What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-10-20 08:33:02 | Thousands of applications affected by a zero-day issue in jQuery File Upload plugin (lien direct) | A security researcher discovered a zero-day vulnerability, tracked as CVE-2018-9206, that affects older versions of the jQuery File Upload plugin since 2010. Attackers can exploit the vulnerability to carry out several malicious activities, including defacement, exfiltration, and malware infection. The flaw was reported by the Akamai researcher Larry Cashdollar, he explained that many other packages that include […] | Malware Vulnerability | ||
|
2018-10-19 07:06:03 | Attackers behind Operation Oceansalt reuse code from Chinese Comment Crew (lien direct) | Security researchers from McAfee have recently uncovered a cyber espionage campaign, tracked as Operation Oceansalt, targeting South Korea, the United States, and Canada. The threat actors behind Operation Oceansalt are reusing malware previously associated with China-linked cyberespionage group APT1. “McAfee Advanced Threat Research and Anti-Malware Operations teams have discovered another unknown data reconnaissance implant targeting Korean-speaking users.” reads the report. “We […] | Malware Threat | APT 32 APT 1 | |
|
2018-10-18 19:31:01 | GreyEnergy cyberespionage group targets Poland and Ukraine (lien direct) | Security researchers from ESET published a detailed analysis of a recently discovered cyber espionage group tracked as GreyEnergy. Security experts from ESET published a detailed analysis of a recently discovered threat actor tracked as GreyEnergy, its activity emerged in concurrence with BlackEnergy operations. ESET researchers have spotted a new strain of malware tracked as Exaramel […] | Malware Threat | ||
|
2018-10-11 21:53:00 | Exaramel Malware Links Industroyer ICS malware and NotPetya wiper (lien direct) | ESET researchers have spotted a new strain of malware tracked as Exaramel that links the dreaded not Petya wiper to the Industroyer ICS malware. A few months ago, researchers from ESET discovered a new piece of malware that further demonstrates the existence of a link between Industroyer and the NotPetya wiper. In June 2017, researchers at antivirus firm ESET […] | Malware | NotPetya | |
|
2018-10-11 06:25:02 | New Gallmaker APT group eschews malware in cyber espionage campaigns (lien direct) | A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. A new cyber espionage group tracked as Gallmaker appeared in the threat landscape. According to researchers from Symantec, who first spotted the threat actor, the group has launched attacks on several overseas embassies […] | Malware Threat | ||
|
2018-10-03 09:46:01 | New Danabot Banking Malware campaign now targets banks in the U.S. (lien direct) | According to malware researchers from Proofpoint, DanaBot attackers launched a new campaign aimed at banks in the United States. A couple of weeks ago, security experts at ESET observed a surge in activity of DanaBot banking Trojan that was targeting Poland, Italy, Germany, Austria, and as of September 2018, Ukraine. DanaBot is a multi-stage modular banking Trojan written […] | Malware | ||
|
2018-10-03 07:17:03 | Researchers associated the recently discovered NOKKI Malware to North Korean APT (lien direct) | Security experts from Palo Alto Networks have collected evidence that links the recently discovered NOKKI malware to North Korea-Linked APT. Researchers from Palo Alto Networks have spotted a new variant of the KONNI malware, tracked as NOKKI. that was attributed to North Korea-linked attackers. NOKKI borrows the code from the KONNI malware, the latter is a remote access Trojan […] | Malware | ||
|
2018-10-03 04:57:00 | Z-LAB Report – Analyzing the GandCrab v5 ransomware (lien direct) | Experts at the Cybaze Z-Lab have analyzed the latest iteration of the infamous GandCrab ransomware, version 5.0. Malware researchers at Cybaze ZLab analyzed the latest version of the infamous GandCrab ransomware, version 5.0. Most of the infections have been observed in central Europe, but experts found evidence that the malicious code doesn't infect Russian users. […] | Ransomware Malware | ||
|
2018-10-01 19:36:04 | GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers (lien direct) | Security experts from Qihoo 360 NetLab spotted GhostDNS, a malware that already infected over 100K+ devices and targets 70+ different types of routers Security experts from Qihoo 360 NetLab have uncovered an ongoing hacking campaign that leverages the GhostDNS malware. Attackers have already hijacked over 100,000 home routers, the malicious code allows to modify DNS settings to hijack the traffic […] | Malware | ||
|
2018-09-28 12:45:03 | QRecorder app in the Play Store was hiding a Banking Trojan that targets European banks (lien direct) | The QRecorder app in the Play Store impersonating a phone call and voice recording utility embedded a banking malware used to target European banks. Security experts from ESET have discovered a malicious app in the official Google Play Store that impersonates a phone call and voice recording utility, it was hiding a banking malware used to […] | Malware | ||
