What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-10-22 12:32:47 | Trend Micro Anti-Threat Toolkit could be used to run malware on Win PCs (lien direct) | A vulnerability in the Trend Micro Anti-Threat Toolkit (ATTK) can be exploited by attackers to run malware on targets’ Windows systems. The security expert and bug-hunter John “hyp3rlinx” Page discovered an arbitrary code execution vulnerability, tracked as CVE-2019-9491, in the Trend Micro Anti-Threat Toolkit. Trend Micro ATTK allows analyzing malware issues and clean infections. It can […] | Malware Vulnerability | ||
|
2019-10-21 14:41:55 | Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers (lien direct) | Security experts have a new malware, dubbed skip-2.0 used by the China-linked APT group to establish a backdoor in Microsoft SQL Server systems. Security experts at ESET have discovered a new malware, dubbed skip-2.0, used by the Chinese Winnti cyberespionage group to gain persistence on Microsoft SQL Server systems. The Winnti group was first spotted by […] | Malware | ||
|
2019-10-20 12:25:14 | (Déjà vu) Security Affairs newsletter Round 236 (lien direct) | A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. A new Mac malware dubbed Tarmac has been distributed via […] | Malware | ||
|
2019-10-18 19:35:09 | Systems at Ingredients provider Ingredion infected with a Malware (lien direct) | The US ingredient provider Ingredion Incorporated announced that it has recently detected suspicious activity associated with a malware attack. The US ingredient provider Ingredion Incorporated revealed to have detected an ongoing malware attack after its experts noticed a suspicious activity this week. Ingredion has hired third-party experts to help its staff in investigating the incident […] | Malware | ||
|
2019-10-13 09:32:45 | A new Mac malware dubbed Tarmac has been distributed via malvertising campaigns (lien direct) | Confiant researchers have discovered a new Mac malware dubbed Tarmac distributed via malvertising campaigns in the US, Italy, and Japan. Security experts at Confiant have discovered a new Mac malware dubbed Tarmac that is distributed via malvertising campaigns in the US, Italy, and Japan. “Malicious ads redirect victims to sites showing popups peddling software updates, […] | Malware | ||
|
2019-10-10 18:02:09 | (Déjà vu) Attor malware was developed by one of the most sophisticated espionage groups (lien direct) | New espionage malware found targeting Russian-speaking users in Eastern Europe ESET found an advanced malware piece of malware named Attor, targeting diplomats and high-profile Russian-speaking users in Eastern Europe. ESET researchers discovered an advanced malware piece of malware named Attor, that was used in cyberespionage operations on diplomats and high-profile Russian-speaking users in Eastern Europe. […] | Malware | ||
|
2019-10-10 09:10:42 | Amnesty claims that 2 Morocco rights advocates were targeted by NSO Group spyware (lien direct) | NSO Group ‘s surveillance spyware made the headlines again, this time the malware was used to spy on 2 rights activists in Morocco according Amnesty International. Amnesty International collected evidence of new abuses of the NSO Group ‘s surveillance spyware, this time the malware was used to spy two rights activists in Morocco. Experts at […] | Malware | ||
|
2019-10-07 05:28:34 | PoS malware infections impacted four restaurant chains in the U.S. (lien direct) | Four restaurant chains in the U.S. disclosed payment card theft via PoS malware that took place over the summer. Four restaurant chains in the United States disclosed security breaches that impacted their payment systems over the summers, crooks used PoS malware to steal payment card data of the customers. The restaurant chains are McAlister’s Deli, […] | Malware | ||
|
2019-10-01 14:27:35 | A new Adwind variant involved in attacks on US petroleum industry (lien direct) | Adwind is back, a new variant of the popular RAT is targeting US petroleum industry entities with new advanced features. A new variant of the popular Adwind RAT (aka jRAT, AlienSpy, and JSocket) is targeting entities in the US petroleum industry. The new variant implements advanced features such as multi-layer obfuscation. The malware is distributed via a […] | Malware | ||
|
2019-10-01 08:16:41 | Frequent VBA Macros used in Office Malware (lien direct) | The malware expert Marco Ramilli collected a small set of VBA Macros widely re-used to “weaponize” Maldoc (Malware Document) in cyber attacks. Nowadays one of the most frequent cybersecurity threat comes from Malicious (office) document shipped over eMail or Instant Messaging. Some analyzed threats examples include: Step By Step Office Dropper Dissection, Spreading CVS Malware over Google, Microsoft […] | Malware Threat | ||
|
