What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-01-14 01:10:41 | Experts Uncover Malware Attacks Against Colombian Government and Companies (lien direct) | Cybersecurity researchers took the wraps off an ongoing surveillance campaign directed against Colombian government institutions and private companies in the energy and metallurgical industries.
In a report published by ESET on Tuesday, the Slovak internet security company said the attacks - dubbed "Operation Spalax" - began in 2020, with the modus operandi sharing some similarities to an APT |
Malware | ||
|
2021-01-12 21:01:20 | Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws (lien direct) | For the first patch Tuesday of 2021, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability.
The latest security patches cover Microsoft Windows, Edge browser, ChakraCore, Office and Microsoft Office Services, and Web Apps, Visual Studio, Microsoft Malware Protection Engine, .NET Core |
Malware | ||
|
2021-01-12 03:07:27 | Experts Sound Alarm On New Android Malware Sold On Hacking Forums (lien direct) | Cybersecurity researchers have exposed the operations of an Android malware vendor who teamed up with a second threat actor to market and sell a remote access Trojan (RAT) capable of device takeover and exfiltration of photos, locations, contacts, and messages from popular apps such as Facebook, Instagram, WhatsApp, Skype, Telegram, Kik, Line, and Google Messages.
The vendor, who goes by the |
Malware Threat | ||
|
2021-01-11 22:29:57 | Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor (lien direct) | As the investigation into the SolarWinds supply-chain attack continues, cybersecurity researchers have disclosed a third malware strain that was deployed into the build environment to inject the backdoor into the company's Orion network monitoring platform.
Called "Sunspot," the malignant tool adds to a growing list of previously disclosed malicious software such as Sunburst and Teardrop.
"This |
Malware Tool Mobile | Solardwinds Solardwinds | |
|
2021-01-11 05:41:59 | Researchers Find Links Between Sunburst and Russian Kazuar Malware (lien direct) | Cybersecurity researchers, for the first time, may have found a potential connection between the backdoor used in the SolarWinds hack to a previously known malware strain.
In new research published by Kaspersky researchers today, the cybersecurity firm said it discovered several features that overlap with another backdoor known as Kazuar, a .NET-based malware first documented by Palo Alto |
Malware | Solardwinds Solardwinds | |
|
2021-01-06 06:00:59 | Hackers Using Fake Trump\'s Scandal Video to Spread QNode Malware (lien direct) | Cybesecurity researchers today revealed a new malspam campaign that distributes a remote access Trojan (RAT) by purporting to contain a sex scandal video of U.S. President Donald Trump.
The emails, which carry with the subject line "GOOD LOAN OFFER!!," come attached with a Java archive (JAR) file called "TRUMP_SEX_SCANDAL_VIDEO.jar," which, when downloaded, installs Qua or Quaverse RAT (QRAT) |
Malware | ||
|
2021-01-05 07:08:04 | Warning: Cross-Platform ElectroRAT Malware Targeting Cryptocurrency Users (lien direct) | Cybersecurity researchers today revealed a wide-ranging scam targeting cryptocurrency users that began as early as January last year to distribute trojanized applications to install a previously undetected remote access tool on target systems.
Called ElectroRAT by Intezer, the RAT is written from ground-up in Golang and designed to target multiple operating systems such as Windows, Linux, and |
Malware Tool | ||
|
2020-12-26 22:24:48 | A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware (lien direct) | An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries to deploy the SUPERNOVA malware in target environments.
According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that's used to interface with all other Orion system monitoring and management products suffers from a security flaw that could |
Malware Vulnerability | ||
|
2020-12-23 00:41:49 | How to Defend Against Malware, Phishing, and Scams During COVID-19 Crisis (lien direct) | As if the exponential rise in phishing scams and malware attacks in the last five years wasn't enough, the COVID-19 crisis has worsened it further.
The current scenario has given a viable opportunity to cybercriminals to find a way to target individuals, small and large enterprises, government corporations.
According to Interpol's COVID-19 Cybercrime Analysis Report, based on the feedback of 194 |
Malware | ||
|
2020-12-22 01:50:07 | A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says (lien direct) | As the probe into the SolarWinds supply chain attack continues, new digital forensic evidence has brought to light that a separate threat actor may have been abusing the IT infrastructure provider's Orion software to drop a similar persistent backdoor on target systems.
