What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-08-04 08:47:46 | NetWalker ransomware operators have made $25 million since March 2020 (lien direct) | NetWalker ransomware operators continue to be very active, according to McAfee the cybercrime gang has earned more than $25 million since March 2020. McAfee researchers believe that the NetWalker ransomware operators continue to be very active, the gang is believed to have earned more than $25 million since March 2020. The malware has been active […] | Ransomware Malware | ||
|
2020-08-02 11:13:54 | Security Affairs newsletter Round 275 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Records for 7.5 million users of the digital banking app Dave leaked online REMnux 7, a Linux toolkit for malware analysts released FBI warns cyber actors abusing protocols as new […] | Malware | ||
|
2020-08-02 09:27:21 | QNAP urges users to update Malware Remover after QSnatch joint alert (lien direct) | The Taiwanese vendor QNAP urges its users to update the Malware Remover app following the alert on the QSnatch malware. The Taiwanese company QNAP is urging its users to update the Malware Remover app to prevent NAS devices from being infected by the QSnatch malware. This week, the United States Cybersecurity and Infrastructure Security Agency […] | Malware | ★★★ | |
|
2020-08-01 18:55:13 | (Déjà vu) The author of FastPOS PoS malware pleads guilty (lien direct) | A 30-year-old Moldovan man pleaded guilty this week for creating the FastPOS malware that infected PoS systems worldwide. The Moldovan citizen Valerian Chiochiu (30), aka Onassis, pleaded guilty on Friday for creating the infamous FastPOS Point-of-Sale (POS) malware. Chiochiu was a member of the Infraud global cybercrime organization involved in stealing and selling credit card […] | Malware Guideline | ||
|
2020-07-30 05:49:32 | BootHole issue allows installing a stealthy and persistent malware (lien direct) | Billions of Windows and Linux devices are affected by a serious GRUB2 bootloader issue, dubbed BootHole, that can be exploited to install a stealthy malware. Billions of Windows and Linux devices are affected by a serious GRUB2 bootloader vulnerability, tracked as CVE-2020-10713 and dubbed BootHole, which can be exploited by attackers to install persistent and stealthy […] | Malware | ||
|
2020-07-28 09:03:28 | QSnatch malware infected over 62,000 QNAP NAS Devices (lien direct) | US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom's National Cyber Security Centre (NCSC) issued a joint advisory about a massive ongoing campaign spreading the QSnatch data-stealing malware. The malicious code […] | Malware | ||
|
2020-07-26 13:53:45 | REMnux 7, a Linux toolkit for malware analysts released (lien direct) | A new version of the REMnux Linux toolkit for malware analysts is available for download, it includes a huge set of tools for professionals. REMnux is a Linux toolkit for reverse-engineering and dissecting software, it includes a collection of free tools created by the community that allows researchers to investigate malware. The toolkit was first […] | Malware | ||
|
2020-07-23 14:46:05 | New MATA Multi-platform malware framework linked to NK Lazarus APT (lien direct) | North Korea-linked Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA, to target entities worldwide The notorious Lazarus Group is using a new multi-platform malware framework, dubbed MATA, in attacks aimed at organizations worldwide, to deploy Kaspersky researchers observed that MATA was used by the threat actors to distribute ransomware (i.e. VHD […] | Ransomware Malware Threat Medical | APT 38 | |
|
2020-07-20 06:19:36 | Tedrade banking malware families target users worldwide (lien direct) | The Tetrade term coined by Kaspersky experts to refer four large banking trojan families developed and spread by Brazilian crooks worldwide. Cybersecurity researchers from Kaspersky Lab have detailed four different families of Brazilian banking trojans, tracked as Tetrade, that have targeted financial institutions in Brazil, Latin America, and Europe. The four malware families are named Guildma, Javali, […] | Malware | ||
|
2020-07-19 10:38:27 | Security Affairs newsletter Round 273 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Google updates policies to ban any ads for surveillance solutions and services Hacker claims to have breached Night Lion security firm Malware campaign attempts to evade analysis with Any.Run sandbox […] | Malware | ||
|
2020-07-17 06:02:07 | New Android BlackRock malware targets hundreds of apps (lien direct) | Researchers spotted a new Android banking trojan dubbed BlackRock malware that steals credentials and credit card data from hundreds of apps. Security experts from ThreatFabric have discovered a new Android banking trojan dubbed BlackRock that steals credentials and credit card data from a list of 337 apps. The BlackRock malware borrows the code from the […] | Malware | ||