|
2018-09-26 07:00:02 | Crooks leverages Kodi Media Player add-ons for malware distribution (lien direct) | Security experts have spotted a Monero cryptomining campaign that abused Kodi add-ons to deliver miner that target both Linux and Windows systems. Crooks are abusing Kodi Media Player to distribute malware, researchers from ESET recently spotted a cryptomining campaign that compromised about over 5,000 computers. Kodi users can add new functionality by installing add-ons that […] | Malware | ||
|
2018-09-23 08:43:00 | New Virobot malware combines ransomware and botnet capabilities (lien direct) | Security experts from Trend Micro discovered a new malware tracked as Virobot that combines ransomware and botnet capabilities. Virobot encrypts files on infected machines and is also implements spam botnet abilities and leverages it target other systems. Virobot was first spotted on September 17, 2018, experts pointed out that it is not associated with any known ransomware […] | Ransomware Spam Malware | ||
|
2018-09-20 12:44:01 | Sustes Malware: CPU for Monero (lien direct) | Sustes Malware doesn’t infect victims by itself, but it is spread via brute-force activities with special focus on IoT and Linux servers. Today I’d like to share a simple analysis based on a fascinating threat that I like to call Sustes (you will see name genesis in a bit). Everybody knows Monero cryptocurrency and probably everybody knows […] | Malware Threat | ||
|
2018-09-19 08:40:02 | Evolution of threat landscape for IoT devices – H1 2018 (lien direct) | Security experts from Kaspersky have published an interesting report on the new trends in the IoT threat landscape. What is infecting IoT devices and how? The researchers set up a honeypot to collect data on infected IoT devices, the way threat actors infect IoT devices and what families of malware are involved. The first data that emerged […] | Malware Threat | ||
|
2018-09-18 19:58:03 | NSO mobile Pegasus Spyware used in operations in 45 countries (lien direct) | A new report published by Citizen Lab revealed that the NSO Pegasus spyware was used against targets across 45 countries worldwide. A new investigation of the Citizen Lab revealed that the powerful Pegasus mobile spyware was used against targets across 45 countries around the world over the last two years. Pegasus is a surveillance malware developed by the Israeli surveillance NSO Group that […] | Malware | ||
|
2018-09-18 06:40:00 | New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms (lien direct) | Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms Security researchers at Palo Alto Networks have discovered a new piece of malware, dubbed XBash piece that is targeting both Linux and Microsoft Windows servers. Xbash was developed using Python, then the authors converted into […] | Malware | ||
|
2018-09-13 07:56:02 | Cobalt crime gang is using again CobInt malware in attacks on former soviet states (lien direct) | The Russian Cobalt crime gang was particularly active in the last month, a new report confirms a massive use of the CobInt malware in recent attacks. Security researchers from Proofpoint reported the massive use of the CobInt malware by the Cobalt group in recent attacks. The Cobalt name is based on the association of the […] | Malware | ||
|
2018-09-13 06:30:01 | New PyLocky Ransomware stands out for anti-machine learning capability (lien direct) | Security experts from Trend Micro have spotted a new strain of ransomware involved in attacks in July and August, the malicious code was posing as the Locky ransomware. Researchers at Trend Micro have detected a new ransomware family, dubbed PyLocky, that was used in attacks between July and August, the malware was posing as the Locky ransomware using its ransom […] | Ransomware Malware | ||
|
2018-09-10 11:23:02 | Mirai and Gafgyt target Apache Struts and SonicWall to hit enterprises (lien direct) | Security experts with Unit 42 at Palo Alto Networks have discovered new variants of the Mirai and Gafgyt IoT malware targeting enterprises. Both botnets appear very interesting for two main reasons: The new Mirai variant targets the same Apache Struts vulnerability exploited in the 2017 Equifax data breach. The vulnerability affects the Jakarta Multipart parser upload […] | Malware Vulnerability | Equifax | |
|
2018-09-08 07:42:04 | Apple removed the popular app Adware Doctor because steals user browsing history (lien direct) | Apple has removed one of the most popular anti-malware app called Adware Doctor:Anti Malware &Ad from the official macOS App Store Apple has removed one of the most popular anti-malware app called Adware Doctor:Anti Malware &Ad from the official macOS App Store because it was gathering users’ browser histories and other sensitive data and then upload them to a […] | Malware | ||
