What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-11-16 07:26:44 | New Jupyter information stealer appeared in the threat landscape (lien direct) | Russian-speaking threat actors have been using a piece of malware, dubbed Jupyter malware, to steal information from their victims. Researchers at Morphisec have spotted Russian-speaking threat actors that have been using a piece of .NET infostealer, tracked as Jupyter, to steal information from their victims. The Jupyter malware is able to collect data from multiple […] | Malware Threat | ||
|
2020-11-14 18:22:37 | Schneider Electric published a security advisory on Drovorub Linux Malware (lien direct) | Schneider Electric is warning customers of the Drovorub Linux malware that was also analyzed recently by the NSA and the FBI. Schneider Electric published a security bulletin to warn customers of the Drovorub Linux malware, the malware was analyzed in a joint alert published in August by NSA and the FBI. According to the US […] | Malware | ||
|
2020-11-13 23:40:48 | New TroubleGrabber malware targets Discord users (lien direct) | TroubleGrabber is a recently discovered credential stealer that spreads via Discord attachments and uses Discord webhooks to exfiltrate data Netskope security researchers have spotted a new credential stealer dubbed TroubleGrabber that spreads via Discord attachments and uses Discord webhooks to transfer stolen data to its operators. The malware the same functionalities used by other malware that target […] | Malware | ||
|
2020-11-12 15:37:23 | Costaricto APT: Cyber mercenaries use previously undocumented malware (lien direct) | CostaRicto APT is targeting South Asian financial institutions and global entertainment companies with undocumented malware. Blackberry researchers have documented the activity of a hackers-for-hire group, dubbed CostaRicto, that has been spotted using a previously undocumented piece of malware to target South Asian financial institutions and global entertainment companies. “During the past six months, the BlackBerry Research […] | Malware | ||
|
2020-11-12 12:00:48 | New modular ModPipe POS Malware targets restaurants and hospitality sectors (lien direct) | Cybersecurity researchers spotted a new modular PoS malware, dubbed ModPipe, that targets PoS restaurant management software from Oracle. ESET researchers discovered a new modular backdoor, dubbed ModPipe, that was designed to target PoS systems running ORACLE MICROS Restaurant Enterprise Series (RES) 3700, which is a management suite widely used in restaurant and hospitality sectors. The backdoor outstands […] | Malware | ||
|
2020-11-06 13:03:54 | (Déjà vu) Threat Report Portugal: Q3 2020 (lien direct) | Threat Report Portugal Q3 2020: Data related to Phishing and malware attacks based on the Portuguese Abuse Open Feed 0xSI_f33d. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and also has a strong contribution from […] | Malware Threat | ||
|
2020-11-04 17:06:18 | REvil Ransomware member win the auction for KPot stealer source code (lien direct) | The source code for the KPot information stealer was put up for auction and the REvil ransomware operators want to acquire it. The authors of KPot information stealer have put its source code up for auction, and the REvil ransomware operators will likely be the only group to bid. KPOT Stealer is a “stealer” malware […] | Ransomware Malware | ||
|
2020-11-02 16:40:03 | North Korea-Linked APT Group Kimsuky spotted using new malware (lien direct) | North Korea-linked APT group Kimsuky was recently spotted using a new piece of malware in attacks on government agencies and human rights activists. North Korea-linked cyber espionage group Kimsuky (aka Black Banshee, Thallium, Velvet Chollima) was recently observed using a new malware in attacks aimed at government agencies and human rights activists. The Kimsuky APT […] | Malware Cloud | APT 37 | |
|
2020-11-01 11:26:11 | Security Affairs newsletter Round 287 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. HPE addresses critical auth bypass issue in SSMC console Is the Abaddon RAT the first malware using Discord as C&C? New Emotet attacks use a new template urging recipients to […] | Malware | ||
|
2020-10-31 16:39:09 | Emotet operators are running Halloween-themed campaigns (lien direct) | Crooks behind Emotet malware attempt to take advantage of the Halloween festivity, a new campaign could invite you to a Halloween party. Threat actors are attempting to take advantage of the Halloween festivities, a recent Emotet malware campaign spotted by BleepingComputer employed spam emails that invite recipients to a Halloween party. The Emotet banking trojan has […] | Spam Malware Threat | ||
|
