What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-05-11 12:49:03 | (Déjà vu) April 2023\'s Most Wanted Malware: Qbot Launches Substantial Malspam Campaign and Mirai Makes its Return (lien direct) | April 2023\'s Most Wanted Malware: Qbot Launches Substantial Malspam Campaign and Mirai Makes its Return
Check Point Research uncovered a substantial malspam campaign for Trojan Qbot, which came in second in last month\'s threat index. Meanwhile Internet-of-Things (IoT) malware Mirai made it back on the list for the first time in a year, and Healthcare became the second most exploited industry
-
Malware Update
April 2023\'s Most Wanted Malware: Qbot Launches Substantial Malspam Campaign and Mirai Makes its Return Check Point Research uncovered a substantial malspam campaign for Trojan Qbot, which came in second in last month\'s threat index. Meanwhile Internet-of-Things (IoT) malware Mirai made it back on the list for the first time in a year, and Healthcare became the second most exploited industry - Malware Update |
Malware Threat | ★★ | |
|
2023-05-11 11:30:10 | Analyse du malware de voler Redline Analyse der RedLine Stealer Malware (lien direct) |
Le voleur Redline est apparu pour la première fois dans M & AUML; RZ 2020.Dans le passé, il a été utilisé à maintes reprises par les membres désormais découverts du groupe Lapsus $, mais est toujours offert dans les forums DarkNet pour quelques centaines d'euros.Ce vol est un outil basé sur les performances pour collecter des données d'enregistrement à partir d'une variété de sources, notamment un navigateur Web, des clients FTP, des applications de messagerie, Steam, des clients de messagerie instantanéeet les VPN.De plus, les logiciels malveillants peuvent collecter des cookies d'authentification et des numéros de carte qui sont dans les navigateurs, les protocoles de chat,Les fichiers locaux et même les bases de données Kryptow & Auml; Hermungwallet sont enregistrées.
-
malware
/ /
cybersecurite_home_droite
RedLine Stealer tauchte erstmals im März 2020 auf. Genutzt wurde sie in der Vergangenheit immer wieder von den inzwischen aufgedeckten Mitgliedern der Lapsus$-Gruppe, wird aber auch immer noch in Darknet-Foren für wenige Hundert Euro angeboten. Bei diesem Stealer handelt es sich um ein leistungsfähiges Tool zum Sammeln von Anmeldedaten aus einer Vielzahl von Quellen, darunter Webbrowser, FTP-Clients, E-Mail-Apps, Steam, Instant-Messaging-Clients und VPNs. Darüber hinaus kann die Malware Authentifizierungs-Cookies und Kartennummern sammeln, die in Browsern, Chat-Protokollen, lokalen Dateien und sogar Kryptowährungs-Wallet-Datenbanken gespeichert sind. - Malware / cybersecurite_home_droite |
Malware Tool | ★★ | |
 |
2023-05-11 11:00:32 | Avril 2023 \\'s Most Wetewware: QBOT lance une campagne de Malspam substantielle et Mirai fait son retour April 2023\\'s Most Wanted Malware: Qbot Launches Substantial Malspam Campaign and Mirai Makes its Return (lien direct) |
>Check Point Research uncovered a substantial malspam campaign for Trojan Qbot, which came in second in last month\'s threat index. Meanwhile Internet-of-Things (IoT) malware Mirai made it back on the list for the first time in a year, and Healthcare moved up to become the second most exploited industry Our latest Global Threat Index for April 2023 saw researchers uncover a substantial Qbot malspam campaign distributed through malicious PDF files, attached to emails seen in multiple languages. Meanwhile, Internet-of-Things (IoT) malware Mirai made the list for the first time in a year after exploiting a new vulnerability in TP-Link routers, […]
>Check Point Research uncovered a substantial malspam campaign for Trojan Qbot, which came in second in last month\'s threat index. Meanwhile Internet-of-Things (IoT) malware Mirai made it back on the list for the first time in a year, and Healthcare moved up to become the second most exploited industry Our latest Global Threat Index for April 2023 saw researchers uncover a substantial Qbot malspam campaign distributed through malicious PDF files, attached to emails seen in multiple languages. Meanwhile, Internet-of-Things (IoT) malware Mirai made the list for the first time in a year after exploiting a new vulnerability in TP-Link routers, […] |
Malware Vulnerability Threat | ★★ | |
 |
2023-05-11 10:11:00 | Les escrocs distribuent des logiciels malveillants via des annonces de compte vérifié sur Facebook Scammers Distribute Malware via Verified Account Ads on Facebook (lien direct) |
Les campagnes d'arnaque impliquent fréquemment des acteurs de menace usurpant l'usurpation d'entreprises ou des individus importants.Cependant, une tendance récente ...
Scamming campaigns frequently involve threat actors impersonating businesses or significant individuals. However, a recent trend... |
Malware Threat | ★★ | |
 |
2023-05-11 04:00:00 | ASEC Weekly Malware Statistics (1er mai 2023 & # 8211; 7 mai 2023) ASEC Weekly Malware Statistics (May 1st, 2023 – May 7th, 2023) (lien direct) |
Ahnlab Security Emergency Response Center (ASEC) utilise le système d'analyse automatique ASEC Rapit pour catégoriser et répondre à connumalware.Ce message répertorie les statistiques hebdomadaires collectées du 1er mai 2023 (lundi) au 7 mai 2023 (dimanche).Pour la catégorie principale, InfostEaler s'est classé en haut avec 60,6%, suivi d'un téléchargeur avec 27,3%, de la porte dérobée avec 9,1% et des ransomwares avec 3,0%.& # 160;Top 1 & # 8211;Agenttesla Agenttesla est un infostecteur qui s'est classé première place avec 25,8%.Il divulgue les informations d'identification de l'utilisateur enregistrées sur le Web ...
AhnLab Security Emergency response Center (ASEC) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 1st, 2023 (Monday) to May 7th, 2023 (Sunday). For the main category, infostealer ranked top with 60.6%, followed by downloader with 27.3%, backdoor with 9.1%, and ransomware with 3.0%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 25.8%. It leaks user credentials saved in web... |
Ransomware Malware | ★★ | |
|
2023-05-11 00:00:00 | Analyse de CLR SQLShell utilisée pour attaquer les serveurs MS-SQL Analysis of CLR SqlShell Used to Attack MS-SQL Servers (lien direct) |
Cet article de blog analysera le malware CLR SQLShell qui est utilisé pour cibler les serveurs MS-SQL.Semblable à la webshell, qui peut être installé sur des serveurs Web, SQLShell est une souche malveillante qui prend en charge diverses fonctionnalités après avoir été installée sur un serveur MS-SQL, telles que l'exécution de commandes d'acteurs de menace et la réalisation de toutes sortes de comportements malveillants.Les serveurs MS-SQL prennent en charge une méthode connue sous le nom de procédure stockée CLR qui permet l'utilisation de fonctionnalités élargies, et SQLShell est une DLL ...
