What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-07-03 10:16:00 | Opérateurs BlackCat distribuant des ransomwares déguisés en winSCP via malvertising BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising (lien direct) |
Les acteurs de menace associés au ransomware BlackCat ont été observés en utilisant des astuces de malvertising pour distribuer des installateurs voyous de l'application de transfert de fichiers WinSCP.
"Les acteurs malveillants ont utilisé le malvertising pour distribuer un élément de malware via des pages Web clonées d'organisations légitimes", a déclaré Trend Micro Researchers dans une analyse publiée la semaine dernière."Dans ce cas, la distribution
Threat actors associated with the BlackCat ransomware have been observed employing malvertising tricks to distribute rogue installers of the WinSCP file transfer application. "Malicious actors used malvertising to distribute a piece of malware via cloned webpages of legitimate organizations," Trend Micro researchers said in an analysis published last week. "In this case, the distribution |
Ransomware Malware Threat Prediction | ★★★ | |
|
2023-06-12 15:33:00 | Cybercriminels utilisant un puissant moteur Batcloak pour rendre les logiciels malveillants entièrement indétectables Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable (lien direct) |
Un moteur d'obscurcissement des logiciels malveillants entièrement indétectable (FUD) nommé BATCLOAK est utilisé pour déployer diverses souches de logiciels malveillants depuis septembre 2022, tout en échappant constamment à la détection d'antivirus.
Les échantillons accordent "aux acteurs de la menace la possibilité de charger de nombreuses familles de logiciels malveillants et exploitent facilement grâce à des fichiers de lots hautement obscurcis", ont déclaré Trend Micro Researchers.
Environ 79,6% du total 784 artefacts
A fully undetectable (FUD) malware obfuscation engine named BatCloak is being used to deploy various malware strains since September 2022, while persistently evading antivirus detection. The samples grant "threat actors the ability to load numerous malware families and exploits with ease through highly obfuscated batch files," Trend Micro researchers said. About 79.6% of the total 784 artifacts |
Malware Prediction | ★★ | |
|
2023-06-12 13:00:00 | Attention: plus de 1 000 sites de crypto-monnaie piègent les utilisateurs dans le schéma de récompenses de faux Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme (lien direct) |
Une arnaque de crypto-monnaie auparavant non détectée a exploité une constellation de plus de 1 000 sites Web frauduleux pour piéger les utilisateurs dans un schéma de récompenses de faux depuis au moins janvier 2021.
"Cette campagne massive a probablement entraîné une arnaque dans le monde entier", a déclaré Trend Micro Researchers dans un rapport publié la semaine dernière, le liant à un acteur de menace russe nommé "Impulse
A previously undetected cryptocurrency scam has leveraged a constellation of over 1,000 fraudulent websites to ensnare users into a bogus rewards scheme since at least January 2021. "This massive campaign has likely resulted in thousands of people being scammed worldwide," Trend Micro researchers said in a report published last week, linking it to a Russian-speaking threat actor named "Impulse |
Threat Prediction | ★★ | |
|
2023-05-31 14:00:00 | Rat RomCom Utilisation du Web Deceptive of Rogue Software Sites pour des attaques secrètes RomCom RAT Using Deceptive Web of Rogue Software Sites for Covert Attacks (lien direct) |
Les acteurs de la menace derrière RomCom Rat tirent parti d'un réseau de faux sites Web annonçant des versions voyous de logiciels populaires au moins depuis juillet 2022 pour infiltrer des cibles.
La société de cybersécurité Trend Micro suit le cluster d'activités sous le nom du vide Rabisu, également connu sous le nom de Scorpius tropical (unité 42) et UNC2596 (Mandiant).
"Ces sites de leurre sont probablement destinés uniquement à un petit
The threat actors behind RomCom RAT are leveraging a network of fake websites advertising rogue versions of popular software at least since July 2022 to infiltrate targets. Cybersecurity firm Trend Micro is tracking the activity cluster under the name Void Rabisu, which is also known as Tropical Scorpius (Unit 42) and UNC2596 (Mandiant). "These lure sites are most likely only meant for a small |
Threat Prediction | ★★ | |
|
2023-05-30 17:46:00 | Des services de rupture de captcha avec des solveurs humains aidant les cybercriminels à vaincre la sécurité CAPTCHA-Breaking Services with Human Solvers Helping Cybercriminals Defeat Security (lien direct) |
Les chercheurs en cybersécurité mettent en garde contre les services de rupture de captcha qui sont proposés à la vente pour contourner des systèmes conçus pour distinguer les utilisateurs légitimes du trafic bot.
"Parce que les cybercriminels sont désireux de briser avec précision les Captchas, plusieurs services qui sont principalement destinés à cette demande du marché ont été créés", a déclaré Trend Micro dans un rapport publié la semaine dernière.
