What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-12-23 19:18:00 | AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case (lien direct) | Cybersecurity researchers have found that it\'s possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection.
"Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or obfuscate existing malware, making it harder to detect," Palo Alto Networks Unit 42 researchers
Cybersecurity researchers have found that it\'s possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection. "Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or obfuscate existing malware, making it harder to detect," Palo Alto Networks Unit 42 researchers |
Malware | ★★★ | |
|
2024-12-20 16:14:00 | Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware (lien direct) | The Lazarus Group, an infamous threat actor linked to the Democratic People\'s Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024.
The attacks, which culminated in the deployment of a new modular backdoor referred to as CookiePlus, are
The Lazarus Group, an infamous threat actor linked to the Democratic People\'s Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks, which culminated in the deployment of a new modular backdoor referred to as CookiePlus, are |
Malware Threat | APT 38 | ★★★★ |
|
2024-12-20 14:09:00 | Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (lien direct) | The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware.
Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry. The latest
The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry. The latest |
Malware | ★★★ | |
|
2024-12-19 19:07:00 | Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords (lien direct) | Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware.
The company said it\'s issuing the advisory after "several customers" reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024.
"These systems have been infected with the Mirai
Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company said it\'s issuing the advisory after "several customers" reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024. "These systems have been infected with the Mirai |
Malware | ★★★ | |
|
2024-12-19 14:10:00 | UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to make the armed forces go paperless.
Users who visit the
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to make the armed forces go paperless. Users who visit the |
Malware Threat Mobile | ★★ | |
|
2024-12-17 22:05:00 | Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (lien direct) | A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate.
"An attacker used social engineering via a Microsoft Teams call to impersonate a user\'s client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said.
"The attacker failed to install a
A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An attacker used social engineering via a Microsoft Teams call to impersonate a user\'s client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said. "The attacker failed to install a |
Malware Threat Prediction | ★★ | |
|
2024-12-17 16:37:00 | Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware (lien direct) | A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT.
"The attack chain used alternate data streams in a RAR archive to deliver a shortcut (LNK) file that created a scheduled task on the target machine to pull down further payloads," Proofpoint
A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT. "The attack chain used alternate data streams in a RAR archive to deliver a shortcut (LNK) file that created a scheduled task on the target machine to pull down further payloads," Proofpoint |
Malware Threat | ★★★ | |
|
2024-12-17 14:33:00 | Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (lien direct) | Bogus software update lures are being used by threat actors to deliver a new stealer malware called CoinLurker.
"Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks," Morphisec researcher Nadav Lorber said in a technical report published Monday.
The attacks make use of fake update alerts that employ
Bogus software update lures are being used by threat actors to deliver a new stealer malware called CoinLurker. "Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks," Morphisec researcher Nadav Lorber said in a technical report published Monday. The attacks make use of fake update alerts that employ |
Malware Tool Threat Technical | ★★ | |
|
2024-12-17 12:25:00 | The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal (lien direct) | A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022.
"The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007," Kaspersky researchers Georgy Kucherin and Marc Rivero said in an analysis published last week. "Their targets
A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022. "The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007," Kaspersky researchers Georgy Kucherin and Marc Rivero said in an analysis published last week. "Their targets |
Malware Threat | ★★ | |
|
2024-12-16 14:39:00 | New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP (lien direct) | Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa.
QiAnXin XLab, which discovered the malicious activity in late April 2024, attributed the previously unknown malware with moderate confidence to the prolific Chinese nation-state group tracked Winnti (
Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa. QiAnXin XLab, which discovered the malicious activity in late April 2024, attributed the previously unknown malware with moderate confidence to the prolific Chinese nation-state group tracked Winnti ( |
Malware | ★★ | |
|
2024-12-14 17:03:00 | Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action (lien direct) | Germany\'s Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country.
In a statement published earlier this week, authorities said they severed the communications between the devices and their command-and-control (C2) servers by sinkholing the domains
Germany\'s Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country. In a statement published earlier this week, authorities said they severed the communications between the devices and their command-and-control (C2) servers by sinkholing the domains |
Malware | ★★ | |
|
2024-12-13 17:14:00 | Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms (lien direct) | Iran-affiliated threat actors have been linked to a new custom malware that\'s geared toward IoT and operational technology (OT) environments in Israel and the United States.
