What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-02-07 17:15:04 | Microsoft disables the ms-appinstaller protocol because it was abused to spread malware (lien direct) | Microsoft temporarily disabled the ms-appinstaller protocol for MSIX because it was abused by malware, such as Emotet. Microsoft announced to have temporarily disabled the ms-appinstaller protocol for MSIX because it was abused by malware, such as Emotet. In December, Microsoft addressed a vulnerability, tracked as CVE-2021-43890, in AppX installer that affects Microsoft Windows which is under active exploitation. “We have […] | Malware | ||
|
2022-01-28 10:19:04 | (Déjà vu) Experts devise a technique to bypass Microsoft Outlook Security feature (lien direct) | A researcher devised a technique to bypass a security feature of Microsoft Outlook and deliver a malicious link to the recipient. Reegun Richard Jayapaul, SpiderLabs lead threat architect at Trustwave, has devised a technique to bypass a security feature of Microsoft Outlook and deliver a malicious link to the recipient. While investigating a malware campaign, […] | Malware Threat Guideline | ||
|
2022-01-27 20:30:53 | North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks (lien direct) | North Korea-linked Lazarus APT group uses Windows Update client to deliver malware on Windows systems. North Korea-linked Lazarus APT started using Windows Update to execute the malicious payload and GitHub as a command and control server in recent attacks, Malwarebytes researchers reported. The activity of the Lazarus APT group surged in 2014 and 2015, its members used […] | Malware | APT 38 APT 28 | |
|
2022-01-26 15:42:10 | New DeadBolt ransomware targets QNAP NAS devices (lien direct) | New malware is targeting targets QNAP NAS devices, it is the DeadBolt ransomware and ask 50 BTC for master key DeadBolt ransomware is targeting QNAP NAS devices worldwide, its operators claim the availability of a zero-day exploit that allows them to encrypt the content of the infected systems. Once encrypted the content of the device, […] | Ransomware Malware | ||
|
2022-01-25 05:32:29 | Latest version of Android RAT BRATA wipes devices after stealing data (lien direct) | A new version of the BRATA malware implements a functionality to perform a factory reset of the device to wipe all data. The new version of the BRATA Android malware supports new features, including GPS tracking and a functionality to perform a factory reset on the device. Security experts at Kaspersky discovered the Android RAT […] | Malware | ||
|
2022-01-24 12:05:20 | Emotet spam uses unconventional IP address formats to evade detection (lien direct) | Experts warn Emotet malware campaign using “unconventional” IP address formats in an attempt to evade detection. Threat actors behind a recent Emotet malware campaign have been observed using using “unconventional” IP address formats to evade detection. Trend Micro researchers reported that threat actors are using hexadecimal and octal representations of the IP address. “We observed Emotet spam […] | Spam Malware Threat | ||
|
2022-01-19 06:05:49 | Is White Rabbit ransomware linked to FIN8 financially motivated group? (lien direct) | A new ransomware gang named White Rabbit appeared in the threat landscape, experts believe it is linked to the FIN8 hacking group. A new ransomware gang called ‘White Rabbit’ launched its operations and according to the experts, it is likely linked to the FIN8 financially motivated group. In December the popular malware researcher Michael Gillespie, […] | Ransomware Malware Threat | ||
|
2022-01-18 21:58:59 | AlphV/BlackCat ransomware gang published data stolen from fashion giant Moncler (lien direct) | Luxury fashion giant Moncler confirmed a data breach after a ransomware attack carried out by the AlphV/BlackCat. Moncler confirmed a data breach after an attack that took place in December. The luxury fashion giant was hit by AlphV/BlackCat ransomware that today published the stolen data on its leak site in the Tor network. In December, malware […] | Ransomware Data Breach Malware | ||
|
2022-01-17 10:13:30 | Experts warn of attacks using a new Linux variant of SFile ransomware (lien direct) | The operators of the SFile ransomware (aka Escal) have developed a Linux version of their malware to expand their operations. SFile ransomware (aka Escal), has been active since 2020, it was observed targeting only Windows systems. Some variants of the ransomware append the English name of the target company to the filenames of the encrypted files. […] | Ransomware Malware | ||
|
2022-01-16 15:31:09 | Microsoft spotted a destructive malware campaign targeting Ukraine (lien direct) | Microsoft spotted a new destructive malware operation targeting government, non-profit, and IT entities in Ukraine. Microsoft spotted a destructive attack that targeted government, non-profit, and IT entities in Ukraine with a wiper disguised as ransomware. The attackers were discovered by Microsoft on January 13, the experts attributed the attack to an emerging threat cluster tracked […] | Malware Threat | ||