|
2020-07-15 11:32:10 | GoldenHelper, a new malware delivered via Chinese tax software (lien direct) | Security researchers discovered another malware family delivered through tax software that some businesses operating in China are required to install. Security researchers at Trustwave have discovered another malware family delivered through tax software that Chinese banks require companies operating in the country to install. At the end of June, the same team of experts spotted […] | Malware | ||
|
2020-07-14 08:10:25 | New Mirai variant includes exploit for a flaw in Comtrend Routers (lien direct) | Researchers spotted a new version of the Mirai IoT botnet that includes an exploit for a vulnerability affecting Comtrend routers. Malware researchers at Trend Micro have discovered a new version of the Mirai Internet of Things (IoT) botnet that includes an exploit for the CVE-2020-10173 vulnerability impacting Comtrend routers. The Mirai botnet was first discovered in August 2016 by […] | Malware Vulnerability | ||
|
2020-07-13 11:58:22 | Malware campaign attempts to evade analysis with Any.Run sandbox (lien direct) | Malware authors are implementing the capability to check if their malicious code is running in the Any.Run malware analysis service. Vxers are implementing the capability to check if their malware is running in the Any.Run interactive online malware sandbox to prevent them from being analyzed by experts. Every time malware is uploaded to the platform, […] | Malware | ||
|
2020-07-11 04:45:03 | Evilnum Group targets European and British fintech companies (lien direct) | A threat actor tracked as Evilnum targeted financial technology companies, mainly the British and European ones, ESET researchers reported. Evilnum threat actor was first spotted in 2018 while using the homonym malware. Over the years, the group added new tools to its arsenal, including custom and homemade malware along with software purchased from the Golden […] | Malware Threat | ||
|
2020-07-10 06:29:10 | Pre-Installed malware spotted on other Android phones sold in US (lien direct) | Researchers from Malwarebytes have found yet another phone with pre-installed malware via the Lifeline Assistance program sold in the United States. Researchers at Malwarebytes have found malware pre-installed on smartphones sold in the United States, this is the second time as documented in a report published in January. In January, Malwarebytes researchers discovered that the […] | Malware | ||
|
2020-07-09 18:27:47 | Joker malware apps bypassed Google\'s Play Store security checks (lien direct) | Check Point research discovered that the Joker (aka Bread) Android malware once again has bypassed protections implemented by Google for its Play Store. Researchers from security firm Check Point discovered samples of the Joker (aka Bread) malware were uploaded on the official Play Store bypassing protections implemented by Google for its users. “Check Point's researchers […] | Malware | ||
|
2020-07-08 07:16:33 | (Déjà vu) SentinelOne released free decryptor for ThiefQuest ransomware (lien direct) | Good news for the victims of the ThiefQuest (EvilQuest) ransomware, they can recover their encrypted files for free. The victims of the ThiefQuest (EvilQuest) ransomware victims can recover their encrypted files without needing to pay the ransom due to the availability of a free decryptor. Early July, security expert K7 Lab malware researcher Dinesh Devadoss […] | Ransomware Malware | ||
|
2020-07-07 20:09:22 | New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader (lien direct) | Expert spotted a new release of the Lampion trojan banker that was launched with fresh improvements in the way the malware loader operated. A new release of the Lampion trojan banker was launched with fresh improvements in the way the malware loader – the initial VBS file – is operating. The recent wave has been […] | Malware | ★★ | |
|
2020-07-07 19:37:54 | Project Freta, a free service that allows finding malware in OS memory snapshots (lien direct) | Microsoft launched Project Freta, a free service that allows users to find malware, including rootkit, in operating system memory snapshots. Microsoft has unveiled a new project, dubbed Project Freta, for the discovery of malicious code in operating system memory snapshots. The Project Freta is a cloud-based service that allows users to collect forensic evidence of attacks […] | Malware | ★★★★★ | |
|
2020-07-05 13:00:23 | Security Affairs newsletter Round 271 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Asian media firm E27 hacked, attackers asked for a donation Australian ACSC 's report confirms the use of Chinese malware in recent attacks Magento 1.x EOL is set on June […] | Malware | ||
