What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-07-25 09:28:01 | Android Spyware Monokle, developed by Russian defense contractor, used in targeted attacks (lien direct) | Researchers at Lookout discovered a new mobile spyware dubbed Monokle that was developed by a Russian defense contractor. Experts at Lookout discovered a new Android mobile spyware in the wild, dubbed Monokle, that was developed by a Russian defense contractor named Special Technology Centre Ltd. (STC). “Lookout has discovered a highly targeted mobile malware threat that […] | Malware Threat | ||
|
2019-07-24 10:18:04 | (Déjà vu) Emsisoft releases the third decryptor in a few days, this time for LooCipher ransomware (lien direct) | Security experts at Emsisoft released the third decryptor in a few days, this time announced a free one for the LooCipher ransomware. A few days ago, the experts at Emsisoft released two free decryptors for the ZeroFucks ransomware and Ims00rry ransomware, now the malware team announced the released of a decryptor for the LooCipher ransomware. […] | Ransomware Malware | ||
|
2019-07-24 07:25:02 | (Déjà vu) Malvertising campaign exploits recently disclosed WordPress Plugin flaws (lien direct) | Experts at Defiant have uncovered a campaign that exploited recently disclosed plugin vulnerabilities to inject malware into websites. Experts at Defiant, the company that developed the Wordfence security plugin for WordPress, uncovered a malvertising campaign that leverages recently disclosed plugin flaws to inject malicious code into websites. Threat actors behind the malvertising campaign are leveraging […] | Malware Threat | ||
|
2019-07-23 13:28:04 | Experts spotted P2P worm spreading Crypto-Miners in the wild (lien direct) | Malware researchers at Yoroi-Cybaze Z-Lab have discovered a P2P worm that is spreading Crypto-Miners in the wild. Introduction In the past months we published a white paper exploring the risks that users can encounter when downloading materials from P2P sharing network, such as the Torrent one. We discussed how crooks easily lure their victims to download malware […] | Malware | ★★★★ | |
|
2019-07-22 08:04:00 | New APT34 campaign uses LinkedIn to deliver fresh malware (lien direct) | The APT24 group continues its cyber espionage activity, its members were posing as a researcher from Cambridge to infect victims with three new malware. Experts at FireEye have uncovered a new espionage campaign carried out by APT34 APT group (OilRig, and HelixKitten. Greenbug) through LinkedIn. Members of the cyberespionage group were posing as a researcher from Cambridge […] | Malware | APT 24 APT 34 | |
|
2019-07-21 12:18:05 | Emsisoft releases a second decryptor in a few days, this time for ZeroFucks ransomware (lien direct) | Security experts at Emsisoft released a second decryptor in a few days, this time announced a free decryptor for the ZeroFucks ransomware. A few days ago, the experts at Emsisoft released a free decryptor for the Ims00rry ransomware, now the malware team announced the released of a decryptor for the ZeroFucks ransomware. Victims of the […] | Ransomware Malware | ||
|
2019-07-18 08:06:01 | Experts spotted a rare Linux Desktop spyware dubbed EvilGnome (lien direct) | Experts at Intezer discovered a new backdoor, dubbed EvilGnome, that is targeting Linux systems for cyber espionage purpose. Intezer spotted a new piece of Linux malware dubbed EvilGnome because it disguises as a Gnome extension. The researchers attribute the spyware to the Russia-linked and Gamaredon Group. The modules used by EvilGnome are reminiscent of the Windows tools used […] | Malware | ||
|
2019-07-14 05:08:01 | Security Affairs newsletter Round 222 – News of the week (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! Croatia government agencies targeted with news SilentTrinity malware Customers of 7-Eleven Japan lost $500,000 due to a flaw in the mobile app Hackers compromised a Canonical GitHub account, Ubuntu […] | Malware | ||
|
