What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-01-30 09:26:48 | Trellix : GuLoader fait des ravages dans le secteur du e-commerce (lien direct) | En décembre dernier, les nouvelles techniques adoptées par le diffuseur de malware GuLoader ont été dévoilées. Ce malware a la capacité d'échapper aux contrôles de détection de différents systèmes de sécurité, ce qui le rend particulièrement malléable pour les hackeurs souhaitant améliorer leurs attaques explique Trellix. - Malwares | Malware | ★★ | |
 |
2023-01-30 06:59:43 | Analysis Report on Malware Distributed via Microsoft OneNote (lien direct) | This document is an analysis report on malware that is being actively distributed using Microsoft OneNote. The ASEC analysis team identified the rapidly increasing trend of OneNote malware distribution from November 2022 and has classified the malware according to the level of intricacy based on the screen that appears when the file is actually opened. These categories include ‘1) The type where malicious objects are hidden with simple block images’ and ‘2) The more intricately created malicious OneNote types’. Below... | Malware Prediction | ★★★★ | |
|
2023-01-30 00:57:25 | (Déjà vu) ASEC Weekly Malware Statistics (January 16th, 2023 – January 22nd, 2023) (lien direct) | The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 16th, 2022 (Monday) to January 22nd, 2023 (Sunday). For the main category, Infostealer ranked top with 43.0%, followed by downloader with 30.06%, backdoor with 19.9%, ransomware with 3.8%, CoinMiner 2.4%, and baking malware with 0.3%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 20.3%. The malware is distributed... | Ransomware Malware | ★★ | |
 |
2023-01-29 11:17:00 | Gootkit Malware Continues to Evolve with New Components and Obfuscations (lien direct) | The threat actors associated with the Gootkit malware have made "notable changes" to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is "exclusive to this group." Gootkit, also called Gootloader, is spread through compromised websites that | Malware Threat | ★★ | |
|
2023-01-28 11:19:00 | Ukraine Hit with New Golang-based \'SwiftSlicer\' Wiper Malware in Latest Cyber Attack (lien direct) | Ukraine has come under a fresh cyber onslaught from Russia that involved the deployment of a previously undocumented Golang-based data wiper dubbed SwiftSlicer. ESET attributed the attack to Sandworm, a nation-state group linked to Military Unit 74455 of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). "Once executed it deletes shadow | Malware | ★★ | |
 |
2023-01-28 10:21:32 | Hackers use new SwiftSlicer wiper to destroy Windows domains (lien direct) | Security researchers have identified a new data-wiping malware they named SwiftSlicer that aims to overwrite crucial files used by the Windows operating system. [...] | Malware | ★★ | |
 |
2023-01-27 19:40:02 | ESET: Sandworm could be behind new file-deleting malware targeting Ukraine (lien direct) |  The notorious state-backed Russian hacking group known as Sandworm may be behind new malware targeting Ukraine, according to research published Friday by cybersecurity company ESET. Malware called SwiftSlicer hit one organization in Ukraine before it was discovered by the Slovakia-based firm this week. The researchers cannot disclose the name of the affected organization and don’t [… |
Malware | ★★★ | |
|
2023-01-27 19:20:00 | Experts Uncover the Identity of Mastermind Behind Golden Chickens Malware Service (lien direct) | Cybersecurity researchers have discovered the real-world identity of the threat actor behind Golden Chickens malware-as-a-service, who goes by the online persona "badbullzvenom." eSentire's Threat Response Unit (TRU), in an exhaustive report published following a 16-month-long investigation, said it "found multiple mentions of the badbullzvenom account being shared between two people." The | Malware Threat | ★★★ | |
 |
2023-01-27 17:45:36 | SwiftSlicer: New destructive wiper malware strikes Ukraine (lien direct) | Sandworm continues to conduct attacks against carefully chosen targets in the war-torn country | Malware | ★★ | |
|
2023-01-27 17:23:00 | Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices (lien direct) | Cybersecurity researchers have uncovered a PlugX sample that employs sneaky methods to infect attached removable USB media devices in order to propagate the malware to additional systems. "This PlugX variant is wormable and infects USB devices in such a way that it conceals itself from the Windows operating file system," Palo Alto Networks Unit 42 researchers Mike Harbison and Jen Miller-Osborn | Malware | ★★★ | |
 |