|
2020-07-04 14:37:27 | Try2Cry ransomware implements wormable capability to infect other Windows systems (lien direct) | A new piece of ransomware dubbed Try2Cry leverages infected USB flash drives and Windows shortcuts (LNK files) to infect other Windows systems. A new ransomware dubbed Try2Cry implements wormable capabilities to infect other Windows systems by using USB flash drives or Windows shortcuts (LNK files). The Try2Cry ransomware was discovered by the malware researcher Karsten Hahn while analyzing an unidentified malware sample. The expert was […] | Ransomware Malware | ||
|
2020-06-29 10:37:06 | Chinese tax software bundled with GoldenSpy backdoor targets western companies (lien direct) | A new malware dubbed GoldenSpy is being distributed embedded in tax payment software that some businesses operating in China are required to install. GoldenSpy is a new backdoor that is being distributed embedded in tax payment software (the Aisino Intelligent tax software) that some businesses operating in China are required to install. The campaign is […] | Malware | ||
|
2020-06-28 18:12:25 | Australian ACSC \'s report confirms the use of Chinese malware in recent attacks (lien direct) | Australian ACSC published a detailed report on the techniques, tactics, and procedures associated with the threat actor that targeted organizations in the country. Recently, Australia 's prime minister Scott Morrison revealed that a “state-based actor” is targeting government, public services, and businesses. Warning Australians of “specific risks” and an increased frequency of attacks, the Australian […] | Malware Threat | ||
|
2020-06-28 10:58:26 | Security Affairs newsletter Round 270 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. 230k+ Indonesian COVID-19 patients records for sale in the Darkweb COVID-19 themed attacks are just a small percentage of the overall threats New Shlayer Mac malware spreads via poisoned search […] | Malware | ||
|
2020-06-21 13:47:41 | New Shlayer Mac malware spreads via poisoned search engine results (lien direct) | Shlayer Mac malware is back, the Mac threat is now spreading through new black SEO operations. Researchers spotted a new version of the Shlayer Mac malware that is spreading via poisoned Google search results. Researchers at security firm Intego observed the new variant being spread masqueraded as a fake Adobe Flash Player installer (.DMG disk […] | Malware Threat | ||
|
2020-06-21 09:35:08 | COVID-19 themed attacks are just a small percentage of the overall threats (lien direct) | Threat actors adapted their tactics to exploit the interest in the ongoing COVID-19 pandemic, Microsoft says. Since the beginning of the COVID-19 pandemic, threat actors started to actively deploy opportunistic campaigns using Coronavirus lures. Anyway, Microsoft says that malware attacks that abused the COVID-19 theme only had a temporary effect on the total volume of […] | Malware Threat | ||
|
2020-06-13 16:42:19 | TroyStealer – A new info stealer targeting Portuguese Internet users (lien direct) | One of the most recent threats is the info stealer TroyStealer, first shared by Abuse.ch on Twitter, and targeting Portuguese users. The world of cybercrime is changing, and more and more malware variants have spread every day. To keep your system safe, one of the things you can do is following a cyber doctrine focused on […] | Malware | ||
|
2020-06-13 12:41:17 | COVID-19 themed attacks increase in Brazil, India, and UK (lien direct) | Threat actors continue to use COVID-19 lures, Google is reporting an increase in Coronavirus-themed phishing attempts in Brazil, India, and the UK. While Coronavirus spreads on a global scale, threat actors continues to use COVID-19 lures, in April Google announced that the Gmail malware scanners have blocked around 18 million phishing and malware emails using […] | Malware Threat | ||
|
2020-06-12 13:59:06 | Gamaredon group uses a new Outlook tool to spread malware (lien direct) | Russia-linked Gamaredon APT use a new module for Microsoft Outlook that creates custom emails with malicious documents and sends them to a victim’s contacts. Reseaerchers from ESET reported that Russia-linked Gamaredon APT has a new tool in its arsenal, it is a module for Microsoft Outlook that creates custom emails with malicious documents and sends […] | Malware Tool | ||
|
2020-06-12 10:05:12 | (Déjà vu) City of Knoxville shuts down IT network after ransomware attack (lien direct) | A ransomware attack that targeted the offices of the City of Knoxville, Tennessee, forced to shut down its entire computer network. The city of Knoxville, Tennessee, has shut down its computer network following a ransomware attack. The attack took place in the night between June 10 and June 11, the malware encrypted multiple systems in the […] | Ransomware Malware | ||