"The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the |
Malware Threat | ||
|
2020-12-16 06:33:56 | Ransomware Attackers Using SystemBC Malware With RAT and Tor Proxy (lien direct) | Cybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools, according to new research.
In a new analysis published by Sophos today and shared with The Hacker News, recent deployments of Ryuk and Egregor ransomware have involved the use of SystemBC backdoor to laterally move across the network and fetch additional payloads |
Ransomware Malware | ||
|
2020-12-14 23:58:12 | Exfiltrating Data from Air-Gapped Computers via Wi-Fi Signals (Without Wi-Fi Hardware) (lien direct) | A security researcher has demonstrated that sensitive data could be exfiltrated from air-gapped computers via a novel technique that leverages Wi-Fi signals as a covert channel-surprisingly, without requiring the presence of Wi-Fi hardware on the targeted systems.
Dubbed "AIR-FI," the attack hinges on deploying a specially designed malware in a compromised system that exploits "DDR SDRAM buses |
Malware | ||
|
2020-12-14 05:34:45 | SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online (lien direct) | Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response.
"SoReL-20M" (short for Sophos-ReversingLabs – 20 Million), as it's called, is a dataset containing metadata, labels |
Malware | ||
|
2020-12-11 03:48:22 | Watch Out! Adrozek Malware Hijacking Chrome, Firefox, Edge, Yandex Browsers (lien direct) | Microsoft on Thursday took the wraps off an ongoing campaign impacting popular web browsers that stealthily injects malware-infested ads into search results to earn money via affiliate advertising.
"Adrozek," as it's called by the Microsoft 365 Defender Research Team, employs an "expansive, dynamic attacker infrastructure" consisting of 159 unique domains, each of which hosts an average of |
Malware | Adrozek | |
|
2020-12-09 07:11:49 | Russian APT28 Hackers Using COVID-19 as Bait to Deliver Zebrocy Malware (lien direct) | A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once again indicating how adversaries are adept at repurposing the current world events to their advantage.
Linking the operation to a sub-group of APT28 (aka Sofacy, Sednit, Fancy Bear, or STRONTIUM), cybersecurity firm Intezer said the |
Malware Threat | APT 28 | |
|
2020-12-07 21:44:01 | NSA Warns Russian Hacker Exploiting VMware Bug to Breach Corporate Networks (lien direct) | The US National Security Agency (NSA) on Monday issued an advisory warning that Russian threat actors are leveraging recently disclosed VMware vulnerability to install malware on corporate systems and access protected data.
Specifics regarding the identities of the threat actor exploiting the VMware flaw or when these attacks started were not disclosed.
The development comes two weeks after the |
Malware Vulnerability Threat | ||
|
2020-12-07 06:57:40 | Iranian RANA Android Malware Also Spies On Instant Messengers (lien direct) | A team of researchers today unveiled previously undisclosed capabilities of an Android spyware implant-developed by a sanctioned Iranian threat actor-that could let attackers spy on private chats from popular instant messaging apps, force Wi-Fi connections, and auto-answer calls from specific numbers for purposes of eavesdropping on conversations.
In September, the US Department of the Treasury |
Malware Threat | ||
|
2020-12-04 00:06:34 | Hackers-For-Hire Group Develops New \'PowerPepper\' In-Memory Malware (lien direct) | Cybersecurity researchers on Thursday disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from its targets in Asia, Europe, and the US.
Dubbed "PowerPepper" by Kaspersky researchers, the malware has been attributed to the DeathStalker group (formerly called |
Malware | ★★ | |
|
2020-12-03 02:59:14 | TrickBot Malware Gets UEFI/BIOS Bootkit Feature to Remain Undetected (lien direct) | TrickBot, one of the most notorious and adaptable malware botnets in the world, is expanding its toolset to set its sights on firmware vulnerabilities to potentially deploy bootkits and take complete control of an infected system.
The new functionality, dubbed "TrickBoot" by Advanced Intelligence (AdvIntel) and Eclypsium, makes use of readily available tools to check devices for well-known |
Malware | ||
|
2020-12-02 04:08:21 | Experts Uncover \'Crutch\' Russian Malware Used in APT Attacks for 5 Years (lien direct) | Cybersecurity researchers today took the wraps off a previously undocumented backdoor and document stealer that has been deployed against specific targets from 2015 to early 2020.
