What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-12-30 02:22:06 | New iLOBleed Rootkit Targeting HP Enterprise Servers with Data Wiping Attacks (lien direct) | A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise's Integrated Lights-Out (iLO) server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data off the infected systems. The discovery, which is the first instance of real-world malware in iLO firmware, was documented by Iranian cybersecurity | Malware | ||
|
2021-12-29 06:27:53 | Ongoing Autom Cryptomining Malware Attacks Using Upgraded Evasion Tactics (lien direct) | An ongoing crypto mining campaign has upgraded its arsenal while adding new defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has revealed. Since first detected in 2019, a total of 84 attacks against its honeypot servers have been recorded to date, four of which transpired in 2021, according to researchers from | Malware Threat | ||
|
2021-12-28 01:47:25 | Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers (lien direct) | Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature that's dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group. DanderSpritz came to light on April 14, 2017, when a hacking group known as the Shadow Brokers leaked the exploit tool, among | Malware Tool | ||
|
2021-12-27 03:32:03 | \'Spider-Man: No Way Home\' Pirated Downloads Contain Crypto-Mining Malware (lien direct) | Peter Parker might not be a mastermind cryptocurrency criminal, but the name Spiderman is quickly becoming more associated with the mining landscape. ReasonLabs, a leading provider of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into customer computers in the guise of the latest Spiderman movie. As perhaps the most talked-about movie for | Malware Guideline | ||
|
2021-12-27 00:07:05 | New Android Malware Targeting Brazil\'s Itaú Unibanco Bank Customers (lien direct) | Researchers have discovered a new Android banking malware that targets Brazil's Itaú Unibanco with the help of lookalike Google Play Store pages to carry out fraudulent financial transactions on victim devices without their knowledge. “This application has a similar icon and name that could trick users into thinking it is a legitimate app related to Itaú Unibanco,” Cyble researchers said in a | Malware | ||
|
2021-12-24 05:07:16 | Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security (lien direct) | Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to "trivially and reliably" bypass a "myriad of foundational macOS security mechanisms" and run arbitrary code. Security researcher Patrick Wardle detailed the discovery in a series of tweets on Thursday. Tracked as CVE-2021-30853 (CVSS score: 5.5), the issue relates | Malware Vulnerability Threat | ||
|
2021-12-24 03:32:57 | New Ransomware Variants Flourish Amid Law Enforcement Actions (lien direct) | Ransomware groups continue to evolve their tactics and techniques to deploy file-encrypting malware on compromised systems, notwithstanding law enforcement's disruptive actions against the cybercrime gangs to prevent them from victimizing additional companies. "Be it due to law enforcement, infighting amongst groups or people abandoning variants altogether, the RaaS [ransomware-as-a-service] | Ransomware Malware | ||
|
2021-12-24 00:57:00 | New BLISTER Malware Using Code Signing Certificates to Evade Detection (lien direct) | Cybersecurity researchers have disclosed details of an evasive malware campaign that makes use of valid code signing certificates to sneak past security defenses and stay under the radar with the goal of deploying Cobalt Strike and BitRAT payloads on compromised systems. The binary, a loader, has been dubbed "Blister" by researchers from Elastic Security, with the malware samples having | Malware | ||
|
2021-12-21 23:45:57 | New Exploit Lets Malware Attackers Bypass Patch for Critical Microsoft MSHTML Flaw (lien direct) | A short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with the goal of delivering Formbook malware. "The attachments represent an escalation of the attacker's abuse of the CVE-2021-40444 bug and demonstrate that even a patch can't always | Malware Vulnerability | ||
|
2021-12-19 23:47:27 | Over 500,000 Android Users Downloaded a New Joker Malware App from Play Store (lien direct) | A malicious Android app with more than 500,000 downloads from the Google Play app store has been found hosting malware that stealthily exfiltrates users' contact lists to an attacker-controlled server and signs up users to unwanted paid premium subscriptions without their knowledge. The latest Joker malware was found in a messaging-focused app named Color Message ("com.guo.smscolor.amessage"), | Malware | ||
|
2021-12-17 03:05:10 | New PseudoManuscrypt Malware Infected Over 35,000 Computers in 2021 (lien direct) | Industrial and government organizations, including enterprises in the military-industrial complex and research laboratories, are the targets of a new malware botnet dubbed PseudoManyscrypt that has infected roughly 35,000 Windows computers this year alone. The name comes from its similarities to the Manuscrypt malware, which is part of the Lazarus APT group's attack toolset, Kaspersky | Malware | APT 38 | |
|
