What's new arround internet

Last one

Src Date (GMT) Titre Description Tags Stories Notes
InfosecIsland.webp 2021-04-21 13:59:07 Facebook Shuts Down Two Hacking Groups in Palestine (lien direct) Facebook says it has taken action against two groups of hackers originating from Palestine that abused its infrastructure for malware distribution and account compromise across the Internet. Malware ★★★
InfosecIsland.webp 2019-06-04 07:42:01 On the Horizon: Parasitic Malware Will Feast on Critical Infrastructure (lien direct) Unprepared organizations will have a wide (and often unmonitored) attack surface that can be targeted by parasitic malware. Malware
InfosecIsland.webp 2019-05-28 10:47:01 Researchers Analyze the Linux Variant of Winnti Malware (lien direct) Chronicle, the cybersecurity arm of Google's parent Alphabet, has identified and analyzed samples of the Winnti malware that have been designed specifically for the Linux platform. Malware
InfosecIsland.webp 2019-05-06 12:11:00 Qakbot Trojan Updates Persistence, Evasion Mechanism (lien direct) The Qakbot banking Trojan has updated its persistence mechanism in recent attacks and also received changes that potentially allow it to evade detection, Talos' security researchers say. Also known as Qbot and Quakbot, the Trojan has been around for nearly a decade, and has received a variety of changes over time to remain a persistent threat, although its functionality remained largely unaltered. Known for the targeting of businesses to steal login credentials and eventually drain their bank accounts, the malware has received updates to the scheduled task it uses to achieve persistence on the infected systems, which also allows it to evade detection. The Trojan typically uses a dropper to compromise a victim's machine. During the infection process, a scheduled task is created on the victim machine to execute a JavaScript downloader that makes a request to one of several hijacked domains. A spike in requests to these hijacked domains observed on April 2, 2019 (which follows DNS changes made to them on March 19) suggests that the threat actor has made updates to the persistence mechanism only recently, in preparation for a new campaign. The downloader requests the URI "/datacollectionservice[.]php3." from the hijacked domains, which are XOR encrypted at the beginning of the JavaScript. The response is also obfuscated, with the transmitted data saved as (randalpha)_1.zzz and (randalpha)_2.zzz and decrypted using a code contained in the JavaScript downloader. At the same time, a scheduled task is created to execute a batch file. The code reassembles the Qakbot executable from the two .zzz files, using the type command, after which the two .zzz files are deleted. The changes in the infection chain make it more difficult for traditional anti-virus software to detect attacks, and the malware may easily be downloaded onto target machine, given that it is now obfuscated and saved in two separate files. “Detection that is focused on seeing the full transfer of the malicious executable would likely miss this updated version of Qakbot. Because of this update to persistence mechanisms, the transfer of the malicious Qbot binary will be obfuscated to the point that some security products could miss it,” Talos concludes. Related: Qakbot, Emotet Increasingly Targeting Business Users: Microsoft Related: Qbot Infects Thousands in New Campaign Malware Threat
InfosecIsland.webp 2019-01-03 14:58:05 Cybercriminals Hide Malware Commands in Malicious Memes (lien direct) Trend Micro security researchers have discovered a new piece of malware that receives commands via malicious memes its operators published on Twitter. Malware
InfosecIsland.webp 2018-11-16 07:28:01 \'DarkGate\' Campaign Targets Europeans with Multiple Payloads (lien direct) A newly discovered malware campaign is targeting users in Europe with various payloads, has a reactive command and control (C&C) system and can remotely control infected machines, enSilo security researchers warn. Malware
InfosecIsland.webp 2018-11-06 08:44:00 Fight Fileless Malware on All Fronts (lien direct) Fileless malware has become the darling of cyber criminals because, quite simply, it's a no-brainer. Malware
InfosecIsland.webp 2018-10-16 06:47:04 Crypto-Mining Malware Attacks on iPhones Up 400%: Report (lien direct) Crypto-mining malware attacks against iPhones went up 400% in the last two weeks of September, security firm Check Point notes in a new report. Malware
Last update at: 2024-05-05 03:07:57
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter