What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-05-04 14:52:00 | Japan will develop its first-ever malware as a defense measure against cyber attacks (lien direct) | The news was reported by the Kyodo News and has caught my attention, Japan will develop its first-ever computer virus as defense against cyber attacks. The Kyodo News revealed that Japan will develop its first-ever computer virus as a defense measure against cyber attacks and that the development will be completed by next March. The […] | Malware | ||
|
2019-04-29 13:38:05 | New Emotet variant uses connected devices as proxy C2 servers (lien direct) | Researchers at Trend Micro have uncovered a malware campaign distributing a new Emotet Trojan variant that compromises devices and uses them as Proxy C2 servers. Trend Micro discovered a new variant of the Emotet Trojan that is able to infect devices and use them as proxy command-and-control servers. The new variant also employs random URI […] | Malware | ||
|
2019-04-28 13:38:05 | Signed Malspam campaigns hit Europeans with Multi-Stage JasperLoader (lien direct) | Experts observed several malspam campaigns using signed emails to deliver the GootKit banking Trojan (aka talalpek or Xswkit). Threat actors leverage a multi-stage malware loader tracked as JasperLoader in the malspam campaigns over the past few months. The JasperLoader was observed while distributing malware to targets from Central Europe, most of them in Italy and […] | Malware Threat | ||
|
2019-04-26 14:05:03 | Beapy Cryptojacking campaign leverages EternalBlue exploit to spread (lien direct) | Security experts uncovered a new cryptojacking campaign tracked as Beapy that leverages the NSA’s DoublePulsar backdoor and the EternalBlue exploit. Security experts at Symantec have uncovered a new cryptojacking campaign tracked as Beapy that leverages the NSA’s DoublePulsar backdoor and the EternalBlue exploit to spread a cryptocurrency malware on enterprise networks in Asia. “Beapy is […] | Malware | ★★★★ | |
|
2019-04-18 20:47:05 | Analyzing OilRig\'s malware that uses DNS Tunneling (lien direct) | Iran-linked APT group OilRig is heavily leveraging on DNS tunneling for its cyber espionage campaigns, Palo Alto Networks reveals. Security researchers at Palo Alto Networks reported that Iran-linked APT group OilRig is heavily leveraging on DNS tunneling for its cyber espionage campaigns, Palo Alto Networks reveals. OilRig is an Iran-linked APT group that has been […] | Malware | APT 34 | |
|
2019-04-10 13:35:00 | [SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services (lien direct) | EMOTET spread in Chile targeted financial and banking services. SI-LAB detected hundreds of users that were impacted by this malware between March 18th and 26th of 2019. The last days of March 2019 are making headlines due to a targeted cyber attack involving a new variant of infamous EMOTET malware. This threat is known as a […] | Malware Threat | ||
|
2019-04-10 09:12:00 | Yoroi Welcomes “Yomi: The Malware Hunter” (lien direct) | Yomi's malware engine implements a multi-analysis approach that is able to exploit both: static analysis and behavioral analysis, enjoy it” Nowadays malware represents a powerful tool for cyber attackers and cyber criminals all around the world, with over 856 million of distinct samples identified during the last year it is, with no doubt, one of […] | Malware Tool | ||
|
2019-04-10 08:53:01 | Experts spotted a new Mirai variant that targets new processors (lien direct) | Palo Alto Networks researchers discovered a new variant of the Mirai malware that is targeting more processor architectures than previous ones. Mirai botnet continues to be one of the most dangerous malware in the threat landscape, experts at Palo Alto Networks discovered a new variant that targets more processor architectures than before. Mirai malware first […] | Malware Threat | ||
|
2019-04-09 20:34:01 | Experts spotted the iOS version of the Exodus surveillance app (lien direct) | In the last weeks, a new Android surveillance malware dubbed Exodus made the headlines, now expert found the iOS version of the government spyware. Security experts at LookOut have discovered an iOS version of the dreaded surveillance Android app Exodus that was initially found on the official Google Play Store. Exodus for Android is a […] | Malware | ||
|
2019-04-05 14:11:05 | Xwo Malware scans the Internet for Exposed Services, Default Passwords (lien direct) | Researchers at AT&T Alien Labs have spotted a malware called Xwo that is actively scanning the Internet for exposed web services and default passwords. Experts at AT&T Alien Labs discovered a new piece of malware called Xwo that is actively scanning the Internet for exposed web services and default passwords. The name ‘Xwo‘ comes from […] | Malware | ||