2021-12-16 02:19:19 | New Fileless Malware Uses Windows Registry as Storage to Evade Detection (lien direct) | A new JavaScript-based remote access Trojan (RAT) propagated via a social engineering campaign has been observed employing sneaky "fileless" techniques as part of its detection-evasion methods to elude discovery and analysis. Dubbed DarkWatchman by researchers from Prevailion's Adversarial Counterintelligence Team (PACT), the malware uses a resilient domain generation algorithm (DGA) to identify | Malware | ||
|
2021-12-14 23:14:45 | Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware (lien direct) | Microsoft has rolled out Patch Tuesday updates to address multiple security vulnerabilities in Windows and other software, including one actively exploited flaw that's being abused to deliver Emotet, TrickBot, or Bazaloader malware payloads. The latest monthly release for December fixes a total of 67 flaws, bringing the total number of bugs patched by the company this year to 887, according to | Malware | ||
|
2021-12-13 00:10:11 | Microsoft Details Building Blocks of Widely Active Qakbot Banking Trojan (lien direct) | Infection chains associated with the multi-purpose Qakbot malware have been broken down into "distinct building blocks," an effort that Microsoft said will help to detect and block the threat in an effective manner proactively. The Microsoft 365 Defender Threat Intelligence Team dubbed Qakbot a "customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize | Malware Threat | ||
|
2021-12-10 06:25:41 | BlackCat: A New Rust-based Ransomware Malware Spotted in the Wild (lien direct) | Details have emerged about what's the first Rust-language-based ransomware strain spotted in the wild that has already amassed "some victims from different countries" since its launch last month. The ransomware, dubbed BlackCat, was disclosed by MalwareHunterTeam. "Victims can pay with Bitcoin or Monero," the researchers said in a series of tweets detailing the file-encrypting malware. "Also | Ransomware Malware | ||
|
2021-12-08 03:00:26 | 140,000 Reasons Why Emotet is Piggybacking on TrickBot in its Return from the Dead (lien direct) | The operators of TrickBot malware have infected an estimated 140,000 victims across 149 countries a little over a year after attempts were to dismantle its infrastructure, even as the malware is fast becoming an entry point for Emotet, another botnet that was taken down at the start of 2021. Most of the victims detected since November 1, 2020, are from Portugal (18%), the U.S. (14%), and India ( | Malware | ||
|
2021-12-07 22:33:02 | Warning: Yet Another Bitcoin Mining Malware Targeting QNAP NAS Devices (lien direct) | Network-attached storage (NAS) appliance maker QNAP on Tuesday released a new advisory warning of a cryptocurrency mining malware targeting its devices, urging customers to take preventive steps with immediate effect. "A bitcoin miner has been reported to target QNAP NAS. Once a NAS is infected, CPU usage becomes unusually high where a process named '[oom_reaper]' could occupy around 50% of the | Malware Cloud | APT 37 | |
|
2021-12-06 04:51:23 | Malicious KMSPico Windows Activator Stealing Users\' Cryptocurrency Wallets (lien direct) | Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets. The malware, dubbed "CryptBot," is an information stealer capable of obtaining credentials for browsers, cryptocurrency wallets, browser cookies, credit cards, and capturing | Malware | ||
|
2021-12-03 00:06:17 | New Payment Data Sealing Malware Hides in Nginx Process on Linux Servers (lien direct) | E-commerce platforms in the U.S., Germany, and France have come under attack from a new form of malware that targets Nginx servers in an attempt to masquerade its presence and slip past detection by security solutions. "This novel code injects itself into a host Nginx application and is nearly invisible," Sansec Threat Research team said in a new report. "The parasite is used to steal data from | Malware Threat | ||
|
2021-12-01 23:55:27 | Researchers Warn Iranian Users of Widespread SMS Phishing Campaigns (lien direct) | Socially engineered SMS messages are being used to install malware on Android devices as part of a widespread phishing campaign that impersonates the Iranian government and social security services to make away with credit card details and steal funds from victims' bank accounts. Unlike other variants of banking malware that bank of overlay attacks to capture sensitive data without the knowledge | Malware | ||
|
2021-12-01 21:34:59 | Russian Man Gets 60 Months Jail for Providing Bulletproof Hosting to Cyber Criminals (lien direct) | A Russian national charged with providing bulletproof hosting services for cybercriminals, who used the platform to spread malware and attack U.S. organizations and financial institutions between 2009 to 2015, has received a 60-month prison sentence. 34-year-old Aleksandr Grichishkin, along with Andrei Skvortsov, founded the bulletproof hosting service and rented its infrastructure to other | Malware | ||
|