Codenamed "Crutch" by ESET researchers, the malware has been attributed to Turla (aka Venomous Bear or Snake), a Russia-based advanced hacker group known for its extensive attacks against governments, embassies, and |
Malware | ||
|
2020-11-27 00:17:40 | Digitally Signed Bandook Malware Once Again Targets Multiple Sectors (lien direct) | A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan.
Check Point Research called out hackers affiliated with a group named Dark Caracal in a new report published yesterday for their efforts to deploy "dozens of digitally signed variants" of |
Malware | ||
|
2020-11-24 06:56:39 | Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies (lien direct) | An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar.
According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonly used program on Linux servers, and is a new version of the malware belonging to a threat actor |
Malware Threat | ||
|
2020-11-19 03:17:52 | Evolution of Emotet: From Banking Trojan to Malware Distributor (lien direct) | Emotet is one of the most dangerous and widespread malware threats active today.
Ever since its discovery in 2014-when Emotet was a standard credential stealer and banking Trojan, the malware has evolved into a modular, polymorphic platform for distributing other kinds of computer viruses.
Being constantly under development, Emotet updates itself regularly to improve stealthiness, persistence, |
Malware | ||
|
2020-11-18 01:14:22 | Apple Lets Some of its Big Sur macOS Apps Bypass Firewall and VPNs (lien direct) | Apple is facing the heat for a new feature in macOS Big Sur that allows many of its own apps to bypass firewalls and VPNs, thereby potentially allowing malware to exploit the same shortcoming to access sensitive data stored on users' systems and transmit them to remote servers.
The issue was first spotted last month by a Twitter user named Maxwell in a beta version of the operating system.
"Some |
Malware | ||
|
2020-11-12 04:59:57 | Uncovered: APT \'Hackers For Hire\' Target Financial, Entertainment Firms (lien direct) | A hackers-for-hire operation has been discovered using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies.
Dubbed "CostaRicto" by Blackberry researchers, the campaign appears to be the handiwork of APT mercenaries who possess bespoke malware tooling and complex VPN proxy and SSH tunneling capabilities.
"CostaRicto targets |
Malware | ||
|
2020-11-12 02:31:34 | New ModPipe Point of Sale (POS) Malware Targeting Restaurants, Hotels (lien direct) | Cybersecurity researchers today disclosed a new kind of modular backdoor that targets point-of-sale (POS) restaurant management software from Oracle in an attempt to pilfer sensitive payment information stored in the devices.
The backdoor - dubbed "ModPipe" - impacts Oracle MICROS Restaurant Enterprise Series (RES) 3700 POS systems, widely used software suite restaurants, and hospitality |
Malware | ★★★ | |
|
2020-10-30 03:22:45 | Browsers Bugs Exploited to Install 2 New Backdoors on Targeted Computers (lien direct) | Cybersecurity researchers have disclosed details about a new watering hole attack targeting the Korean diaspora that exploits vulnerabilities in web browsers such as Google Chrome and Internet Explorer to deploy malware for espionage purposes.
Dubbed "Operation Earth Kitsune" by Trend Micro, the campaign involves the use of SLUB (for SLack and githUB) malware and two new backdoors - dneSpy and |
Malware | ||
|
2020-10-28 01:12:57 | TrickBot Linux Variants Active in the Wild Despite Recent Takedown (lien direct) | Efforts to disrupt TrickBot may have shut down most of its critical infrastructure, but the operators behind the notorious malware aren't sitting idle.
According to new findings shared by cybersecurity firm Netscout, TrickBot's authors have moved portions of their code to Linux in an attempt to widen the scope of victims that could be targeted.
TrickBot, a financial Trojan first detected in 2016 |
Malware | ||
|
2020-10-20 07:02:47 | Windows GravityRAT Malware Now Also Targets macOS and Android Devices (lien direct) | A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users' data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices.
According to cybersecurity firm Kaspersky, the malware - dubbed "GravityRAT" - now masquerades as legitimate Android and macOS apps to capture device data, contact |
Malware | ||
|
2020-10-19 23:04:02 | U.S. Charges 6 Russian Intelligence Officers Over Destructive Cyberattacks (lien direct) | The US government on Monday formally charged six Russian intelligence officers for carrying out destructive malware attacks with an aim to disrupt and destabilize other nations and cause monetary losses.