2019-07-12 17:44:04 | Exclusive, experts at Yoroi-Cybaze ZLab released a free decryptor for Loocipher Ransomware (lien direct) | Exclusive – Malware researchers at Yoroi-Cybaze ZLab have released a free decryptor tool for the Loocipher Ransomware. Ransomware continues to be an easy way to monetize the criminal efforts and for this reason new malware appear in the threat landscape. Loocipher is a new threat that is rapidly spreading, its functionalities are pretty straight forward […] | Ransomware Malware Tool Threat | ||
|
2019-07-11 19:01:02 | Agent Smith Android malware already infected 25 million devices (lien direct) | ‘Agent Smith’ is a new malware discovered by Check Point researchers that replaces legit Android Apps with malicious ones that infected 25 Million devices worldwide. Researchers at Check Point recently discovered a new variant of Android malware, dubbed Agent Smith, that has already infected roughly 25 million devices. The malware is disguised as a Google […] | Malware | ||
|
2019-07-09 08:42:00 | (Déjà vu) Kaspersky report: Malware shared by USCYBERCOM first seen in December 2016 (lien direct) | The malware samples shared by USCYBERCOM last week were first detected in December 2016 in attacks attributed to Iran-linked APT33. Last week the United States Cyber Command (USCYBERCOM) uploaded to VirusTotal a malware used by Iran-linked APT33 group in attacks in Dec 2016 and Jan 2017. Now experts at Kaspersky confirmed that the malware was […] | Malware | APT33 APT 33 | |
|
2019-07-09 07:04:05 | A new Astaroth Trojan Campaign uncovered by Microsoft (lien direct) | Microsoft Defender ATP Research Team discovered a fileless malware campaign that was spreading the information stealing Astaroth Trojan. Experts at the Microsoft Defender ATP Research Team discovered a fileless malware campaign that is delivering the information stealing Astaroth Trojan. The malware is able to log the users' keystrokes, collect information through hooking, access clipboard content, and monitor […] | Malware | ||
|
2019-07-08 13:16:03 | Spotting RATs: Delphi wrapper makes the analysis harder (lien direct) | Experts observed an increase of the malware spreading using less-known archive types as dropper,in particular ISO image.Delphi wrapper makes analysis harder Introduction In the last period, we observed an increase of the malware spreading using less-known archive types as an initial dropper, in particular, ISO image. The spread of threats exploiting ISO image to hide […] | Malware | ||
|
2019-07-07 08:50:05 | Croatia government agencies targeted with news SilentTrinity malware (lien direct) | Croatia government agencies have been targeted by unknown hackers with a new piece of malware tracked as SilentTrinity. A mysterious group of hackers carried out a series of cyber attacks against Croatian government agencies, infecting employees with a new piece of malware tracked as SilentTrinity. The SilentTrinity malware can take control over an infected computer, […] | Malware | ||
|
2019-07-05 19:27:00 | Cryptomining Campaign involves Golang malware to target Linux servers (lien direct) | Experts at F5 Networks discovered a cryptomining campaign that is delivering a new piece of the Golang malware that targets Linux-based servers. F5 experts uncovered a cryptominer campaign that is delivering a new strain of Golang malware that targets Linux-based servers. The campaign began around June 10 and already infected several thousand machines. The malicious […] | Malware | ||
|
2019-07-05 06:21:04 | Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH) (lien direct) | Researchers at Network Security Research Lab of Qihoo 360 discovered a Lua-based backdoor dubbed Godlua that targets both Linux and Windows systems. The peculiarity of this new piece of malware is the ability to communicate with C2 servers via DNS over HTTPS (DoH). The DoH protocol was a new standard proposed in October 2018 and it is […] | Malware | ||
|
2019-07-02 13:06:02 | LooCipher: The New Infernal Ransomware (lien direct) | A new Ransomware appeared in the threat landscape, the malware began to threats the digital world. This time using a nice but scary name: LooCipher. Introduction A new Ransomware began to threats the digital world. This time using a nice but scary name: LooCipher. The name is at the same time an allusion to its capabilities (thank […] | Ransomware Malware Threat | ||
