chain attacks using the Kwampirs malware as part of a hacking campaign carried out on a global scale by state-sponsored […] | Malware | ||
|
2020-03-30 20:19:28 | Crooks leverage Zoom\'s popularity in Coronavirus outbreak to serve malware (lien direct) | Online communication platforms such as Zoom are essential instruments at the time of Coronavirus outbreak, and crooks are attempting to exploit their popularity. The Coronavirus outbreak is changing our habits and crooks are attempting to take advantage of the popularity of online communication platforms such as Zoom that are used by businesses, school classrooms and […] | Malware | ||
|
2020-03-30 15:24:27 | Zeus Sphinx spam campaign attempt to exploit Coronavirus outbreak (lien direct) | The Zeus Sphinx malware is back, operators are now spreading it exploiting the interest in the Coronavirus outbreak. The Zeus Sphinx malware is back, it was observed in a new wave of attacks attempting to exploit the interest in the Coronavirus outbreak. Experts from IBM X-Force uncovered a hacking campaign employing the Zeus Sphinx malware, […] | Spam Malware | ||
|
2020-03-27 14:50:48 | Google issued 40,000 alerts of State-Sponsored attacks in 2019 (lien direct) | Google announced to have warned users of almost 40,000 alerts of state-sponsored phishing or malware attacks during 2019. Google shared data on alerts related to state-sponsored attacks, the tech giant revealed that it issued almost 40,000 alerts of state-sponsored phishing or malware attacks to its users during 2019. The number of alerts decreased by 25% […] | Malware | ||
|
2020-03-26 14:38:14 | (Déjà vu) Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware (lien direct) | The number of Coronavirus-themed attacks continues to increase, crooks hijack D-Link and Linksys routers to redirect users to sites spreading COVID19-themed malware. Crooks continue to launch Coronavirus-themed attacks, experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware. Hackers compromiseD-Link and Linksys routers and change DNS settings to redirect […] | Malware | ||
|
2020-03-26 09:08:42 | WordPress WP-VCD malware delivered via pirated Coronavirus plugins (lien direct) | Crooks behind the WordPress WP-VCD malware are distributing pirated versions of the Coronavirus plugins that inject a backdoor into websites. behind the WordPress WP-VCD malware are distributing pirated versions of the Coronavirus plugins that inject a backdoor into websites The malware was first spotted in July 2017 by the Italian security expert Manuel D'Orso who noticed that the malicious code was […] | Malware | ||
|
2020-03-24 21:45:39 | WildPressure, a new APT group targets the Middle East\'s industrial sector (lien direct) | Security experts from Kaspersky Lab have uncovered the activity of a new threat actor, tracked as WildPressure, targeting the industrial sector in the Middle East. The WildPressure was spotted for the first time in August 2019 when researchers detected a never-before-seen malware that has no similarities with other samples analyzed by the experts. “In August […] | Malware Threat | ||
|
2020-03-24 11:08:07 | MalwareBazaar – welcome to the abuse-ch malware repository (lien direct) | Abuse.ch launched the MalwareBazaar service, a malware repository to allow experts to share known malware samples and related info. Abuse.ch launched a malware repository, called MalwareBazaar, to allow experts to share known malware samples and related analysis. MalwareBazaar is available for free and only collects known malware samples, the repository will not include adware or […] | Malware | ||
|
2020-03-24 10:06:10 | (Déjà vu) New York Attorney General asks domain registrars to crack down on coronavirus scam sites (lien direct) | New York Attorney General asks domain registrars, including GoDaddy, and Namecheap, to crack down on coronavirus scam sites. The Coronavirus-themed attacks continue to increase, experts warn of thousands of COVID-19 scam and malware sites are being created every day. The New York Attorney General asks GoDaddy, Namecheap, Register.com, and Endurance International Group and other domain […] | Malware | ||
|
2020-03-23 18:52:03 | The University of Utah Health discloses security breach (lien direct) | The University of Utah Health disclosed a security breach, it has discovered malware on its systems and revealed unauthorized access to some employee email accounts. The University of Utah Health disclosed a security breach, the research hospital has discovered unauthorized access to some employee email accounts along with the presence of malware on its systems. […] | Malware | ||
