What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-17 10:30:08 | Cry Havoc and let slip dogs of war ... there\'s an upgraded malware server in town (lien direct) | ThreatLabz finds free alternative to Cobalt Strike and other tools used in the wild There's a fresh open-source command-and-control (C2) framework on the loose, dubbed Havoc, as an alternative to the popular Cobalt Strike, and other mostly legitimate tools, that have been abused to spread malware.… | Malware | ★★ | |
|
2023-02-14 00:30:11 | Pepsi Bottling Ventures says info-stealing malware swiped sensitive data (lien direct) | That's not what I like Crooks have breached Pepsi Bottling Ventures' network and, after deploying info-stealing malware, made off with sensitive personal and financial information according to a notification sent to consumers.… | Malware | ★ | |
|
2023-02-13 12:38:07 | LockBit\'s Royal Mail ransom deadline flies by. No data released (lien direct) | Also: Russian wiper malware authors turn to data theft, plus this week's critical vulns in brief The notorious LockBit ransomware gang has taken credit for an attack on the Royal Mail – but a deadline it gave for payment has come and gone with nothing exposed to the web except the group's claims.… | Ransomware Malware | ★★ | |
|
2023-02-10 07:24:07 | US, UK slap sanctions on Russians linked to Conti, Ryuk, Trickbot malware (lien direct) | Any act that sends so much as a ruble to seven named netizens now forbidden The US and UK have sanctioned seven Russians for their alleged roles in disseminating Conti and Ryuk ransomware and the Trickbot banking trojan.… | Ransomware Malware | ★★ | |
|
2023-02-08 21:30:12 | Among the thousands of ESXiArgs ransomware victim orgs? FBI and CISA to the rescue (lien direct) | The malware has hit more than 3,800 servers globally, according to the Feds The US Cybersecurity and Infrastructure Security Agency (CISA) has released a recovery script to help companies whose servers were scrambled in the recent ESXiArgs ransomware outbreak.… | Ransomware Malware | ★★★ | |
|
2023-02-04 00:27:06 | HeadCrab bots pinch 1,000+ Redis servers to mine coins (lien direct) | We devoting full time to floating under /etc A sneaky botnet dubbed HeadCrab that uses bespoke malware to mine for Monero has infected at least 1,200 Redis servers in the last 18 months.… | Malware | ★★★ | |
|
2023-02-03 20:25:08 | Fast-evolving Prilex POS malware can block contactless payments (lien direct) | ... forcing users to insert their cards into less-secure PIN systems The reasons businesses and consumers like contactless payment transactions – high security and speed – are what make those systems bad for cybercriminals.… | Malware | ★★ | |
|
2023-02-02 19:27:14 | Malvertising attacks are distributing .NET malware loaders (lien direct) | The campaign illustrates another option for miscreants who had relied on Microsoft macros Malvertising attacks are being used to distribute virtualized .NET loaders that are highly obfuscated and dropping info-stealer malware.… | Malware | ★★ | |
|
2023-01-30 19:45:11 | Gootloader malware updated with PowerShell, sneaky JavaScript (lien direct) | Perhaps a good time to check for unwelcome visitors The operators behind Gootloader, a crew dubbed UNC2565, have upgraded the code in cunning ways to make it more intrusive and harder to find.… | Malware | ★★ | |
|
2023-01-09 21:15:11 | Python Package Index found stuffed with AWS keys and malware (lien direct) | British developer uses homegrown scanning tool to check for risks The Python Package Index, or PyPI, continues to surprise and not in a good way.… | Malware Tool | ★★ | |
|
2023-01-06 15:30:06 | Dridex malware pops back up and turns its attention to macOS (lien direct) | Malware testers spot attempt to attack Macs. But (try not to weep for the bad guys) there are still compatibility issues with MS exe files A variant of the bad penny that is Dridex, the general-purpose malware that has been around for years, now has macOS platforms in its sights and a new way of delivering malicious macros via documents.… | Malware | ★★★ | |
|
2022-12-22 18:34:52 | Zerobot malware now shooting for Apache systems (lien direct) | Upgraded threat, time to patch The Zerobot botnet, first detected earlier this month, is expanding the types of Internet of Things (IoT) devices it can compromise by going after Apache systems.… | Malware | ★★★ | |
|
2022-12-22 02:20:36 | Godfather malware makes banking apps an offer they can\'t refuse (lien direct) | No horse heads in beds...that we know of Crooks are using an Android banking Trojan dubbed Godfather to steal from banking and cryptocurrency exchange app users in 16 countries, according to Group-IB security researchers… | Malware | ★★★ | |
|
