What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-02-20 14:09:20 | Silver Sparrow, a new malware infects Mac systems using Apple M1 chip (lien direct) | Experts warn of new malware, dubbed Silver Sparrow, that is infecting Mac systems using the latest Apple M1 chip across the world. Malware researchers at Red Canary uncovered a new malware, dubbed Silver Sparrow, that is infecting Mac systems using the latest Apple M1 chip across the world. According to data shared by Malwarebytes, as […] | Malware | ||
|
2021-02-19 12:12:01 | Experts spotted the first malware tailored for Apple M1 Chip, it is just the beginning (lien direct) | Apple launched its M1 chip and cybercriminals developed a malware sample specifically for it, the latest generation of Macs are their next targets. The popular security researcher Patrick Wardle discovered one of the first malware designed to target latest generation of Apple devices using the company M1 chip. The discovery suggests threat actors are tailoring […] | Malware Threat | ||
|
2021-02-17 07:17:32 | Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware (lien direct) | Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware In the last few years, many banking trojans developed by Latin American criminals have increased in volume and sophistication. Although exists a strong adoption of technologies with the goal of protecting the final user such as plugins, tokens, e-tokens, two-factor-authentication mechanisms, CHIP, PIN […] | Malware | ||
|
2021-02-13 10:46:40 | Gmail users from US most targeted by email-based phishing and malware (lien direct) | Google revealed that Gmail users from the United States are the most targeted by email-based phishing and malware. A joint five-month study conducted by Google with Stanford University researchers analyzed over 1.2 billion email-based phishing and malware attacks against Gmail users to determine what are factors influence the risk of attack. Experts discovered that malicious […] | Malware | ||
|
2021-02-11 22:50:56 | Avaddon ransomware decryptor released, but operators quickly reacted (lien direct) | An expert released a free decryption tool for the Avaddon ransomware, but operators quickly updated malware code to make it inefficient. The Spanish student Javier Yuste has released a free decryption tool for the Avaddon ransomware that can be used by the victims to recover their encrypted files for free. Yuste is a student at […] | Ransomware Malware Tool | ||
|
2021-02-06 15:10:30 | Watch out! \'The Great Suspender\' Chrome extension contains Malware (lien direct) | Google removed the popular The Great Suspender from the official Chrome Web Store for containing malware and deactivated it from the users’ PC. Google on Thursday removed The Great Suspender extension from the Chrome Web Store. Million of users have installed the popular Chrome extension, the IT giant also took the proactive measure of deactivating it from […] | Malware | ||
|
2021-02-05 16:44:53 | TeamTNT group uses Hildegard Malware to target Kubernetes Systems (lien direct) | The TeamTNT hacker group has been employing a new piece of malware, dubbed Hildegard, to target Kubernetes installs. The hacking group TeamTNT has been employing a new piece of malware, dubbed Hildegard, in a series of attacks targeting Kubernetes systems. Early this year, researchers from Trend Micro discovered that the TeamTNT botnet was improved with the ability to steal […] | Malware | Uber | |
|
2021-02-02 16:57:29 | Kobalos, a complex Linux malware targets high-performance computing clusters (lien direct) | ESET experts uncovered a previously undocumented piece of malware that had been observed targeting high-performance computing clusters (HPC). ESET analyzed a new piece of malware, dubbed Kobalos, that was employed in attacks against high-performance computing clusters (HPC). The name Kobalos comes from a small sprite from Greek mythology, a mischievous creature fond of tricking and frightening mortals. Kobalos is a […] | Malware | ||
|
2021-01-31 11:27:14 | New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs (lien direct) | The Rocke group is using a new piece of cryptojacking malware dubbed Pro-Ocean to target Apache ActiveMQ, Oracle WebLogic, and Redis installs. The cybercrime group Rocke is using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable Apache ActiveMQ, Oracle WebLogic, and Redis intalls. The malware is an evolution of a Monero cryptocurrency […] | Malware | APT 32 | |
|
2021-01-29 22:43:33 | Domain for programming website Perl.com hijacked (lien direct) | Threat actors took over the domain name perl.com and pointed it to an IP address associated with malware campaigns. Attackers have taken over the official domain name of The Perl Foundation perl.com and pointed it to an IP address associated with malware campaigns. Users are recommended to avoid visiting the domain. The domain Perl.com was […] | Malware | ||
|