This blog post will analyze the CLR SqlShell malware that is being used to target MS-SQL servers. Similar to WebShell, which can be installed on web servers, SqlShell is a malware strain that supports various features after being installed on an MS-SQL server, such as executing commands from threat actors and carrying out all sorts of malicious behavior. MS-SQL servers support a method known as CLR Stored Procedure which allows the usage of expanded features, and SqlShell is a DLL... |
Malware Threat | ★★ | |
 |
2023-05-10 20:13:00 | OneNote documents have emerged as a new malware infection vector (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Intro
In February 2022, Microsoft disabled VBA macros on documents due to their frequent use as a malware distribution method. This move prompted malware authors to seek out new ways to distribute their payloads, resulting in an increase in the use of other infection vectors, such as password-encrypted zip files and ISO files.
OneNote documents have emerged as a new infection vector, which contain malicious code that executes when the document is interacted with. Emotet and Qakbot, among other high-end stealers and crypters, are known malware threats that use OneNote attachments.
Researchers are currently developing new tools and analysis strategies to detect and prevent these OneNote attachments from being used as a vehicle for infection. This article highlights this new development and discusses the techniques that malicious actors use to compromise a system.
Attack chain
With the disablement of VBA macros, threat actors have turned to using OneNote attachments as a new way to install malware on an endpoint. OneNote attachments can contain embedded file formats, such as HTML, ISO, and JScripts, which can be exploited by malicious actors. OneNote attachments are particularly appealing to attackers because they are interactive and designed to be added on to and interacted with, rather than just viewed. This makes it easier for malicious actors to include enticing messages and clickable buttons that can lead to infection. As a result, users should exercise caution when interacting with OneNote attachments, even if they appear to be harmless. It is essential to use updated security software and to be aware of the potential risks associated with interactive files.
Email – Social engineering
Like most malware authors, attackers often use email as the first point of contact with victims. They employ social engineering techniques to persuade victims to open the program and execute the code on their workstations.
In a recent phishing attempt, the attacker sent an email that appeared to be from a trustworthy source and requested that the recipient download a OneNote attachment. However, upon opening the attachment, the code was not automatically updated as expected. Instead, the victim was presented with a potentially dangerous prompt.
In this case, as with many OneNote attachments, the malicious actor intends for the user to click on the "Open" button presented in the document, which executes the code. Traditional security tools are not effective in detecting this type of threat.
One tool that can be used for analyzing Microsoft Office documents, including OneNote attachments, is Oletools. The suite includes the command line executable olevba, which can be helpful in detecting and analyzing malicious code.
Upon attempting to execute the tool on the OneNote attachment, an error occurred. As a result, the focus of the analysis shifted towards a dynamic approach. By placing the document in a sandbox, we discovered a chain of scripts that were executed to download and run an executable or DLL file, resulting in more severe infections like ransomware, stealers, and wipers.
Tactics and techniques
This particular campaign |
Malware Tool Threat | ★★★ | |
 |
2023-05-10 19:00:18 | Le malware DDOS RAPPERBOT ajoute le cryptojacking comme de nouveaux revenus RapperBot DDoS malware adds cryptojacking as new revenue stream (lien direct) |
De nouveaux échantillons de logiciels malveillants RapperBot Botnet ont ajouté des capacités de cryptojacking pour extraire la crypto-monnaie sur des machines Intel x64 compromises.[...]
New samples of the RapperBot botnet malware have added cryptojacking capabilites to mine for cryptocurrency on compromised Intel x64 machines. [...] |
Malware | ★★ | |
 |
2023-05-10 18:35:00 | Campagne sophistiquée de logiciels malveillants Downex ciblant les gouvernements d'Asie centrale Sophisticated DownEx Malware Campaign Targeting Central Asian Governments (lien direct) |
Les organisations gouvernementales en Asie centrale sont la cible d'une campagne d'espionnage sophistiquée qui exploite une souche de logiciels malveillants auparavant sans papiers surnommée Downex.
BitDefender, dans un rapport partagé avec les hackers News, a déclaré que l'activité reste active, les preuves indiquant probablement l'implication des acteurs de la menace basés en Russie.
La firme de cybersécurité roumaine a déclaré qu'elle avait d'abord détecté le
Government organizations in Central Asia are the target of a sophisticated espionage campaign that leverages a previously undocumented strain of malware dubbed DownEx. Bitdefender, in a report shared with The Hacker News, said the activity remains active, with evidence likely pointing to the involvement of Russia-based threat actors. The Romanian cybersecurity firm said it first detected the |
Malware Threat | ★★ | |
 |
2023-05-10 15:30:00 | La NSA et les alliés découvrent le réseau de malware de serpent russe dans plus de 50 pays NSA and Allies Uncover Russian Snake Malware Network in 50+ Countries (lien direct) |
Les cybercriminels ont utilisé le serpent pour récupérer des documents confidentiels liés aux relations internationales
Cybercriminals used Snake to retrieve confidential documents related to international relations |
Malware | ★★ | |
 |
2023-05-10 15:25:00 | Le FBI désactive les logiciels malveillants russes FBI Disables Russian Malware (lien direct) |
Reuters est Reporting des principaux programmes de cyber-espionnage de la Russie. & # 8221;
Le titre indique que le FBI & # 8220; Sabotaged & # 8221;le malware, ce qui semble faux.
Nous en apprendrons probablement plus bientôt.
Reuters is reporting that the FBI “had identified and disabled malware wielded by Russia’s FSB security service against an undisclosed number of American computers, a move they hoped would deal a death blow to one of Russia’s leading cyber spying programs.” The headline says that the FBI “sabotaged” the malware, which seems to be wrong. Presumably we will learn more soon. |
Malware | ★★ | |
 |
2023-05-10 14:59:36 | E / S 2023: Ce qui est nouveau dans la sécurité et la confidentialité d'Android I/O 2023: What\\'s new in Android security and privacy (lien direct) |
Posted by Ronnie Falcon, Product Manager Android is built with multiple layers of security and privacy protections to help keep you, your devices, and your data safe. Most importantly, we are committed to transparency, so you can see your device safety status and know how your data is being used. Android uses the best of Google\'s AI and machine learning expertise to proactively protect you and help keep you out of harm\'s way. We also empower you with tools that help you take control of your privacy. I/O is a great moment to show how we bring these features and protections all together to help you stay safe from threats like phishing attacks and password theft, while remaining in charge of your personal data. Safe Browsing: faster more intelligent protection Android uses Safe Browsing to protect billions of users from web-based threats, like deceptive phishing sites. This happens in the Chrome default browser and also in Android WebView, when you open web content from apps. Safe Browsing is getting a big upgrade with a new real-time API that helps ensure you\'re warned about fast-emerging malicious sites. With the newest version of Safe Browsing, devices will do real-time blocklist checks for low reputation sites. Our internal analysis has found that a significant number of phishing sites only exist for less than ten minutes to try and stay ahead of block-lists. With this real-time detection, we expect we\'ll be able to block an additional 25 percent of phishing attempts every month in Chrome and Android1. Safe Browsing isn\'t just getting faster at warning users. We\'ve also been building in more intelligence, leveraging Google\'s advances in AI. Last year, Chrome browser on Android and desktop started utilizing a new image-based phishing detection machine learning model to visually inspect fake sites that try to pass themselves off as legitimate log-in pages. By leveraging a TensorFlow Lite model, we\'re able to find 3x more2 phishing sites compared to previous machine learning models and help warn you before you get tricked into signing in. This year, we\'re expanding the coverage of the model to detect hundreds of more phishing campaigns and leverage new ML technologies. This is just one example of how we use our AI expertise to keep your data safe. Last year, Android used AI to protect users from 100 billion suspected spam messages and calls.3 Passkeys helps move users beyond passwords For many, passwords are the primary protection for their online life. In reality, they are frustrating to create, remember and are easily hacked. But hackers can\'t phish a password that doesn\'t exist. Which is why we are excited to share another major step forward in our passwordless journey: Passkeys. | Spam Malware Tool | ★★★ | |
 |
2023-05-10 14:32:28 | Classement des ransomwares: les gangs, le malware et les risques toujours présents Ranking ransomware: The gangs, the malware and the ever-present risks (lien direct) |
> Un quadrant ransomware nouvellement lancé offre un moyen aux organisations de mieux comprendre l'écosystème complexe de cybercriminalité.
>A newly launched ransomware quadrant offers a way for organizations to better understand the complex cybercrime ecosystem. |
Ransomware Malware | ★★ | |
|
2023-05-10 14:23:33 | Les fausses mises à jour de Windows in-browser poussent les logiciels malveillants au voleur d'informations Aurora Fake in-browser Windows updates push Aurora info-stealer malware (lien direct) |
Une campagne de malvertising récemment repérée a trompé les utilisateurs avec une simulation Windows Update in-Browser pour fournir les informations sur les informations sur les informations malveillantes.[...]
A recently spotted malvertising campaign tricked users with an in-browser Windows update simulation to deliver the Aurora information stealing malware. [...] |
Malware | ★★ | |
|
2023-05-10 14:14:00 | Le gouvernement américain neutralise l'outil de cyber-espionnage de serpent le plus sophistiqué de la Russie U.S. Government Neutralizes Russia\\'s Most Sophisticated Snake Cyber Espionage Tool (lien direct) |
Le gouvernement américain a annoncé mardi la perturbation par le tribunal d'un réseau mondial compromis par une souche de logiciels malveillante avancée connue sous le nom de serpent exercé par le Federal Security Service (FSB) de Russie.
Snake, surnommé "l'outil de cyber-espionnage le plus sophistiqué", est le travail d'un groupe parrainé par l'État russe appelé Turla (aka Iron Hunter, Secret Blizzard, Summit, Uroburos, Venomous Bear,
The U.S. government on Tuesday announced the court-authorized disruption of a global network compromised by an advanced malware strain known as Snake wielded by Russia\'s Federal Security Service (FSB). Snake, dubbed the "most sophisticated cyber espionage tool," is the handiwork of a Russian state-sponsored group called Turla (aka Iron Hunter, Secret Blizzard, SUMMIT, Uroburos, Venomous Bear, |
Malware Tool | ★★ | |
 |
2023-05-10 10:00:08 | Snake, le redoutable malware espion de la Russie, a été détruit, 20 ans après sa création (lien direct) |  Le FBI vient d'anéantir le principal virus-espion des services de renseignement russes. Après 20 ans d'exactions dans le monde, le malware a été détruit par un logiciel dédié, programmé par les autorités américaines… |
Malware | ★★ | |
|
2023-05-10 10:00:00 | RSAC 2023 |La recherche sur la cybersécurité sur l'informatique Edge génère un grand intérêt RSAC 2023 | Cybersecurity research on edge computing generates big interest (lien direct) |
RSAC 2023 was a huge success. We launched our 2023 AT&T Cybersecurity Insights Report, which was met with enthusiasm by the industry and the media. In fact, Will Townsend, writing for Forbes, noted that our report joined other great research by industry peers who are striving to do more than just provide security solutions. “RSAC 2023 could be best characterized by its emphasis on the advantages and disadvantages of AI and numerous published cybersecurity reports designed to raise awareness of threats and subsequent remediation, in addition to cybersecurity platform enhancements. These subjects are a definite departure from the past few RSAC events, which seemed to be zero-trust "me too” conventions. It is a welcome change, given that the emphasis on improving security outcomes benefits everyone.” Read more >> Townsend perfectly captures the AT&T Cybersecurity mission to help business leaders understand both the business and security landscape - and how it’s evolving as technology continues to change the way we work and live. After listening to the challenges organizations are encountering, it’s clear that research and understanding the business landscape are essential parts of a responsible cybersecurity vendor strategy. DDoS versus ransomware – how does edge computing change the equation? I participated in a panel discussion hosted by Channel Futures examining the challenges of securing critical infrastructure. The discussion kicked off with a Gartner prediction, “by 2025, 30% of critical infrastructure organizations will experience a security breach resulting in the halting of operations and/or mission-critical cyber-physical system.,” I spoke about our research findings that indicate a change in perceived attacks: when it comes to edge computing, DDoS is perceived as a greater attack concern than ransomware. “One of the reasons cybercriminals are gravitating to DDoS is it’s cheaper and easier than ransomware.” Read more >> I did a video interview with BankInfoSecurity.com discussing how edge computing and innovative use cases are changing the way we’re dealing with cyber resilience. "Organizations are investing in the edge but they also know that their endpoints are changing," said Lanowitz. "They want to make sure they are futureproofing themselves and going to be dynamic in their cyber resilience. That\'s because the security edge is not linear or a straight line. It\'s a circuitous, often confusing, and an often-changing environment that you will have to live with." Learn more >> Watch the webcast discussing the AT&T Cybersecurity Insights Report findings. If you prefer to listen to the research results, | Ransomware Malware | Yahoo | ★★ |
 |
2023-05-09 20:43:09 | [Doigt sur la gâchette] Comment le FBI a nuculé le vol de données de data de serpent russe [Finger on the Trigger] How the FBI Nuked Russian FSB\\'s Snake Data Theft Malware (lien direct) |
![[Finger on the Trigger] How the FBI Nuked Russian FSB\'s Snake Data Theft Malware](https://blog.knowbe4.com/hubfs/JasperArt_2023-05-09_16.25.49_1.png)
|
Malware | ★★ | |
 |
2023-05-09 20:40:00 | Le FBI désarme le Russe FSB \\ 'Snake \\' MALWARE NAIGNET FBI Disarms Russian FSB \\'Snake\\' Malware Network (lien direct) |
Operation "Medusa" disabled Turla\'s Snake malware with an FBI-created tool called Perseus.