2022-12-21 09:45:12 | Malicious PyPI package found posing as a SentinelOne SDK (lien direct) | Security firm tagged with malware misrepresentation Threat researchers have found a rapidly updated malicious Python package on PyPI masquerading as a legitimate software-development kit (SDK) from cybersecurity firm SentinelOne, but actually contains malware designed to exfiltrate data from infected systems.… | Malware | ★★ | |
|
2022-12-20 19:30:10 | Microsoft reports macOS Gatekeeper has an \'Achilles\' heel (lien direct) | Insert your Trojan joke here Security researchers at Microsoft have discovered a bug in macOS that lets malicious apps bypass Apple's Gatekeeper security software "for initial access by malware and other threats." … | Malware | ★★ | |
|
2022-12-13 08:32:10 | Researchers smell a cryptomining Chaos RAT targeting Linux systems (lien direct) | Smells like Russian miscreants A type of cryptomining malware targeting Linux-based systems has added capabilities by incorporating an open source remote access trojan called Chaos RAT with several advanced functions that bad guys can use to control remote operating systems.… | Malware | ★★★ | |
|
2022-12-09 22:00:08 | Legit Android apps poisoned by sticky \'Zombinder\' malware (lien direct) | Sure, go ahead and load APKs instead of using an app store. You won't enjoy the results Threat researchers have discovered an obfuscation platform that attaches malware to legitimate Android applications to lure users to install the malicious payload and make it difficult for security tools to detect.… | Malware | ★★★ | |
|
2022-12-06 15:30:10 | Want to detect Cobalt Strike on the network? Look to process memory (lien direct) | Security analysts have tools to spot hard-to-find threat, Unit 42 says Enterprise security pros can detect malware samples in environments that incorporate the highly evasive Cobalt Strike attack code by analyzing artifacts in process memory, according to researchers with Palo Alto Networks' Unit 42 threat intelligence unit.… | Malware Threat | ★★★ | |
|
2022-12-05 22:30:13 | Google warns stolen Android keys used to sign info-stealing malware (lien direct) | OEMs including Samsung, LG and Mediatek named and shamed Compromised Android platform certificate keys from device makers including Samsung, LG and Mediatek are being used to sign malware and deploy spyware, among other software nasties.… | Malware | ★★★ | |
|
2022-12-02 09:30:51 | Mozilla, Microsoft drop TrustCor as root certificate authority (lien direct) | 'There is no evidence to suggest that TrustCor violated conduct, policy, or procedure' says biz Mozilla and Microsoft have taken action against a certificate authority accused of having close ties to a US military contractor that allegedly paid software developers to embed data-harvesting malware in mobile apps.… | Malware | ★★★★★ | |
|
2022-11-29 20:00:12 | Criminals use trending TikTok challenge to make data-stealing malware invisible (lien direct) | PSA: Don't download unknown apps even if they promise naked people Malware-slinging miscreants are taking advantage of a trending TikTok challenge - and viewers' dirty minds - to spread data-stealing malware via a phony app that's had more than one million views so far.… | Malware | ★★ | |
|
2022-11-17 08:30:10 | Notorious Emotet botnet returns after a few months off (lien direct) | And it's been sending out hundreds of thousands of malicious emails a day The Emotet malware-delivery botnet is back after a short hiatus, quickly ramping up the number of malicious emails it's sending and sporting additional capabilities, including changes to its binary and delivering a new version of the IcedID malware dropper.… | Malware | ||
|
2022-11-16 19:30:07 | WASP malware puts a sting in Python developers (lien direct) | Info-stealing trojan is hidden in malicious PyPI packages on GitHub WASP malware is using steganography and polymorphism to evade detection with malicious Python packages designed to steal credentials, personal information, and cryptocurrency.… | Malware | ||
|
2022-11-10 04:46:41 | Windows breaks under upgraded IceXLoader malware (lien direct) | We're the malware of Nim! A malware loader deemed in June to be a "work in progress" is now fully functional and infecting thousands of Windows corporate and home PCs.… | Malware | ||
|
2022-11-07 15:30:08 | Oh, look: More malware in the Google Play store (lien direct) | Also, US media hit with JavaScript supply chain attack, while half of govt employees use out-of-date mobile OSes in brief A quartet of malware-laden Android apps from a single developer have been caught with malicious code more than once, yet the infected apps remain on Google Play and have collectively been downloaded more than one million times. … | Malware | ★★★★★ | |
|
2022-10-31 16:30:08 | Ordinary web access request or command to malware? (lien direct) | Cranefly group unleashes nasty little technique using Microsoft Internet Information Services (IIS) logs A threat group that targets corporate emails is delivering dropper malware through a novel technique that uses Microsoft Internet Information Services (IIS) logs to send commands disguised as web access requests.… | Malware Threat | ||