2020-10-29 21:59:29 | US Cyber Command details implants used in attacks on parliaments and embassies (lien direct) | US Cyber Command published technical details on malware implants used by Russia-linked APTs on multiple parliaments, embassies US Cyber Command shared technical details about malware implants employed by Russian hacking groups in attacks against multiple ministries of foreign affairs, national parliaments, and embassies. Experts from the US Cyber Command’s Cyber National Mission Force (CNMF) unit […] | Malware | ||
|
2020-10-28 08:46:36 | Steelcase office furniture giant hit by Ryuk ransomware attack (lien direct) | Office furniture company Steelcase was hit by Ryuk ransomware attack that forced it to shut down its network to avoid the malware from spreading. Steelcase is a US-based furniture company that produces office furniture, architectural and technology products for office environments and the education, health care and retail industries. It is the largest office furniture […] | Ransomware Malware | ||
|
2020-10-25 15:38:52 | Is the Abaddon RAT the first malware using Discord as C&C? (lien direct) | Abaddon is the first RAT that uses the freeware instant messaging and VoIP app and digital distribution platform Discord as a command & control server. Researchers from MalwareHunterTeam have spotted a new piece of remote access trojan (RAT) dubbed ‘Abaddon’ that is likely the first malware using the Discord platform as command and control. The […] | Malware | ||
|
2020-10-24 11:30:22 | (Déjà vu) US Treasury imposes sanctions on a Russian research institute behind Triton malware (lien direct) | US Treasury Department announced sanctions against Russia’s Central Scientific Research Institute of Chemistry and Mechanics behind Triton malware. The US Treasury Department announced sanctions against a Russian research institute for its alleged role in the development of the Triton malware. “Today, the Department of the Treasury's Office of Foreign Assets Control (OFAC) designated, pursuant to […] | Malware | ||
|
2020-10-23 18:20:39 | Sopra Steria hit by the Ryuk ransomware gang (lien direct) | French IT outsourcer Sopra Steria hit by ‘cyberattack’, Ryuk ransomware suspected French IT outsourcer Sopra Steria has been hit by a ransomware attack, while the company did not reveal the family of malware that infected its systems, local media speculate the involvement of the Ryuk ransomware. “A cyber attack was detected on the Sopra Steria […] | Ransomware Malware | ||
|
2020-10-19 22:28:09 | GravityRAT malware also targets Android and macOS (lien direct) | Researchers spotted new variants of the Windows GravityRAT spyware that now can also infect Android and macOS devices. Researchers from Kaspersky Lab have spotted new variants of the GravityRAT malware that now can be also used to infect Android and macOS devices. GravityRAT is a malware strain known for checking the CPU temperature of Windows computers […] | Malware | ||
|
2020-10-19 09:41:19 | New Emotet campaign uses a new \'Windows Update\' attachment (lien direct) | After a short pause, a new Emotet malware campaign was spotted by the experts on October 14th, crooks began using a new ‘Windows Update’ attachment. After a short interruption, a new Emotet malware campaign was spotted by the experts in October. Threat actors began using new Windows Update attachments in a spam campaign aimed at […] | Spam Malware Threat | ||
|
2020-10-18 09:08:52 | QQAAZZ crime gang charged for laundering money stolen by malware gangs (lien direct) | Multiple members of QQAAZZ multinational cybercriminal gang were charged for providing money-laundering services to high-profile malware operations. 20 members of the multinational cybercriminal group QQAAZZ were charged this week in the US, Portugal, Spain, and the UK for providing money-laundering services. The arrests are the result of an unprecedented international law enforcement operation, coordinated by […] | Malware | ||
|
2020-10-10 15:52:40 | Google enhances malware protection for accounts enrolled in Advanced Protection Program (APP) (lien direct) | Google improves malware protection for Google Chrome users who are covered by the company’s Advanced Protection Program (APP). The Advanced Protection Program aims at protecting users with high visibility and sensitive information (i.e. activists, journalists, and political parties), who are exposed to the risk of targeted attacks. Google announced an improved malware protection. In March, Google […] | Malware | ||
|
2020-10-05 21:47:58 | Second-ever UEFI rootkit used in North Korea-themed attacks (lien direct) | A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. Researchers from Kaspersky have spotted a UEFI malware that was involved in attacks on organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four […] | Malware Threat | ||