Operation "Medusa" disabled Turla\'s Snake malware with an FBI-created tool called Perseus. |
Malware Tool | ★★ | |
 |
2023-05-09 20:33:42 | OP Medusa dirigé par le FBI tue un réseau de logiciels malveillants militaires russes de l'OTAN FBI-led Op Medusa slays NATO-bothering Russian military malware network (lien direct) |
Perseus à la rescousse alors que le serpent se mange Le FBI a coupé un réseau d'ordinateurs contrôlés au Kremlin utilisés pour diffuser le malware de serpent qui, selon le fédéral, a été utilisé par la Russie \\«S FSB pour voler des documents sensibles aux membres de l'OTAN pendant près de deux décennies…
Perseus to the rescue as Snake eats itself The FBI has cut off a network of Kremlin-controlled computers used to spread the Snake malware which, according to the Feds, has been used by Russia\'s FSB to steal sensitive documents from NATO members for almost two decades.… |
Malware | ★★ | |
 |
2023-05-09 20:18:57 | Défauts de chahut sévères utilisés par les logiciels malveillants DDOS DDOS frais Severe Ruckus RCE Flaws Utilized By Fresh DDoS Botnet Malware (lien direct) |
& # 8220; AndoryUbot & # 8217;est un nouveau botnet malveillant qui infecte les points d'accès Wi-Fi non corrigées pour les assauts DDOS à l'aide d'une faiblesse du panneau d'administration sans fil de Ruckus.Le CVE-2023-25717 permet aux attaquants distants d'exécuter du code sur les panneaux d'administration sans fil de chahut sensibles version 10.4 et plus en envoyant des demandes de GET HTTP non authentifiées.Le 8 février 2023, a trouvé et corrigé le problème.Beaucoup [& # 8230;]
“AndoryuBot’ is a new malware botnet that infects unpatched Wi-Fi access points for DDoS assaults using a key Ruckus Wireless Admin panel weakness. CVE-2023-25717 allows remote attackers to execute code on susceptible Ruckus Wireless Admin panels version 10.4 and older by sending unauthenticated HTTP GET requests. February 8, 2023, found and corrected the problem. Many […] |
Malware | ★★ | |
 |
2023-05-09 20:02:00 | Anomali Cyber Watch: l'environnement virtuel personnalisé cache Fluorshe Anomali Cyber Watch: Custom Virtual Environment Hides FluHorse, BabyShark Evolved into ReconShark, Fleckpe-Infected Apps Add Expensive Subscriptions (lien direct) |
The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Defense evasion, Infostealers, North Korea, Spearphishing, and Typosquatting. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. 
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Deconstructing Amadey’s Latest Multi-Stage Attack and Malware Distribution
(published: May 5, 2023)
McAfee researchers have detected a multi-stage attack that starts with a trojanized wextract.exe, Windows executable used to extract files from a cabinet (CAB) file. It was used to deliver the AgentTesla, Amadey botnet, LockBit ransomware, Redline Stealer, and other malicious binaries. To avoid detection, the attackers use obfuscation and disable Windows Defender through the registry thus stopping users from turning it back on through the Defender settings.
Analyst Comment: Threat actors are always adapting to the security environment to remain effective. New techniques can still be spotted with behavioral analysis defenses and social engineering training. Users should report suspicious files with double extensions such as .EXE.MUI. Indicators associated with this campaign are available in the Anomali platform and users are advised to block these on their infrastructure.
MITRE ATT&CK: [MITRE ATT&CK] T1562.001: Disable or Modify Tools | [MITRE ATT&CK] T1555 - Credentials From Password Stores | [MITRE ATT&CK] T1486: Data Encrypted for Impact | [MITRE ATT&CK] T1027 - Obfuscated Files Or Information
Tags: malware:Amadey, malware-type:Botnet, malware:RedLine, malware:AgentTesla, malware-type:Infostealer, malware:LockBit, malware-type:Ransomware, abused:Wextract.exe, file-type:CAB, file-type:EXE, file-type:MUI, target-program:Windows Defender, target-system:Windows
Eastern Asian Android Assault – FluHorse
(published: May 4, 2023)
Active since May 2022, a newly-detected Android stealer dubbed FluHorse spreads mimicking popular apps or as a fake dating application. According to Check Point researchers, FluHorse was targeting East Asia (Taiwan and Vietnam) while remaining undetected for months. This stealthiness is achieved by sticking to minimal functions while also relying on a custom virtual machine that comes with the Flutter user interface software development kit. FluHorse is being distributed via emails that prompt the recipient to install the app and once installed, it asks for the user’s credit card or banking data. If a second factor authentication is needed to commit banking fraud, FluHorse tells the user to wait for 10-15 minutes while intercepting codes by installing a listener for all incoming SMS messages.
Analyst Comment: FluHorse\'s ability to remain undetected for months makes it a dangerous threat. Users should avoid installing applications following download links received via email or other messaging. Verify the app authenticity on the official com |
Malware Tool Threat | APT 37 APT 43 | ★★★ |
 |
2023-05-09 18:25:23 | Les États-Unis perturbent la Russie sophistiquée \\ 'Snake \\' Cyberespionage malware US Disrupts Russia\\'s Sophisticated \\'Snake\\' Cyberespionage Malware (lien direct) |
Le gouvernement américain a annoncé la perturbation de Snake, un logiciel malveillant de cyberespionnage sophistiqué officiellement attribué à une unité de l'agence FSB de Russie.