|
2022-10-26 23:06:26 | Feds accuse Ukrainian of renting out PC-raiding Raccoon malware to fiends (lien direct) | Separately, charges slapped on alleged operator of dark market, The Real Deal Mark Sokolovsky, 26, a Ukrainian national, is being held in the Netherlands while he awaits extradition to America on cybercrime charges, the US Justice Department said on Tuesday.… | Malware | ||
|
2022-10-24 22:11:11 | Payment terminal malware steals $3.3m worth of credit card numbers – so far (lien direct) | With shops leaving VNC and RDP open, quelle surprise Cybercriminals have used two strains of point-of-sale (POS) malware to steal the details of more than 167,000 credit cards from payment terminals. If sold on underground forums, the haul could net the thieves upwards of $3.3 million.… | Malware | ||
|
2022-10-21 10:28:06 | Good news, URSNIF no longer a banking trojan. Bad news, it\'s now a backdoor (lien direct) | And one designed to slip ransomware and data-stealing code onto infected machines URSNIF, the malware also known as Gozi that attempts to steal online banking credentials from victims' Windows PCs, is evolving to support extortionware.… | Ransomware Malware | ||
|
2022-10-18 07:31:14 | Imagine surviving a wiper attack only for ransomware to scramble your restored files (lien direct) | Then again, imagine being invaded by Russia Organizations hit earlier by the HermeticWiper malware have reportedly been menaced by ransomware unleashed this month against transportation and logistics industries in Ukraine and Poland.… | Ransomware Malware | ||
|
2022-10-14 08:32:11 | LockBit 3.0 malware forced NHS tech supplier to shut down hosted sites (lien direct) | Managed software provider Advanced admits some customer data 'exfiltrated' in August ransomware attack Advanced, a managed software provider to the UK National Health Service, has confirmed that customer data was indeed lifted as part of the attack by cyber baddies that has disrupted operations for months.… | Ransomware Malware | ||
|
2022-10-13 23:35:05 | Banks face their \'darkest hour\' as malware steps up, maker of antivirus says (lien direct) | When I saw it, I had to reverse engineer it, Kaspersky's lead security researcher tells us Interview Crimeware targeting banks and other financial-services organizations today features sophisticated capabilities and evasion tools, according to Kaspersky's lead security researcher Sergey Lozhkin.… | Malware Guideline | ||
|
2022-10-10 09:29:11 | Criminal multitool LilithBot arrives on malware-as-a-service scene (lien direct) | Bespoke botnet up for grabs from outfit praised for, er, customer service A Russia based threat group that set up a malware distribution shop earlier this year is behind a Swiss Army knife-like botnet that comes with a range of other malicious capabilities, from stealing information to mining cryptocurrency.… | Malware Threat | ||
|
2022-10-03 10:00:10 | Between ransomware and month-long engagements, IR teams need a hug - and a nap (lien direct) | Here's what 1,100 incident responders say about their jobs, just in time for NSCAM Remember the good old days of cyber-incident response, when the job involved digital forensics and lots of stolen credit cards, as opposed to power-grid-breaking malware and multi-million-dollar ransom demands?… | Ransomware Malware | ||
|
2022-10-02 08:47:05 | BlackCat malware lashes out at US defense IT contractor (lien direct) | Also, Amazon's Ring footage TV shows draws criticism, US v Societ spying docs found, and more In Brief The BlackCat ransomware gang, also known as ALPHV, has allegedly broken into IT firm NJVC, a provider of services to civilian US government agencies and the Department of Defense.… | Ransomware Malware | ||
|
2022-09-29 13:00:09 | Covert malware targets VMware for hypervisor-level espionage (lien direct) | VMware, Mandiant track back operators, finding ties to China Emerging covert malware families that target VMware environments could allow criminals to gain persistent administrative access to the hypervisor, transfer files, and execute arbitrary commands between virtual machines, according to VMware and Mandiant, which discovered the software nasty earlier this year.… | Malware | ||
|
2022-09-28 17:00:07 | Want to sneak a RAT into Windows? Buy Quantum Builder on the dark web (lien direct) | Beware what could be hiding in those LNK shortcuts A tool sold on the dark web that allows cybercriminals to build malicious shortcuts for delivering malware is being used in a campaign pushing a longtime .NET keylogger and remote access trojan (RAT) named Agent Tesla.… | Malware Tool | ||
|