The individuals, who work for Unit 74455 of the Russian Main Intelligence Directorate (GRU), have been accused of perpetrating the "most disruptive and destructive series of computer attacks |
Malware | ||
|
2020-10-14 06:05:01 | FIN11 Hackers Spotted Using New Techniques In Ransomware Attacks (lien direct) | A financially-motivated threat actor known for its malware distribution campaigns has evolved its tactics to focus on ransomware and extortion.
According to FireEye's Mandiant threat intelligence team, the collective - known as FIN11 - has engaged in a pattern of cybercrime campaigns at least since 2016 that involves monetizing their access to organizations' networks, in addition to deploying |
Ransomware Malware Threat | ||
|
2020-10-07 02:51:25 | ALERT! Hackers targeting IoT devices with a new P2P botnet malware (lien direct) | Cybersecurity researchers have taken the wraps off a new botnet hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency coin mining.
Discovered by Qihoo 360's Netlab security team, the HEH Botnet - written in Go language and armed with a proprietary peer-to-peer (P2P) protocol, spreads via a brute-force attack of the |
Malware | ||
|
2020-10-06 01:33:43 | New \'MosaicRegressor\' UEFI Bootkit Malware Found Active in the Wild (lien direct) | Cybersecurity researchers have spotted a rare kind of potentially dangerous malware that targets a machine's booting process to drop persistent malware.
The campaign involved the use of a compromised UEFI (or Unified Extensible Firmware Interface) containing a malicious implant, making it the second known public case where a UEFI rootkit has been used in the wild.
According to Kaspersky, the |
Malware | ||
|
2020-10-05 07:08:16 | New Flaws in Top Antivirus Software Could Make Computers More Vulnerable (lien direct) | Cybersecurity researchers today disclosed details of security vulnerabilities found in popular antivirus solutions that could enable attackers to elevate their privileges, thereby helping malware sustain its foothold on the compromised systems.
According to a report published by CyberArk Labs today and shared with The Hacker News, the high privileges often associated with anti-malware products |
Malware | ||
|
2020-10-02 02:59:55 | Researchers Fingerprint Exploit Developers Who Help Several Malware Authors (lien direct) | Writing advanced malware for a threat actor requires different groups of people with diverse technical expertise to put them all together. But can the code leave enough clues to reveal the person behind it?
To this effect, cybersecurity researchers on Friday detailed a new methodology to identify exploit authors that use their unique characteristics as a fingerprint to track down other exploits |
Malware Threat | ||
|
2020-09-18 01:45:03 | U.S. Treasury Sanctions Hacking Group Backed by Iranian Intelligence (lien direct) | The U.S. government on Thursday imposed sweeping sanctions against an Iranian threat actor backed by the country's Ministry of Intelligence and Security (MOIS) for carrying out malware campaigns targeting Iranian dissidents, journalists, and international companies in the telecom and travel sectors.
According to the U.S. Treasury and the Federal Bureau of Investigation (FBI), the sanctions target |
Malware Threat | ||
|
2020-09-11 05:05:15 | New Linux Malware Steals Call Details from VoIP Softswitch Systems (lien direct) | Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed "CDRThief" that targets voice over IP (VoIP) softswitches in an attempt to steal phone call metadata.
"The primary goal of the malware is to exfiltrate various private data from a compromised softswitch, including call detail records (CDR)," ESET researchers said in a Thursday analysis.
"To steal this |
Malware | ||
|
2020-09-08 05:31:53 | Japan, France, New Zealand Warn of Sudden Uptick in Emotet Trojan Attacks (lien direct) | Cybersecurity agencies across Asia and Europe have issued multiple security alerts regarding the resurgence of email-based Emotet malware attacks targeting businesses in France, Japan, and New Zealand.
"The emails contain malicious attachments or links that the receiver is encouraged to download," New Zealand's Computer Emergency Response Team (CERT) said. "These links and attachments may |
Malware | ||
|
2020-08-28 03:36:28 | Iranian Hackers Pose as Journalists to Trick Victims Into Installing Malware (lien direct) | An Iranian cyberespionage group known for targeting government, defense technology, military, and diplomacy sectors is now impersonating journalists to approach targets via LinkedIn and WhatsApp and infect their devices with malware.
Detailing the new tactics of the "Charming Kitten" APT group, Israeli firm Clearsky said, "starting July 2020, we have identified a new TTP of the group, |
Malware Conference | APT 35 | |
|
2020-08-26 11:30:25 | Russian Arrested After Offering $1 Million to U.S. Company Employee for Planting Malware (lien direct) | Hackers always find a way in, even if there's no software vulnerability to exploit.