"Ces
Cybersecurity researchers are warning about CAPTCHA-breaking services that are being offered for sale to bypass systems designed to distinguish legitimate users from bot traffic. "Because cybercriminals are keen on breaking CAPTCHAs accurately, several services that are primarily geared toward this market demand have been created," Trend Micro said in a report published last week. "These |
Prediction | ★★★★ | |
|
2023-05-27 13:40:00 | Nouveau voleur bandit furtif ciblant les navigateurs Web et les portefeuilles de crypto-monnaie New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets (lien direct) |
Un nouveau voleur d'informations furtif Stealer malware appelé Bandit Stealer a attiré l'attention des chercheurs en cybersécurité pour sa capacité à cibler de nombreux navigateurs Web et portefeuilles de crypto-monnaie.
"Il a le potentiel de s'étendre à d'autres plates-formes alors que Bandit Stealer a été développé en utilisant le langage de programmation Go, permettant peut-être la compatibilité multiplateforme", a déclaré Trend Micro dans un rapport de vendredi
A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and cryptocurrency wallets. "It has the potential to expand to other platforms as Bandit Stealer was developed using the Go programming language, possibly allowing cross-platform compatibility," Trend Micro said in a Friday report |
Malware Prediction | ★★ | |
|
2023-05-15 15:39:00 | Nouveau \\ 'Michaelkors \\' Ransomware-as-a-service ciblant les systèmes Linux et VMware ESXi New \\'MichaelKors\\' Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems (lien direct) |
Une nouvelle opération Ransomware-asservice (RAAS) appelée Michaelkors est devenue le dernier logiciel malveillant qui cible les fichiers pour cibler les systèmes Linux et VMware ESXi en avril 2023.
Le développement indique que les acteurs cybercriminaux jettent de plus en plus les yeux sur l'ESXi, a déclaré la société de cybersécurité Crowdstrike dans un rapport partagé avec les hacker News.
"Cette tendance est particulièrement remarquable étant donné que l'ESXi
A new ransomware-as-service (RaaS) operation called MichaelKors has become the latest file-encrypting malware to target Linux and VMware ESXi systems as of April 2023. The development points to cybercriminal actors increasingly setting their eyes on the ESXi, cybersecurity firm CrowdStrike said in a report shared with The Hacker News. "This trend is especially noteworthy given the fact that ESXi |
Malware Prediction | ★★ | |
|
2023-05-11 16:02:00 | Le code source Babuk étimule 9 souches de ransomware différentes ciblant les systèmes VMware ESXi Babuk Source Code Sparks 9 Different Ransomware Strains Targeting VMware ESXi Systems (lien direct) |
Multiple threat actors have capitalized on the leak of Babuk (aka Babak or Babyk) ransomware code in September 2021 to build as many as nine different ransomware families capable of targeting VMware ESXi systems.
"These variants emerged through H2 2022 and H1 2023, which shows an increasing trend of Babuk source code adoption," SentinelOne security researcher Alex Delamotte said in a report
Multiple threat actors have capitalized on the leak of Babuk (aka Babak or Babyk) ransomware code in September 2021 to build as many as nine different ransomware families capable of targeting VMware ESXi systems. "These variants emerged through H2 2022 and H1 2023, which shows an increasing trend of Babuk source code adoption," SentinelOne security researcher Alex Delamotte said in a report |
Ransomware Threat Prediction | ★★ | |
|
2023-04-24 11:35:00 | Des pirates russes soupçonnés de l'exploitation en cours de serveurs de papier non corrigées Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers (lien direct) |
Le fournisseur de logiciels de gestion de l'impression Papercut a déclaré qu'il avait "des preuves suggérant que les serveurs non corrigées sont exploités dans la nature", citant deux rapports de vulnérabilité de la société de cybersécurité Trend Micro.
"Papercut a effectué une analyse sur tous les rapports des clients, et la première signature de l'activité suspecte sur un serveur client potentiellement lié à cette vulnérabilité est le 14 avril 01
Print management software provider PaperCut said that it has "evidence to suggest that unpatched servers are being exploited in the wild," citing two vulnerability reports from cybersecurity company Trend Micro. "PaperCut has conducted analysis on all customer reports, and the earliest signature of suspicious activity on a customer server potentially linked to this vulnerability is 14th April 01 |
Vulnerability Prediction | ★★★ | |
|
2023-04-03 14:50:00 | Les logiciels malveillants OPCJacker Crypto-Storiel ciblent les utilisateurs avec un faux service VPN Crypto-Stealing OpcJacker Malware Targets Users with Fake VPN Service (lien direct) |
Un nouveau logiciel malveillant de vol d'information appelé Opcjacker a été repéré dans la nature depuis la seconde moitié de 2022 dans le cadre d'une campagne de malvertisation.