2021-12-01 02:59:48 | Hackers Increasingly Using RTF Template Injection Technique in Phishing Attacks (lien direct) | Three different state-sponsored threat actors aligned with China, India, and Russia have been observed adopting a new method called RTF (aka Rich Text Format) template injection as part of their phishing campaigns to deliver malware to targeted systems. "RTF template injection is a novel technique that is ideal for malicious phishing attachments because it is simple and allows threat actors to | Malware Threat | ||
|
2021-11-30 00:31:27 | WIRTE Hacker Group Targets Government, Law, Financial Entities in Middle East (lien direct) | Government, diplomatic entities, military organizations, law firms, and financial institutions primarily located in the Middle East have been targeted as part of a stealthy malware campaign as early as 2019 by making use of malicious Microsoft Excel and Word documents. Russian cybersecurity company Kaspersky attributed the attacks with high confidence to a threat actor named WIRTE, adding the | Malware Threat | ||
|
2021-11-29 07:05:52 | 4 Android Banking Trojan Campaigns Targeted Over 300,000 Devices in 2021 (lien direct) | Four different Android banking trojans were spread via the official Google Play Store between August and November 2021, resulting in more than 300,000 infections through various dropper apps that posed as seemingly harmless utility apps to take full control of the infected devices. Designed to deliver Anatsa (aka TeaBot), Alien, ERMAC, and Hydra, cybersecurity firm ThreatFabric said the malware | Malware | ||
|
2021-11-29 04:48:25 | CleanMyMac X: Performance and Security Software for Macbook (lien direct) | We use Internet-enabled devices in every aspect of our lives today-to find information, shop, bank, do homework, play games, and keep in touch with friends and family. As a result, our devices contain much personal information about us. Also, any great device will get a little clunky and slow over time and the Mac is no exception, and the whole "Macs don't get viruses" claim is a myth. Malware | Malware | ||
|
2021-11-26 05:20:56 | Hackers Targeting Biomanufacturing Facilities With Tardigrade Malware (lien direct) | An advanced persistent threat (APT) has been linked to cyberattacks on two biomanufacturing companies that occurred this year with the help of a custom malware loader called "Tardigrade." That's according to an advisory published by Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) this week, which noted that the malware is actively spreading across the sector with the likely goal of | Malware Threat | ||
|
2021-11-26 02:32:10 | Crypto Hackers Using Babadeda Crypter to Make Their Malware Undetectable (lien direct) | A new malware campaign has been discovered targeting cryptocurrency, non-fungible token (NFT), and DeFi aficionados through Discord channels to deploy a crypter named "Babadeda" that's capable of bypassing antivirus solutions and stage a variety of attacks. "[T]his malware installer has been used in a variety of recent campaigns to deliver information stealers, RATs, and even LockBit ransomware, | Malware | ||
|
2021-11-26 00:08:34 | CronRAT: A New Linux Malware That\'s Scheduled to Run on February 31st (lien direct) | Researchers have unearthed a new remote access trojan (RAT) for Linux that employs a never-before-seen stealth technique that involves masking its malicious actions by scheduling them for execution on February 31st, a non-existent calendar day. Dubbed CronRAT, the sneaky malware "enables server-side Magecart data theft which bypasses browser-based security solutions," Sansec Threat Research said | Malware Threat | ||
|
2021-11-25 03:57:05 | This New Stealthy JavaScript Loader Infecting Computers with Malware (lien direct) | Threat actors have been found using a previously undocumented JavaScript malware strain that functions as a loader to distribute an array of remote access Trojans (RATs) and information stealers. HP Threat Research dubbed the new, evasive loader "RATDispenser," with the malware responsible for deploying at least eight different malware families in 2021. Around 155 samples of this new malware | Malware Threat | ||
|
2021-11-25 03:33:42 | Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware (lien direct) | A new Iranian threat actor has been discovered exploiting a now-addressed critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a new PowerShell-based information stealer designed to harvest extensive details from infected machines. "[T]he stealer is a PowerShell script, short with powerful collection capabilities - in only ~150 lines, it provides the | Malware Threat | ||
|
2021-11-25 01:24:46 | If You\'re Not Using Antivirus Software, You\'re Not Paying Attention (lien direct) | Stop tempting fate and take a look at our picks for the best antivirus programs on the market today. Every year there are billions of malware attacks worldwide. And these threats are constantly evolving. So if you are not currently using antivirus software, or you still rely on some free software you downloaded back in 2017, you are putting your cybersecurity in serious jeopardy. Need help | Malware | ||
|