2023-01-27 17:03:07 | Russia\'s Sandworm hackers blamed in fresh Ukraine malware attack (lien direct) | Researches believe the destructive malware is the work of Sandworm, a Russian military unit suspected in a series of Ukrainian cyberattacks. | Malware | ★★★ | |
 |
2023-01-27 17:00:00 | Black Basta Deploys PlugX Malware in USB Devices With New Technique (lien direct) | The variant is “wormable” and can infect USB devices to hide itself from the Windows OS | Malware | ★★★ | |
|
2023-01-27 16:25:00 | 3 Lifehacks While Analyzing Orcus RAT in a Malware Sandbox (lien direct) | Orcus is a Remote Access Trojan with some distinctive characteristics. The RAT allows attackers to create plugins and offers a robust core feature set that makes it quite a dangerous malicious program in its class. RAT is quite a stable type that always makes it to the top. ANY.RUN's top malware types in 2022 That's why you'll definitely come across this type in your practice, and the Orcus | Malware | ★★★ | |
|
2023-01-27 13:10:49 | Ukraine: Sandworm hackers hit news agency with 5 data wipers (lien direct) | The Ukrainian Computer Emergency Response Team (CERT-UA) found a cocktail of five different data-wiping malware strains deployed on the network of the country's national news agency (Ukrinform) on January 17th. [...] | Malware | ★★★ | |
|
2023-01-27 11:00:12 | PlugX malware hides on USB devices to infect new Windows hosts (lien direct) | Security researchers have analyzed a variant of the PlugX malware that can hide malicious files on removable USB devices and then infect the Windows hosts they connect to. [...] | Malware | ★★★ | |
 |
2023-01-26 15:00:00 | Bienvenue au Camp de Goot: suivi de l'évolution des opérations de gootloader Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations (lien direct) |
Depuis janvier 2021, la défense gérée mandiante a systématiquement répondu aux infections à gootloder.Les acteurs de la menace ont jeté un filet répandu lors de la propagation de Gootloader et ont un impact sur un large éventail de verticales et de régions géographiques de l'industrie.Nous n'attribuez actuellement que des logiciels malveillants et une infrastructure de Gootloader à un groupe que nous suivions en tant que UNC2565, et nous pensons qu'il est exclusif à ce groupe.
À partir de 2022, unc2565 a commencé à incorporer des modifications notables aux tactiques,Techniques et procédures (TTP) utilisées dans ses opérations.Ces modifications incluent l'utilisation de multiples variations du lanceur FonelaUnch
Since January 2021, Mandiant Managed Defense has consistently responded to GOOTLOADER infections. Threat actors cast a widespread net when spreading GOOTLOADER and impact a wide range of industry verticals and geographic regions. We currently only attribute GOOTLOADER malware and infrastructure to a group we track as UNC2565, and we believe it to be exclusive to this group. Beginning in 2022, UNC2565 began incorporating notable changes to the tactics, techniques, and procedures (TTPs) used in its operations. These changes include the use of multiple variations of the FONELAUNCH launcher |
Malware Threat | ★★★ | |
|
2023-01-26 11:31:00 | PY#RATION: New Python-based RAT Uses WebSocket for C2 and Data Exfiltration (lien direct) | Cybersecurity researchers have unearthed a new Python-based attack campaign that leverages a Python-based remote access trojan (RAT) to gain control over compromised systems since at least August 2022. "This malware is unique in its utilization of WebSockets to avoid detection and for both command-and-control (C2) communication and exfiltration," Securonix said in a report shared with The Hacker | Malware | ★★ | |
 |
2023-01-25 17:30:00 | Kronos Malware Reemerges with Increased Functionality (lien direct) | >The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos […] | Malware | ★★ | |
|
2023-01-25 17:12:26 | North Korean hackers use fake job offers, salary bumps as lure for crypto theft (lien direct) |  Hackers connected to the North Korean military used a variety of new phishing methods in 2022 to steal cryptocurrency, according to a new report from Proofpoint. The hackers bombarded people with emails about fake job opportunities at prestigious firms or fictitious salary increases as a way to get people to open emails carrying malware that [… |
Malware | ★★ | |
 |
2023-01-25 15:50:54 | [Security Masterminds] Breaking It Down to Bits & Bytes: Analyzing Malware To Understand the Cybercriminal (lien direct) |
![[Security Masterminds] Breaking It Down to Bits & Bytes: Analyzing Malware To Understand the Cybercriminal](https://blog.knowbe4.com/hubfs/Screen%20Shot%202023-01-25%20at%209.40.35%20AM.png)