|
2018-09-07 11:31:04 | Flaw in update process for BMCs in Supermicro servers allows to deliver persistent malware or brick the server (lien direct) | A team of security researchers discovered a vulnerability in the baseboard management controller (BMC) hardware used by Supermicro servers. Researchers from security firm Eclypsium have discovered a vulnerability in the firmware update mechanism that could be exploited by hackers to deliver persistent malware, completely wipe and reinstall of the operating system. “Using the vulnerabilities we discovered, it […] | Malware Vulnerability | ||
|
2018-09-07 06:59:02 | USB Drives shipped with Schneider Solar Products were infected with malware (lien direct) | Schneider Electric announced that some of the USB drives it has shipped with its Conext ComBox and Conext Battery Monitor products were infected with malware. Schneider Electric has found a malicious code on the USB drives that have been shipped with Conext ComBox and Conext Battery Monitor products. Both products are part of the solar energy […] | Malware | ||
|
2018-09-05 15:38:04 | CrowdStrike uncovered a new campaign of GOBLIN PANDA APT aimed at Vietnam (lien direct) | Researchers from security firm CrowdStrike have observed a new campaign associated with the GOBLIN PANDA APT group. Experts from security firm CrowdStrike have uncovered a new campaign associated with the GOBLIN PANDA APT group. The group also knows as Cycldek was first spotted in September 2013, it was mainly targeting entities in Southeast Asia using different malware variants mainly PlugX and […] | Malware | ||
|
2018-09-02 07:28:02 | Kaspersky warns of a new Loki Bot campaign target corporate mailboxes (lien direct) | Security experts from Kaspersky Lab have uncovered a new spam campaign leveraging the Loki Bot malware to target corporate mailboxes. The Loki Bot attacks started in July and aimed at stealing passwords from browsers, messaging applications, mail and FTP clients, and cryptocurrency wallets Loki Bot operators employ various social engineering technique to trick victims into opening weaponized attachments that […] | Spam Malware | ||
|
2018-08-31 14:23:00 | Federal prosecutors indicted a 20-year-old man who built the Satori botnet (lien direct) | A youngster (20) from Washington was indicted last week on federal computer hacking charges after rival hackers fingered him as the creator of a Mirai variant dubbed Satori. MalwareMustDie Team: “It's time for every teenager or young man to know that playing with malware is the fastest way to finish in the jail” Mirai, Mirai […] | Malware | Satori | |
|
2018-08-31 05:52:03 | BusyGasper spyware remained undetected for two years while spying Russians (lien direct) | Security experts from Kaspersky Lab have uncovered a new strain of Android malware dubbed BusyGasper that remained hidden for two years. The BusyGasper Android spyware has been active since May 2016, it implements unusual features for this type of malware. Experts explained it is a unique spy implant with stand-out features such as device sensors listeners. […] | Malware | ★★★★ | |
|
2018-08-20 13:58:02 | Malware researcher reverse engineered a threat that went undetected for at least 2 years (lien direct) | The popular malware researchers Marco Ramilli has analyzed a malware that remained under the radar for more than two years. Today I’d like to share the following reverse engineering path since it ended up to be more complex respect what I thought. The full path took me about hours work and the sample covers many […] | Malware Threat | ||
|
2018-08-18 06:46:01 | Marap modular downloader opens the doors to further attacks (lien direct) | Researchers discovered a new modular downloader, tracked as Marap malware, that is being used in large campaigns targeting financial institutions. Researchers from Proofpoint have spotted a new modular downloader in large campaigns targeting financial institutions, experts believe the malicious code could be used to deliver additional malware in future attacks. Earlier August, Proofpoint reported several […] | Malware | ||
|
2018-08-12 07:46:05 | (Déjà vu) Security Affairs newsletter Round 175 – News of the week (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! · A malware paralyzed TSMC plants where also […] | Malware | ||
|
2018-08-10 16:15:03 | The analysis of the code reuse revealed many links between North Korea malware (lien direct) | Security researchers at Intezer and McAfee have conducted a joint investigation that allowed them to collect evidence that links malware families attributed to North Korean APT groups such as the notorious Lazarus Group and Group 123. The experts focused their analysis on the code reuse, past investigations revealed that some APT groups share portions of code […] | Malware Medical Cloud | APT 38 APT 37 | |
|