2021-01-29 00:00:15 | Oscorp, a new Android malware targets Italian users (lien direct) | Researchers at the Italian CERT warns of new Android malware dubbed Oscorp that abuses accessibility services for malicious purposes. Researchers from security firm AddressIntel spotted a new Android malware dubbed Oscorp, its name comes from the title of the login page of its command-and-control server. Like other Android malware, the Oscorp malware trick users into granting […] | Malware | ||
|
2021-01-26 18:20:46 | (Déjà vu) Threat Report Portugal: Q4 2020 (lien direct) | Threat Report Portugal Q4 2020: Data related to Phishing and malware attacks based on the Portuguese Abuse Open Feed 0xSI_f33d. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and also supported by a healthy community […] | Malware | ||
|
2021-01-25 19:24:39 | Cryptomining DreamBus botnet targets Linux servers (lien direct) | Zscaler's research team recently spotted a Linux-based malware family, tracked as DreamBus botnet, targeting Linux servers. Researchers at Zscaler's ThreatLabZ research team recently analyzed a Linux-based malware family, tracked as DreamBus Botnet, which is a variant of SystemdMiner. The bot is composed of a series of Executable and Linkable Format (ELF) binaries and Unix shell scripts. The […] | Malware | ||
|
2021-01-23 16:06:37 | MrbMiner cryptojacking campaign linked to Iranian software firm (lien direct) | Sophos experts believe that an Iranian company is behind a recently uncovered MrbMiner crypto-jacking campaign targeting SQL servers. Sophos researchers that investigated the recently uncovered crypto-mining campaign targeting SQL servers with MrbMiner malware believe that it was conducted by an Iran-based company. In September, a group of hackers launched brute-force attacks on MSSQL servers with […] | Malware | ||
|
2021-01-21 22:41:13 | Dovecat crypto-miner is targeting QNAP NAS devices (lien direct) | QNAP is warning customers of a new piece of malware dubbed Dovecat that is targeting NAS devices to mine cryptocurrency. Taiwanese vendor QNAP has published a security advisory to warn customers of a new piece of malware named Dovecat that is targeting NAS devices. The malware was designed to abuse NAS resources and mine cryptocurrency. The malware […] | Malware | ||
|
2021-01-21 12:01:36 | SolarWinds Attack: Microsoft sheds lights into Solorigate second-stage activation (lien direct) | Microsoft’s report provides details of the entire SolarWinds attack chain with a deep dive in the second-stage activation of malware and tools. Microsoft published a new report that includes additional details of the SolarWinds supply chain attack. The new analysis shad lights on the handover from the Solorigate DLL backdoor to the Cobalt Strike loader. […] | Malware | Solardwinds Solardwinds | |
|
2021-01-19 22:31:27 | Raindrop, a fourth malware employed in SolarWinds attacks (lien direct) | The threat actors behind the SolarWinds attack used malware dubbed Raindrop for lateral movement and deploying additional payloads. Security experts from Symantec revealed that threat actors behind the SolarWinds supply chain attack leveraged a malware named Raindrop for lateral movement and deploying additional payloads. Raindrop is the fourth malware that was discovered investigating the SolarWinds […] | Malware Threat | Solardwinds | |
|
2021-01-15 17:36:14 | Expert launched Malvuln, a project to report flaws in malware (lien direct) | The researcher John Page launched malvuln.com, the first website exclusively dedicated to the research of security flaws in malware codes. The security expert John Page (aka hyp3rlinx) launched malvuln.com, the first platform exclusively dedicated to the research of security flaws in malware codes. The news was first announced by SecurityWeek, the researcher explained that Malvuln is […] | Malware | ||
|
2021-01-14 19:28:15 | Operation Spalax, an ongoing malware campaign targeting Colombian entities (lien direct) | Security experts from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax, against Colombian government institutions and private companies. Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax, against Colombian entities exclusively. The attacks aimed at government institutions and private companies, most of them in the energy and metallurgical sectors. The campaign […] | Malware | ||
|
2021-01-13 18:43:38 | Rogue Android RAT emerges from the darkweb (lien direct) | Experts discovered an Android Remote Access Trojan, dubbed Rogue, that can allow to take over infected devices and steal user data. Rogue is a new mobile RAT discovered by researchers from Check Point while investigating the activity of the darknet threat actors known as Triangulum and HeXaGoN Dev. Both actors are Android malware authors that […] | Malware Threat | ||
|