|
2019-04-05 12:57:02 | Ursnif: The Latest Evolution of the Most Popular Banking Malware (lien direct) | ZLab Yoroi-Cybaze dissected another attack wave of Ursnif Trojan, aka Gozi ISFB, an offspring of the original Gozi which source code was leaked in 2014. ZLab Yoroi-Cybaze dissected another attack wave of Ursnif Trojan, aka Gozi ISFB, an offspring of the original Gozi which source code was leaked in 2014. Introduction A few days ago, […] | Malware | ||
|
2019-04-04 10:46:02 | New XLoader variant leverage Twitter to hide C2 addresses (lien direct) | Security experts at Trend Micro spotted a new variant of the XLoader Trojan that is targeting Android devices by posing as a security application. Trend Micro discovered a new variant of the XLoader Trojan that is targeting Android devices by posing as a security application, the malware also attempts to infect Apple devices (iPhones and […] | Malware | ||
|
2019-04-03 13:51:00 | Group-IB report: JS-sniffers infected 2440 websites around the world (lien direct) | Crime without punishment: Group-IB issues a new report on JS-sniffers that infected 2440 websites around the world Group-IB, an international company that specializes in preventing cyberattacks, has issued a new comprehensive report on the analysis of JavaScript-sniffers – a type of malware designed to steal customer payment data from online stores. 2440 infected ecommerce websites […] | Malware | ||
|
2019-04-03 06:58:01 | Crooks use hidden directories of compromised HTTPS sites to deliver malware (lien direct) | Attackers Store Malware in Hidden Directories of Compromised HTTPS Sites Security experts at Zscaler discovered that threat actors are using hidden “well-known” directories of HTTPS sites to store and deliver malicious payloads. Crooks are utilizing hidden “well-known” directories of HTTPS sites running WordPress and Joomla websites to store and serve malicious payloads. Hacked websites were […] | Malware Threat | ||
|
2019-04-02 10:54:03 | Analyzing AZORult malware using NSA Ghidra suite (lien direct) | Cybaze-Yoroi ZLAB malware researchers decided to use the NSA Ghidra suite in a real case study, the analysis of the AZORult malware. Introduction One of the most expected moments in the infosec community during the last few months was, with no doubt, the Ghidra public release. On the 5th of March, at the RSA conference, […] | Malware | ||
|
2019-04-02 08:00:00 | BREAKING: new update about DDoS\'er Linux/DDoSMan ELF malware based on Elknot (lien direct) | The popular expert unixfreaxjp analyzed a new China ELF DDoS’er malware tracked as “Linux/DDoSMan” that evolves from the Elknot malware to deliver new ELF bot. Non-Technical-Premise “This report is meant for incident response or Linux forensics purpose, TO HELP admin & IR folks”, with this the very beginning sentence starts the new analysis of one […] | Malware | ||
|
2019-03-29 12:34:05 | Malware researchers decrypted the Qrypter Payload (lien direct) | Malware researchers at Cybaze-Yoroi ZLAB team dissected a new sample of Qrypter malware that revealed an interesting evolution of the threat. Introduction During the last weeks, Yoroi's monitoring operation intercepted some malicious emails required further attention: they were sent to a very few organizations and the content was specifically tailored for Italian speaking targets. This […] | Malware | ||
|
2019-03-28 19:08:01 | WinRAR CVE-2018-20250 flaw exploited in multiple campaigns (lien direct) | The recently patched vulnerability affecting the popular archiver utility WinRAR has been exploited to deliver new malware to targeted users. A recently patched vulnerability affecting the popular archiver utility WinRAR it becoming a commodity in the cybercrime underground, experts reported it has been exploited to deliver new malware in targeted attacks. The vulnerability, tracked as […] | Malware Vulnerability | ||
|
2019-03-28 15:12:04 | Gustuff Android banking trojan targets 125+ banking, and 32 cryptocurrency apps (lien direct) | Security experts at Group-IB have detected the activity of Gustuff a mobile Android Trojan, which includes potential targets of customers in leading international banks, users of cryptocurrency services, popular ecommerce websites and marketplaces. Gustuff has previously never been reported. Gustuff is a new generation of malware complete with fully automated features designed to steal both fiat […] | Malware Guideline | ||
|
2019-03-28 08:20:04 | Lazarus APT continues to target cryptocurrency businesses with Mac malware (lien direct) | North Korea-linked Lazarus group made the headlines again, it has been leveraging PowerShell to target both Windows and macOS machines. The North Korea-linked Lazarus APT group made has been leveraging PowerShell to target both Windows and macOS machines in a new wave of attacks. The discovery was made by experts at Kaspersky Lab, the campaign […] | Malware Medical | APT 38 | |