In our latest episode of Security Masterminds, we have the pleasure of interviewing Roger Grimes, Data-Driven Defense Evangelist for KnowBe4, who has held various roles throughout his career. In the episode, Roger discusses his early days of malware disassembly, the trials and tribulations of public speaking, and his magnum opus, his book about data-driven defense. |
Malware | ★★ | |
|
2023-01-25 13:00:10 | Malware exploited critical Realtek SDK bug in millions of attacks (lien direct) | Hackers have leveraged a critical remote code execution vulnerability in Realtek Jungle SDK 134 million attacks trying to infect smart devices in the second half of 2022. [...] | Malware Vulnerability | ★★ | |
 |
2023-01-25 11:06:00 | Attackers move away from Office macros to LNK files for malware delivery (lien direct) | For years attackers have used Office documents with malicious macros as one of the primary methods of infecting computers with malware. Microsoft finally took steps to disable such scripts by default in documents downloaded from the internet, forcing many groups to change tactics and increasingly choose LNK (shortcut) files as a delivery mechanism.This trend has led to the creation of paid tools and services dedicated to building malicious LNK files. Some of these builders include MLNK Builder, Quantum Builder, Macropack, LNKUp, Lnk2pwn, SharPersist, and RustLnkBuilder, but their use can provide opportunities for easier detection by security products.To read this article in full, please click here | Malware Prediction | ★ | |
 |
2023-01-25 11:00:00 | (Déjà vu) 12 ways to improve your website security (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In today's digital age, a business website is essential for success. Not only does it provide potential customers with information about your products or services, but it also allows you to connect and engage with them directly. However, simply having a website is not enough. To ensure that your site is effective and safe, you need to make sure that it has all the necessary security features. In this article, we will discuss twelve security features that every business website must have. 1. Enable auto-update for plugins and software One of the simplest but most effective security measures you can take, especially if you’re looking to protect your WordPress site, is to ensure that all your plugins and software are up-to-date. Outdated software is one of the most common ways that attackers gain access to websites. By keeping everything up to date, you can help to prevent vulnerabilities from being exploited. You can usually enable auto-updates for most plugins and software from within their settings menu. For WordPress sites, there is also a plugin called Easy Updates Manager that can help you to keep everything up to date with ease. 2. Have a strong password policy A strong password policy is the first step to protecting your website from malicious actors. By requiring strong and unique passwords, you can make it significantly more difficult for attackers to gain access to your site. You need to ensure that your website's backend is well protected and that only authorized users have access. To do this, you should consider using a password manager to generate and store strong passwords for your site. You should not be using the same password for multiple sites. 3. Use two-factor authentication Two-factor authentication (2FA) is an important security measure that you should consider implementing for your website. 2FA adds an extra layer of security by requiring users to provide two pieces of information before they can access your site. This could include a password and a one-time code that is generated by an app on your phone. 2FA can help to prevent attackers from gaining access to your site, even if they have your password. 4. Use a secure socket layer (SSL) certificate An SSL certificate is a must-have for any website that wants to protect their users' information. SSL encrypts the communications between your website and your users' web browsers. This means that even if an attacker was able to intercept the communication, they would not be able to read it. SSL also provides authentication, which means you can be sure that your users are communicating with the intended website and not a fake site set up by an attacker. Increasingly, having things like HTTPS and an SSL certificate are part of Google's ranking metrics and will help your website's SEO. If you aren't trying to protect your visitors and users (the people who give you their sensitive credit card information), they may take their business elsewhere. 5. Use a web application firewall (WAF) A web application firewall (WAF) is a piece of software that sits between your website and the internet. It filters traffic to your site and blocks any requests that it considers to be malicious. WAFs can be very effective at stopping attacks such as SQL injection (SQLi) and cross-site scripting (XSS). 6. Use intrusion detection and prevention systems (IDPS) Intrusion detection and prevention systems (IDPS) are designed to detect and prevent attacks on your website. IDPS systems can be either host-based or network-based. Host-based IDPSs are installed on the servers that host your website. They monitor traffic to and from the server and can | Malware Threat | ★★★★ | |