2021-01-13 14:25:32 | Microsoft Patch Tuesday for January 2021 fixes 83 flaws, including an actively exploited issue (lien direct) | Microsoft Patch Tuesday security updates for January 2021 address 83 vulnerabilities, including a critical flaw actively exploited in the wild. Microsoft Patch Tuesday security updates for January 2021 fix 83 security vulnerabilities in multiple products, including Microsoft Windows, Edge (EdgeHTML-based), ChakraCore, Office and Microsoft Office Services and Web Apps, Visual Studio, Microsoft Malware Protection Engine, […] | Malware | ||
|
2021-01-12 11:41:20 | Sunspot, the third malware involved in the SolarWinds supply chain attack (lien direct) | Cybersecurity firm CrowdStrike announced to have discovered a third malware strain, named Sunspot, directly involved in the SolarWinds supply chain attack. According to a new report published by the cybersecurity firm Crowdstrike, a third malware, dubbed SUNSPOT, was involved in the recently disclose SolarWinds supply chain attack. SUNSPOT was discovered after the Sunburst/Solorigate backdoor and […] | Malware | Solardwinds | |
|
2021-01-11 21:37:06 | Connecting the dots between SolarWinds and Russia-linked Turla APT (lien direct) | Experts have found some similarities between the Sunburst backdoor used in the SolarWinds supply chain attack and Turla’s backdoor Kazuar. Security experts from Kaspersky have identified multiple similarities between the Sunburst malware used in the SolarWinds supply chain attack and the Kazuar backdoor that has been employed in cyber espionage campaigns conducted by Russia-linked APT group Turla. The discovery […] | Malware Mobile | Solardwinds Solardwinds | |
|
2021-01-11 07:55:07 | Source code for malware that targets Qiui Cellmate device was leaked online (lien direct) | The source code for the ChastityLock ransomware that was used in attacks aimed at the users of the Qiui Cellmate adult toy is now publicly available. Recently a family of ransomware was observed targeting the users of the Bluetooth-controlled Qiui Cellmate chastity device. Qiui Cellmate made the headlines in October when the researchers at Pen Test Partners […] | Ransomware Malware | ||
|
2021-01-10 10:22:14 | TeamTNT botnet now steals Docker API and AWS credentials (lien direct) | Researchers from Trend Micro discovered that the TeamTNT botnet is now able to steal Docker API logins along with AWS credentials. Researchers from Trend Micro discovered that the TeamTNT botnet was improved and is now able to steal also Docker credentials. The TeamTNT botnet is a crypto-mining malware operation that has been active since April […] | Malware | ||
|
2021-01-08 09:48:08 | Ezuri memory loader used in Linux and Windows malware (lien direct) | Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T's Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. The Ezuri memory loader tool allows to load and execute a payload directly into […] | Malware Tool Threat | ||
|
2021-01-04 08:49:19 | New alleged MuddyWater attack downloads a PowerShell script from GitHub (lien direct) | Security expert spotted a new piece of malware that leverages weaponized Word documents to download a PowerShell script from GitHub. Security expert discovered a new piece of malware uses weaponized Word documents to download a PowerShell script from GitHub. This PowerShell script is also used by threat actors to download a legitimate image file from image hosting […] | Malware Threat | ||
|
2020-12-31 14:20:49 | New Golang-based Crypto worm infects Windows and Linux servers (lien direct) | Experts from Intezer discovered a new and self-spreading Golang-based malware that targets Windows and Linux servers. Experts from Intezer discovered a Golang-based worm that targets Windows and Linux servers. The malware has been active since early December targeting public-facing services, including MySQL, Tomcat admin panel and Jenkins that are protected with weak passwords. The worm […] | Malware | ||
|
2020-12-31 10:52:10 | Emotet campaign hits Lithuania\'s National Public Health Center and several state institutions (lien direct) | An Emotet campaign hit Lithuania, the malware has infected systems at the National Center for Public Health (NVSC) and several municipalities. A large-scale Emotet campaign hit Lithuania, the malware has infected the networks of Lithuania’s National Center for Public Health (NVSC) and several municipalities. “The National Cyber Security Center under the Ministry of National Defense […] | Malware | ||
|
2020-12-27 09:37:20 | (Déjà vu) SolarWinds releases updated advisory for SUPERNOVA backdoor (lien direct) | SolarWinds released an updated advisory for the SuperNova malware discovered while investigating the recent supply chain attack. SolarWinds has released an updated advisory for the SuperNova backdoor that was discovered while investigating the recent SolarWinds Orion supply-chain attack. The SuperNova backdoor was likely used by a separate threat actor. After the initial disclosure of the […] | Malware Threat | ||
|