|
2019-06-29 05:08:03 | Talos discovered Spelevo EK, an exploit kit spreading via B2B Website (lien direct) | Researchers at Cisco Talos group have discovered a new exploit kit dubbed Spelevo that spreads via a compromised business-to-business website. Malware researchers at Cisco Talos have discovered a new exploit kit dubbed Spelevo that spreads via a compromised business-to-business website. The popularity of EK rapidly decreased with the demise of the Angler Exploit Kit, but the discovery […] | Malware | ||
|
2019-06-26 12:39:00 | Malspam campaign spreads LokiBot & NanoCore via ISO image files (lien direct) | Experts from security firm Netskope observed variants of LokiBot and NanoCore malware distributed in ISO Image through malspam campaign. Security firm Netskope observed a new malspam campaign delivering variants of LokiBot and NanoCore malware in ISO image file attachments. “Netskope Threat Research Labs has been tracking multiple similar malspam campaigns that began in April 2019. […] | Malware Threat | ||
|
2019-06-26 07:01:00 | Silex malware bricks thousands of IoT devices in a few hours (lien direct) | Security experts warn of a new piece of the Silex malware that is bricking thousands of IoT devices, and the situation could rapidly go worse. Akamai researcher Larry Cashdollar discovered a new piece of the Silex malware that is bricking thousands of IoT devices, over 2,000 devices have been bricked in a few hours and the […] | Malware | ||
|
2019-06-25 14:13:00 | OSX/Linker, a new piece of Mac malware that exploits Gatekeeper bypass (lien direct) | Mac security software firm Intego has spotted a new Mac malware dubbed OSX/Linker that exploits a recently disclosed macOS Gatekeeper vulnerability. Experts at Mac security software firm Intego discovered a new piece of Mac malware dubbed OSX/Linker that exploits a recently disclosed macOS Gatekeeper bypass vulnerability. The Apple Gatekeeper is designed to protect OS X users by […] | Malware | ||
|
2019-06-24 12:38:01 | CVE-2019-10149: “Return of the WiZard” Vulnerability: Crooks Start Hitting (lien direct) | Malware researchers at Cybaze-Yoroi ZLAB observed many attack attempts trying to spread malware abusing the CVE-2019-10149 issue. Introduction In the past days, a really important issue has been disclosed to the public: “Return of the WiZard” vulnerability (ref. EW N030619, CVE-2019-10149). Such vulnerability affected a wide range of Exim servers, one of the main email server […] | Malware Vulnerability | ||
|
2019-06-24 07:45:01 | US DHS CISA warns of Iran-linked hackers using data wipers in cyberattacks (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a significant increase in cyberattacks from Iranian hackers spreading data wipers. US DHS CISA agency warns of increased cyber-activity from Iran aimed at spreading data-wiping malware through password spraying, credential stuffing, and spear-phishing. The attacks are targeting U.S. industries and government agencies, the statement was also […] | Malware | ||
|
2019-06-21 21:35:04 | Bird Miner, a macOS miner that runs by emulating Linux (lien direct) | Security experts at Malwarebytes have discovered a new macOS crypto miner, tracked as Bird Miner, that works by emulating Linux. Researchers at MalwareBytes have spotted a new cryptominer, tracked as Bird Miner, that targets macOS and emulates Linux. The malware spreads via a cracked installer for the music production software Ableton Live that is distributed […] | Malware | ||
|
2019-06-20 19:56:02 | (Déjà vu) CVE-2019-11707 Firefox Zero-Day exploited to infect employees at cryptocurrency exchanges (lien direct) | Researchers discovered that recently patched Firefox zero-day (CVE-2019-11707) has been exploited to deliver Windows and Mac malware to cryptocurrency exchanges. Experts discovered that recently patched Firefox zero-day vulnerability (CVE-2019-11707) has been exploited by threat actors to deliver Windows and Mac malware to employees of cryptocurrency exchanges. CVE-2019-11707 is a type confusion vulnerability in Array.pop. Mozilla has addressed […] | Malware Vulnerability Threat | ||