The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control and data acquisition (SCADA) devices such as IP cameras, routers, programmable
Iran-affiliated threat actors have been linked to a new custom malware that\'s geared toward IoT and operational technology (OT) environments in Israel and the United States. The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control and data acquisition (SCADA) devices such as IP cameras, routers, programmable |
Malware Threat Industrial | ★★★★ | |
|
2024-12-12 19:05:00 | Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States (lien direct) | The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns.
"BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims," Lookout said in an analysis. "Both
The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns. "BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims," Lookout said in an analysis. "Both |
Malware Tool Threat Mobile | ★★★ | |
|
2024-12-11 23:32:00 | Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service (lien direct) | The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine.
The new findings come from the Microsoft threat intelligence team, which said it observed the adversary leveraging the Amadey bot malware to download custom malware onto "specifically
The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observed the adversary leveraging the Amadey bot malware to download custom malware onto "specifically |
Malware Threat | ★★★ | |
|
2024-12-11 20:43:00 | New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (lien direct) | A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions.
"To exploit this technique, a user must be convinced to run a program that uses UI Automation," Akamai security researcher Tomer Peled said in a report shared with The Hacker News. "
A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. "To exploit this technique, a user must be convinced to run a program that uses UI Automation," Akamai security researcher Tomer Peled said in a report shared with The Hacker News. " |
Malware Tool Threat | ★★★ | |
|
2024-12-11 19:37:00 | ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms (lien direct) | Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago.
"Zloader 2.9.4.0 adds notable improvements including a custom DNS tunnel protocol for C2 communications and an interactive shell
Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. "Zloader 2.9.4.0 adds notable improvements including a custom DNS tunnel protocol for C2 communications and an interactive shell |
Malware Tool Threat | ★★★ | |
|
2024-12-11 16:32:00 | Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017 (lien direct) | Cybersecurity researchers have discovered a novel surveillance program that\'s suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices.
The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at least 2017, with artifacts uploaded to the VirusTotal malware scanning platform as recently as
Cybersecurity researchers have discovered a novel surveillance program that\'s suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices. The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at least 2017, with artifacts uploaded to the VirusTotal malware scanning platform as recently as |
Malware Tool Legislation Mobile | ★★★ | |
|
2024-12-10 15:31:00 | Ongoing Phishing and Malware Campaigns in December 2024 (lien direct) | Cyber attackers never stop inventing new ways to compromise their targets. That\'s why organizations must stay updated on the latest threats.
Here\'s a quick rundown of the current malware and phishing attacks you need to know about to safeguard your infrastructure before they reach you.
Zero-day Attack: Corrupted Malicious Files Evade Detection by Most Security Systems
The analyst
Cyber attackers never stop inventing new ways to compromise their targets. That\'s why organizations must stay updated on the latest threats. Here\'s a quick rundown of the current malware and phishing attacks you need to know about to safeguard your infrastructure before they reach you. Zero-day Attack: Corrupted Malicious Files Evade Detection by Most Security Systems The analyst |
Malware | ★★ | |
|
2024-12-09 18:41:00 | ⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 - 8) (lien direct) | This week\'s cyber world is like a big spy movie. Hackers are breaking into other hackers\' setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and kicking out shady chat rooms, while big companies rush to fix new security holes before attackers can jump in.
Want to
This week\'s cyber world is like a big spy movie. Hackers are breaking into other hackers\' setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and kicking out shady chat rooms, while big companies rush to fix new security holes before attackers can jump in. Want to |
Malware Tool | ★★★ | |
|
2024-12-09 16:14:00 | Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices (lien direct) | A malicious botnet called Socks5Systemz is powering a proxy service called PROXY.AM, according to new findings from Bitsight.
"Proxy malware and services enable other types of criminal activity adding uncontrolled layers of anonymity to the threat actors, so they can perform all kinds of malicious activity using chains of victim systems," the company\'s security research team said in an analysis
A malicious botnet called Socks5Systemz is powering a proxy service called PROXY.AM, according to new findings from Bitsight. "Proxy malware and services enable other types of criminal activity adding uncontrolled layers of anonymity to the threat actors, so they can perform all kinds of malicious activity using chains of victim systems," the company\'s security research team said in an analysis |
Malware Threat | ★★★ | |
|
2024-12-07 13:48:00 | Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals\\' Data (lien direct) | Cybersecurity researchers have warned of a new scam campaign that leverages fake video conferencing apps to deliver an information stealer called Realst targeting people working in Web3 under the guise of fake business meetings.