2020-12-25 18:45:15 | (Déjà vu) North Korea-linked Lazarus APT targets the COVID-19 research (lien direct) | The North Korea-linked Lazarus APT group has recently launched cyberattacks against at least two organizations involved in COVID-19 research. The North Korea-linked APT group Lazarus has recently launched cyberattacks against two entities involved in COVID-19 research. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. […] | Malware | APT 38 APT 28 | |
|
2020-12-16 13:37:06 | Sextortion campaign uses Goontact spyware to target Android and iOS users (lien direct) | Security experts spotted a new malware strain, named Goontact, that allows its operators to spy on both Android and iOS users. Security researchers from Lookout have discovered new spyware, dubbed Goontcat, that could target both Android and iOS users. Goontact implement common spyware features, including the ability to gather data from the infected devices and […] | Malware | ||
|
2020-12-16 00:25:32 | PyMICROPSIA Windows malware includes checks for Linux and macOS (lien direct) | Experts discovered a new Windows info-stealer, named PyMICROPSIA, linked to AridViper group that is rapidly evolving to target other platforms. Experts from Palo Alto Networks’s Unit 42 discovered a new Windows info-stealing malware, named PyMICROPSIA, that might be used soon to also target Linux and macOS systems. Experts spotted the PyMICROPSIA info stealer while investigating […] | Malware | ||
|
2020-12-15 07:18:10 | SoReL-20M Sophos & ReversingLabs release 10 million disarmed samples for malware study (lien direct) | Sophos and ReversingLabs released SoReL-20M, a database containing 20 million Windows Portable Executable files, including 10M malware samples. Sophos and ReversingLabs announced the release of SoReL-20M, a database containing 20 million Windows Portable Executable files, including 10 million malware samples. The SoReL-20M database includes a set of curated and labeled samples and security-relevant metadata that […] | Malware | ||
|
2020-12-13 17:19:51 | Hacked Subway UK marketing system used in TrickBot phishing campaign (lien direct) | Subway UK confirmed the hack of a marketing system that was used to send out phishing messages to deliver malware to the customers. Hackers have compromised a marketing system in Subway UK and used it to send out phishing messages to deliver malware to the customers. Subway UK customers received emails from ‘Subcard’ about the processing […] | Malware Hack | ||
|
2020-12-11 06:50:09 | Adrozek malware silently inject ads into search results in multiple browsers (lien direct) | Microsoft warns of a new malware named Adrozek that infects devices and hijacks Chrome, Edge, and Firefox browsers by changing their settings. Microsoft warned of a new malware named Adrozek that infects devices and hijacks Chrome, Edge, and Firefox browsers by changing their settings and inject ads into search results pages. Users are redirected to […] | Malware | Adrozek | |
|
2020-12-10 12:14:06 | Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware (lien direct) | Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware. The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) has been active since at least 2007 and it has […] | Malware | APT 28 | |
|
2020-12-09 16:02:11 | Crooks hide software skimmer inside CSS files (lien direct) | Security researchers have uncovered a new technique to inject a software skimmer onto websites, the malware hides in CSS files. Security researchers have uncovered a new technique used by threat actors to inject a software skimmer onto websites, the attackers hide the malware in CSS files. Security experts have analyzed multiple Magecart attack techniques over […] | Malware Threat | ||
|
2020-12-04 00:56:17 | Hackers hide software skimmer in social media sharing icons (lien direct) | Security researchers have uncovered a new technique to inject a software skimmer onto checkout pages, the malware hides in social media buttons. Security experts at Sansec have detailed a new technique used by crooks to inject a software skimmer into checkout pages. E-skimming took place when hackers compromise an e-commerce site and plant a malicious […] | Malware | ||
|
2020-12-02 19:24:29 | Russia-linked APT Turla used a new malware toolset named Crutch (lien direct) | Russian-linked cyberespionage group Turla employed a new malware toolset, named Crutch, in targeted attacks aimed at high-profile targets. Russian-linked APT group Turla has used a previously undocumented malware toolset, named Crutch, in cyberespionage campaigns aimed at high-profile targets, including the Ministry of Foreign Affairs of a European Union country. The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has been active […] | Malware | ||
|
2020-11-30 21:18:38 | Exploring malware to bypass DNA screening and lead to \'biohacking\' attacks (lien direct) | Boffins from the Ben-Gurion University of the Negev described a new cyberattack on DNA scientists that could open to biological warfare. A team of researchers from the Ben-Gurion University of the Negev described a new cyberattack on DNA scientists that could open to biological warfare. Scientists play a crucial role in modern society, especially during […] | Malware | ||