2019-09-30 12:18:20 | Exclusive: MalwareMustDie analyzes a new IoT malware dubbed Linux/ AirDropBot (lien direct) | After 2 years of waiting, MalwareMustDie returns with an excellent page of malware analysis of a new IoT malware: Linux/AirDropBot. Yes, I have to confess, it was hard to wait all this time, but the reward it was worth it: unixfreaxjp is return, with a new, great page of reverse engeeniring published on the MalwareMustDie […] | Malware | ||
|
2019-09-30 08:19:53 | Arcane Stealer V, a threat for lower-skilled adversaries that scares experts (lien direct) | Experts recently analyzed an information-stealing malware tracked as Arcane Stealer V that is very cheap and easy to buy in the Dark Web. In July 2019, researchers at Fidelis Threat Research Team (TRT) analyzed a sample of Arcane Stealer V, a .net information-stealing malware that is easy to acquire in the dark web. The author […] | Malware Threat | ||
|
2019-09-29 08:57:36 | WhiteShadow downloader leverages Microsoft SQL to retrieve multiple malware (lien direct) | Researchers at Proofpoint have spotted a piece of downloader, dubbed WhiteShadow, that leverages Microsoft SQL queries to pull and deliver malicious payloads. In August, malware researchers at Proofpoint spotted a new downloader which is being used to deliver a variety of malware via Microsoft SQL queries. The experts detected new Microsoft Office macros, which collectively […] | Malware | ||
|
2019-09-29 07:55:03 | Masad Stealer Malware exfiltrates data via Telegram (lien direct) | Experts at Juniper Threat Labs have discovered a new piece of malware dubbed Masad Stealer that exfiltrates cryptocurrency wallet files via Telegram. Security researchers at the Juniper Threat Labs discovered a strain of malware dubbed Masad Stealer that is actively distributed. The malware could steals files, browser information, and cryptocurrency wallet data and send them […] | Malware Threat | ||
|
2019-09-28 19:39:13 | Nodersok malware delivery campaign relies on advanced techniques (lien direct) | Microsoft researchers observed a campaign delivering malware, dubbed Nodersok, relying on advanced techniques and elusive network infrastructure. Microsoft experts observed a malware campaign, tracked as Nodersok, relying on advanced techniques and elusive network infrastructure. Microsoft uncovered the campaign in mid-July when noticed patterns in the anomalous usage of MSHTA.exe. Nodersok abuse of legitimate tools also […] | Malware | ||
|
2019-09-27 12:37:31 | Magecart 5 hacker group targets L7 Routers (lien direct) | IBM researchers observed one of the Magecart groups using a malicious code to inject into commercial-grade layer 7 L7 routers. IBM X-Force Incident Response and Intelligence Services (IRIS) experts observed that one of the Magecart groups, tracked as MG5, is using malware to inject into commercial-grade L7 routers. The experts believe the hackers are likely […] | Malware | ||
|
2019-09-26 11:39:13 | Study shows connections between 2000 malware samples used by Russian APT groups (lien direct) | A joint research from Intezer and Check Point Research shows connections between nearly 2,000 malware samples developed by Russian APT groups. A joint research from Intezer and Check Point Research shed light on Russian hacking ecosystem and reveals connections between nearly 2,000 malware samples developed by Russian APT groups. The report is extremely interesting because gives to the analysts […] | Malware | ||
|
2019-09-24 05:12:29 | North Korea-linked malware ATMDtrack infected ATMs in India (lien direct) | Kaspersky experts spotted a new piece of ATM malware, dubbed ATMDtrack, that was developed and used by North Korea-linked hackers. Kaspersky researchers discovered a new piece of ATM malware, tracked as ATMDtrack, that was developed and used by North Korea-linked hackers. Threat actors deployed the malware on ATM systems to steal payment card details of […] | Malware Threat | ||
|
2019-09-20 14:52:05 | U.S. taxpayers hit by a phishing campaign delivering the Amadey bot (lien direct) | Cofense researchers spotted a phishing campaign that is targeting taxpayers in the United States to infect them with the Amadey malware. Security experts at Cofense uncovered a phishing campaign that is targeting taxpayers in the United States attempting to infect them with a new piece of malware named Amadey. The Amadey bot is a quite […] | Malware | ||
|
2019-09-20 11:28:47 | Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign (lien direct) | Agent Tesla is a fully customizable password info-stealer offered as malware-as-a-service, many cyber criminals are choosing it as their preferred recognition tool. Introduction Nowadays the Malware-As-A-Service is one of the criminal favorite ways to breach security perimeter. Agent Tesla is one of these “commodity malware”. It is a fully customizable password info-stealer and many cyber […] | Malware | ||
|