2021-11-25 00:10:45 | Warning - Hackers Exploiting New Windows Installer Zero-Day Exploit in the Wild (lien direct) | Attackers are actively making efforts to exploit a new variant of a recently disclosed privilege escalation vulnerability to potentially execute arbitrary code on fully-patched systems, once again demonstrating how adversaries move quickly to weaponize a publicly available exploit. Cisco Talos disclosed that it "detected malware samples in the wild that are attempting to take advantage of this | Malware Vulnerability | ||
|
2021-11-23 23:40:13 | Over 9 Million Android Phones Running Malware Apps from Huawei\'s AppGallery (lien direct) | At least 9.3 million Android devices have been infected by a new class of malware that disguises itself as dozens of arcade, shooter, and strategy games on Huawei's AppGallery marketplace to steal device information and victims' mobile phone numbers. The mobile campaign was disclosed by researchers from Doctor Web, who classified the trojan as "Android.Cynos.7.origin," owing to the fact that the | Malware | ||
|
2021-11-23 02:58:04 | More Stealthier Version of BrazKing Android Malware Spotted in the Wild (lien direct) | Banking apps from Brazil are being targeted by a more elusive and stealthier version of an Android remote access trojan (RAT) that's capable of carrying out financial fraud attacks by stealing two-factor authentication (2FA) codes and initiating rogue transactions from infected devices to transfer money from victims' accounts to an account operated by the threat actor. IBM X-Force dubbed the | Malware Threat | ||
|
2021-11-22 04:10:31 | New Golang-based Linux Malware Targeting eCommerce Websites (lien direct) | Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that's capable of stealing payment information from compromised websites. "The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms," researchers from Sansec Threat Research said in an analysis. "After a day and a | Malware Threat | ||
|
2021-11-22 03:47:12 | Hackers Exploiting ProxyLogon and ProxyShell Flaws in Spam Campaigns (lien direct) | Threat actors are exploiting ProxyLogon and ProxyShell exploits in unpatched Microsoft Exchange Servers as part of an ongoing spam campaign that leverages stolen email chains to bypass security software and deploy malware on vulnerable systems. The findings come from Trend Micro following an investigation into a number of intrusions in the Middle East that culminated in the distribution of a | Spam Malware | ||
|
2021-11-20 07:26:20 | North Korean Hackers Found Behind a Range of Credential Theft Campaigns (lien direct) | A threat actor with ties to North Korea has been linked to a prolific wave of credential theft campaigns targeting research, education, government, media and other organizations, with two of the attacks also attempting to distribute malware that could be used for intelligence gathering. Enterprise security firm Proofpoint attributed the infiltrations to a group it tracks as TA406, and by the | Malware Threat | ||
|
2021-11-16 01:22:15 | Notorious Emotet Botnet Makes a Comeback with the Help of TrickBot Malware (lien direct) | The notorious Emotet malware is staging a comeback of sorts nearly 10 months after a coordinated law enforcement operation dismantled its command-and-control infrastructure in late January 2021. According to a new report from security researcher Luca Ebach, the infamous TrickBot malware is being used as an entry point to distribute what appears to be a new version of Emotet on systems previously | Malware | ||
|
2021-11-15 21:38:51 | SharkBot - A New Android Trojan Stealing Banking and Cryptocurrency Accounts (lien direct) | Cybersecurity researchers on Monday took the wraps off a new Android trojan that takes advantage of accessibility features on the devices to siphon credentials from banking and cryptocurrency services in Italy, the U.K., and the U.S. Dubbed "SharkBot" by Cleafy, the malware is designed to strike a total of 27 targets - counting 22 unnamed international banks in Italy and the U.K. as well as five | Malware | ||
|
2021-11-12 07:32:30 | Hackers Increasingly Using HTML Smuggling in Malware and Phishing Attacks (lien direct) | Threat actors are increasingly banking on the technique of HTML smuggling in phishing campaigns as a means to gain initial access and deploy an array of threats, including banking malware, remote administration trojans (RATs), and ransomware payloads. Microsoft 365 Defender Threat Intelligence Team, in a new report published Thursday, disclosed that it identified infiltrations distributing the | Ransomware Malware Threat | ★★★ | |
|
2021-11-12 07:15:52 | Abcbot - A New Evolving Wormable Botnet Malware Targeting Linux (lien direct) | Researchers from Qihoo 360's Netlab security team have released details of a new evolving botnet called "Abcbot" that has been observed in the wild with worm-like propagation features to infect Linux systems and launch distributed denial-of-service (DDoS) attacks against targets. While the earliest version of the botnet dates back to July 2021, new variants observed as recently as October 30 | Malware | ||
|
2021-11-10 06:04:42 | Researchers Discover PhoneSpy Malware Spying on South Korean Citizens (lien direct) | An ongoing mobile spyware campaign has been uncovered snooping on South Korean residents using a family of 23 malicious Android apps to siphon sensitive information and gain remote control of the devices.