|
2022-01-14 08:22:48 | Threat actors can bypass malware detection due to Microsoft Defender weakness (lien direct) | A weakness in the Microsoft Defender antivirus can allow attackers to retrieve information to use to avoid detection. Threat actors can leverage a weakness in Microsoft Defender antivirus to determine in which folders plant malware to avoid the AV scanning. Microsoft Defender allows users to exclude locations on their machines that should be excluded from […] | Malware Threat | ||
|
2022-01-13 15:44:36 | Threat actors abuse public cloud services to spread multiple RATs (lien direct) | Threat actors are actively abusing cloud services from Amazon and Microsoft to deliver RATs such as Nanocore, Netwire, and AsyncRAT. Threat actors are actively exploiting public cloud services from Amazon and Microsoft to spread RATs such as Nanocore, Netwire, and AsyncRAT used to steal sensitive information from compromised systems. The malware campaign was spotted by Cisco Talos in October 2021, most […] | Malware Threat | ||
|
2022-01-12 15:42:03 | (Déjà vu) New RedLine malware version distributed as fake Omicron stat counter (lien direct) | Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. Fortinet researchers have spotted a new version of the RedLine info-stealer that is spreading via emails using a fake COVID-19 Omicron stat counter app as a lure. The RedLine malware […] | Malware | ||
|
2022-01-10 06:12:37 | New ZLoader malware campaign hit more than 2000 victims across 111 countries (lien direct) | A malware campaign spreads ZLoader malware by exploiting a Windows vulnerability that was fixed in 2013 but in 2014 Microsoft revised the fix. Experts from Check Point Research uncovered a new ZLoader malware campaign in early November 2021. The malware campaign is still active and threat actors have already stolen data and credentials of more […] | Malware Vulnerability Threat | ||
|
2022-01-09 09:57:08 | Security Affairs newsletter Round 348 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Unauthenticated RCE in H2 Database Console is similar to Log4Shell FluBot malware continues to […] | Malware | ||
|
2022-01-08 15:56:18 | FluBot malware continues to evolve. What\'s new in Version 5.0 and beyond? (lien direct) | Researchers warn of new campaigns distributing a new improved version of the FluBot malware posing as Flash Player. Researchers from F5 security are warning of a new enhanced version of the FluBot Android malware that that spread posed as Flash Player. A recent SMISHING campaign spotted by CSIRT KNF, FluBot targeted Polish users with a […] | Malware | ||
|
2022-01-06 22:06:23 | North Korea-linked Konni APT targets Russian diplomatic bodies (lien direct) | North Korea-linked APT group Konni targets Russian Federation’s Ministry of Foreign Affairs (MID) new versions of malware implants. Security researchers at Cluster25 uncovered a recent campaign carried out by the North Korea-linked Konni APT group aimed at Russian diplomatic entities that used new versions of malware implants. The APT group carried out spear-phishing attacks using New Year’s […] | Malware | ||
|
2022-01-06 10:45:27 | NoReboot persistence technique fakes iPhone shutdown (lien direct) | Researchers devised a sophisticated persistence technique, named NoReboot, for iOS malware that fake shut downs. Researchers from Zecops devised a sophisticated persistence technique, named NoReboot, for iOS malware that fake shut downs while spies on the user. The technique is based on the concept of simulating a shutdown of the iPhone when the victim attempts […] | Malware | ||
|
2022-01-05 10:46:51 | Threat actors continue to exploit Log4j flaws in their attacks, Microsoft Warns (lien direct) | Threat actors continue to attempt to exploit Apache Log4J vulnerabilities in their campaigns to deploy malware on target systems, Microsoft warns. Microsoft is warning of continuing attempts by nation-state actors and cybercriminals to exploit recently discovered vulnerabilities in the Apache Log4j library to deploy malware on vulnerable systems. Microsoft recommends customers review their infrastructure looking […] | Malware | ||
|
2022-01-05 07:43:46 | Researchers used electromagnetic signals to classify malware infecting IoT devices (lien direct) | Cybersecurity researchers demonstrate how to use electromagnetic field emanations from IoT devices to detect malware. A team of academics (Duy-Phuc Pham, Damien Marion, Matthieu Mastio and Annelie Heuser) from the Research Institute of Computer Science and Random Systems (IRISA) have devised a new approach that analyzes electromagnetic field emanations from the Internet of Things (IoT) […] | Malware | ||