2022-09-25 08:50:14 | Noberus ransomware gets info-stealing upgrades, targets Veeam backup software (lien direct) | 'One of the most dangerous and active malware developers operating at the moment' Crooks spreading the Noberus ransomware are adding weapons to their malware to steal data and credentials from compromised networks.… | Ransomware Malware | ||
|
2022-09-22 13:45:08 | Fake sites fool Zoom users into downloading deadly code (lien direct) | Ah, the human touch Beware the Zoom site you don't recognize, as a criminal gang is creating multiple fake versions aimed at luring users to download malware that can steal banking data, IP addresses, and other information.… | Malware | ||
|
2022-09-21 15:56:01 | Malwarebytes blocks Google, YouTube as malware (lien direct) | Sounds like fair comment Google and its Youtube domains are being flagged as malicious by Malwarebytes as of Wednesday morning, blocking users from accessing a whole range of websites.… | Malware | ||
|
2022-09-21 09:26:11 | ChromeLoader, what took you so long? Malvertising irritant now slings ransomware (lien direct) | Doesn't make cents, makes bigger bucks instead ... probably ChromeLoader – the malware that exploded onto the scene this year by hijacking browsers to redirect users to pages of ads – is apparently evolving into a more significant threat by deploying malicious payloads that go beyond malvertising.… | Ransomware Malware Threat | ||
|
2022-09-10 11:00:07 | Shape-shifting cryptominer savaging Linux endpoints and IoT (lien direct) | Also, Authorities seize WT1SHOP selling 5.8m sets of PII, The North Face users face tough secuirty hike In brief AT&T cybersecurity researchers have discovered a sneaky piece of malware targeting Linux endpoints and IoT devices in the hopes of gaining persistent access and turning victims into crypto-mining drones.… | Malware | ||
|
2022-09-08 12:00:09 | Lazarus Group unleashed a MagicRAT to spy on energy providers (lien direct) | Cisco finds custom malware in North Korea's latest cyberespionage effort The North Korean state-sponsored crime ring Lazarus Group is behind a new cyberespionage campaign with the goal to steal data and trade secrets from energy providers across the US, Canada and Japan, according to Cisco Talos.… | Malware Medical | APT 38 | |
|
2022-09-07 12:34:49 | Cybercriminals target games popular with kids to distribute malware (lien direct) | Kaspersky research finds Minecraft and Roblox have the most malicious files associated with them With 3 billion players globally, the $200 billion gaming market is an increasingly ripe target for cybercriminals – with the perennially popular Minecraft one of the most targeted lures.… | Malware | ||
|
2022-09-06 16:15:14 | Newly discovered cyberspy crew targets Asian governments and corporations (lien direct) | Worok uses mix of publicly available tools, custom malware to steal info, gang active since 2020 A cyberespionage group has targeted government agencies and big-name corporations throughout Asia since at least 2020, using the notorious ProxyShell vulnerabilities in Microsoft Exchange to gain initial access.… | Malware | ||
|
2022-09-05 06:57:12 | Microsoft mistakenly rated Chromium, Electron, as malware (lien direct) | Windows Defender update fixed the mess after a weekend of false positive weirdness Microsoft appears to have fixed a problem that saw its Defender antivirus program identify apps based on the Chromium browser engine and/or Electron JavaScript framework as malware, and suggest users remove them.… | Malware | ||
|
2022-09-01 07:04:15 | Oh no, that James Webb Space Telescope snap might actually contain malware (lien direct) | Is nothing sacred? Scumbags are using a photo from the James Webb Space Telescope to smuggle Windows malware onto victims' computers – albeit in a roundabout way.… | Malware | ||
|
2022-08-30 10:27:12 | That \'clean\' Google Translate app is actually Windows crypto-mining malware (lien direct) | Ah, nothing like a classic Trojan horse Watch out: someone is spreading cryptocurrency-mining malware disguised as legitimate-looking applications, such as Google Translate, on free software download sites and through Google searches.… | Malware | ||
|
2022-08-25 09:24:07 | Shout-out to whoever went to Black Hat with North Korean malware on their PC (lien direct) | I am the one who NOCs The folks tasked with defending the Black Hat conference network see a lot of weird, sometimes hostile activity, and this year it included malware linked to Kim Jong-un's agents.… | Malware | ||
|
2022-08-17 18:41:18 | After 7 years, long-term threat DarkTortilla crypter is still evolving (lien direct) | .NET-based malware can push wide range of malicious payloads, and evades detection, Secureworks says A highly pervasive .NET-based crypter that has flown under the radar since about 2015 and can deliver a wide range of malicious payloads continues to evolve rapidly, with almost 10,000 code samples being uploaded to VirusTotal over a 16-month period.… | Malware Threat |
To see everything:
Our RSS (filtrered)