|
2019-06-20 05:59:05 | Bouncing Golf cyberespionage campaign targets Android users in Middle East (lien direct) | According to security researchers at Trend Micro, a cyberespionage campaign is targeting Android users in Middle Eastern countries. Security researchers at Trend Micro have spotted a cyberespionage campaign, dubbed ‘Bouncing Golf, that is targeting Android users in Middle Eastern countries. Threat actors are using a piece of malware detected as GolfSpy, that implements multiple features […] | Malware Threat | ||
|
2019-06-17 13:35:05 | NYT Report: U.S. Cyber units planted destructive Malware in Russian Power Grid (lien direct) | According to The New York Times, the United States planted destructive malware in Russia's electric power grid. The New York Times, citing current and former government officials, revealed that the United States planted a potentially destructive malware in Russia's electric power grid. The U.S. cyber army is targeting the Russian power grid since at least […] | Malware | ||
|
2019-06-17 08:37:05 | From Targeted Attack to Untargeted Attack (lien direct) | Today I'd like to share an interesting and heavily obfuscated Malware which made me thinking about the meaning of ‘Targeted Attack’. Nowadays a Targeted Attack is mostly used to address state assets or business areas. For example a targeted attack might address Naval industry (MartyMcFly example is definitely a great example) or USA companies (Botnet Against […] | Malware | ||
|
2019-06-16 16:28:01 | Linux worm spreading via Exim servers hit Azure customers (lien direct) | On Friday, security experts at Microsoft warned of a new Linux worm, spreading via Exim email servers, that already compromised some Azure installs. Bad actors continue to target cloud services in the attempt of abusing them for several malicious purposes, like storing malware or implementing command and control servers. Microsoft Azure is not immune, recently […] | Malware | ||
|
2019-06-15 06:18:03 | Xenotime threat actor now is targeting Electric Utilities in US and APAC (lien direct) | Experts at Dragos firm reported that Xenotime threat actor behind the 2017 Trisis/Triton malware attack is targeting electric utilities in the US and APAC. Xenotime threat actor is considered responsible for the 2017 Trisis/Triton malware attack that hit oil and gas organizations. In December 2017, the Triton malware (aka Trisis) was discovered by researchers at FireEye, it was specifically […] | Malware Threat | ||
|
2019-06-14 12:19:05 | Dissecting NanoCore Crimeware Attack Chain (lien direct) | The Cybaze-Yoroi ZLab analyzed a new sample of Nanocore Remote Administrator Tools (RAT) using a Delphi wrapper to protect its code. Introduction Historically, cyber-criminals adopted one or more layers of encryption and obfuscation to lower their footprint and avoid detection. The usage of cryptors and packers has become a commodity in the contemporary malware landscape, providing the […] | Malware | ||
|
2019-06-10 07:43:01 | Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw (lien direct) | Microsoft is warning of an active spam campaign targeting European languages that leverages an exploit to infect simply by opening the attachment. Microsoft issued a warning on Friday about an ongoing spam campaign that is targeting European users. Spam messages are carrying weaponized RTF documents that could infect users with malware without any user interaction, […] | Spam Malware | ||
|
2019-06-05 07:19:01 | BlackSquid malware uses multiple exploits to drop cryptocurrency miners (lien direct) | A new piece of malware appeared in the threat landscape, dubbed BlackSquid it targets web servers with several exploits to deliver cryptocurrency miners. Security experts at Trend Micro have discovered a new Monero cryptomining miner, dubbed BlackSquid, that is targeting web servers, network drives, and removable drives. The new piece of malware leverages many exploits […] | Malware Threat | ||
|