2019-09-19 13:32:39 | Emotet is back, it spreads reusing stolen email content (lien direct) | Emotet is back, its operators leverage a recently introduced spear-phishing technique to deliver their malware, they are hijacking legitimate email conversations. In 2019, security experts haven’t detected any activity associated with Emotet since early April, when researchers at Trend Micro have uncovered a malware campaign distributing a new Emotet Trojan variant that compromises devices and […] | Malware | ||
|
2019-09-18 06:23:39 | Skidmap Linux miner leverages kernel-mode rootkits to evade detection (lien direct) | Trend Micro researchers spotted a piece of Linux cryptocurrency miner, dubbed Skidmap that leverages kernel-mode rootkits to evade the detection. Skidmap is a new piece of crypto-miner detected by Trend Micro that target Linux machines, it uses kernel-mode rootkits to evade the detection. This malware outstands similar miners because of the way it loads malicious […] | Malware | ||
|
2019-09-16 20:07:19 | MobiHok RAT, a new Android malware based on old SpyNote RAT (lien direct) | A new Android malware has appeared in the threat landscape, tracked as MobiHok RAT, it borrows the code from the old SpyNote RAT. Experts from threat intelligence firm SenseCy spotted a new piece of Android RAT, dubbed MobiHok RAT, that used code from the old SpyNote RAT. At the beginning of July 2019, the experts […] | Malware Threat | ||
|
2019-09-14 15:33:13 | InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets (lien direct) | Researchers at Zscaler have spotted a new malware dubbed InnfiRAT that infects victims’ systems to steal cryptocurrency wallet data. Researchers at Zscaler have discovered a new Trojan dubbed InnfiRAT that implements many standard Trojan capabilities along with the ability to steal cryptocurrency wallet data. “As with just about every piece of malware, InnfiRAT is designed […] | Malware | ||
|
2019-09-13 18:04:53 | WatchBog cryptomining botnet now uses Pastebin for C2 (lien direct) | A new cryptocurrency-mining botnet tracked as WatchBog is heavily using the Pastebin service for command and control (C&C) operations. Cisco Talos researchers discovered a new cryptocurrency-mining botnet tracked as WatchBog is heavily using the Pastebin service for command and control. The WatchBog bot is a Linux-based malware that is active since last year, it targets […] | Malware | ||
|
2019-09-12 05:23:04 | LokiBot info stealer involved in a targeted attack on a US Company (lien direct) | Security researchers at Fortinet uncovered a malspam campaign aimed distributing the LokiBot malware at a US manufacturing company. FortiGuard SE Team experts uncovered a malspam campaign aimed distributing the LokiBot malware at a US manufacturing company. The Lokibot malware has been active since 2015, it is an infostealer that was involved in many malspam campaigns aimed […] | Malware | ||
|
2019-09-09 21:30:01 | Stealth Falcon New Malware Uses Windows BITS Service to Stealthy Exfiltrate Data (lien direct) | ESET researchers discovered a new malware associated with the Stealth Falcon APT group that abuses the Windows BITS service to stealthy exfiltrate data. Security researchers from discovered a new malware associated with the Stealth Falcon cyber espionage group that abuses the Windows BITS service to stealthy exfiltrate data. Stealth Falcon is a nation-state actor active […] | Malware | ||
|
2019-09-09 06:24:05 | Belarusian authorities seized XakFor, one of the largest Russian-speaking hacker sites (lien direct) | Ministry of Internal Affairs announced that Belarusian police have seized and shutdown XakFor, one of the largest hacking forums on the internet. Belarusian police have seized the servers of XakFor (xakfor[.]net), a popular hacking forum a place frequented by hackers, malware authors, scammers and cybercriminals. The news was first reported by the Belarusian news outlet […] | Malware | ||
|
2019-09-07 12:16:00 | (Déjà vu) Thousands of servers infected with the Lilocked Ransomware (lien direct) | A new ransomware tracked as Lilocked (or Lilu) by researchers is actively targeting servers and encrypting the data stored on them. The Lilocked ransomware has already infected thousands of Linux-based web servers since mid-July. The Lilocked ransomware was first reported at the end of July by the popular malware researcher Michael Gillespie after a sample has been uploaded […] | Ransomware Malware | ||
|
2019-09-04 11:21:01 | JSWorm: The 4th Version of the Infamous Ransomware (lien direct) | Malware researchers at Yoroi-Cybaze ZLab have analyzed the fourth version of the infamous JSWorm Ransomware. Introduction The ransomware attacks have no end. These cyber weapons are supported by a dedicated staff that constantly update and improve the malware in order to make harder detection and decryption. As the popular GandCrab, which was carried on up […] | Ransomware Malware | ||
|