|
2020-03-22 13:09:27 | Security Affairs newsletter Round 256 (lien direct) | A new round of the weekly newsletter arrived! The best news of the week with Security Affairs BlackWater, a malware that uses Cloudflare Workers for C2 Communication Coronavirus-themed attacks February 1 – March 15, 2020 Massive cyber attack hit the town hall of Marseille ahead local election Noooo, now Ancient Tortoise BEC scammers are launching […] | Malware | ||
|
2020-03-19 21:20:48 | Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations (lien direct) | A new variant of the TrickBot malware is targeting telecommunications organizations in the United States and Hong Kong. Security experts from Bitdefender recently discovered a new TrickBot variant that is targeting telecommunications organizations in the United States and Hong Kong. TrickBot is a popular banking Trojan that has been around since October 2016, its authors have continuously […] | Malware | ||
|
2020-03-18 17:46:47 | Thousands of Coronavirus-related malicious domains are being created every day (lien direct) | The Coronavirus-themed attacks continue to increase, experts warn of thousands of COVID-19 scam and malware sites are being created every day. Crooks and nation-state actors continue to exploit the interest of potential victims in the Coronavirus outbreak. In recent weeks, we observed that threat actors are creating thousands of coronavirus-themed websites on a daily basis. […] | Malware Threat | ||
|
2020-03-16 08:40:59 | Experts warn of a new strain of ransomware, the PXJ Ransomware (lien direct) | Experts warn of a new malware strain, dubbed PXJ Ransomware, that does share the same underlying code with existing ransomware families. Security experts from IBM X-Force have spotted a new strain of ransomware, dubbed PXJ Ransomware, that does share the same code with other known ransomware families. While PXJ performs typical ransomware functions, it does […] | Ransomware Malware | ||
|
2020-03-15 15:30:44 | Security Affairs newsletter Round 255 (lien direct) | A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Facebook sues Namecheap to protect people from domain name fraud Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers New Coronavirus-themed malspam campaign delivers FormBook Malware The City of Durham shut down its network […] | Malware | ||
|
2020-03-15 14:00:44 | Coronavirus-themed attacks February 1 – March 15, 2020 (lien direct) | In this post, I decided to share the details of the Coronavirus-themed attacks launched from February 1 to March 15, 2020. February 1, 2020 – Crooks start exploiting Coronavirus as bait to spread malware Security researchers warn of campaigns aimed at spreading malware that exploits media attention on the COVID-19 epidemic. February 25, 2020 – South Korea […] | Malware | ★★★ | |
|
2020-03-15 13:04:46 | Noooo, now Ancient Tortoise BEC scammers are launching Coronavirus-Themed attacks (lien direct) | A cybercrime gang focused on Business Email Compromise (BEC) has started using coronavirus-themed scam emails in its attacks. While the Coronavirus is spreading worldwide cybercriminals and nation-state actors are launching COVID19-themed attacks on a global scale. Most of the attacks aimed at spreading malware to control victims’ computers and stealing sensitive data, but now a […] | Malware | ★★★ | |
|
2020-03-15 10:04:26 | (Déjà vu) BlackWater, a malware that uses Cloudflare Workers for C2 Communication (lien direct) | Crooks continue to abuse the interest in Coronavirus outbreak, now experts found a new backdoor called BlackWater that pretends to provide information about COVID-19. Experts found a new backdoor malware called BlackWater that pretends to provide information about the COVID-19 outbreak while abusing Cloudflare Workers as an interface to the C2 server. Cloudflare Workers provide a serverless execution […] | Malware | ||
|
2020-03-13 09:17:44 | Russia-Linked Turla APT uses new malware in watering hole attacks (lien direct) | The Russia-linked APT group Turla employed two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019. The Russia-linked APT group Turla employed two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019. The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous […] | Malware | ||
|