|
2021-12-31 21:03:58 | (Déjà vu) The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware (lien direct) | The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their credentials have been stolen. The service now includes credentials for 441K accounts stolen by […] | Data Breach Malware | ||
|
2021-12-31 09:30:38 | How to implant a malware in hidden area of SSDs with Flex Capacity feature (lien direct) | Researchers devised a series of attacks against SSDs that could allow to implant malware in a location that is not monitored by security solutions. Korean researchers devised a series of attacks against solid-state drives (SSDs) that could allow to implant malware in specific memory locations bypassing security solutions. The attacks work against drives with flex […] | Malware | ||
|
2021-12-30 17:51:12 | New iLOBleed Rootkit, the first time ever that malware targets iLO firmware (lien direct) | A previously unknown rootkit, dubbed iLOBleed, was used in attacks aimed at HP Enterprise servers that wiped data off the infected systems. iLOBleed, is a previously undetected rootkit that was spotted targeting the HP Enterprise’s Integrated Lights-Out (iLO) server management technology to tamper with the firmware modules and wipe data off the infected systems. The […] | Malware | ||
|
2021-12-29 08:21:14 | China-linked BlackTech APT uses new Flagpro malware in recent attacks (lien direct) | China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as 'Flagpro'. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as 'Flagpro'. Attacks using Flagpro targeted multiple companies in Defense, Media, and Communications industries several times. According to a report by NTT Security, Flagpro has […] | Malware | ||
|
2021-12-28 14:18:05 | DoubleFeature, post-exploitation dashboard used by Equation Group APT (lien direct) | Researchers analyzed the DoubleFeature logging tool of DanderSpritz Framework that was used by the Equation Group APT group. Check Point researchers have published a detailed analysis of the DoubleFeature tool used to log post-exploitation activities in attacks conducted by the Equation Group and involving the DanderSpritz malware framework. DanderSpritz made the headlines on April 14, […] | Malware Tool | ||
|
2021-12-27 10:01:31 | New Android banking Malware targets Brazil\'s Itaú Unibanco Bank (lien direct) | Researchers analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco that spreads through fake Google Play Store pages. Researchers from threat intelligence firm Cyble analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco trying to perform fraudulent financial transactions on the legitimate Itaú Unibanco applications without the victim's knowledge. Threat actors spread the malware using fake Google Play Store […] | Malware Threat | ||
|
2021-12-24 10:25:26 | Experts warn of a new stealthy loader tracked as BLISTER (lien direct) | Security researchers spotted a campaign that is employing a new stealthy malware tracked as BLISTER that targets windows systems. Elastic Security researchers uncovered a malware campaign that leverages a new malware and a stealthy loader tracked as BLISTER, that uses a valid code signing certificate issued by Sectigo to evade detection. BLISTER loads second-stage payloads […] | Malware | ||
|
2021-12-23 19:31:01 | AvosLocker ransomware reboots in Safe Mode and installs tools for remote access (lien direct) | In a recent wave of attacks, AvosLocker ransomware is rebooting systems into Windows Safe Mode to disable endpoint security solutions. Sophos experts monitoring AvosLocker ransomware attacks, noticed that the malware is rebooting compromised systems into Windows Safe Mode to disable endpoint security solutions. Running the systems into safe mode will allow the malware to encrypt […] | Ransomware Malware | ||
|
2021-12-23 14:49:49 | Crooks bypass a Microsoft Office patch for CVE-2021-40444 to spread Formbook malware (lien direct) | Crooks discovered how to bypass the patch for a recent Microsoft Office vulnerability (CVE-2021-40444) and are using it to distribute Formbook malware. Cybercriminals have found a way to bypass the patch for a recent Microsoft Office vulnerability tracked as CVE-2021-40444 (CVSS score of 8.8). The bad news is that threat actors are using it to […] | Malware Vulnerability Threat | ||
|
2021-12-21 08:04:29 | Log4j Vulnerability Aftermath (lien direct) | Uptycs researchers have observed attacks related to miners, DDOS malware and some variants of ransomware actively leveraging LogforShell flaw in log4j. Last week the Log4j vulnerability turned the internet upside down. The impact of the vulnerability is massive and attackers have started taking advantage of the flaw. So far we have observed attacks related to […] | Ransomware Malware Vulnerability | ||
|