2019-09-03 15:05:04 | Writing Your First Bootloader for Better Analyses (lien direct) | Marco Ramilli explained MBR works and how is it possible to write a bootloader program, this skill will help you to analyze next BootLoader Malware. From time to time we might observe special Malware storing themselves into a MBR and run during the booting process. Attackers could use this neat technique to infect and to mess-up your […] | Malware | ||
|
2019-08-29 10:13:05 | Lumber Liquidators hit by malware attack that took down its network (lien direct) | Lumber Liquidators, a leading specialty retailer of hard-surface flooring in North America, announced that a malware attack took down its network. North American hard-surface flooring retailer Lumber Liquidators revealed that it was victim of a security incident, a malware-based attack took down part of its network for nearly a week. Lumber Liquidators has 416 locations […] | Malware Guideline | ||
|
2019-08-28 16:21:05 | French Police remotely disinfected 850,000 PCs from RETADUP bot (lien direct) | The French police force, National Gendarmerie, announced to have neutralized the Retadup malware on over 850,000 computers taking over its C2 server. The French police force, National Gendarmerie, announced the successful takedown of a huge RETADUP botnet after it has taken the control of its command and control (C2) server. The operation allowed the France law enforcement […] | Malware | ★★★ | |
|
2019-08-28 08:38:05 | (Déjà vu) TA505 group updates tactics and expands the list of targets (lien direct) | Recent campaigns show threat actors behind the Dridex and Locky malware families, the TA505 group, have updated tactics and expanded its target list. Trend Micro revealed that the TA505 group that is behind the Dridex and Locky malware families continue to make small changes to its operations. TA505 hacking group has been active since 2014 […] | Malware Threat | ||
|
2019-08-27 22:31:00 | Kaspersky found malware in popular CamScanner app. Remove it now from your phone! (lien direct) | Security experts from Kaspersky spotted a malware in the free version of the popular PDF creator application CamScanner app. CamScanner is a very popular Phone PDF creator app with more than 100 million downloads on Google Play Store. Experts from Kaspersky have discovered malware in the free Android version of the CamScanner app that could […] | Malware | ||
|
2019-08-26 17:48:03 | Nemty Ransomware, a new malware appears in the threat landscape (lien direct) | A new ransomware, dubbed Nemty, appeared in the threat landscape over the weekend, it spreads via compromised RDP connections. A new ransomware, called Nemty ransomware, has been discovered over the weekend by malware researchers. The name of the ransomware comes after the extension it adds to the encrypted file names, the malicious code also deletes […] | Ransomware Malware Threat | ||
|
2019-08-25 08:01:04 | Internal Revenue Service warns taxpayers of a malware campaign (lien direct) | The Internal Revenue Service (IRS) is warning of an active IRS impersonation scam campaign sending spam emails to distribute malware. The Internal Revenue Service (IRS) issued an alert to warn taxpayers of a new scam campaign distributing malware. Last week the US agency has received several reports from taxpayers that received spam messages with “Automatic Income […] | Spam Malware | ||
|
2019-08-23 17:56:01 | A new variant of Asruex Trojan exploits very old Office, Adobe flaws (lien direct) | Experts at Trend Micro discovered a new variant of the Asruex Trojan that exploits old Microsoft Office and Adobe vulnerabilities to infect systems. Malware researchers at Trend Micro discovered a new variant of the Asruex Trojan that exploits old Microsoft Office and Adobe vulnerabilities to infect Windows and Mac systems. Asruex first appeared in the […] | Malware | ||
|
2019-08-22 16:04:02 | App tainted with Ahmyst Open-source spyware appeared on Google Play Store twice (lien direct) | ESET experts discovered that an Android app infected with AhMyth open-source RAT has bypassed the security of Google Play twice over two weeks. The popular malware researcher Lukas Stefanko from ESET discovered that a malicious spyware, built on the AhMyth open-source espionage tool, was uploaded on Google Play twice over two weeks, bypassing Google security […] | Malware | ||
|
2019-08-19 15:55:05 | Watch out! Malware Analysis Sandboxes could expose sensitive data of your organization (lien direct) | A study conducted by researchers at Cyjax revealed that organizations expose sensitive data via sandboxes used for malware analysis. Experts at the threat intelligence firm Cyjax analyzed file uploaded by organizations via malware analysis sandboxes and discovered that they were exposing sensitive data. The researchers analyzed PDF documents and email files (.msg and .eml) uploaded […] | Malware Threat | ||
|