The FBI has arrested a Russian national who recently traveled to the United States and offered $1 million in bribe to an employee of a targeted company for his help in installing malware into the company's computer network manually.
Egor Igorevich Kriuchkov, 27-year-old, entered the United States as a tourist |
Malware Vulnerability | ||
|
2020-08-22 00:49:43 | A Google Drive \'Feature\' Could Let Attackers Trick You Into Installing Malware (lien direct) | An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling bad actors to perform spear-phishing attacks comparatively with a high success rate.
The latest security issue-of which Google is aware but, unfortunately, left unpatched-resides in the "manage versions" functionality |
Malware | ||
|
2020-08-20 12:44:34 | Hackers Target Defence Contractors\' Employees By Posing as Recruiters (lien direct) | The United States Cybersecurity and Infrastructure Security Agency (CISA) has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly using to spy on key employees at government contracting companies.
Dubbed 'BLINDINGCAN,' the advanced remote access trojan acts as a backdoor when installed on compromised computers.
According to the FBI |
Malware | ||
|
2020-08-19 03:05:47 | A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide (lien direct) | Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer (P2P) botnet written in Golang that has been actively targeting SSH servers since January 2020.
Called "FritzFrog," the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known universities in the US and Europe, and a railway company, according |
Malware | ||
|
2020-08-17 05:45:27 | Researchers Exploited A Bug in Emotet to Stop the Spread of Malware (lien direct) | Emotet, a notorious email-based malware behind several botnet-driven spam campaigns and ransomware attacks, contained a flaw that allowed cybersecurity researchers to activate a kill-switch and prevent the malware from infecting systems for six months.
"Most of the vulnerabilities and exploits that you read about are good news for attackers and bad news for the rest of us," Binary Defense's |
Ransomware Spam Malware | ||
|
2020-08-10 02:25:38 | Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28 (lien direct) | Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data-and even run stealthy malware as a sub-process of a trusted application.
According to cybersecurity researcher Mazin Ahmed, who presented his findings at DEF CON |
Malware | ||
|
2020-08-04 01:32:36 | US Government Warns of a New Strain of Chinese \'Taidoor\' Virus (lien direct) | Intelligence agencies in the US have released information about a new variant of 12-year-old computer virus used by China's state-sponsored hackers targeting governments, corporations, and think tanks.
Named "Taidoor," the malware has done an 'excellent' job of compromising systems as early as 2008, with the actors deploying it on victim networks for stealthy remote access.
"[The] FBI has |
Malware | ||
|
2020-07-28 05:56:43 | Undetectable Linux Malware Targeting Docker Servers With Exposed APIs (lien direct) | Cybersecurity researchers today uncovered a completely undetectable Linux malware that exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud.
Docker is a popular platform-as-a-service (PaaS) solution for Linux and Windows designed to make it easier for developers to |
Malware | ||
|
2020-07-27 23:57:33 | QSnatch Data-Stealing Malware Infected Over 62,000 QNAP NAS Devices (lien direct) | Cybersecurity agencies in the US and UK yesterday issued a joint advisory about a massive ongoing malware threat infecting Taiwanese company QNAP's network-attached storage (NAS) appliances.
Called QSnatch (or Derek), the data-stealing malware is said to have compromised 62,000 devices since reports emerged last October, with a high degree of infection in Western Europe and North America.
" |
Malware Threat | ||
|
2020-07-23 02:18:46 | North Korean Hackers Spotted Using New Multi-Platform Malware Framework (lien direct) | Lazarus Group, the notorious hacking group with ties to the North Korean regime, has unleashed a new multi-platform malware framework with an aim to infiltrate corporate entities around the world, steal customer databases, and distribute ransomware.
Capable of targeting Windows, Linux, and macOS operating systems, the MATA malware framework - so-called because of the authors' reference to the |
Malware Medical | APT 38 | |
|
2020-07-16 03:28:33 | New Android Malware Now Steals Passwords For Non-Banking Apps Too (lien direct) | Cybersecurity researchers today uncovered a new strain of banking malware that targets not only banking apps but also steals data and credentials from social networking, dating, and cryptocurrency apps-in total 337 non-financial Android applications on it's target list.
Dubbed "BlackRock" by ThreatFabric researchers, which discovered the trojan in May, its source code is derived from a leaked |
Malware |
To see everything:
Our RSS (filtrered)