2021-12-14 07:39:26 | TinyNuke banking malware targets French organizations (lien direct) | The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and business services. Proofpoint researchers uncovered a campaign exclusively targeting French entities and organizations with operations in France with the banking malware TinyNuke. The attackers used invoice-themed lures targeting entities in manufacturing, industry, technology, finance, and […] | Malware | ||
|
2021-12-10 08:05:50 | BlackCat ransomware, a very sophisticated malware written in Rust (lien direct) | BlackCat is the first professional ransomware strain that was written in the Rust programming language, researchers reported. Malware researchers from Recorded Future and MalwareHunterTeam discovered ALPHV (aka BlackCat), the first professional ransomware strain that was written in the Rust programming language In the past, other two ransomware were written in Rust for research purposes, one of them […] | Ransomware Malware | ||
|
2021-12-08 06:28:06 | Emotet directly drops Cobalt Strike beacons without intermediate Trojans (lien direct) | The Emotet malware continues to evolve, in the latest attacks, it directly installs Cobalt Strike beacons to give the attackers access to the target network. Emotet malware now directly installs Cobalt Strike beacons to give the attackers immediate access to the target network and allow them to carry out malicious activities, such as launching ransonware […] | Malware | ||
|
2021-12-07 07:54:37 | Nobelium continues to target organizations worldwide with custom malware (lien direct) | Russia-linked Nobelium APT group is using a new custom malware dubbed Ceeloader in attacks against organizations worldwide. Mandiant researchers have identified two distinct clusters of activity, tracked UNC3004 and UNC2652, that were associated with the Russia-linked Nobelium APT group (aka UNC2452). The NOBELIUM APT (APT29, Cozy Bear, and The Dukes) is the threat actor that conducted […] | Malware Threat | APT 29 | |
|
2021-12-02 16:18:21 | NginRAT – A stealth malware targets e-store hiding on Nginx servers (lien direct) | Threat actors are targeting e-stores with remote access malware, dubbed NginRAT, that hides on Nginx servers bypassing security solutions. Researchers from security firm Sansec recently discovered a new Linux remote access trojan (RAT), tracked as CronRAT, that hides in the Linux task scheduling system (cron) on February 31st. CronRAT is employed in Magecart attacks against online stores […] | Malware | ||
|
2021-11-30 07:44:25 | 4 Android banking trojans were spread via Google Play infecting 300.000+ devices (lien direct) | Experts found four Android banking trojans that were available on the official Google Play Store and that infected +300,000 devices. Researchers from ThreatFabric discovered four distinct Android banking trojans that were spread via the official Google Play Store between August and November 2021. According to the experts, the malware infected more than 300,000 devices through […] | Malware | ||
|
2021-11-26 15:50:31 | Threat actors target crypto and NFT communities with Babadeda crypter (lien direct) | Morphisec researchers spread cryptocurrency malware dubbed Babadeda in attacks aimed at crypto and NFT communities. Morphisec researchers spotted a new crypto-malware strain, tracked as Babadeda, targeting cryptocurrency, non-fungible token (NFT), and DeFi passionates through Discord channels. Threat actors are attempting to exploit the booming market for NFTs and crypto games. Babadeda is able to bypass antivirus solutions. […] | Malware Threat | ||
|
2021-11-25 22:07:09 | New Linux CronRAT hides in cron jobs to evade detection in Magecart attacks (lien direct) | Security researchers discovered a new Linux RAT, tracked as CronRAT, that hides in scheduled cron jobs to avoid detection. Security researchers from Sansec have discovered a new Linux remote access trojan (RAT), tracked as CronRAT, that hides in the Linux task scheduling system (cron) on February 31st. Threat actors hides the malware in the task names, […] | Malware Threat | ||
|
2021-11-23 22:13:25 | Malware are already attempting to exploit new Windows Installer zero-day (lien direct) | Vxers are already attempting to use the proof-of-concept exploit code targeting a new Microsoft Windows Installer zero-day publicly disclosed on Sunday. Malware authors are already attempting to use the proof-of-concept exploit code targeting a new Microsoft Windows Installer zero-day publicly disclosed on Sunday. The security researcher Abdelhamid Naceri has publicly disclosed the exploit for a […] | Malware | ||
|
2021-11-21 11:12:37 | Attackers compromise Microsoft Exchange servers to hijack internal email chains (lien direct) | A malware campaign aimed at Microsoft Exchange servers exploits ProxyShell and ProxyLogon issues and uses stolen internal reply-chain emails. A malware campaign aimed at Microsoft Exchange servers exploits ProxyShell and ProxyLogon issues and uses stolen internal reply-chain emails to avoid detection. The campaign was uncovered by TrendMicro researchers that detailed the technique used to trick […] | Malware | ||