The US government has announced the disruption of Snake, a sophisticated cyberespionage malware officially attributed to a unit of Russia\'s FSB agency. |
Malware | ★★ | |
|
2023-05-09 15:58:38 | Flaw Critical Ruckus RCE exploité par New DDOS BOTNET MALware Critical Ruckus RCE flaw exploited by new DDoS botnet malware (lien direct) |
Un nouveau botnet malware nommé \\ 'AndoryUbot \' cible un défaut de sévérité critique dans le panneau d'administration sans fil Ruckus pour infecter les points d'accès Wi-Fi non corrigées à utiliser dans les attaques DDOS.[...]
A new malware botnet named \'AndoryuBot\' is targeting a critical-severity flaw in the Ruckus Wireless Admin panel to infect unpatched Wi-Fi access points for use in DDoS attacks. [...] |
Malware | ★★ | |
|
2023-05-09 15:20:59 | Pipedream malware contre les systèmes de contrôle industriel PIPEDREAM Malware against Industrial Control Systems (lien direct) |
un autre malin de la nation state , russe d'origine russe:
Dans les premiers stades de la guerre en Ukraine en 2022, Pipedream, un malware connu était tranquillement au bord de l'essuyage d'une poignée de sites de gaz naturel et liquide aux États-Unis.PipeDream est une boîte à outils d'attaque avec des capacités inégalées et sans précédent développées pour une utilisation contre les systèmes de contrôle industriel (ICSS).
Les logiciels malveillants ont été conçus pour manipuler les protocoles de communication réseau utilisés par les contrôleurs logiques programmables (PLC) exploités par deux producteurs critiques de PLC pour ICSS dans le secteur des infrastructures critiques, Schneider Electric et Omron ...
Another nation-state malware, Russian in origin: In the early stages of the war in Ukraine in 2022, PIPEDREAM, a known malware was quietly on the brink of wiping out a handful of critical U.S. electric and liquid natural gas sites. PIPEDREAM is an attack toolkit with unmatched and unprecedented capabilities developed for use against industrial control systems (ICSs). The malware was built to manipulate the network communication protocols used by programmable logic controllers (PLCs) leveraged by two critical producers of PLCs for ICSs within the critical infrastructure sector, Schneider Electric and OMRON... |
Malware Industrial | ★★ | |
|
2023-05-09 15:12:09 | Le FBI perturbe l'opération de cyberespionnage russe sophistiquée FBI disrupts sophisticated Russian cyberespionage operation (lien direct) |
> Un effort d'application de la loi surnommé "Medusa" ciblé les logiciels malveillants déployés par le service de sécurité fédéral de Moscou \\, ont déclaré mardi des responsables.
>A law enforcement effort dubbed "Medusa" targeted malware deployed by Moscow\'s Federal Security Service, officials said Tuesday. |
Malware | ★★ | |
|
2023-05-09 15:11:16 | Kimsuky Apt évolue les capacités de reconnaissance dans la nouvelle campagne mondiale Kimsuky APT evolves reconnaissance capabilities in new global campaign (lien direct) |
Kimsuky est un groupe de menace persistante avancée (APT) nord-coréenne avec une longue histoire d'attaques ciblées à travers le monde.La compréhension actuelle du groupe indique qu'ils sont principalement affectés aux opérations de collecte et d'espionnage des renseignements à l'appui du gouvernement nord-coréen depuis au moins 2012. En 2018, le groupe a été observé en déploiement d'une famille de logiciels malveillants surnommée BabyShark, et les dernières observations indiquent que le groupe a évolué leMalware avec une capacité de reconnaissance élargie & # 8211;Sentinellabs fait référence à ce composant babyshark comme Reonshark.
-
mise à jour malveillant
Kimsuky is a North Korean advanced persistent threat (APT) group with a long history of targeted attacks across the world. Current understanding of the group indicates they are primarily assigned to intelligence collection and espionage operations in support of the North Korean government since at least 2012. In 2018 the group was observed deploying a malware family dubbed BabyShark, and latest observations indicate the group has evolved the malware with an expanded reconnaissance capability – SentinelLabs refers to this BabyShark component as ReconShark. - Malware Update |
Malware Threat | ★★ | |
 |
2023-05-09 15:01:00 | Kremlin Linked \\ 'Snake \\' Espionage malware éliminé, dit le ministère de la Justice Kremlin-linked \\'Snake\\' espionage malware eliminated, Justice Department says (lien direct) |
Les États-Unis et les organismes internationaux d'application de la loi ont annoncé mardi qu'ils avaient réussi à démonter un implant de logiciels malveillants utilisé par un groupe de piratage notoire soutenu par le Kremlin.Le ministère de la Justice a déclaré qu'il avait obtenu l'autorisation du tribunal lundi qui a permis aux forces de l'ordre américaines d'effacer le code malveillant, surnommé «Snake», utilisé par [Turla] (http://therecord.media/tag/turla), qui a longtemps étéaffilié à
The U.S. and international law enforcement agencies announced Tuesday they had successfully dismantled a malware implant utilized by a notorious Kremlin-backed hacking group. The Justice Department said it obtained court authorization on Monday that allowed U.S. law enforcement to wipe out the malicious code, dubbed “Snake,” used by [Turla](http://therecord.media/tag/turla), which has long been affiliated with |
Malware | ★★ | |
|
2023-05-09 14:45:48 | Microsoft Problèmes Correction facultative pour le démarrage Secure Zero-Day Utilisé par malware Microsoft issues optional fix for Secure Boot zero-day used by malware (lien direct) |
Microsoft a publié des mises à jour de sécurité pour aborder une vulnérabilité sécurisée de démarrage zero-jour exploitée par les logiciels malveillants BlackLotus UEFI pour infecter les systèmes Windows entièrement corrigés.[...]
Microsoft has released security updates to address a Secure Boot zero-day vulnerability exploited by BlackLotus UEFI malware to infect fully patched Windows systems. [...] |
Malware Vulnerability | ★★ | |
|
2023-05-09 13:45:00 | La moitié des packages NPM vulnérables à l'arme à l'ancienne: la clé \\ 'shift \\' Half of npm Packages Vulnerable to Old-School Weapon: the \\'Shift\\' Key (lien direct) |
Pendant des années, les pirates auraient pu inciter les entreprises à télécharger des logiciels malveillants en décompitalisant simplement les lettres.
For years, hackers could have tricked enterprises into downloading malware by simply de-capitalizing letters. |
Malware | ★★★ | |
|
2023-05-09 13:00:00 | Cyberheistnews Vol 13 # 19 [Watch Your Back] Nouvelle fausse erreur de mise à jour Chrome Attaque cible vos utilisateurs CyberheistNews Vol 13 #19 [Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users (lien direct) |
CyberheistNews Vol 13 #19 | May 9th, 2023
[Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users
Compromised websites (legitimate sites that have been successfully compromised to support social engineering) are serving visitors fake Google Chrome update error messages.