|
2020-11-29 12:15:37 | (Déjà vu) Sopra Steria estimates financial Impact of ransomware attack could reach €50 Million (lien direct) | IT services provider Sopra Steria estimates that a recent ransomware attack will have a financial impact ranging between €40M and €50M. At the end of October, French IT outsourcer Sopra Steria has been hit by a ransomware attack. While the company did not reveal the family of malware that infected its systems, local media speculate the involvement […] | Ransomware Malware | ||
|
2020-11-27 14:32:37 | A week later, Manchester United has yet to recover after a cyberattack (lien direct) | Manchester United is still facing problems after the cyber attack that suffered last week, it has yet to fully restore its systems. Last week Manchester United was hit by a sophisticated cyber attack, the attack took place on Friday evening and the football club shut down its systems to prevent the malware from spreading within. […] | Malware | ||
|
2020-11-26 09:12:48 | SSH-backdoor Botnet With \'Research\' Infection Technique (lien direct) | Security expert Tolijan Trajanovski analyzed an SSH-backdoor Botnet that implements an interesting 'Research' infection technique. In a recent tweet, the malware researcher @0xrb shared a list containing URLs of recently captured IoT botnet samples. Among the links, there was an uncommon example, a URL behind a Discord CDN, which as pointed by the IoT malware researcher @_lubiedo, may be difficult […] | Malware | ||
|
2020-11-25 12:09:08 | Watch out, WAPDropper malware could subscribe you to premium services (lien direct) | Researchers spotted a new mobile malware dubbed WAPDropper that subscribes users to legitimate premium-rate services. Security researchers from Check Point have spotted a new malware family dubbed WAPDropper that targets mobile phone users to subscribe them to legitimate premium-rate services. Check Point experts observed the WAPDropper subscribing unaware users to premium services from legitimate telecommunications […] | Malware | ||
|
2020-11-24 16:20:04 | TrickBot operators continue to update their malware to increase resilience to takedown (lien direct) | Following the recent takedown, the TrickBot operators have implemented various improvements to make it more resilient. In October, Microsoft's Defender team, FS-ISAC, ESET, Lumen's Black Lotus Labs, NTT, and Broadcom's cyber-security division Symantec joined the forces and announced a coordinated effort to take down the command and control infrastructure of the infamous TrickBot botnet. Even if Microsoft and its partners have brought down the TrickBot […] | Malware | ||
|
2020-11-23 08:32:23 | Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware (lien direct) | Sonatype's deep dive research allowed to identify a new family of Discord malware called CursedGrabber. Sonatype has discovered more malware in the npm registry which, following our analysis and multiple cyber threat intelligence reports, has led to the discovery of a novel and large scale malware campaign leveraging the open-source ecosystem. The malware called “xpc.js” […] | Malware Threat | ||
|
2020-11-22 11:07:17 | (Déjà vu) Romanians arrested for running underground malware services (lien direct) | Two Romanians arrested for running three malware services Two Romanians have been arrested for running two malware crypter services called CyberSeal and DataProtector, and the CyberScan malware testing service. Romanian police forces have arrested this week two individuals suspected of running two malware crypter services called CyberSeal and DataProtector, and a malware testing service called […] | Malware | ||
|
2020-11-18 15:59:50 | Phishing campaign targets LATAM e-commerce users with Chaes Malware (lien direct) | Experts from Cybereason Nocturnus uncovered an active campaign that targets users of a large e-commerce platform in Latin America with Chaes malware. Cybereason Nocturnus security researchers have identified an active campaign focused on the users of a large e-commerce platform in Latin America. Experts at Cybereason Nocturnus have uncovered an active campaign targeting the users […] | Malware | ||
|
2020-11-16 15:18:44 | Lazarus malware delivered to South Korean users via supply chain attacks (lien direct) | North Korea-linked Lazarus APT group is behind new campaigns against South Korean supply chains that leverage stolen security certificates. Security experts from ESET reported that North-Korea-linked Lazarus APT (aka HIDDEN COBRA) is behind cyber campaigns targeting South Korean supply chains. According to the experts the nation-state actors leverage stolen security certificates from two separate, legitimate South […] | Malware Medical | APT 38 |
To see everything:
Our RSS (filtrered)
