Tag: infection
-
New ValleyRAT Malware Variant Spreading via Fake Chrome Downloads
Morphisec uncovers a new ValleyRAT malware variant with advanced evasion tactics, multi-stage infection chains, and novel delivery methods… First seen on hackread.com Jump to article: hackread.com/valleyrat-malware-variant-fake-chrome-downloads/
-
Musk’s DOGE effort could spread malware, expose US systems to threat actors
by
in SecurityNews
Tags: access, ai, api, attack, authentication, ceo, cio, computer, computing, control, cyber, cybercrime, cybersecurity, data, defense, email, exploit, governance, government, hacking, infection, infosec, international, jobs, malicious, malware, network, office, privacy, ransomware, risk, service, technology, threat, toolOver the past 10 days, an astonishing series of actions by Elon Musk via his Department of Government Efficiency (DOGE) project has elevated the cybersecurity risk of some of the most sensitive computing systems in the US government. Musk and his team of young, inexperienced engineers, at least one of whom is not a US…
-
New phishing campaign targets users in Poland and Germany
by
in SecurityNewsAn ongoing phishing campaign, presumably by an advanced persistent threat (APT) actor, is seen dropping a new backdoor on victim systems enabling stealthy C2 operations.The backdoor, which Cisco’s Talos Intelligence Unit is tracking as TorNet, was found connecting victim machines to the decentralized and anonymizing TOR network for C2 communications.”Cisco Talos discovered an ongoing malicious…
-
From Dream Jobs to Dangerous Passwords: Lazarus Group’s LinkedIn Attacks
by
in SecurityNewsCybersecurity researcher Shusei Tomonaga from JPCERT/CC has issued a warning about LinkedIn being exploited as an initial infection First seen on securityonline.info Jump to article: securityonline.info/from-dream-jobs-to-dangerous-passwords-lazarus-groups-linkedin-attacks/
-
PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers
by
in SecurityNewsCybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT.The attacks leverage a multi-stage loader dubbed PNGPlug to deliver the ValleyRAT payload, Intezer said in a technical report published last week.The infection chain commences with a…
-
APT28’s New Espionage Campaign Uses Double-Tap Infection Chain
by
in SecurityNewsIn a recent revelation, security researchers Amaury G., Maxime A., Erwan Chevalier, Felix Aimé, and Sekoia TDR have First seen on securityonline.info Jump to article: securityonline.info/apt28s-new-espionage-campaign-uses-double-tap-infection-chain/
-
Infostealer Infections Lead to Telefonica Ticketing System Breach
by
in SecurityNewsInfostealer malware allowed threat actors to compromise Telefonica employees’ credentials and access the company’s internal ticketing system. The post Infostealer Infections Lead to Telefonica Ticketing System Breach appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/infostealer-infections-lead-to-telefonica-internal-ticketing-system-breach/
-
Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware
In-the-wild attacks tamper with built-in security tool to suppress infection warnings. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/01/ivanti-vpn-users-are-getting-hacked-by-actors-exploiting-a-critical-vulnerability/
-
Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks
by
in SecurityNewsA Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks.The botnet maintains approximately 15,000 daily active IP addresses, with the infections primarily scattered across China, Iran, Russia, Turkey, and the United States. First seen on…
-
EagerBee Backdoor Takes Flight Against Mideast ISPs, Government Targets
by
in SecurityNewsThe malware, operated by China-backed cyberattackers, has been significantly fortified with new evasive and post-infection capabilities. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/eagerbee-backdoor-middle-east-isps-government-targets
-
Best of 2024: An Accidental Discovery of a Backdoor Likely Prevented Thousands of Infections
by
in SecurityNews… Read more » First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2024/12/an-accidental-discovery-of-a-backdoor-likely-prevented-thousands-of-infections-2/
-
7 biggest cybersecurity stories of 2024
by
in SecurityNews
Tags: access, ai, alphv, at&t, attack, authentication, breach, business, china, cio, ciso, citrix, cloud, credentials, crowdstrike, crypto, cyber, cybercrime, cybersecurity, data, data-breach, deep-fake, detection, email, espionage, exploit, extortion, finance, google, government, group, hacking, healthcare, incident response, infection, insurance, intelligence, international, jobs, lockbit, malicious, malware, mandiant, mfa, microsoft, network, nis-2, north-korea, office, phishing, phone, privacy, ransomware, regulation, risk, risk-management, scam, service, software, strategy, tactics, technology, threat, ukraine, update, vulnerability, windowsCybersecurity headlines were plenty this year, with several breaches, attacks, and mishaps drawing worldwide attention.But a few incidents in particular had far-reaching consequences, with the potential to reshape industry protections, shake up how vendors secure customers’ systems, or drive security leaders to reassess their strategies.Longer-term trends such as increased cybersecurity regulations and the impact of…