|
2019-03-28 07:32:00 | ASUS fixes supply chain of Live Update tool hit in Operation ShadowHammer (lien direct) | ASUS released security patches to fix the issues in the Live Update utility that were exploited by threat actors in Operation ShadowHammer. ASUS announced to have released a fix for the Live Update utility that was exploited by threat actors behind the Operation ShadowHammer to deliver malware to hundreds of users. The Operation ShadowHammer took […] | Malware Tool Threat | ||
|
2019-03-26 13:45:01 | The Ursnif Gangs keep Threatening Italy (lien direct) | Malware researchers at Cybaze-Yoroi ZLab team uncovered a new Ursnif malware campaign that reached several organizations across Italy. Introduction The Ursnif trojan confirms itself as one of the most active malware threats in cyberspace, even during the past days, when new attack attempts reached several organizations across Italy. Cybaze-Yoroi ZLab team dissected its infection chain […] | Malware | ||
|
2019-03-25 15:01:00 | Anubis II – malware and afterlife (lien direct) | Due to the growing demand for Android banking malware, threat actors continue using Anubis even is the creator has vanished. Introduction Besides being the Egyptian God associated with mummification and afterlife, Anubis is also an Android banking malware that has caused quite some trouble for over 300 financial institutions worldwide since 2017. Anubis II is […] | Malware Threat | ||
|
2019-03-25 13:26:05 | Free Tools: spotting APTs through Malware streams (lien direct) | Cyber security expert and founder of Yoroi has published a new tool that could be used to spot APTs (Advanced Persistent Threats) through Malware streams. There are many ways to spot Advanced Persistent Threats, for example during a forensic analysis on “high rate incident” or having sandbox systems on critical infrastructures or again working as […] | Malware Tool | ||
|
2019-03-24 09:56:01 | Malware Static Analysis (lien direct) | Malware researcher and founder of Yoroi Marco Ramilli shared a simple tool for malware static analysis he used to perform massive Malware analysis research. The following interface stands in front of a live engine which takes binary files and runs them against a plethora of hundreds of YARA rules. Some of them are publicly available […] | Malware Tool | ||
|
2019-03-22 08:34:05 | FIN7 is back with a previously unseen SQLRat malware (lien direct) | The financially-motivated hacking group FIN7 is back and used a new piece of malware in a recent hacking campaign. Security experts at Flashpoint revealed that the financially-motivated cybercrime group FIN7 (aka Anunak and Carbanak) used new malware in a recent hacking campaign. The group that has been active since late 2015 targeted businesses worldwide to […] | Malware | ||
|
2019-03-20 12:48:03 | SimBad malware infected million Android users through Play Store (lien direct) | Security experts at Check Point uncovered a sophisticated malware campaign spreading the SimBad malicious code through the official Google Play Store. Researchers at Check Point have uncovered a sophisticated malware campaign spreading the SimBad agent through the official Google Play Store. According to experts, more than 150 million users were already impacted. SimBad disguises itself […] | Malware | ||
|
2019-03-19 06:54:03 | A new development shows a potential shift to using Mirai to target enterprises (lien direct) | PaloAlto Networks researchers discovered a new variant of the infamous Mirai botnet is targeting IoT devices belonging to businesses. Researchers at PaloAlto Networks spotted a new variant of the infamous Mirai botnet is targeting IoT devices belonging to businesses. Mirai malware first appeared in the wild in 2016 when the expert MalwareMustDie discovered it in massive attacks […] | Malware | ||
|
2019-03-15 07:34:03 | GlitchPOS PoS Malware appears in the cybercrime underground (lien direct) | A new piece of PoS malware appeared in the threat landscape, the malicious code dubbed GlitchPOS has been found on a crimeware forum. The GlitchPOS malware is able to steal credit card numbers (Track1 and Track2) from the memory of the infected system, it uses a regular expression to perform this task. The malicious code […] | Malware Threat | ||
|
2019-03-14 08:15:01 | DMSniff POS Malware has flown under the radar for at least four years (lien direct) | Malware researchers at Flashpoint revealed that at least since 2016, a PoS malware dubbed DMSniff has flown under the radar. Malware researchers at Flashpoint revealed that since 2016, a PoS malware dubbed DMSniff has been involved in breaches of small- and medium-sized businesses in the restaurant and entertainment industries. DMSniff leverages a domain generation algorithm […] | Malware | ||