|
2020-10-05 11:10:54 | SLOTHFULMEDIA RAT, a new weapon in the arsenal of a sophisticated threat actor (lien direct) | U.S. DoD and the DHS CISA agency published a malware analysis report for a new malware variant tracked as SLOTHFULMEDIA The U.S. Department of Defense's Cyber National Mission Force (CNMF) and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) have published a malware analysis report that provides technical details of a new […] | Malware Threat | ||
|
2020-10-03 17:00:34 | SILENTFADE a long-running malware campaign targeted Facebook AD platform (lien direct) | Facebook shared details about a long-running ad-fraud campaign that's been ongoing since 2016 targeting Facebook users with SilentFade malware. Facebook detailed an ad-fraud cyberattack that's been ongoing since 2016, crooks are using a malware tracked as SilentFade (short for “Silently running Facebook Ads with Exploits”) to steal Facebook credentials and browser cookies. The social network […] | Malware | ||
|
2020-09-29 07:15:18 | Maritime transport and logistics giant CMA CGM hit with ransomware (lien direct) | The French maritime transport and logistics giant CMA CGM S.A. revealed it was the victim of a malware attack that affecting some servers on its network. CMA CGM S.A., a French maritime transport and logistics giant, revealed that a malware attack affected some servers on its network. The company is present in over 160 countries through 755 […] | Ransomware Malware | ||
|
2020-09-27 13:33:55 | Google removes 17 Joker -infected apps from the Play Store (lien direct) | Google removed this week 17 Android apps from its Play Store because they were infected with the Joker (aka Bread) malware, Zscaler revealed. Security researchers from Zscaler spotter 17 apps in the Play Store that were infected with the Joker (Bread) malware. The Joker malware is a malicious code camouflaged as a system app and […] | Malware | ||
|
2020-09-25 07:36:12 | Polish police shut down major group of hackers in the country (lien direct) | Polish police dismantled a major group of hackers that was behind several criminal activities, including ransomware attacks, and banking fraud. Polish authorities have dismantled a major hacker group that was involved in multiple cybercrime activities, including ransomware attacks, malware distribution, SIM swapping, banking fraud, running rogue online stores, and even making bomb threats at the […] | Ransomware Malware | ||
|
2020-09-24 17:39:15 | Alien Android banking Trojan, the powerful successor of the Cerberus malware (lien direct) | Security researchers spotted a new strain of Android malware, dubbed Alien, that implements multiple features allowing it to steal credentials from 226 apps. Researchers from ThreatFabric have discovered and analyzed a new strain of Android malware, tracked as Alien, that implements multiple features allowing it to steal credentials from 226 applications. Alien first appeared in […] | Malware | ||
|
2020-09-22 22:21:06 | (Déjà vu) CISA\'s advisory warns of notable increase in LokiBot malware (lien direct) | US Cybersecurity and Infrastructure Security Agency (CISA) is warning of a notable increase in the use of LokiBot malware by threat actors since July 2020. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new security advisory warning federal agencies and the private sector of a surge in the attacks employing the LokiBot […] | Malware Threat | ||
|
2020-09-18 17:47:35 | Rampant Kitten \'s arsenal includes Android malware that bypasses 2FA (lien direct) | Security researchers discovered Android malware capable of bypassing 2FA that was developed by an Iran-linked group dubbed Rampant Kitten Security researchers from Check Point discovered an Android malware, developed by an Iran-linked group dubbed Rampant Kitten, that is able to bypass 2FA. Rampant Kitten has been active at least since 2014 and was involved in […] | Malware | ||
|
2020-09-17 21:30:19 | Maze ransomware uses Ragnar Locker virtual machine technique (lien direct) | The Maze ransomware operators now use a virtual machine to encrypt a computer, a tactic previously adopted by the Ragnar Locker malware. The Maze ransomware operators have adopted a new tactic to evade detection, their malware now encrypts a computer from within a virtual machine. This technique was first adopted by Ragnar Locker gang in […] | Ransomware Malware | ||
|
2020-09-16 22:36:00 | Source code of Cerberus banking Trojan leaked on underground forums (lien direct) | The source code of the infamous Cerberus banking Trojan has been released for free on underground hacking forums following a failed auction. The author of the Cerberus banking Trojan has released the source code of the malware on underground hacking forums following a failed auction. In July, the authors of the notorious Cerberus Android banking trojan auctioned […] | Malware | ||
|
2020-09-16 12:42:20 | US CISA report shares details on web shells used by Iranian hackers (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a malware analysis report (MAR) that includes technical details about web shells employed by Iranian hackers. A web shell is a code, often written in typical web development programming languages (e.g., ASP, PHP, JSP), that attackers implant on web servers to gain remote access and code […] | Malware | ||
|
2020-09-16 09:23:47 | New MrbMiner malware infected thousands of MSSQL DBs (lien direct) | A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. According to security firm Tencent, the team of […] | Malware Threat | ||
|
2020-09-10 15:34:29 | CDRThief Linux malware steals VoIP metadata from Linux softswitches (lien direct) | ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). Security experts from ESET discovered a new piece of malware, tracked as CDRThief, that targets the Linux VoIP platform, Linknat VOS2009/3000 softswitches, to steal call data records (CDR) from telephone exchange equipment. […] | Malware | ||
|
2020-09-07 13:55:42 | Russian national indicted for attempting to recruit Tesla employee to install malware (lien direct) | US authorities have indicted a Russian national for conspiring to recruit a Tesla employee to install malware onto the company's infrastructure. Russian national Egor Igorevich Kriuchkov (27) has been indicted in the United States for conspiring to recruit a Tesla employee to install malware onto the company's network. In August, US authorities arrested the Russian […] | Malware | ||
|
2020-09-07 08:01:05 | Epic Manchego gang uses Excel docs that avoid detection (lien direct) | A recently discovered cybercrime gang, tracked as Epic Manchego, is using a new technique to create weaponized Excel files that are able to bypass security checks Security experts from NVISO Labs recently spotted the activity of a new malware gang, tracked as Epic Manchego, that is actively targeting companies across the world with phishing emails since […] | Malware | ||
|
2020-09-04 06:41:26 | Evilnum APT used Python-based RAT PyVil in recent attacks (lien direct) | The Evilnum APT group has added a new weapon to its arsenal, it is a Python-based spy RAT, dubbed PyVil, designed to target FinTech organizations. The Evilnum APT group was first spotted in 2018 while using the homonym malware. Over the years, the group added new tools to its arsenal, including custom and homemade malware […] | Malware | ||
|
2020-09-02 12:39:34 | (Déjà vu) New KryptoCibule Windows Trojan spreads via malicious torrents (lien direct) | Experts warn of the KryptoCibule Windows malware that has been active since late 2018 and has targeted users in the Czech Republic and Slovakia. Security researchers from ESET have shared technical detailts of a new piece of Windows malware tracked as KryptoCibule. The malware has been active since at least December 2018, it targets cryptocurrency […] | Malware | ||
|
2020-08-30 11:29:55 | Security Affairs newsletter Round 279 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. A Google Drive weakness could allow attackers to serve malware Adobe released open- source tool Stringlifier to identify randomly generated strings Canadian delivery company Canpar Express suffered a ransomware attack […] | Ransomware Malware Tool | ||
|
2020-08-28 12:08:28 | (Déjà vu) Elon Musk confirms that Russian hackers tried to recruit Tesla employee to plant a malware (lien direct) | Elon Musk confirmed that Russian hackers attempted to recruit an employee to install malware into the network of electric car maker Tesla. Recently US authorities arrested the Russian national Egor Igorevich Kriuchkov (27) after attempting to recruit an employee at a targeted company to plant a piece of malware. The man was arrested on August […] | Malware | ||
|
2020-08-28 09:06:47 | Lemon_Duck cryptomining malware evolves to target Linux devices (lien direct) | A new variant of the infamous Lemon_Duck cryptomining malware has been updated to targets Linux devices. Security researchers from Sophos have spotted a new variant of the Lemon_Duck cryptomining malware that has been updated to compromise Linux machines via SSH brute force attacks. The new variant also exploits SMBGhost bug in Windows systems, and is also able to target servers running Redis […] | Malware | ||
|