"The threat actors behind the malware have set up fake companies using AI to make them increase legitimacy," Cado Security researcher Tara Gould said. "The company
Cybersecurity researchers have warned of a new scam campaign that leverages fake video conferencing apps to deliver an information stealer called Realst targeting people working in Web3 under the guise of fake business meetings. "The threat actors behind the malware have set up fake companies using AI to make them increase legitimacy," Cado Security researcher Tara Gould said. "The company |
Malware Threat | ★★★ | |
|
2024-12-06 13:52:00 | More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader (lien direct) | The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation.
This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK, a staple tool that serves as an initial access vector for the deployment of follow-on
The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation. This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK, a staple tool that serves as an initial access vector for the deployment of follow-on |
Malware Tool Threat | ★★ | |
|
2024-12-06 12:33:00 | Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware (lien direct) | The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop.
The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that\'s designed to drop the Visual Basic Script malware, Recorded Future\'s Insikt Group said in a new analysis.
The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop. The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that\'s designed to drop the Visual Basic Script malware, Recorded Future\'s Insikt Group said in a new analysis. |
Malware Threat | ★★ | |
|
2024-12-03 10:53:00 | Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads (lien direct) | A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT.
The campaign, dubbed Horns&Hooves by Kaspersky, has hit more than 1,000 victims since it began around March 2023. The end goal of these attacks is to leverage the access afforded by these trojans to install stealer
A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT. The campaign, dubbed Horns&Hooves by Kaspersky, has hit more than 1,000 victims since it began around March 2023. The end goal of these attacks is to leverage the access afforded by these trojans to install stealer |
Malware | ★★ | |
|
2024-12-02 19:31:00 | SmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in Taiwan (lien direct) | Taiwanese entities in manufacturing, healthcare, and information technology sectors have become the target of a new campaign distributing the SmokeLoader malware.
"SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to perform a wide range of attacks," Fortinet FortiGuard Labs said in a report shared with The Hacker News.
"While
Taiwanese entities in manufacturing, healthcare, and information technology sectors have become the target of a new campaign distributing the SmokeLoader malware. "SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to perform a wide range of attacks," Fortinet FortiGuard Labs said in a report shared with The Hacker News. "While |
Malware Medical | ★ | |
|
2024-12-02 15:16:00 | 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (lien direct) | Over a dozen malicious Android apps identified on the Google Play Store that have been collectively downloaded over 8 million times contain malware known as SpyLoan, according to new findings from McAfee Labs.
"These PUP (potentially unwanted programs) applications use social engineering tactics to trick users into providing sensitive information and granting extra mobile app permissions, which
Over a dozen malicious Android apps identified on the Google Play Store that have been collectively downloaded over 8 million times contain malware known as SpyLoan, according to new findings from McAfee Labs. "These PUP (potentially unwanted programs) applications use social engineering tactics to trick users into providing sensitive information and granting extra mobile app permissions, which |
Malware Mobile | ★★ | |
|
2024-11-28 14:59:00 | Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware (lien direct) | A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024.
"Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands and delivers malware," Check Point said in a new analysis published Wednesday. "The technique
A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024. "Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands and delivers malware," Check Point said in a new analysis published Wednesday. "The technique |
Malware Threat | ★★ | |
|
2024-11-27 10:51:00 | Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign (lien direct) | A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DoD) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet.
"This operation serves as a comprehensive one-stop shop for scanning, exploiting vulnerabilities, deploying malware, and setting up shop kits, showcasing a
A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DoD) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet. "This operation serves as a comprehensive one-stop shop for scanning, exploiting vulnerabilities, deploying malware, and setting up shop kits, showcasing a |
Malware Vulnerability Threat | ★★ | |
|
2024-11-26 15:49:00 | Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (lien direct) | The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies.
Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the intrusions also involved the use of another cross-platform backdoor dubbed
The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies. Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the intrusions also involved the use of another cross-platform backdoor dubbed |
Malware Hack Threat | ★★★ | |
|
2024-11-25 17:00:00 | Flying Under the Radar - Security Evasion Techniques (lien direct) | Dive into the evolution of phishing and malware evasion techniques and understand how attackers are using increasingly sophisticated methods to bypass security measures.
The Evolution of Phishing Attacks
“I really like the saying that \'This is out of scope\' said no hacker ever. Whether it\'s tricks, techniques or technologies, hackers will do anything to evade detection and make sure their
Dive into the evolution of phishing and malware evasion techniques and understand how attackers are using increasingly sophisticated methods to bypass security measures. The Evolution of Phishing Attacks “I really like the saying that \'This is out of scope\' said no hacker ever. Whether it\'s tricks, techniques or technologies, hackers will do anything to evade detection and make sure their |
Malware | ★★ | |
|
2024-11-25 14:46:00 | Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections (lien direct) | Cybersecurity researchers have uncovered a new malicious campaign that leverages a technique called Bring Your Own Vulnerable Driver (BYOVD) to disarm security protections and ultimately gain access to the infected system.
"This malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda," Trellix
Cybersecurity researchers have uncovered a new malicious campaign that leverages a technique called Bring Your Own Vulnerable Driver (BYOVD) to disarm security protections and ultimately gain access to the infected system. "This malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda," Trellix |
Malware | ★★ | |
|
2024-11-23 17:23:00 | North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn (lien direct) | The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period.
These findings come from Microsoft, which said that multiple threat activity clusters with ties to the country have been observed creating fake profiles on LinkedIn, posing as both
The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period. These findings come from Microsoft, which said that multiple threat activity clusters with ties to the country have been observed creating fake profiles on LinkedIn, posing as both |
Malware Threat | ★★ | |
|
2024-11-22 22:29:00 | APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware (lien direct) | The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell.
The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis published today.
Mysterious Elephant, which is also known as
The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell. The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis published today. Mysterious Elephant, which is also known as |
Malware Threat | ★★ | |
|
2024-11-22 17:36:00 | Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (lien direct) | Threat actors with ties to Russia have been linked to a cyber espionage campaign aimed at organizations in Central Asia, East Asia, and Europe.
Recorded Future\'s Insikt Group, which has assigned the activity cluster the name TAG-110, said it overlaps with a threat group tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0063, which, in turn, overlaps with APT28. The
Threat actors with ties to Russia have been linked to a cyber espionage campaign aimed at organizations in Central Asia, East Asia, and Europe. Recorded Future\'s Insikt Group, which has assigned the activity cluster the name TAG-110, said it overlaps with a threat group tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0063, which, in turn, overlaps with APT28. The |
Malware Threat | APT 28 | ★★ |
|
2024-11-21 12:04:00 | NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data (lien direct) | Threat hunters are warning about an updated version of the Python-based NodeStealer that\'s now equipped to extract more information from victims\' Facebook Ads Manager accounts and harvest credit card data stored in web browsers.
"They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement," Netskope Threat Labs researcher
Threat hunters are warning about an updated version of the Python-based NodeStealer that\'s now equipped to extract more information from victims\' Facebook Ads Manager accounts and harvest credit card data stored in web browsers. "They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement," Netskope Threat Labs researcher |
Malware Threat | ★★ | |
|
2024-11-19 19:31:00 | Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices (lien direct) | The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal.
"At least 80% of NSOCKS bots in our telemetry originate from the Ngioweb botnet, mainly utilizing small office/home office (SOHO) routers and IoT devices," the Black Lotus Labs team at
The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal. "At least 80% of NSOCKS bots in our telemetry originate from the Ngioweb botnet, mainly utilizing small office/home office (SOHO) routers and IoT devices," the Black Lotus Labs team at |
Malware | ★★★ | |
|
2024-11-18 22:18:00 | New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers (lien direct) | Cybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza.
BabbleLoader is an "extremely evasive loader, packed with defensive mechanisms, that is designed to bypass antivirus and sandbox environments to deliver stealers into memory," Intezer security
Cybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza. BabbleLoader is an "extremely evasive loader, packed with defensive mechanisms, that is designed to bypass antivirus and sandbox environments to deliver stealers into memory," Intezer security |
Malware | ★★ | |
|
2024-11-16 11:55:00 | Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials (lien direct) | A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet\'s FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA.
Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind DEEPDATA,
A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet\'s FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA. Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind DEEPDATA, |
Malware Vulnerability Threat | ★★★ | |
|
2024-11-15 16:42:00 | Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia (lien direct) | A Vietnamese-speaking threat actor has been linked to an information-stealing campaign targeting government and education entities in Europe and Asia with a new Python-based malware called PXA Stealer.
The malware "targets victims\' sensitive information, including credentials for various online accounts, VPN and FTP clients, financial information, browser cookies, and data from gaming software,"
A Vietnamese-speaking threat actor has been linked to an information-stealing campaign targeting government and education entities in Europe and Asia with a new Python-based malware called PXA Stealer. The malware "targets victims\' sensitive information, including credentials for various online accounts, VPN and FTP clients, financial information, browser cookies, and data from gaming software," |
Malware Threat | ★★★ | |
|
2024-11-15 13:41:00 | Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (lien direct) | Cybersecurity researchers have shed light on a new remote access trojan and information stealer used by Iranian state-sponsored actors to conduct reconnaissance of compromised endpoints and execute malicious commands.
Cybersecurity company Check Point has codenamed the malware WezRat, stating it has been detected in the wild since at least September 1, 2023, based on artifacts uploaded to the
Cybersecurity researchers have shed light on a new remote access trojan and information stealer used by Iranian state-sponsored actors to conduct reconnaissance of compromised endpoints and execute malicious commands. Cybersecurity company Check Point has codenamed the malware WezRat, stating it has been detected in the wild since at least September 1, 2023, based on artifacts uploaded to the |
Malware | ★★ | |
|
2024-11-14 15:21:00 | New RustyAttr Malware Targets macOS Through Extended Attribute Abuse (lien direct) | Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr.
The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including
Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr. The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including |
Malware Threat | APT 38 | ★★★ |
|
2024-11-14 11:13:00 | Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (lien direct) | A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine.
The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user\'s NTLMv2 hash. It was patched by Microsoft earlier this
A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine. The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user\'s NTLMv2 hash. It was patched by Microsoft earlier this |
Malware Vulnerability Threat | ★★ | |
|
2024-11-13 12:44:00 | Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (lien direct) | The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group\'s playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023.
"The campaign distributed the SnailResin malware, which activates the SlugResin backdoor," Israeli cybersecurity company ClearSky said
The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group\'s playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023. "The campaign distributed the SnailResin malware, which activates the SlugResin backdoor," Israeli cybersecurity company ClearSky said |
Malware Threat | ★★★ | |
|
2024-11-12 18:30:00 | North Korean Hackers Target macOS Using Flutter-Embedded Malware (lien direct) | Threat actors with ties to the Democratic People\'s Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices.
Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the Flutter-built
Threat actors with ties to the Democratic People\'s Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices. Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the Flutter-built |
Malware Threat | ★★ | |
|
2024-11-12 11:30:00 | New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (lien direct) | Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer.
"Ymir ransomware introduces a unique combination of technical features and tactics that enhance its effectiveness," Russian cybersecurity vendor Kaspersky said.
"Threat actors leveraged an unconventional blend
Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer. "Ymir ransomware introduces a unique combination of technical features and tactics that enhance its effectiveness," Russian cybersecurity vendor Kaspersky said. "Threat actors leveraged an unconventional blend |
Ransomware Malware Technical | ★★★ | |
|
2024-11-11 17:25:00 | New GootLoader Campaign Targets Users Searching for Bengal Cat Laws in Australia (lien direct) | In an unusually specific campaign, users searching about the legality of Bengal Cats in Australia are being targeted with the GootLoader malware.