|
2020-06-08 07:31:50 | Stealthworker botnet targets Windows and Linux servers (lien direct) | Researchers uncovered a malware campaign that is targeting Windows and Linux servers with a Golang-based malicious code called Stealthworker. Akamai researchers uncovered a malware campaign spreading a Golang-based malicious code tracked as Stealthworker. The malware targets Windows and Linux servers running popular web services and platforms including (i.e. cPanel / WHM, WordPress, Drupal, Joomla, OpenCart, Magento, […] | Malware | ||
|
2020-06-05 18:24:49 | New Cyber Operation Targets Italy: Digging Into the Netwire Attack Chain (lien direct) | ZLab malware researchers analyzed the attack chain used to infect Italian speaking victims with the Netwire malware. Introduction Info stealer malware confirms to be one of the most adopted weapons of cyber actors. One of them is Netwire (MITRE S0198), a multiplatform remote administration tool (RAT) that has been used by criminals and espionage groups […] | Malware Tool | ||
|
2020-05-29 12:22:52 | Octopus Scanner Malware: open source supply chain attack via NetBeans projects on GitHub (lien direct) | GitHub has issued a security alert warning of a malware campaign that is spreading on its platform via boobytrapped NetBeans Java projects. GitHub has issued a security alert warning of a piece of malware dubbed Octopus Scanner that is spreading on its platform via boobytrapped NetBeans Java projects. GitHub’s security team discovered the malicious code […] | Malware | ||
|
2020-05-28 10:21:12 | Valak a sophisticated malware that completely changed in 6 months (lien direct) | Valak malware has rapidly changed over the past six months, it was initially designed as a loader, but now it implemented infostealer capabilities. The Valak malware completely changed over the past six months, it was first developed to act as a loader, but now it implements also infostealer capabilities. The malicious code fist appeared in […] | Malware | ||
|
2020-05-28 07:51:22 | Ke3chang hacking group adds new Ketrum malware to its arsenal (lien direct) | The Ke3chang hacking group added a new malware dubbed Ketrum to its arsenal, it borrows portions of code and features from older backdoors. The Ke3chang hacking group (aka APT15, Vixen Panda, Playful Dragon, and Royal APT) has developed new malware dubbed Ketrum by borrowing parts of the source code and features from their older Ketrican and […] | Malware | APT 15 APT 25 | |
|
2020-05-27 19:27:33 | Grandoreiro Malware implements new features in Q2 2020 (lien direct) | The updated Grandoreiro Malware equipped with latenbot-C2 features in Q2 2020 now extended to Portuguese banks Grandoreiro is a Latin American banking trojan targeting Brazil, Mexico, Spain, Peru, and has now extended to Portugal. Cybercriminals attempt to compromise computers to generate revenue by exfiltrating information from victims' devices, typically banking-related information. During April and May 2020, a […] | Malware | ||
|
2020-05-26 13:22:51 | New Turla ComRAT backdoor uses Gmail for Command and Control (lien direct) | Researchers uncovered a new advanced variant of Turla’s ComRAT backdoor that leverages Gmail’s web interface as C2 infrastructure. Cybersecurity researchers discovered a new version of the ComRAT backdoor, also known as Agent.BTZ, which is a malware that was employed in past campaigns attributed to the Turla APT group. Earlier versions of Agent.BTZ were used to […] | Malware | ||
|
2020-05-22 07:54:55 | Winnti uses a new PipeMon backdoor in attacks aimed at the gaming industry (lien direct) | The Winnti hacking group continues to target gaming industry, recently it used a new malware named PipeMon and a new method to achieve persistence. Winnti hacking group is using a new malware dubbed PipeMon and a novel method to achieve persistence in attacks aimed at video game companies. The Winnti group was first spotted by Kaspersky […] | Malware | ||
|
2020-05-21 13:55:54 | Tens of thousands Israeli websites defaced (lien direct) | Thousands of Israeli websites have been defaced earlier today, hackers published an anti-Israeli message on their homepage and attempted to implant malicious code. A massive hacking campaign defaced thousands of Israeli websites, attackers published an anti-Israeli message on their homepage and attempted to inject a malware seeking permission to access visitors’ webcams. “Be ready for […] | Malware | ||
|