2020-08-27 17:42:00 | Anubis, a new info-stealing malware spreads in the wild (lien direct) | Microsoft warned of a recently uncovered piece of malware, tracked as Anubis that was designed to steal information from infected systems. This week, Microsoft warned of a recently uncovered piece of malware, tracked as Anubis, that was distributed in the wild to steal information from infected systems. Anubis is the name of an Android malware […] | Malware | ||
|
2020-08-26 23:40:16 | FBI arrested a Russian national for recruiting employee of US firm to plant malware (lien direct) | FBI authorities arrested a Russian national in the U.S. after attempting to recruit an employee at a targeted company to plant a malware. US authorities arrested the Russian national Egor Igorevich Kriuchkov (27) after attempting to recruit an employee at a targeted company to plant a piece of malware. The man was arrested on August […] | Malware | ||
|
2020-08-26 14:21:41 | Hackers for hire group target organizations via 3ds Max exploit (lien direct) | Experts discovered a new hacker hacker-for-hire group that is targeting organizations worldwide with malware hidden inside malicious 3Ds Max plugins. Security researchers from Bitdefender discovered a new hacker group that is currently targeting companies across the world with malware hidden inside malicious 3Ds Max plugins. Autodesk 3ds Max, formerly 3D Studio and 3D Studio Max, […] | Malware | ||
|
2020-08-23 14:56:11 | A Google Drive weakness could allow attackers to serve malware (lien direct) | A bug in Google Drive could be exploited by threat actors to distribute malicious files disguised as legitimate documents or images. An unpatched weakness in Google Drive could be exploited by threat actors to distribute weaponized files disguised as legitimate documents or images. enabling bad actors to perform spear-phishing attacks comparatively with a high success […] | Malware Threat | ||
|
2020-08-20 06:50:46 | (Déjà vu) CISA\'s MAR warns of North Korean BLINDINGCAN RAT (lien direct) | US CISA published an alert related to a new North Korean malware, dubbed BLINDINGCAN, used in attacks on the US defense and aerospace sectors. The US Cybersecurity and Infrastructure Security Agency (CISA) has published a Malware Analysis Report (MAR) that includes technical details about a new strain of malware, tracked as BLINDINGCAN, that was attributed […] | Malware | ||
|
2020-08-18 07:01:12 | TeamTNT is the first cryptomining bot that steals AWS credentials (lien direct) | Security researchers have discovered a new crypto-minining botnet, dubbed TeamTNT, that is able to steal AWS credentials from infected servers. Security firm Cado Security reported that the TeamTNT botnet is the first one that is able to scan and steal AWS credentials. The TeamTNT botnet is a crypto-mining malware operation that has been active since […] | Malware | ||
|
2020-08-15 17:56:03 | Emotet malware employed in fresh COVID19-themed spam campaign (lien direct) | The Emotet malware has begun to spam COVID19-themed emails to U.S. businesses after not being active for most of the USA pandemic. The infamous Emotet malware is back, operators have begun to spam COVID-19 themed emails to the U.S. businesses. Early this year, the Emotet malware was employed in spam COVID19-themed campaigns that targeted those countries that were […] | Spam Malware | ||
|
2020-08-15 07:04:49 | XCSSET Mac spyware spreads via Xcode Projects (lien direct) | A new Mac malware, tracked as XCSSET, spreads through Xcode projects and exploits two zero-day vulnerabilities, experts warn. XCSSET is a new Mac malware that spreads through Xcode projects and exploits two zero-day vulnerabilities to steal sensitive information from target systems and launch ransomware attacks. The first zero-day issue is used to steal cookies via […] | Ransomware Malware | ||
|
2020-08-13 18:07:18 | FBI and NSA joint report details APT28\'s Linux malware Drovorub (lien direct) | The FBI and NSA issue joint alert related to new Linux malware dubbed Drovorub that has been used by the Russia-linked APT28 group. The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub, allegedly employed by Russia-linked the APT28 group. The name […] | Malware | APT 28 | |
|
2020-08-04 15:14:01 | US govt agencies share details of the China-linked espionage malware Taidoor (lien direct) | China-linked hackers carried out cyber espionage campaigns targeting governments, corporations, and think tanks with TAIDOOR malware The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense (DoD) released information on a RAT variant, dubbed TAIDOOR, used by China-linked hackers in cyber espionage campaigns targeting governments, corporations, and think tanks. “The Cybersecurity and Infrastructure Security […] | Malware |
To see everything:
Our RSS (filtrered)