"Les fonctions principales d'Opcjacker \\ incluent le keylogging, la prise de captures d'écran, le vol de données sensibles aux navigateurs, le chargement des modules supplémentaires et le remplacement des adresses de crypto-monnaie dans le presse-papiers à des fins de détournement", Trend Micro Researchers
A piece of new information-stealing malware called OpcJacker has been spotted in the wild since the second half of 2022 as part of a malvertising campaign. "OpcJacker\'s main functions include keylogging, taking screenshots, stealing sensitive data from browsers, loading additional modules, and replacing cryptocurrency addresses in the clipboard for hijacking purposes," Trend Micro researchers |
Malware Prediction | ★★★ | |
|
2023-03-30 15:38:00 | Alienfox Malware cible les clés API et les secrets des services AWS, Google et Microsoft Cloud [AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services] (lien direct) | Un nouveau "ensemble d'outils complet" appelé Alienfox est distribué sur Telegram comme moyen pour les acteurs de menace de récolter les informations d'identification des clés d'API et des secrets des fournisseurs de services cloud populaires.
"La propagation d'Alienfox représente une tendance non déclarée vers l'attaque des services cloud plus minimaux, inapproprié pour l'exploitation cryptographique, afin d'activer et d'étendre les campagnes ultérieures", Sentinelone Security
A new "comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. "The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services, unsuitable for crypto mining, in order to enable and expand subsequent campaigns," SentinelOne security |
Malware Threat Prediction Cloud | ★★★ | |
|
2023-03-02 13:33:00 | SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics (lien direct) | The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features designed to evade security software and resist reverse engineering. Cybersecurity company Trend Micro said | Malware Threat Prediction | APT 27 | ★★ |
|
2023-02-27 15:34:00 | PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks (lien direct) | The PlugX remote access trojan has been observed masquerading as an open source Windows debugger tool called x64dbg in an attempt to circumvent security protections and gain control of a target system. "This file is a legitimate open-source debugger tool for Windows that is generally used to examine kernel-mode and user-mode code, crash dumps, or CPU registers," Trend Micro researchers Buddy | Tool Prediction | ★★★ | |
|
2023-02-24 18:40:00 | CISA Sounds Alarm on Cybersecurity Threats Amid Russia\'s Invasion Anniversary (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations and individuals to increase their cyber vigilance, as Russia's military invasion of Ukraine officially enters one year. "CISA assesses that the United States and European nations may experience disruptive and defacement attacks against websites in an attempt to sow chaos and societal discord on February 24, | Prediction | ★★ | |
|
2023-02-11 16:41:00 | Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users (lien direct) | Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts. The attackers "use several highly obfuscated and under-development custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer," Trend Micro researchers Aliakbar | Malware Threat Prediction | ★★ | |
|
2023-02-03 17:42:00 | Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations (lien direct) | The Iranian nation-state hacking group known as OilRig has continued to target government organizations in the Middle East as part of a cyber espionage campaign that leverages a new backdoor to exfiltrate data. "The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers," Trend Micro researchers Mohamed Fahmy, Sherif | Prediction | APT 34 | ★★ |
|
2023-01-18 22:54:00 | Earth Bogle Campaign Unleashes NjRAT Trojan on Middle East and North Africa (lien direct) | An ongoing campaign dubbed Earth Bogle is leveraging geopolitical-themed lures to deliver the NjRAT remote access trojan to victims across the Middle East and North Africa. "The threat actor uses public cloud storage services such as files[.]fm and failiem[.]lv to host malware, while compromised web servers distribute NjRAT," Trend Micro said in a report published Wednesday. Phishing emails, | Threat Prediction | ★★ | |
|
2023-01-06 19:16:00 | Dridex Malware Now Attacking macOS Systems with Novel Infection Method (lien direct) | A variant of the infamous Dridex banking malware has set its sights on Apple's macOS operating system using a previously undocumented infection method, according to latest research. It has "adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files," Trend Micro researcher Armando Nathaniel | Malware Prediction | ★★★ | |
|
2022-12-21 17:53:00 | (Déjà vu) Raspberry Robin Worm Strikes Again, Targeting Telecom and Government Systems (lien direct) | The Raspberry Robin worm has been used in attacks against telecommunications and government office systems across Latin America, Australia, and Europe since at least September 2022. "The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools," Trend Micro researcher Christopher So | Prediction | ★★ | |
|
2022-12-21 17:07:00 | The Rise of the Rookie Hacker - A New Trend to Reckon With (lien direct) | More zero knowledge attacks, more leaked credentials, more Gen-Z cyber crimes - 2022 trends and 2023 predictions. Cybercrime remains a major threat to individuals, businesses, and governments around the world. Cybercriminals continue to take advantage of the prevalence of digital devices and the internet to perpetrate their crimes. As the internet of things continues to develop, cybercriminals | Threat Prediction | ★★ | |
|
2020-05-21 01:11:42 | Iranian APT Group Targets Governments in Kuwait and Saudi Arabia (lien direct) | Today, cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia.
Bitdefender said the intelligence-gathering operations were conducted by Chafer APT (also known as APT39 or Remix Kitten), a threat actor known for its attacks on telecommunication and travel industries in the Middle East to collect personal |
Threat Prediction | APT 39 |
To see everything:
Our RSS (filtrered)