2018-08-09 17:21:00 | DeepLocker – AI-powered malware are already among us (lien direct) | Security researchers at IBM Research developed a “highly targeted and evasive” AI-powered malware dubbed DeepLocker and will present today. What about Artificial Intelligence (AI) applied in malware development? Threat actors can use AI-powered malware to create powerful malicious codes that can evade sophisticated defenses. Security researchers at IBM Research developed a “highly targeted and evasive” attack tool powered […] | Malware Tool Threat | ||
|
2018-08-07 13:54:04 | (Déjà vu) TSMC Chip Maker confirms its facilities were infected with WannaCry ransomware (lien direct) | TSMC shared further details on the attack and confirmed that its systems were infected with a variant of the infamous WannaCry ransomware. Early in August, a malware has infected systems at several Taiwan Semiconductor Manufacturing Co. (TSMC) factories, the plants where Apple produces its devices. TSMC is the world's biggest contract manufacturer of chips for tech giants, including Apple […] | Ransomware Malware | Wannacry | |
|
2018-08-06 05:09:00 | ZombieBoy, a new Monero miner that allows to earn $1,000 on a monthly basis (lien direct) | A security researcher discovered a new crypto mining worm dubbed ZombieBoy that leverages several exploits to evade detection. The security researcher James Quinn has spotted a new strain of crypto mining worm dubbed ZombieBoy that appears to be very profitable and leverages several exploits to evade detection. The expert called this new malware ZombieBoy because it uses a tool called […] | Malware Tool | ||
|
2018-08-04 17:35:01 | A malware paralyzed TSMC plants where also Apple produces its devices (lien direct) | A virus has infected systems at several Taiwan Semiconductor Manufacturing Co. (TSMC) factories on Friday night, the plants where Apple produces its devices A malware has infected systems at several Taiwan Semiconductor Manufacturing Co. (TSMC) factories on Friday night, the iPhone chipmaker plans. TSMC is the world's biggest contract manufacturer of chips for tech giants, including Apple […] | Malware | ||
|
2018-08-02 06:25:05 | Amnesty International employee targeted with NSO group surveillance malware (lien direct) | An employee at Amnesty International has been targeted with Israeli surveillance malware, the news was revealed by the human rights group. Amnesty International revealed that one of its employees was targeted with a surveillance malware developed by an Israeli firm. The human rights group published a report that provides details on the attack against its employee. The hacker […] | Malware | ||
|
2018-08-01 08:09:02 | (Déjà vu) Hundreds of apps removed from Google Play store because were carrying Windows malware (lien direct) | Google recently removed 145 applications from the official Google Play store because they were found to carry malicious Windows executables inside. Researchers from Palo Alto Networks revealed that Google removed more than 145 apps from the Play store because they were carrying a Windows malware, The apps were uploaded to the Google Play store between October […] | Malware | ||
|
2018-07-31 06:07:04 | A new sophisticated version of the AZORult Spyware appeared in the wild (lien direct) | A new sophisticated version of the AZORult Spyware was spotted in the wild, it was involved in a large email campaign on July 18 Malware researchers at Proofpoint spotted a new version of the AZORult Spyware in the wild, it was involved in a large email campaign on July 18, just 24 hours it appeared […] | Malware | ||
|
2018-07-29 08:54:03 | Underminer Exploit Kit spreading Bootkits and cryptocurrency miners (lien direct) | New Underminer exploit kit delivers a bootkit that infects the system's boot sectors as well as a cryptocurrency miner dubbed Hidden Mellifera. Malware researchers from Trend Micro have spotted a new exploit kit, tracked as Underminer exploit kit, delivering a bootkit that infects the system's boot sectors as well as a cryptocurrency miner dubbed Hidden Mellifera. “We […] | Malware | ||
|
2018-07-28 08:32:01 | Microsoft revealed details of a supply chain attack at unnamed Maker of PDF Editor (lien direct) | Microsoft revealed that hackers attempted to compromise the supply chain of an unnamed maker of PDF software. The attackers compromised a font package installed by a PDF editor app and used it to spread a crypto-mining malware on victims’ machines. The attack was discovered by the experts from Microsoft that received alerts via the Windows […] | Malware | ||
|
2018-07-27 13:32:04 | Parasite HTTP RAT implements a broad range of protections and evasion mechanims (lien direct) | Researchers from Proofpoint have discovered a new remote access Trojan (RAT) named Parasite HTTP that implements a broad range of evasion techniques. The Parasite HTTP RAT has a modular architecture that allows authors to easily add new features. The malware includes sandbox detection, anti-debugging, anti-emulation, and other defense mechanisms. “Proofpoint researchers recently discovered a new remote […] | Malware | ||