-
North Korean hackers spotted using new tools on employees of ‘nuclear-related’ org
by
in SecurityNewsResearchers at Kaspersky said they found the Lazarus Group using “a complex infection chain that included multiple types of malware, such as a downloader, loader, and backdoor, demonstrating the group’s evolved delivery and improved persistence methods.”]]> First seen on therecord.media Jump to article: therecord.media/lazarus-group-new-tools-kaspersky
-
Lazarus Group’s Evolving Arsenal: New Malware and Infection Chains Unveiled
In a recent analysis by Kaspersky Labs, the infamous Lazarus Group continues to refine its strategies, blending old tactics with new malware to create advanced and stealthy attack chains. Dubbed... First seen on securityonline.info Jump to article: securityonline.info/lazarus-groups-evolving-arsenal-new-malware-and-infection-chains-unveiled/
-
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
The Lazarus Group, an infamous threat actor linked to the Democratic People’s Republic of Korea (DPRK), has been observed leveraging a “complex infection chain” targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024.The attacks, which culminated in the deployment of a new modular backdoor…
-
Routers with default passwords are attracting Mirai infections, Juniper says
by
in SecurityNewsBeginning December 11, customers started reporting “suspicious behavior” on their Session Smart Routers, Juniper says, and they had one thing in common: They were still using the factory-set passwords on the devices.]]> First seen on therecord.media Jump to article: therecord.media/routers-with-default-passwords-mirai-malware-juniper
-
New I2PRAT Malware Using encrypted peerpeer communication to Evade Detections
by
in SecurityNewsCybersecurity experts are sounding the alarm over a new strain of malware dubbed >>I2PRAT,
-
Technical Analysis of RiseLoader
by
in SecurityNewsIntroductionIn October 2024, Zscaler ThreatLabz came across malware samples that use a network communication protocol that is similar to RisePro. However, unlike RisePro which has primarily been used for information stealing, this new malware specializes in downloading and executing second-stage payloads. Due its distinctive focus and similarities with RisePro’s communication protocol, we named this new…
-
NoviSpy Spyware Installed on Journalist’s Phone After Unlocking It With Cellebrite Tool
A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International.”NoviSpy allows for capturing sensitive personal data from a target’s phone after infection and provides the ability to turn on the phone’s microphone or camera…
-
PUMA creeps through Linux with a stealthy rootkit attack
by
in SecurityNewsA new loadable kernel module (LKM) rootkit has been spotted in the wild compromising Linux systems with advanced stealth and privilege escalation features.PUMAKIT, as called by the Elastic Security researchers who discovered it during routine threat hunting on VirusTotal, was deployed as part of a multi-stage malware architecture that consists of a dropper, two memory-resident…
-
US sanctions Chinese cybersecurity firm over global malware campaign
by
in SecurityNews
Tags: attack, breach, china, computer, control, corporate, credentials, cve, cyber, cyberattack, cybersecurity, email, encryption, exploit, finance, firewall, fraud, government, group, healthcare, identity, infection, infrastructure, intelligence, international, malicious, malware, monitoring, network, office, password, ransomware, risk, service, software, sophos, technology, terrorism, threat, tool, vulnerability, zero-dayThe US government has imposed sanctions on Chinese cybersecurity firm Sichuan Silence Information Technology and one of its employees, Guan Tianfeng, for their alleged involvement in a 2020 global cyberattack that exploited zero day vulnerabilities in firewalls.The actions were announced by the US Department of the Treasury and the Department of Justice (DOJ), which also…
-
$1 phone scanner finds seven Pegasus spyware infections
iVerify’s detection tool was launched in May and is turning up victims. First seen on arstechnica.com Jump to article: arstechnica.com/security/2024/12/1-phone-scanner-finds-seven-pegasus-spyware-infections/
-
Pegasus Spyware Infections Proliferate Across iOS, Android Devices
by
in SecurityNewsThe notorious spyware from Israel’s NSO Group has been found targeting journalists, government officials, and corporate executives in multiple variants discovered in a threat scan of 3,500 mobile phones. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/pegasus-spyware-infections-ios-android-devices