"With more than a thousand South Korean victims, the malicious group behind this invasive campaign has had access to all the data, communications, and services on their devices," Zimperium |
Malware | ||
|
2021-11-01 04:25:57 | New \'Trojan Source\' Technique Lets Hackers Hide Vulnerabilities in Source Code (lien direct) | A novel class of vulnerabilities could be leveraged by threat actors to inject visually deceptive malware in a way that's semantically permissible but alters the logic defined by the source code, effectively opening the door to more first-party and supply chain risks.
Dubbed "Trojan Source attacks," the technique "exploits subtleties in text-encoding standards such as Unicode to produce source |
Malware Threat | ||
|
2021-11-01 01:31:28 | Researchers Uncover \'Pink\' Botnet Malware That Infected Over 1.6 Million Devices (lien direct) | Cybersecurity researchers disclosed details of what they say is the "largest botnet" observed in the wild in the last six years, infecting over 1.6 million devices primarily located in China, with the goal of launching distributed denial-of-service (DDoS) attacks and inserting advertisements into HTTP websites visited by unsuspecting users.
Qihoo 360's Netlab security team dubbed the botnet " |
Malware | ||
|
2021-10-28 00:59:45 | New Wslink Malware Loader Runs as a Server and Executes Modules in Memory (lien direct) | Cybersecurity researchers on Wednesday took the wraps off a "simple yet remarkable" malware loader for malicious Windows binaries targeting Central Europe, North America and the Middle East.
Codenamed "Wslink" by ESET, this previously undocumented malware stands apart from the rest in that it runs as a server and executes received modules in memory. There are no specifics available on the |
Malware | ||
|
2021-10-27 06:47:55 | Hackers Using Squirrelwaffle Loader to Deploy Qakbot and Cobalt Strike (lien direct) | A new spam email campaign has emerged as a conduit for a previously undocumented malware loader that enables the attackers to gain an initial foothold into enterprise networks and drop malicious payloads on compromised systems.
"These infections are also used to facilitate the delivery of additional malware such as Qakbot and Cobalt Strike, two of the most common threats regularly observed |
Spam Malware | ||
|
2021-10-27 00:14:47 | Latest Report Uncovers Supply Chain Attacks by North Korean Hackers (lien direct) | Lazarus Group, the advanced persistent threat (APT) group attributed to the North Korean government, has been observed waging two separate supply chain attack campaigns as a means to gain a foothold into corporate networks and target a wide range of downstream entities.
The latest intelligence-gathering operation involved the use of MATA malware framework as well as backdoors dubbed BLINDINGCAN |
Malware Threat Medical | APT 38 APT 28 | |
|
2021-10-23 02:23:13 | Popular NPM Package Hijacked to Publish Crypto-mining Malware (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining malware embedded in "UAParser.js," a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to get rid of three rogue packages that were found to mimic the same library.
The supply-chain attack targeting the open-source library saw three |
Malware | ||
|
2021-10-22 08:01:26 | \'Lone Wolf\' Hacker Group Targeting Afghanistan and India with Commodity RATs (lien direct) | A new malware campaign targeting Afghanistan and India is exploiting a now-patched, 20-year-old flaw affecting Microsoft Office to deploy an array of commodity remote access trojans (RATs) that allow the adversary to gain complete control over the compromised endpoints.
Cisco Talos attributed the cyber campaign to a "lone wolf" threat actor operating a Lahore-based fake IT company called Bunse |
Malware Threat | ||
|
2021-10-22 05:41:06 | Researchers Discover Microsoft-Signed FiveSys Rootkit in the Wild (lien direct) | A newly identified rootkit has been found with a valid digital signature issued by Microsoft that's used to proxy traffic to internet addresses of interest to the attackers for over a year targeting online gamers in China.
Bucharest-headquartered cybersecurity technology company Bitdefender named the malware "FiveSys," calling out its possible credential theft and in-game-purchase hijacking |
Malware |
To see everything:
Our RSS (filtrered)