"Google Chrome users who use the browser regularly should be wary of a new attack campaign that distributes malware by posing as a Google Chrome update error message," Trend Micro warns. "The attack campaign has been operational since February 2023 and has a large impact area."
The message displayed reads, "UPDATE EXCEPTION. An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update." A link is provided at the bottom of the bogus error message that takes the user to what\'s misrepresented as a link that will support a Chrome manual update. In fact the link will download a ZIP file that contains an EXE file. The payload is a cryptojacking Monero miner.
A cryptojacker is bad enough since it will drain power and degrade device performance. This one also carries the potential for compromising sensitive information, particularly credentials, and serving as staging for further attacks.
This campaign may be more effective for its routine, innocent look. There are no spectacular threats, no promises of instant wealth, just a notice about a failed update. Users can become desensitized to the potential risks bogus messages concerning IT issues carry with them.
Informed users are the last line of defense against attacks like these. New school security awareness training can help any organization sustain that line of defense and create a strong security culture.
Blog post with links:https://blog.knowbe4.com/fake-chrome-update-error-messages
A Master Class on IT Security: Roger A. Grimes Teaches You Phishing Mitigation
Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Now they\'re more targeted, more cunning and more dangerous. And this enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more.
Join Roger A. Grimes, KnowBe4\'s Data-Driven Defense Evangelist, |
Ransomware Data Breach Spam Malware Tool Threat Prediction | NotPetya NotPetya APT 28 ChatGPT ChatGPT | ★★ |
|
2023-05-09 12:29:36 | FBI Nukes Russian Snake Data vol malware avec commande d'autodestruction FBI nukes Russian Snake data theft malware with self-destruct command (lien direct) |
Les agences de cybersécurité et de renseignement des cinq yeux des pays membres ont décroché l'infrastructure utilisée par les logiciels malveillants de cyber-espionnage de serpents exploités par le Federal Security Service (FSB) de la Russie.[...]
Cybersecurity and intelligence agencies from all Five Eyes member nations took down the infrastructure used by the Snake cyber-espionage malware operated by Russia\'s Federal Security Service (FSB). [...] |
Malware | ★★ | |
|
2023-05-09 12:04:35 | "Ma semaine avec Wannacry" “My Week with Wannacry” (lien direct) |
«Ma semaine avec Wannacry» - Mikko Hypp & ouml; Nen, chef de la recherche, Withsecure
«L'épidémie de logiciels malveillants Wannacry du printemps 2017 était unique dans le domaine de la sécurité de l'information.Tout à fait par accident, j'avais promis de tenir un journal de ma semaine de travail pour le magazine de la culture informatique Skrolli.Wannacry a frappé cette semaine même, ajoutant une attaque de logiciels malveillants historique à un horaire déjà mouvementé.Ce fut l'une des plus grandes épidémies de tous les temps.Ce qui suit est mon journal pour ma semaine avec Wannacry.
-
opinion
“My Week with Wannacry” - Mikko Hyppönen, Chief Research Officer, WithSecure “The Wannacry malware epidemic of spring 2017 was unique in the field of information security. Quite by accident, I had promised to keep a diary of my working week for the computer culture magazine Skrolli. Wannacry struck that very week, adding a historic malware attack to an already hectic schedule. This was one of the biggest epidemics of all time. What follows is my diary for my week with Wannacry. - Opinion |
Malware | Wannacry Wannacry | ★★ |
 |
2023-05-08 22:55:39 | Fleckpe, le nouveau malware Android au 600 000 victimes (lien direct) | Un nouveau logiciel malveillant du nom de FleckPe aurait déjà infiltré plus de 620 000 appareils Android. | Malware | ★★ | |
 |
2023-05-08 19:12:47 | Sceau atomique MAC malware: Nouveau malware pour macOS Atomic Stealer Mac malware: New malware for macOS (lien direct) |
ATOMIC SPEEUER MAC MALWARE: Une nouvelle variante de logiciels malveillants pour macOS.
Atomic Stealer Mac malware: a new malware variant for macOS. |
Malware | ★★★ | |
|
2023-05-08 14:00:00 | L'APT nord-coréen utilise des liens Microsoft Onedrive malveillants pour diffuser de nouveaux logiciels malveillants North Korean APT Uses Malicious Microsoft OneDrive Links to Spread New Malware (lien direct) |
Renshark, visant à obtenir un accès initial aux systèmes ciblés, est un composant des logiciels malveillants précédents utilisés par le groupe Kimsuky.
ReconShark, aimed at gaining initial access to targeted systems, is a component of previous malware used by the Kimsuky group. |
Malware | ★★ | |
 |
2023-05-08 13:00:00 | Comment le voleur d'informations Zeus Trojan a changé de cybersécurité How the ZeuS Trojan Info Stealer Changed Cybersecurity (lien direct) |
> Les logiciels malveillants du voleur d'informations sont un type de logiciel malveillant conçu pour collecter des informations sensibles auprès d'un ordinateur de victime.Également connue sous le nom de voleurs d'informations, de voleurs de données ou de logiciels malveillants de vol de données, ce logiciel est vrai à son nom: après avoir infecté un ordinateur ou un appareil, il est très apte à exfiltrant des informations d'identification de connexion, des informations financières et des données personnelles.Info Stealers [& # 8230;]
>Information stealer malware is a type of malicious software designed to collect sensitive information from a victim’s computer. Also known as info stealers, data stealers or data-stealing malware, this software is true to its name: after infecting a computer or device, it’s highly adept at exfiltrating login credentials, financial information and personal data. Info stealers […] |
Malware | ★★ | |
|
2023-05-08 11:40:00 | CERT-UA avertit des attaques de logiciels malveillants Smokeloader et Roarbat contre l'Ukraine CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine (lien direct) |
Une campagne de phishing en cours avec des leurres sur le thème des factures est utilisée pour distribuer le malware Smokeloader sous la forme d'un fichier polyglot, selon l'équipe d'intervention d'urgence informatique d'Ukraine (CERT-UA).
Les e-mails, selon l'agence, sont envoyés à l'aide de comptes compromis et sont livrés avec une archive zip qui, en réalité, est un fichier polyglot contenant un document de leurre et un fichier JavaScript.