|
2019-03-13 15:16:05 | Modular Cryptojacking malware uses worm abilities to spread (lien direct) | Security experts at 360 Total Security have discovered a new modular cryptocurrency malware that implements worm capabilities to spread. Security experts at 360 Total Security have discovered a new modular cryptocurrency malware that implements worm capabilities by leveraging known vulnerabilities in servers running ElasticSearch, Hadoop, Redis, Spring, Weblogic, ThinkPHP, and SqlServer. The Monero cryptocurrency miner […] | Malware | ||
|
2019-03-12 11:03:05 | Apex Legends for Android: a Fake App could Compromise your Smartphone (lien direct) | Yoroi-Cybaze ZLab malware researchers have analyzed four different fake android APKs that pretend to be versions of the Apex Legends game. Introduction At the beginning of 2019, Electronic Arts released a game for PC, XBox One and Playstation 4 named Apex Legends. It is a battle royal game like Titanfall and Fortnite, the latter is […] | Malware | ||
|
2019-03-11 10:58:04 | Crooks use The Pirate Bay to spread PirateMatryoshka malware via reputed seeders (lien direct) | Crooks are abusing the torrent website The Pirate Bay to distribute the PirateMatryoshka malware that fuels the victim’s PC with unwanted software. Crooks abusing torrent services to distribute malware is not a novelty, Torrent users are often exposed to serious threats such if the one recently spotted by Kaspersky Lab and dubbed by the expert […] | Malware | ||
|
2019-03-09 05:53:04 | SLUB Backdoor leverages GitHub and Slack in targeted attacks (lien direct) | Malware researchers from Trend Micro have spotted a new piece of malware dubbed SLUB that leverages GitHub and Slack for C&C communications. Malware researchers at Trend Micro have spotted a new backdoor dubbed SLUB that abuse GitHub and Slack for command and control (C&C) communications. According to the experts, the SLUB backdoor (Backdoor.Win32.SLUB.A) was only […] | Malware | ||
|
2019-03-06 08:26:00 | [SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users (lien direct) | Over the last few days, a new ransomware campaign infected several users around the world as part of the #OpJerusalem campaign. SI-LAB analyzed this malware and noticed that it does not use sophisticated techniques. Criminals used UPX packer to protect malware code written in Go and a RSA public certificate is hardcoded inside malware to […] | Ransomware Malware | ||
|
2019-03-05 21:23:03 | Iran-Linked Chafer APT recently used python-based backdoor (lien direct) | The Iran-linked Chafer APT group used a new Python-based backdoor in recent attacks aimed at a Turkish government entity. The Iran-linked Chafer APT group used a new Python-based backdoor in attacks carried out in November 2018 that targeted a Turkish government entity. The Chafer APT group has distributed data stealer malware since at least mid-2014, […] | Malware Prediction | APT 39 | |
|
2019-03-04 10:16:03 | Necurs Botnet adopts a new strategy to evade detection (lien direct) | The Necurs Botnet continues to evolve, a new strategy aims at hiding in the shadows, and leverages new payloads to recruits new bots. Necurs botnet is currently the second largest spam botnet, it has been active since at least 2012 and was involved in massive campaigns spreading malware such as the Locky ransomware, the Scarab ransomware, […] | Spam Malware | ||
|
2019-03-04 07:39:04 | Threat actors using FrameworkPOS malware in POS attacks (lien direct) | Security experts at Morphisec observed a wave of attacks against point-of-sale (PoS) thin clients using card data scraping malware and the Cobalt Strike beacon. Over the past 8-10 weeks, security experts at Morphisec observed multiple sophisticated attacks targeting PoS thin clients worldwide. Most of the indicators collected by the experts point to the FIN6 hacking […] | Malware Threat | ||
|
2019-03-02 18:45:05 | [SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle (lien direct) | SI-LAB captured a piece of the FlawedAmmyy malware that leverages undetected XLM macros as an Infection Vehicle to compromise user's devices. In February 2019, SI-LAB captured multiple samples of phishing campaigns using an Office Excel document carrying a malicious Excel 4.0 macro, also known as XLM macro, and used to download and execute a final […] | Malware | ||
|
2019-03-01 13:24:03 | Cybaze-Yoroi ZLab analyze GoBrut: A new GoLang Botnet (lien direct) | Cybaze-Yoroi ZLab analyze a new GoLang botnet named GoBrut, the investigation allowed to discover that the bot supports a lot more features Introduction Malware written in Go programming language has roots almost a decade ago, few years after its first public release back in 2009: starting from InfoStealer samples discovered since 2012 and abused in […] | Malware | ||