2020-03-08 14:31:11 | New Coronavirus-themed malspam campaign delivers FormBook Malware (lien direct) | Experts uncovered a new Coronavirus (COVID-19)-themed campaign that is distributing a malware downloader that delivers the FormBook information-stealing Trojan. Experts at MalwareHunterTeam uncovered a new malspam campaign exploiting the fear in the Coronavirus (COVID-19) to deliver malware. The campaign uses emails that pretend being sent by members of the World Health Organization (WHO), the messages […] | Malware | ||
|
2020-03-05 20:01:41 | Malware campaign employs fake security certificate updates (lien direct) | Crooks are using a new phishing technique to trick victims into accepting the installation of a security certificate update and deliver malware. Security experts from Kaspersky Lab discovered spotted a new attack technique used by crooks to distribute malware by tricking victims into installing a malicious “security certificate update” when they visit compromised websites. We […] | Malware | ||
|
2020-03-05 12:04:20 | Hundreds of Microsoft sub-domains open to hijacking (lien direct) | Security researchers demonstrated that hundreds of sub-domains belonging to Microsoft could potentially be hijacked and abused to deliver malware and for phishing attacks. Researchers have devised another way to carry out an attack, for example, inviting victims to download a fake update from an apparently trusted URL such as mybrowser.microsoft.com. Security researchers Numan Ozdemir and […] | Malware | ||
|
2020-03-03 15:38:10 | Nemty ransomware operators launch their data leak site (lien direct) | The operators behind the Nemty ransomware set up a data leak site to publish the data of the victims who refuse to pay ransoms. Nemty ransomware first appeared on the threat landscape in August 2019, the name of the malware comes after the extension it adds to the encrypted file names. The ransomware deletes shadow copies of encrypted files […] | Ransomware Malware Threat | ||
|
2020-03-01 10:22:01 | Security Affairs newsletter Round 253 (lien direct) | A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Google sued by New Mexico attorney general for collecting student data through its Education Platform ISS reveals malware attack impacted parts of the IT environment ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia […] | Malware | ||
|
2020-02-27 18:57:25 | Lampion malware origin servers geolocated in Turkey (lien direct) | After three months from the first detection, the Lampion origin was identified. A webserver named “portaldasfinancas” is available in Turkey and has been used to spread the threat in Portugal. Lampion malware is the most critical malware affecting Portuguese users' last three months. From December 2019 it had spread, impersonating and using template emails from the Portuguese […] | Malware Threat | ★★ | |
|
2020-02-27 13:21:26 | (Déjà vu) New strain of Cerberus Android banking trojan can steal Google Authenticator codes (lien direct) | Experts found a new version of the Cerberus Android banking trojan that can steal one-time codes generated by the Google Authenticator app and bypass 2FA. Security researchers from ThreatFabric warn of a new Android malware strain can now steal one-time passcodes (OTP) generated through Google Authenticator that is used as part of 2FA to protect online […] | Malware | ||
|
2020-02-25 10:09:27 | South Korea suffers from the spread of people infected with Corona 19 (lien direct) | In this situation, ‘Est security’ found malicious code disguised as a ‘Corona 19 real-time status’ inquiry program and asked the public’s attention. The malware found is an executable program (EXE) using file names such as ‘Corona’s domestic status’ and ‘Corona’s real-time corona status.’ When you run the file, you will see a pop-up window titled […] | Malware | ||
|
2020-02-24 21:35:29 | Lampion malware v2 February 2020 (lien direct) | Since end-December 2019 lampion malware has been noted as the most prominent malware targeting Portuguese organizations. Several devices have been infected when the victims open the zip file downloaded from the URL embedded in the malicious email that lures the Portuguese Government Finance & Tax (ATA), Energias de Portugal (EDP), and more recently the DPD firm – an international parcel delivery […] | Malware | ||
|
2020-02-24 20:10:50 | Raccoon Malware, a success case in the cybercrime ecosystem (lien direct) | Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware, Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. The malware is cheap compared to similar threats, it is able to steal sensitive data […] | Malware Threat |
To see everything:
Our RSS (filtrered)