Le
An ongoing phishing campaign with invoice-themed lures is being used to distribute the SmokeLoader malware in the form of a polyglot file, according to the Computer Emergency Response Team of Ukraine (CERT-UA). The emails, per the agency, are sent using compromised accounts and come with a ZIP archive that, in reality, is a polyglot file containing a decoy document and a JavaScript file. The |
Malware | ★★ | |
|
2023-05-08 10:00:00 | Empêcher des attaques de phishing sophistiquées destinées aux employés Preventing sophisticated phishing attacks aimed at employees (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. As technology advances, phishing attempts are becoming more sophisticated. It can be challenging for employees to recognize an email is malicious when it looks normal, so it’s up to their company to properly train workers in prevention and detection. Phishing attacks are becoming more sophisticated Misspellings and poorly formatted text used to be the leading indicators of an email scam, but they’re getting more sophisticated. Today, hackers can spoof email addresses and bots sound like humans. It’s becoming challenging for employees to tell if their emails are real or fake, which puts the company at risk of data breaches. In March 2023, an artificial intelligence chatbot called GPT-4 received an update that lets users give specific instructions about styles and tasks. Attackers can use it to pose as employees and send convincing messages since it sounds intelligent and has general knowledge of any industry. Since classic warning signs of phishing attacks aren’t applicable anymore, companies should train all employees on the new, sophisticated methods. As phishing attacks change, so should businesses. Identify the signs Your company can take preventive action to secure its employees against attacks. You need to make it difficult for hackers to reach them, and your company must train them on warning signs. While blocking spam senders and reinforcing security systems is up to you, they must know how to identify and report themselves. You can prevent data breaches if employees know what to watch out for: Misspellings: While it’s becoming more common for phishing emails to have the correct spelling, employees still need to look for mistakes. For example, they could look for industry-specific language because everyone in their field should know how to spell those words. Irrelevant senders: Workers can identify phishing — even when the email is spoofed to appear as someone they know — by asking themselves if it is relevant. They should flag the email as a potential attack if the sender doesn’t usually reach out to them or is someone in an unrelated department. Attachments: Hackers attempt to install malware through links or downloads. Ensure every employee knows they shouldn\'t click on them. Odd requests: A sophisticated phishing attack has relevant messages and proper language, but it is somewhat vague because it goes to multiple employees at once. For example, they could recognize it if it’s asking them to do something unrelated to their role. It may be harder for people to detect warning signs as attacks evolve, but you can prepare them for those situations as well as possible. It’s unlikely hackers have access to their specific duties or the inner workings of your company, so you must capitalize on those details. Sophisticated attacks will sound intelligent and possibly align with their general duties, so everyone must constantly be aware. Training will help employees identify signs, but you need to take more preventive action to ensure you’re covered. Take preventive action Basic security measures — like regularly updating passwords and running antivirus software — are fundamental to protecting your company. For example, everyone should change their passwords once every three months at minimum to ensur | Spam Malware | ChatGPT | ★★ |
|
2023-05-08 08:48:08 | Les attaques de logiciels malveillants de SmokeLoader et Roarbat, CERT-UA avertissent Malware Attacks From SmokeLoader And RoarBAT, CERT-UA Warns (lien direct) |
Sur la base de l'équipe d'intervention d'urgence informatique d'Ukraine (CERT-UA), le malware SmokeLoader est maintenant réparti via une campagne de phishing en utilisant des leurres centrés sur des factures.Un dossier zip contenant un faux document et un fichier JavaScript est joint aux e-mails, qui, selon l'agence, ont été envoyés à partir de comptes piratés.Après le JavaScript, c'est [& # 8230;]
Based on the Computer Emergency Response Team of Ukraine (CERT-UA), the SmokeLoader malware is now being spread via a phishing campaign using lures centered around invoices. A ZIP folder containing a fake document and a JavaScript file is attached to the emails, which the agency says were sent from hacked accounts. After the JavaScript is […] |
Malware | ★★ | |
 |
2023-05-08 07:41:20 | Compromis de la chaîne d'approvisionnement: les risques que vous devez connaître Supply Chain Compromise: The Risks You Need to Know (lien direct) |
Cette pièce a été initialement publiée sur le blog Alertlogic.com de Fortra \\.Penser à votre propre réseau n'est pas assez pour garder votre entreprise en sécurité et rentable.Alors que de plus en plus d'acheteurs, de vendeurs et de partenaires collaborent de plus en plus à travers le monde, la chaîne d'approvisionnement qu'il risque augmente sans ralentissement en vue.Selon le Centre de ressources de vol d'identité, les attaques de la chaîne d'approvisionnement ont dépassé les incidents de logiciels malveillants de 40% en 2022.1, il n'y a jamais été plus à risque de larges collections d'entreprises qui dépendent les unes des autres.Selon Josh Davies, le marketing de produit technique principal de Fortra \\ est d'alerte ...
This piece was originally published on Fortra\'s AlertLogic.com Blog. Thinking about your own network isn\'t enough to keep your business safe and profitable. As more buyers, sellers, and partners collaborate ever more closely across the world, supply chain IT risks are rising with no slowdown in sight. According to the Identity Theft Resource Center, supply chain attacks surpassed malware incidents by 40% in 2022.1 There\'s never been more at risk for wide collections of companies that depend on each other. According to Josh Davies, Fortra\'s Alert Logic Principal Technical Product Marketing... |
Malware | ★★ | |
|
2023-05-07 23:30:00 | AHNLAB EDR suit et répond contre le fichier de liaison (* .lnk) Distribution de Rokrat AhnLab EDR Tracks and Responds against Link File (*.lnk) Distributing RokRAT (lien direct) |
Ahnlab Security Emergency Response Center (ASEC) a partagé des informations concernant le groupe de menaces Redeyes (également connu sous le nom d'APT37, Scarcruft), qui a distribué CHM malware déguisé en e-mail de sécurité d'une société financière coréenne le mois dernier.Le fichier LNK contient une commande PowerShell et effectue un comportement malveillant sans la connaissance de l'individu qui utilise le fichier PDF normal en créant et en exécutant des fichiers de script ainsi que des fichiers normaux dans le chemin d'accès temporaire.Si un fichier LNK malveillant est injecté dans un ...