2019-08-17 17:15:00 | New DanaBot banking Trojan campaign targets Germany (lien direct) | The DanaBot banking Trojan continues to evolve and spread across the continents, now moving from Australia to European countries. DanaBot is a multi-stage modular banking Trojan written in Delphi that first appeared on the threat landscape in 2018. The malware implements a modular structure that allows operators to add new functionalities by adding new plug-ins. The […] | Malware Threat | ||
|
2019-08-13 06:28:02 | Recently Cloud Atlas used a new piece of polymorphic malware (lien direct) | Cloud Atlas threat actors used a new piece of polymorphic malware in recent attacks against government organizations. The Cloud Atlas cyberespionage group, aka Inception, continues to carry out attacks against government organizations and was observed using a new piece of polymorphic malware dubbed VBShower. The Cloud Atlas was first observed by researchers at Kaspersky Lab […] | Malware Threat | ||
|
2019-08-10 16:08:04 | Varenyky Spambot Trojan targets French users in alleged sextortion campaign (lien direct) | A new Spambot Trojan, tracked as Varenyky was spotted white targeting users as part of a new alleged sextortion campaign. The malware records the victim’s screen when they are visiting adult-related sites. Varenyky was discovered by researchers at ESET in May and reported by Any.run in June. “In May 2019, ESET researchers observed a spike in ESET telemetry data regarding malware targeting […] | Malware | ||
|
2019-08-10 07:55:02 | Android Apps containing Clicker Trojan installed on over 100M devices (lien direct) | Experts at Dr Web discovered that a set of Android Apps with over 100 million installations that contains a clicker Trojan tracked as Android.Click.312.origin. Malware researchers at antivirus firm Dr Web discovered more than 33 Android Apps in the Google Play Store with over 100 million installations that contain a clicker Tojan tracked as Android.Click.312.origin. […] | Malware | ||
|
2019-08-08 16:19:05 | New strain of Clipsa malware launches brute-force attacks on WordPress sites (lien direct) | Avast spotted a new strain of Clipsa malware that is used to mine and steal cryptocurrencies along with carrying out brute-force attacks on WordPress sites. Clipsa is a malware that is well known to cyber security community is able to steal cryptocurrency via clipoard hijacking and mine cryptocurrency after installing a miner. Avast recently discovered […] | Malware | ||
|
2019-08-05 15:44:01 | GermanWiper, a data-wiping malware that is targeting Germany (lien direct) | Recently a data-wiping malware tracked as GermanWiper has been targeting German organizations, the malicious code is pushed via phishing messages. GermanWiper is being distributed in Germany through spam messages that pretend to be emails sent by a job applicant named Lena Kretschmer that is submitting her resume. The messages have the subject “Ihr Stellenangebot – Bewerbung [Your job offer – […] | Spam Malware | ||
|
2019-08-04 13:57:02 | Houston County Schools in Alabama delayed the school year\'s opening due to a malware attack (lien direct) | It has happened again, for the second time in a few days, Houston County Schools in Alabama delayed the school year’s opening due to a malware attack. The long wave of malware attacks against US schools continues, for the second time in a week, the Houston County Schools in Alabama delayed the school year’s opening scheduled for […] | Malware | ||
|
2019-08-03 14:17:03 | SystemBC, a new proxy malware is being distributed via Fallout and RIG EK (lien direct) | Researchers at Proofpoint discovered SystemBC, a new strain of proxy malware that is being distributed via Fallout and RIG Exploit Kits A new piece of malware dubbed SystemBC was discovered by experts at Proofpoint, it is being distributed via exploit kits like Fallout and RIG. The malware was tracked as “SystemBC” based on the URI path […] | Malware | ||
|
2019-07-30 09:26:00 | Malware researchers analyzed an intriguing Java ATM Malware (lien direct) | Experts spotted a Java ATM malware that was relying on the XFS (EXtension for Financial Service) API to “jackpot” the infected machine Introduction Recently our attention was caught by a really particular malware sample most probably linked toa recent cybercriminal operation against the banking sector. This piece of malicious code is a so-called ‘ATM malware‘: […] | Malware | ||
|
2019-07-29 09:58:01 | Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware (lien direct) | According to experts at Sonicwall, scanning of random ports and the diffusion of encrypted malware are characterizing the threat landscape. In 2018, global malware volume recorded by SonicWall hit a record-breaking 10.52 billion attacks. The situation is better in the first half of 2019, when SonicWall recorded 4.8 billion attacks, a 20% drop compared to […] | Malware Threat |
To see everything:
Our RSS (filtrered)