2019-06-03 05:34:03 | Threat actors abuse Microsoft Azure to Host Malware and C2 Servers (lien direct) | Microsoft Azure cloud services are being abused by threat actors to host malware and as command and control (C&C) servers. Threat actors look with great interest at cloud services that could be abused for several malicious purposes, like storing malware or implementing command and control servers. Now it seems to be the Microsoft Azure’s turn, […] | Malware Threat | ||
|
2019-05-31 11:34:04 | HiddenWasp, a sophisticated Linux malware borroes from Mirai and Azazel (lien direct) | Security experts at Intezer have discovered a new Linux malware tracked as 'HiddenWasp' that borrows from Mirai, Azazel malicious codes. HiddenWasp is a new sophisticated Linux malware still undetected by the majority of anti-virus solutions. According to the experts at Intezer, the malware was involved in targeted attacks. “Unlike common Linux malware, HiddenWasp is not […] | Malware | ||
|
2019-05-30 17:44:01 | Checkers double drive-thru restaurants chain discloses card breach (lien direct) | Checkers and Rally’s, one of the largest chains of double drive-thru restaurants in the United States, disclosed a credit card breach. “We recently became aware of a data security issue involving malware at certain Checkers and Rally's locations.” reads a breach notice published by the company. “After discovering the issue, we quickly engaged leading data […] | Malware Guideline | ||
|
2019-05-30 06:54:05 | Nansh0u campaign already infected 50,000 MS-SQL and PHPMyAdmin Servers (lien direct) | Guardicore Labs uncovered a widespread cryptojacking campaign tracked as Nansh0u and aimed at Windows MS-SQL and PHPMyAdmin servers. Security experts at Guardicore Labs uncovered a widespread cryptojacking campaign leveraging a malware dubbed Nansh0u. The malicious code aimed at Windows MS-SQL and PHPMyAdmin servers worldwide. According to the experts, the malicious campaign is being carried out […] | Malware | ||
|
2019-05-29 06:09:04 | HawkEye Keylogger is involved in attacks against business users (lien direct) | Experts at IBM X-Force observed a new campaign involving the HawkEye keylogger in April and May 2019 aimed at business users. Malware attacks leveraging a new variant of the HawkEye keylogger have been observed by experts at Talos. The malware has been under active development since at least 2013 and it is offered for sale […] | Malware | ||
|
2019-05-28 05:48:02 | APT10 is back with two new loaders and new versions of known payloads (lien direct) | The APT10 group has added two new malware loaders to its arsenal and used in attacks aimed at government and private organizations in Southeast Asia. In April 2019, China-linked cyber-espionage group tracked as APT10 has added two new loaders to its arsenal and used it against government and private organizations in Southeast Asia. The group […] | Malware | APT 10 | |
|
2019-05-26 14:07:03 | Sectigo says that most of certificates reported by Chronicle analysis were already revoked (lien direct) | According to Sectigo, most of the certificates used to sign the malware submitted to VirusTotal and issued by the company were expired and were already revoked. This week experts at Chronicle published a study on signed malware registered on VirusTotal that states that most of the digital certificates used to sign malware samples found on […] | Malware | ||
|
2019-05-24 10:48:05 | Chronicle\'s study reveals CAs that issued most certificates to sign malware samples on VirusTotal (lien direct) | Most of the digital certificates used to sign malware samples found on VirusTotal have been issued by the Certificate Authority (CA) Comodo CA. Most of the digital certificates used to sign malware samples found on VirusTotal in 2018 have been issued by the Certificate Authority (CA) Comodo CA (aka Sectigo). Chronicle's security researchers have analyzed […] | Malware | ||
|
2019-05-21 21:10:02 | Emsisoft released a free Decrypter for JSWorm 2.0 (lien direct) | Good news for the victims of the JSWorm 2.0 ransomware, thanks to experts at Emsisoft they can decrypt their file for free. Experts at Emsisoft malware research team released a decrypter for a recently discovered ransomware tracked as JSWorm 2.0. JSWorm 2.0 is written in C++ and implements Blowfish encryption. The first version of the […] | Ransomware Malware | ||