|
2023-01-25 09:53:14 | New stealthy Python RAT malware targets Windows in attacks (lien direct) | A new Python-based malware has been spotted in the wild featuring remote access trojan (RAT) capabilities to give its operators control over the breached systems. [...] | Malware | ★★ | |
|
2023-01-24 20:07:00 | Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection (lien direct) | Organizations in East Asia are being targeted by a likely Chinese-speaking actor dubbed DragonSpark while employing uncommon tactics to go past security layers. "The attacks are characterized by the use of the little known open source SparkRAT and malware that attempts to evade detection through Golang source code interpretation," SentinelOne said in an analysis published today. A striking | Malware | ★★ | |
 |
2023-01-24 19:00:32 | Administrator of RSOCKS Proxy Botnet Pleads Guilty (lien direct) | Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.” | Malware Guideline | ★★ | |
|
2023-01-24 16:33:00 | Emotet Malware Makes a Comeback with New Evasion Techniques (lien direct) | The Emotet malware operation has continued to refine its tactics in an effort to fly under the radar, while also acting as a conduit for other dangerous malware such as Bumblebee and IcedID. Emotet, which officially reemerged in late 2021 following a coordinated takedown of its infrastructure by authorities earlier that year, has continued to be a persistent threat that's distributed via | Malware Threat | ★★★★ | |
 |
2023-01-24 16:30:00 | Anomali Cyber Watch: Roaming Mantis Changes DNS on Wi-Fi Routers, Hook Android Banking Trojan Has Device Take-Over Capabilities, Ke3chang Targeted Iran with Updated Turian Backdoor (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Banking trojans, DNS hijacking, China, Infostealers, Malvertising, Phishing, and Smishing. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Roaming Mantis Implements New DNS Changer in Its Malicious Mobile App in 2022
(published: January 19, 2023)
In December 2022, a financially-motivated group dubbed Roaming Mantis (Shaoye) continued targeting mobile users with malicious landing pages. iOS users were redirected to phishing pages, while Android users were provided with malicious APK files detected as XLoader (Wroba, Moqhao). Japan, Austria, France, and Germany were the most targeted for XLoader downloads (in that order). All but one targeted country had smishing as an initial vector. In South Korea, Roaming Mantis implemented a new DNS changer function. XLoader-infected Android devices were targeting specific Wi-Fi routers used mostly in South Korea. The malware would compromise routers with default credentials and change the DNS settings to serve malicious landing pages from legitimate domains.
Analyst Comment: The XLoader DNS changer function is especially dangerous in the context of free/public Wi-Fi that serve many devices. Install anti-virus software for your mobile device. Users should be cautious when receiving messages with a link or unwarranted prompts to install software.
MITRE ATT&CK: [MITRE ATT&CK] T1078.001 - Valid Accounts: Default Accounts | [MITRE ATT&CK] T1584 - Compromise Infrastructure
Tags: actor:Roaming Mantis, actor:Shaoye, file-type:APK, detection:Wroba, detection:Moqhao, detection:XLoader, malware-type:Trojan-Dropper, DNS changer, Wi-Fi routers, ipTIME, EFM Networks, Title router, DNS hijacking, Malicious app, Smishing, South Korea, target-country:KR, Japan, target-country:JP, Austria, target-country:AT, France, target-country:FR, Germany, target-country:DE, VK, Mobile, Android
Hook: a New Ermac Fork with RAT Capabilities
(published: January 19, 2023)
ThreatFabric researchers analyzed a new Android banking trojan named Hook. It is a rebranded development of the Ermac malware that was based on the Android banker Cerberus. Hook added new capabilities in targeting banking and cryptocurrency-related applications. The malware also added capabilities of a remote access trojan and a spyware. Its device take-over capabilities include being able to remotely view and interact with the screen of the infected device, manipulate files on the devices file system, simulate clicks, fill text boxes, and perform gestures. Hook can start the social messaging application WhatsApp, extract all the messages present, and send new ones.