|
2019-02-28 14:09:05 | Ransomware, Trojan and Miner together against “PIK-Group” (lien direct) | Security expert Marco Ramilli analyzed a new piece of malware apparently designed to target PIK-Group that implements ransomware, Trojan, and Miner capabilities. When an unknown sender suggests me to click on a super wired url, dropping a ZIP file straight in my box, by saying it's getting the next targeted attack on a huge company, […] | Malware | ||
|
2019-02-26 14:56:01 | (Déjà vu) Author of NeverQuest botnet pleads guilty to bank fraud (lien direct) | The Russian hacker Stanislav Vitaliyevich Lisov pleads guilty to bank fraud after running a botnet that spread ‘NeverQuest’ malware for three years. The Russian hacker Stanislav Vitaliyevich Lisov, aka “Black,” “Blackf,” is accused of using the NeverQuest banking Trojan to steal login information from victims. The man has pled guilty to one count of conspiracy […] | Malware Guideline | ||
|
2019-02-26 06:32:00 | Malware spam campaign exploits WinRAR flaw to deliver Backdoor (lien direct) | Experts discovered a malspam campaign that is distributing a malicious RAR archive that could exploit the WinRAR flaw to install deliver malware on a computer. A few days ago, security experts at CheckPoint software have disclosed a critical 19-year-old vulnerability in the WinRAR that could be exploited by attackers to gain full control over a […] | Spam Malware Vulnerability | ||
|
2019-02-24 09:38:00 | Fbot malware targets HiSilicon DVR/NVR Soc devices (lien direct) | Experts at 360Netlab observed the Fbot bot infecting a large number of HiSilicon DVR/NVR Soc devices. Since February 16, 2019, security experts at 360Netlab observed a large number of HiSilicon DVR/NVR Soc devices were infected with an updated version of the Fbot bot. The Fbot malware was first discovered by 360Netlab researchers, according to the […] | Malware | ||
|
2019-02-23 15:44:04 | Crooks offer millions to skilled black hats to help them in extortion campaigns (lien direct) | Cybercriminals are offering over a million dollars per year to skilled professionals like vxers and penetration testers to help them in extortion campaigns. According to a new report published by the security firm Digital Shadows cybercriminal organizations are willing to pay millions to skilled hackers and malware developers. The analysis of posts on Dark Web […] | Malware | ||
|
2019-02-23 13:34:05 | Campaigns through LinkedIn \'s DM deliver More_eggs backdoor via fake job offers (lien direct) | Experts uncovered a new malware campaign that attempts to circumvent victims by abusing LinkedIn 's direct messaging service. Researchers at Proofpoint have uncovered a new malware campaign that attempts to circumvent victims by abusing LinkedIn's direct messaging service. “In direct follow-up emails, the actor pretends to be from a staffing company with an offer of […] | Malware | ||
|
2019-02-21 06:16:02 | The interface of WinPot ATM Malware looks like a slot machine (lien direct) | Malware researchers from Kaspersky Lab have detected a new piece of malware dubbed WinPot that was designed to target automated teller machines (ATMs). Security experts from Kaspersky Lab have discovered a new piece of malware dubbed WinPot that target ATMs, it could be used by crooks to make the ATMs automatically dispense all cash from […] | Malware | ||
|
2019-02-19 18:55:02 | The Muncy malware is on the rise (lien direct) | Over the last few days, a phishing campaign from DHL and entitled “DHL Shipment Notification” has been targeted users worldwide distribution the Muncy malware. Muncy is the name dubbed by SI-LAB that analyzed this threat. Now, the malware is targeting user's worldwide and has been spread via phishing campaigns. Malicious actors are using SMTP servers leveraging bad […] | Malware | ||
|
2019-02-18 11:53:00 | New Trickbot module implements Remote App Credential-Grabbing features (lien direct) | The Trickbot banking trojan continues to evolve, Trend Micro detected a new variant that includes a new module used for Remote App Credential-Grabbing. The infamous Trickbot banking trojan is back, experts at Trend Micro detected a new strain of the malware using an updated info-stealing module. The new strain of the Trickbot banking trojan that […] | Malware | ||
|
2019-02-17 15:27:00 | (Déjà vu) Windows App runs on Mac to download MacOS malware (lien direct) | Experts at Trend Micro have detected a new strain of MacOS malware that hides inside a Windows executable to avoid detection. Security experts at Trend Micro have spotted a new strain of MacOS malware disguises itself as a Windows executable file to evade detection. The malware is carried via .EXE file that will not execute […] | Malware |
To see everything:
Our RSS (filtrered)