|
2019-05-17 22:40:00 | Chinese state-sponsored hackers breached TeamViewer in 2016 (lien direct) | The German newspaper Der Spiegel revealed that the software company behind TeamViewer was compromised in 2016 by Chinese hackers. China-linked hackers breached German software company behind TeamViewer in 2016, this news was reported by the German newspaper Der Spiegel According to the media outlet, Chinese state-sponsored hackers used the Winnti trojan malware to infect the systems […] | Malware | ||
|
2019-05-16 14:21:04 | A joint operation by international police dismantled GozNym gang (lien direct) | A joint effort by international law enforcement agencies from 6 different countries has dismantled the crime gang behind the GozNym banking malware. GozNym banking malware is considered one of the most dangerous threats to the banking industry, experts estimated it allowed to steal nearly $100 million from over 41,000 victims across the globe for years. “An […] | Malware | ||
|
2019-05-14 10:06:00 | Malware Training Sets: FollowUP (lien direct) | The popular expert Marco Ramilli provided a follow up to its Malware classification activity by adding a scripting section which would be useful for several purposes. On 2016 I was working hard to find a way to classify Malware families through artificial intelligence (machine learning). One of the first difficulties I met was on finding […] | Malware | ||
|
2019-05-13 12:18:00 | Reading the Yoroi Cyber Security Annual Report 2018 (lien direct) | Yoroi Cyber Security Annual Report 2018 – In 2018 cyber-security experts observed an increased number of cyber attacks, malware endure to be the most aggressive and pervasive threat. For this reason, analyzing the last year occurred events would help cyber-security professionals to prevent further attacks during the next few months. In many cases the attacks […] | Malware | ||
|
2019-05-10 13:53:03 | DHS and FBI published a Malware Analysis Report on North Korea-linked tool ELECTRICFISH (lien direct) | The U.S. Department of Homeland Security (DHS) and the FCI published a new joint report on ELECTRICFISH, a malware used by North Korea. US DHS and the Federal Bureau of Investigation (FBI) conducted a joint analysis of a traffic tunneling tool dubbed ELECTRICFISH used by North Korea-linked APT group tracked as Hidden Cobra (aka Lazarus). It […] | Malware Tool Medical | APT 38 | |
|
2019-05-09 05:02:04 | Hackers exploit Jenkins flaw CVE-2018-1000861 to Kerberods malware (lien direct) | Threat actors are exploiting a Jenkins vulnerability (CVE-2018-1000861) disclosed in 2018 to deliver a cryptocurrency miner using the Kerberods dropper. SANS expert Renato Marinho uncovered an ongoing malicious campaign that is targeting vulnerable Apache Jenkins installs to deliver a Monero cryptominer dubbed Kerberods. According to the SANS Institute's Internet Storm Center, attackers are exploiting the […] | Malware Vulnerability | ||
|
2019-05-08 13:06:02 | Yomi Hunter Joined the VirusTotal Sandbox Program! (lien direct) | We are pleased to announce that Yomi the Malware Hunter has successfully completed the on-boarding in the VirusTotal MultiSandbox Program! Official VirusTotal Announce: https://blog.virustotal.com/2019/05/virustotal-multisandbox-yoroi-yomi.html Yoroi can now contribute to the fight against malware threats sharing its analysis with Chronicle Security, the Alphabet's subsidiary author of the notorious VirusTotal Threat Intelligence platform: one of the most widely used community platforms all around the […] | Malware | ||
|
2019-05-07 14:10:05 | ATMitch: New Evidence Spotted In The Wild (lien direct) | Early April, experts at Yoroi-Cybaze ZLab spotted a new interesting malware sample, likely active since 2017, that was linked to ATMitch attacks. In the first days of April, our threat monitoring operations spotted a new interesting malware sample possibly active in the wild since 2017. Its initial triage suggests it may be part of an […] | Malware Threat |
To see everything:
Our RSS (filtrered)