|
2018-07-26 07:29:05 | Kronos Banking Trojan resurrection, new campaigns spotted in the wild (lien direct) | Researchers from Proofpoint have discovered a new variant of the infamous Kronos banking Trojan that was involved in several attacks in the recent months. The infamous Kronos banking Trojan is back, and according to the experts from Proofpoint it was involved in several attacks in the last months. The malware was first spotted in 2014 by researchers at […] | Malware | ||
|
2018-07-25 14:20:05 | Hide \'N Seek botnet also includes exploits for home automation systems (lien direct) | Security experts from Fortinet have discovered that the Hide 'N Seek botnet is now targeting vulnerabilities in home automation systems. The Hide 'N Seek botnet was first spotted on January 10th when it was targeting home routers and IP cameras. It was first spotted on January 10th by malware researchers from Bitdefender then it disappeared for a few days, and appeared […] | Malware | ||
|
2018-07-23 09:08:04 | CSE Malware ZLab – Chinese APT27 \'s long-term espionage campaign in Syria is still ongoing (lien direct) | Researchers at CSE Cybsec ZLab analyzed a malicious code involved in a long-term espionage campaign in Syria attributed to Chinese APT27 group. A few days ago, the security researcher Lukas Stefanko from ESET discovered an open repository containing some Android applications. The folder was found on a compromised website at the following URL: hxxp://chatsecurelite.uk[.]to […] | Malware | APT 27 | |
|
2018-07-22 12:15:03 | (Déjà vu) Security Affairs newsletter Round 172 – News of the week (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! · CSE Malware ZLab – Operation Roman Holiday […] | Malware | ||
|
2018-07-21 14:49:03 | Experts discovered Calisto macOS Trojan, the first member of Proton RAT family (lien direct) | Security experts from Kaspersky Lab have discovered a precursor of the infamous Proton macOS malware that was named Calisto. Malware researchers from Kaspersky Lab have discovered a malware, tracked as Calisto, that appears to be to the precursor of the Proton macOS malware. “We recently came across one such sample: a macOS backdoor that we named Calisto. The […] | Malware | ★★★★★ | |
|
2018-07-13 14:36:03 | Mobile Malware Campaign targets users in India through rogue MDM service (lien direct) | Talos Team have uncovered a “highly targeted” campaign leveraging a mobile malware distributed through a bogus MDM service Security experts from Talos Team have uncovered a “highly targeted” campaign leveraging a mobile malware that has been active at least since August 2015. The researchers believe that cyberspies are operating from China and they found spying […] | Malware | ||
|
2018-07-13 08:09:02 | Ukraine \'s SBU Security Service reportedly stopped VPNFilter attack at chlorine station (lien direct) | Ukraine ‘s SBU Security Service reportedly stopped VPNFilter attack at chlorine station, the malware infected the network equipment in the facility that supplies water treatment and sewage plants. According to the Interfax-Ukraine media outlet, the VPNFilter hit the LLC Aulska station in Auly (Dnipropetrovsk region), according to the experts the malware aimed at disrupting operations at the chlorine station. […] | Malware | VPNFilter | |
|
2018-07-12 13:22:04 | Popular software VSDC official website was hacked and used to distribute malware (lien direct) | Hackers have compromised the website of VSDC, (http://www.videosoftdev.com), a popular company that provides free audio and video conversion and editing software. Experts from Chinese security firm Qihoo 360 Total Security discovered that attackers hijacked the download links of the popular audio and video editor, VSDC. The experts discovered that hackers hijacked download links on the websites […] | Malware | ||
|
2018-07-11 09:36:03 | A tainted version of Arch Linux PDF reader package found in a user-provided AUR (lien direct) | Hackers have poisoned the Arch Linux PDF reader package named “acroread” that was found in a user-provided Arch User Repository (AUR), Hackers have poisoned the Arch Linux PDF reader package, this means that users who have downloaded recently a PDF viewer named “acroread” may have been compromised. ThePDF reader package has been tainted with a malware and Arch […] | Malware | ||
|
2018-07-10 06:18:04 | BlackTech APT using stolen D-Link certificates to spread malware (lien direct) | A cyber-espionage group tracked as BlackTech is abusing code-signing certificates stolen from D-Link for the distribution of their malware. Security experts from ESET discovered that an APT group tracked as BlackTech is using code-signing certificates stolen from Taiwanese-based tech firm D-Link and the security company Changing Information Technology Inc. According to the experts, the cyber espionage group […] | Malware |
To see everything:
Our RSS (filtrered)