Analyst Comment: Users should take their mobile device security seriously whether they use it for social messaging or actually provide access to their banking accounts and/or cryptocurrency holdings. Similar to its predecessors, Hook will likely be used by many threat actors (malware-as-as-service model). It means the need to protect from a wide range of attacks: smishing, prompts to install malicious apps, excessive |
Malware Tool Threat Guideline | APT 15 APT 25 | ★★★ |
|
2023-01-24 16:00:00 | Microsoft to Block Excel XLL Add-Ins to Stop Malware Delivery (lien direct) | The tech giant confirmed it intends to implement these plans by March 2023 | Malware | ★ | |
|
2023-01-24 15:49:01 | Microsoft OneNote phishing technique, from Matt Aldridge, OpenText (lien direct) | Earlier today, news broke that some hackers are now using OneNote attachments to spread malware. Please find the full story here: Microsoft OneNote attachments are being used to spread malware The story focuses on phishing emails which include OneNote files carrying malicious VBS files. When released, these communicate with the target's C2 server and download malware on to the computer. The commentary Matt Aldridge, Principal Solutions Consultant at OpenText Security Solutions on what this means for the industry, and how business leaders can mitigate cyber risks in the ever-changing cyber landscape. - Opinion | Malware Guideline | ★★ | |
|
2023-01-24 13:17:08 | DragonSpark: Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation (lien direct) | SentinelLabs has been monitoring recent attacks against East Asian organisations from a group tracked as 'DragonSpark'. The attacks are characterised by the use of the little known open source SparkRAT and malware that attempts to evade detection through Golang source code interpretation. - Malware Update | Malware | ★ | |
 |
2023-01-24 13:13:00 | The Year of the Wiper (lien direct) | FortiGuard Labs has been tracking wiper malware since the start of the 2022 Russia-Ukraine conflict. Read our latest blog to find out recent updates about the trends in wiper malware and how attack scenarios have changed. | Malware | ★★ | |
 |
2023-01-23 14:37:48 | Ce malware menace de prendre le contrôle de votre smartphone à distance (lien direct) |  Un dangereux malware visant les smartphones Android a été repéré. Il est capable de prendre le contrôle complet d'un téléphone à distance pour commettre une fraude. |
Malware | ★★ | |
|
2023-01-23 09:44:13 | Microsoft plans to kill malware delivery via Excel XLL add-ins (lien direct) | Microsoft is working on adding XLL add-in protection for Microsoft 365 customers by including automated blocking of all such files downloaded from the Internet. [...] | Malware | ★★ | |
 |
2023-01-23 09:20:59 | Attackers Exploit Fortinet Zero-Day CVE-2022-42475 with BoldMove Malware (lien direct) | >Researchers have discovered a sophisticated new BoldMove malware created specifically to operate on Fortinet’s FortiGate firewalls after collecting data... | Malware | ★★★ | |
 |
2023-01-23 07:15:10 | CVE-2023-24068 (lien direct) | Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file. | Malware Threat | ||
 |
2023-01-22 00:56:23 | Excelling at Excel, Part 3 (lien direct) | One of the most common use cases we come across during our malware analysis exercises is a ROI-driven comparison of features between many samples of the same malware family. Yes, […] | Malware | ★★★★★ | |
|
2023-01-21 11:15:30 | (Déjà vu) Hackers now use Microsoft OneNote attachments to spread malware (lien direct) | Threat actors now use OneNote attachments in phishing emails that infect victims with remote access malware which can be used to install further malware, steal passwords, or even cryptocurrency wallets. [...] | Malware Threat | ★★★★★ | |
|
2023-01-21 11:15:30 | Beware: Hackers now use OneNote attachments to spread malware (lien direct) | Threat actors now use OneNote attachments in phishing emails that infect victims with remote access malware which can be used to install further malware, steal passwords, or even cryptocurrency wallets. [...] | Malware Threat | ★ | |
 |
2023-01-21 01:58:26 | DDE Command Execution malware samples (lien direct) |  Here are a few samples related to the recent DDE Command executionReading:10/18/2017 InQuest/yara-rules 10/18/2017 https://twitter.com/i/moments/918126999738175489 10/18/2017 Inquest: Microsoft Office DDE Macro-less Command Execution Vulnerability10/18/2017 Inquest: Microsoft Office DDE Vortex Ransomware Targeting Poland10/16/2017 https://twitter.com/noottrak/status/91997508182826188810/14/2017 Inquest: Microsoft Office DDE Freddie Mac Targeted Lure 10/14/2017 Inquest: Microsoft Office DDE SEC OMB Approval Lure10/12/2017 NViso labs: YARA DDE rules: DDE Command Execution observed in-the-wild 10/11/2017 Talos:Spoofed SEC Emails Distribute Evolved DNSMessenger 10/10/2017 NViso labs: MS Office DDE YARA rules |
Ransomware Malware | ★★ | |
|