AhnLab Security Emergency response Center (ASEC) has shared information regarding the RedEyes threat group (also known as APT37, ScarCruft), who distributed CHM Malware Disguised as Security Email from a Korean Financial Company last month. The LNK file contains a PowerShell command and performs malicious behavior without the knowledge of the individual who uses the normal pdf file by creating and executing script files along with normal files in the temp path. If a malicious LNK file is injected into a... |
Malware Threat | APT 37 | ★★ |
|
2023-05-07 23:15:00 | Suivi des cas de violation de la chaîne d'approvisionnement 3CX en utilisant Ahnlab EDR Tracking 3CX Supply Chain Breach Cases using AhnLab EDR (lien direct) |
mars dernier, les cas de violation de la chaîne d'approvisionnement 3CX étaient un problème mondial.AHNLAB Security Emergency Response Center (ASEC) a confirmé par l'intermédiaire de l'infrastructure AHNLAB Smart Defense (TSA) que les logiciels malveillants liés à la chaîne d'approvisionnement 3CX ont été installés en Corée les 9 et 15 mars.Le logiciel malveillant de la chaîne d'approvisionnement 3CX confirmée dans ce cas avait chargé des DLL malveillantes déguisées avec les noms de DLL réguliers, FFMPEG.DLL et D3DCOMPILER_47.DLL, sur le processus normal 3CXDesktopApp.exe, permettant à un comportement malveillant de transporter .../ a>
Last March, 3CX supply chain breach cases were a global issue. AhnLab Security Emergency response Center (ASEC) has confirmed through the AhnLab Smart Defense (ASD) infrastructure that malware related to the 3CX supply chain were installed in Korea on March 9th and March 15th. The 3CX supply chain malware confirmed in this instance had loaded malicious DLLs disguised with the names of regular DLLs, ffmpeg.dll and d3dcompiler_47.dll, on the normal 3CXDesktopApp.exe process, allowing for malicious behavior to be carried out.... |
Malware | ★★ | |
|
2023-05-07 23:00:00 | ASEC Weekly Malware Statistics (24 avril 2023 & # 8211; 30 avril 2023) ASEC Weekly Malware Statistics (April 24th, 2023 – April 30th, 2023) (lien direct) |
Ahnlab Security Emergency Response Center (ASEC) utilise le système d'analyse automatique ASEC Rapit pour catégoriser et répondre à connumalware.Ce poste répertorie les statistiques hebdomadaires collectées du 24 avril 2023 (lundi) au 30 avril 2023 (dimanche).Pour la catégorie principale, l'infostealer s'est classé en haut avec 54,9%, suivi d'un téléchargeur avec 33,3%, de la porte dérobée avec 10,5%, du ransomware et du malware bancaire avec 0,6% chacun.Top 1 & # 8211;AgentTesla Agenttesla est un infostecteur qui s'est classé en première place avec 35,2%.Il divulgue les informations d'identification de l'utilisateur ...
AhnLab Security Emergency response Center (ASEC) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from April 24th, 2023 (Monday) to April 30th, 2023 (Sunday). For the main category, Infostealer ranked top with 54.9%, followed by downloader with 33.3%, backdoor with 10.5%, and ransomware and banking malware with 0.6% each. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 35.2%. It leaks user credentials... |
Ransomware Malware | ★★ | |
 |
2023-05-05 23:23:12 | Malware & # 8211;Quelques réflexions sur le sens du mot… Malware – some musings about the meaning of the word… (lien direct) |
J'ai lu la question avec un grand intérêt, car c'est les questions comme celle-ci qui vous font faire une pause et réfléchir.Dans ma réponse, j'ai suggéré que le contexte est [& # 8230;]
I have read Ali‘s question with a great interest, because it’s the questions like this that make you pause and think. In my reply I suggested that the context is […] |
Malware | ★★ | |
 |
2023-05-05 21:30:10 | Déconstruire la dernière distribution d'attaque et de logiciels malveillants d'Amadey Deconstructing Amadey\\'s Latest Multi-Stage Attack and Malware Distribution (lien direct) |
Rédigé par Yashvi Shah McAfee Labs a identifié une augmentation des échantillons de wextract.exe, qui suppriment une charge utile de logiciels malveillants à ...
Authored by By Yashvi Shah McAfee Labs have identified an increase in Wextract.exe samples, that drop a malware payload at... |
Malware | ★★ | |
|
2023-05-05 19:17:00 | Nouveau malware Android \\ 'fluorse \\' ciblant les marchés d'Asie de l'Est avec des tactiques trompeuses New Android Malware \\'FluHorse\\' Targeting East Asian Markets with Deceptive Tactics (lien direct) |
Divers secteurs des marchés de l'Asie de l'Est ont été soumis à une nouvelle campagne de phishing par e-mail qui distribue une souche malveillante auparavant sans papiers de malware Android appelé Fluhorse qui abuse du cadre de développement de logiciels Flutter.
"Le malware propose plusieurs applications Android malveillantes qui imitent les applications légitimes, dont la plupart ont plus de 1 000 000 d'installations", a déclaré Check Point
Various sectors in East Asian markets have been subjected to a new email phishing campaign that distributes a previously undocumented strain of Android malware called FluHorse that abuses the Flutter software development framework. "The malware features several malicious Android applications that mimic legitimate applications, most of which have more than 1,000,000 installs," Check Point said in |
Malware | ★★ | |
|
2023-05-05 16:00:00 | Les attaquants acheminent l'activité des logiciels malveillants sur les CDN populaires Attackers Route Malware Activity Over Popular CDNs (lien direct) |
Selon un rapport de NetSkope, une façon de cacher une activité malveillante est de le rendre bénin en se mélangeant avec le trafic régulier dans les réseaux de livraison de contenu (CDN) et les fournisseurs de services cloud.
One way to hide malicious activity is to make it look benign by blending in with regular traffic passing through content delivery networks (CDNs) and cloud service providers, according to a Netskope report. |
Malware Cloud | ★★ | |
|
2023-05-05 15:30:00 | Les logiciels malveillants "Kekw" dans les packages Python pourraient voler des données et détourner la crypto "Kekw" Malware in Python Packages Could Steal Data and Hijack Crypto (lien direct) |
Cyble a déclaré que l'équipe de sécurité Python a maintenant supprimé le package malveillant de PYPI
Cyble said the Python security team has now removed the malicious package from PyPI |
Malware | ★★ | |
|
2023-05-05 14:39:17 | Nouveau malware Android Fluhorse vole vos mots de passe, codes 2FA New Android FluHorse malware steals your passwords, 2FA codes (lien direct) |
Un nouveau logiciel malveillant Android appelé \\ 'fluorshorse \' a été découvert, ciblant les utilisateurs en Asie de l'Est avec des applications malveillantes qui imitent des versions légitimes.[...]
A new Android malware called \'FluHorse\' has been discovered, targeting users in Eastern Asia with malicious apps that imitate legitimate versions. [...] |
Malware | ★★ |
.gif){kind=link}
To see everything:
Our RSS (filtrered)