2020-05-18 17:02:25 | Texas Department of Transportation (TxDOT) hit by a ransomware attack (lien direct) | A new ransomware attack hit the Texas government, the malware this time infected systems at the state's Department of Transportation (TxDOT). The Texas government suffered two ransomware attacks in a few weeks, the first one took place on May 8, 2020 and infected systems at the Texas court. Now ransomware has infected malware the systems […] | Ransomware Malware | ||
|
2020-05-16 09:15:10 | QNodeService Trojan spreads via fake COVID-19 tax relief (lien direct) | Experts spotted a new malware dubbed QNodeService that was involved in Coronavirus-themed phishing campaign, crooks promise victims COVID-19 tax relief. Researchers uncovered a new malware dubbed QNodeService that was employed in a Coronavirus-themed phishing campaign. The operators behind the campaign use COVID-19 lure promising victims tax relief. The phishing messages use Trojan sample associated with […] | Malware | ||
|
2020-05-15 12:13:46 | Russian APT Turla\'s COMpfun malware uses HTTP status codes to receive commands (lien direct) | Russia-linked cyberespionage group Turla targets diplomatic entities in Europe with a new piece of malware tracked as COMpfun. Security experts from Kaspersky Lab have uncovered a new cyberespionage campaign carried out by Russia-linked APT Turla that employs a new version of the COMpfun malware. The new malware allows attackers to control infected hosts using a […] | Malware | ||
|
2020-05-14 08:26:37 | New Ramsay malware allows exfiltrating files from air-gapped computers (lien direct) | Experts discovered a new strain of malware dubbed Ramsay that can infect air-gapped computers and steal sensitive data, including Word, PDF, and ZIP files. Researchers from security firm ESET discovered a new advanced malware framework named Ramsay that appears to have been designed to infect air-gapped computers and exfiltrate sensitive data. The malicious code collects […] | Malware | ||
|
2020-05-13 06:49:31 | USCYBERCOM shares five new North Korea-linked malware samples (lien direct) | The United States Cyber Command (USCYBERCOM) has uploaded five new North Korean malware samples to VirusTotal. The United States Cyber Command (USCYBERCOM) has shared five new malware samples attributed to the North Korea-linked Lazarus APT, it has uploaded the malicious code to VirusTotal. “On May 12, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the […] | Malware | APT 38 | |
|
2020-05-12 20:58:02 | Trojan Lampion is back after 3 months (lien direct) | Trojan Lampion is back after 3 months. The malware was observed last days with a new obfuscation layer, new C2, and distributed inside an MSI file. Trojan Lampion is a malware observed at the end of the year 2019 impacting Portuguese users using template emails from the Portuguese Government Finance & Tax and EDP. The latest campaigns in Portugal were observed […] | Malware | ||
|
2020-05-11 12:23:39 | STAMINA, a new approach to malware detection by Microsoft, Intel (lien direct) | Microsoft and Intel have devised a new approach to malware detection, dubbed STAMINA, that involves deep learning and the representation of malware as images. STAtic Malware-as-Image Network Analysis (STAMINA) is a new approach to malware detection proposed by Microsoft and Intel. The study is based on a previous work of Intel's researchers on static malware […] | Malware | ||
|
2020-05-11 07:58:49 | Sodinokibi ransomware uses MS API to encrypt open and locked files (lien direct) | Researchers warn of a new feature implemented in the Sodinokibi ransomware, the threat can now encrypt open and locked files. The Sodinokibi ransomware (REvil) continues to evolve, operators implemented a new feature that allows the malware to encrypt victim’s files, even if they are opened and locked by another process. Many applications lock files to prevent […] | Ransomware Malware Threat | ||
|
2020-05-10 15:23:11 | Swiss rail vehicle manufacturer Stadler hit by a malware-based attack (lien direct) | Stadler, a Swiss manufacturer of railway rolling stock disclosed a data breach, hackers attempted to blackmail the company. International rail vehicle manufacturer, Stadler, disclosed a security breach that might have also allowed the attackers to steal company data. Attackers confirmed that attackers compromised the IT network of the company and deployed some of its machines with malware that […] | Malware | ||
|
2020-05-09 22:14:52 | North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT (lien direct) | North Korea-linked Lazarus APT group employed a Mac variant of the Dacls Remote Access Trojan (RAT) in recent attacks. North Korea-linked Lazarus APT already used at least two macOS malware in previous attacks, now researchers from Malwarebytes have identified a new Mac variant of the Linux-based Dacls RAT. The activity of the Lazarus APT group (aka HIDDEN COBRA) […] | Malware Medical | APT 38 |
To see everything:
Our RSS (filtrered)