"In this case, we found the GootLoader actors using search results for information about a particular cat and a particular geography being used to deliver the payload: \'Are Bengal Cats legal in Australia?,\'" Sophos researchers Trang Tang, Hikaru Koike,
In an unusually specific campaign, users searching about the legality of Bengal Cats in Australia are being targeted with the GootLoader malware. "In this case, we found the GootLoader actors using search results for information about a particular cat and a particular geography being used to deliver the payload: \'Are Bengal Cats legal in Australia?,\'" Sophos researchers Trang Tang, Hikaru Koike, |
Malware | ★★★ | |
|
2024-11-11 11:43:00 | Les cybercriminels utilisent Excel Exploit pour répartir les logiciels malveillants Remcos Remcos sans fil (lien direct) | Les chercheurs en cybersécurité ont découvert une nouvelle campagne de phishing qui diffuse une nouvelle variante inébranlable des logiciels malveillants commerciaux connus appelés Remcos Rat.
Remcos Rat "fournit des achats avec une large gamme de fonctionnalités avancées pour contrôler à distance les ordinateurs appartenant à l'acheteur", a déclaré le chercheur de Fortinet Fortiguard Labs, Xiaopeng Zhang, dans une analyse publiée la semaine dernière.
"Cependant, les acteurs de la menace ont
Cybersecurity researchers have discovered a new phishing campaign that spreads a new fileless variant of known commercial malware called Remcos RAT. Remcos RAT "provides purchases with a wide range of advanced features to remotely control computers belonging to the buyer," Fortinet FortiGuard Labs researcher Xiaopeng Zhang said in an analysis published last week. "However, threat actors have |
Malware Threat Commercial | ★★★ | |
|
2024-11-08 19:32:00 | AndroxGH0st Malware intègre Mozi Botnet pour cibler les services IoT et Cloud AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services (lien direct) |
Les acteurs de la menace derrière les logiciels malveillants AndroxGH0st exploitent désormais un ensemble plus large de défauts de sécurité ayant un impact sur diverses applications orientées Internet, tout en déployant le malware Mozi Botnet.
"Ce botnet utilise l'exécution du code distant et les méthodes de vol d'identification pourMaintenir un accès persistant, tirant parti des vulnérabilités non corrigées pour infiltrer les infrastructures critiques ", a déclaré Cloudsek dans un
The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. "This botnet utilizes remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures," CloudSEK said in a |
Malware Vulnerability Threat Cloud | ★★★ | |
|
2024-11-08 17:53:00 | Icepeony et la tribu transparente ciblent les entités indiennes avec des outils basés sur le cloud IcePeony and Transparent Tribe Target Indian Entities with Cloud-Based Tools (lien direct) |
Les entités de haut niveau en Inde sont devenues la cible de campagnes malveillantes orchestrées par l'acteur de menace de tribu transparente basé au Pakistan et un groupe de cyber-espionnage China-Nexus, auparavant inconnu, surnommé Icepeony.
Les intrusions liées à la tribu transparente impliquent l'utilisation d'un logiciel malveillant appelé Elizarat et une nouvelle charge utile de voleur surnommée Apolostealer sur des victimes d'intérêt spécifiques, point de contrôle
High-profile entities in India have become the target of malicious campaigns orchestrated by the Pakistan-based Transparent Tribe threat actor and a previously unknown China-nexus cyber espionage group dubbed IcePeony. The intrusions linked to Transparent Tribe involve the use of a malware called ElizaRAT and a new stealer payload dubbed ApoloStealer on specific victims of interest, Check Point |
Malware Tool Threat | APT 36 | ★★★ |
|
2024-11-08 17:23:00 | Les packages NPM malveillants ciblent les utilisateurs de Roblox avec des logiciels malveillants voleurs de données Malicious NPM Packages Target Roblox Users with Data-Stealing Malware (lien direct) |
Une nouvelle campagne a ciblé le référentiel de packages NPM avec des bibliothèques JavaScript malveillantes qui sont conçues pour infecter les utilisateurs de Roblox avec des logiciels malveillants de voleur open-source tels que Skuld et Blank-Grabber.
"Cet incident met en évidence la facilité alarmante avec laquelle les acteurs de menace peuvent lancer des attaques de chaîne d'approvisionnement en exploitant la confiance et l'erreur humaine dans l'écosystème open source et en utilisant facilement disponible
A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber. "This incident highlights the alarming ease with which threat actors can launch supply chain attacks by exploiting trust and human error within the open source ecosystem, and using readily available |
Malware Threat | ★★★ |
To see everything:
Our RSS (filtrered)