|
2021-11-15 22:33:11 | Operation Reacharound – Emotet malware is back (lien direct) | The Emotet botnet is still active, ten months after an international operation coordinated by Europol shut down its infrastructure. Early this year, law enforcement and judicial authorities worldwide conducted a joint operation, named Operation Ladybird, which disrupted the EMOTET botnet. At the time the investigators have taken control of its infrastructure in an international coordinated action. […] | Malware | ||
|
2021-11-12 22:15:05 | HTML Smuggling technique used in phishing and malspam campaigns (lien direct) | Threat actors are increasingly using the HTML smuggling technique in phishing campaigns, Microsoft researchers warn. Microsoft experts warn that threat actors are increasingly using the HTML smuggling technique in phishing campaigns to stealthily deliver threats. HTML smuggling is a highly evasive technique for malware delivery that leverages legitimate HTML5 and JavaScript features. The malicious payloads are delivered via encoded […] | Malware Threat | ||
|
2021-11-12 15:57:25 | macOS Zero-Day exploited in watering hole attacks on users in Hong Kong (lien direct) | Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. The attackers exploited a XNU privilege escalation vulnerability […] | Malware Vulnerability Threat | ||
|
2021-11-11 06:37:51 | Sophisticated Android spyware PhoneSpy infected thousands of Korean phones (lien direct) | South Korean users have been targeted with a new sophisticated Android spyware, tracked as PhoneSpy, as part of an ongoing campaign. Researchers from Zimperium zLabs uncovered an ongoing campaign aimed at infecting the mobile phones of South Korean users with new sophisticated android spyware dubbed PhoneSpy. The malware already hit more than a thousand South […] | Malware | ||
|
2021-11-05 09:21:55 | npm libraries coa and rc. have been hijacked to deliver password-stealing malware (lien direct) | Two popular npm libraries, coa and rc., have been hijacked, threat actors replaced them with versions laced with password-stealing malware. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc., have been hijacked, threat actors replaced them versions laced with password-stealing malware. Coa is a command-line argument parser with approximately 9 million weekly downloads, while […] | Malware Threat | ||
|
2021-11-03 17:35:06 | NSO Group, Positive Technologies and other firms sanctioned by the US government (lien direct) | The U.S. sanctioned four companies for the development of surveillance malware or the sale of hacking tools used by nation-state actors, including NSO Group. The Commerce Department’s Bureau of Industry and Security (BIS) has sanctioned four companies for the development of spyware or the sale of hacking tools used by nation-state actors. The firms are […] | Malware | ★★ | |
|
2021-10-29 22:49:42 | ESET found a variant of the Hive ransomware that encrypts Linux and FreeBSD (lien direct) | The Hive ransomware operators have developed a new variant of their malware that can encrypt Linux and FreeBSD. ESET researchers discovered a new Hive ransomware variant that was specifically developed to encrypt Linux and FreeBSD. Researchers at the cybersecurity firm believe that the new encryptors are still under development. Both variants are written in Golang, […] | Ransomware Malware | ||
|
2021-10-28 15:47:16 | AbstractEmu, a new Android malware with rooting capabilities (lien direct) | AbstractEmu is a new Android malware that can root infected devices to take complete control and evade detection with different tricks. Security researchers at the Lookout Threat Labs have discovered a new Android malware, dubbed AbstractEmu, with rooting capabilities that is distributed on Google Play and prominent third-party stores (i.e. Amazon Appstore and the Samsung Galaxy Store). The malware […] | Malware Threat | ||
|
2021-10-27 09:03:08 | North Korea-linked Lazarus APT targets the IT supply chain (lien direct) | North Korea-linked Lazarus APT group is extending its operations and started targeting the IT supply chain on new targets. North Korea-linked Lazarus APT group is now targeting also IT supply chain, researchers from Kaspersky Lab warns. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. […] | Malware | APT 38 APT 28 | |
|
2021-10-23 13:03:09 | Supply-chain attack on NPM Package UAParser, which has millions of daily downloads (lien direct) | The U.S. CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. The U.S. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js. The popular library has million of weekly downloads. “Versions of a popular […] | Malware |
To see everything:
Our RSS (filtrered)