2023-01-20 22:03:00 | Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers\' DNS Settings (lien direct) | Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking. Kaspersky, which carried out an analysis of the malicious artifact, said the feature is designed to target specific Wi-Fi routers located in South Korea. | Malware Threat | ★★ | |
|
2023-01-20 12:29:00 | New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability (lien direct) | A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa. Telemetry evidence gathered by Google-owned Mandiant indicates that the exploitation occurred as early as October 2022, at least nearly two months before fixes were | Malware Vulnerability Threat | ★★ | |
|
2023-01-20 11:02:16 | New Boldmove Linux malware used to backdoor Fortinet devices (lien direct) | Suspected Chinese hackers exploited a recently disclosed FortiOS SSL-VPN vulnerability as a zero-day in December, targeting a European government and an African MSP with a new custom 'BOLDMOVE' Linux and Windows malware. [...] | Malware Vulnerability | ★★★ | |
|
2023-01-20 05:04:47 | (Déjà vu) ASEC Weekly Malware Statistics (January 9th, 2023 – January 15th, 2023) (lien direct) | The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 9th, 2023 (Monday) to January 15th, 2023 (Sunday). For the main category, downloader ranked top with 38.4%, followed by Infostealer with 37.0%, backdoor with 18.2%, ransomware with 4.0%, CoinMiner with 1.5%. Top 1 – SmokeLoader SmokeLoader is an Infostealer/downloader malware that is distributed via exploit kits. This week, it ranked first place with... | Ransomware Malware | ★★ | |
 |
2023-01-19 21:30:00 | Attackers Crafted Custom Malware for Fortinet Zero-Day (lien direct) | The "BoldMove" backdoor demonstrates a high level of knowledge of FortiOS, according to Mandiant researchers, who said the attacker appears to be based out of China. | Malware | ★★ | |
 |
2023-01-19 19:57:37 | Cloud Threats Memo: Threat Actors Continue to Abuse Cloud Services to Deliver Malware in 2023 (lien direct) | >Our most recent Cloud and Threat Report highlighted how threat actors abuse cloud services (with a special focus on cloud storage apps) to deliver malicious content (and yes, OneDrive leads the chart of the most exploited apps). To confirm that this trend will likely continue in 2023, researchers at Trend Micro have discovered an active […] | Malware Threat Guideline Prediction | ★★★ | |
|
2023-01-19 19:17:18 | Canada\'s largest alcohol retailer infected with card skimming malware twice since December (lien direct) |  On January 12, Canadian alcohol retail giant LCBO announced that an “unauthorized party embedded malicious code” onto its website in order to steal information from customers in the process of checking out. Over five days in January, they wrote, customers “may have had their information compromised.” In fact, the infection was one of several to […] |
Malware | ★★★ | |
|
2023-01-19 18:57:00 | Android Users Beware: New Hook Malware with RAT Capabilities Emerges (lien direct) | The threat actor behind the BlackRock and ERMAC Android banking trojans has unleashed yet another malware for rent called Hook that introduces new capabilities to access files stored in the devices and create a remote interactive session. ThreatFabric, in a report shared with The Hacker News, characterized Hook as a novel ERMAC fork that's advertised for sale for $7,000 per month while featuring | Malware Threat | ★★★ | |
|
2023-01-19 18:30:22 | New \'Hook\' Android malware lets hackers remotely control your phone (lien direct) | A new Android malware named 'Hook' is being sold by cybercriminals, boasting it can remotely take over mobile devices in real-time using VNC (virtual network computing). [...] | Malware | ★★★ | |
|
2023-01-19 15:00:00 | Des acteurs de menace chinois présumés exploitant la vulnérabilité de Fortios (CVE-2022-42475) Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475) (lien direct) |
mandiant suit une campagne suspectée de China-Nexus qui aurait exploité une vulnérabilité récemment annoncée dans Fortios SSL-VPN de Fortinet \\, CVE-2022-42475, commeun jour zéro. Les preuves suggèrent que l'exploitation se produisait dès octobre 2022 et que les objectifs identifiés incluent une entité gouvernementale européenne et un fournisseur de services gérés situé en Afrique.
mandiant a identifié un nouveau malware que nous suivons comme "Boldmove" dans le cadre de notre enquête.Nous avons découvert une variante Windows de Boldmove et une variante Linux, qui est spécialement conçue pour fonctionner sur des pare-feu FortiGate.Nous
Mandiant is tracking a suspected China-nexus campaign believed to have exploited a recently announced vulnerability in Fortinet\'s FortiOS SSL-VPN, CVE-2022-42475, as a zero-day. Evidence suggests the exploitation was occurring as early as October 2022 and identified targets include a European government entity and a managed service provider located in Africa. Mandiant identified a new malware we are tracking as “BOLDMOVE” as part of our investigation. We have uncovered a Windows variant of BOLDMOVE and a Linux variant, which is specifically designed to run on FortiGate Firewalls. We |
Malware Vulnerability Threat | ★★★★ |
To see everything:
Our RSS (filtrered)
