Tag: malware
-
Chinese Espionage Group Targeting Legacy Ivanti VPN Devices
by
in SecurityNewsMore Evidence Surfaces of Chinese Hackers Targeting Ivanti Products. A suspected Chinese cyberespionage operation is behind a spate of malware left on VPN appliances made by Ivanti. The threat actor used a critical security vulnerability the Utah company patched in February. We are aware of a limited number of customers whose appliances have been exploited.…
-
Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware
by
in SecurityNewsA concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how threat actors are leveraging fake recruitment emails to distribute malicious payloads. The attackers impersonated Dev.to, a prominent developer community, and lured victims with promises of lucrative job offers. Instead of attaching malware directly to emails, they provided a BitBucket link…
-
EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures
by
in SecurityNewsEncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational security (OPSEC) failures and extensive reliance on ChatGPT for its operations. This emerging threat actor has been linked to ransomware campaigns, data theft, and the development of advanced malware tools, including EncryptRAT. However, critical mistakes in their operational infrastructure have…
-
Beware of Clickfix: ‘Fix Now’ and ‘Bot Verification’ Lures Deliver and Execute Malware
A sophisticated browser-based malware delivery method, dubbed ClickFix, has emerged as a significant threat to cybersecurity. Leveraging deceptive prompts like >>Fix Now>Bot Verification,
-
DeepSeek-R1 Prompts Abused to Generate Advanced Malware and Phishing Sites
by
in SecurityNewsThe release of DeepSeek-R1, a 671-billion-parameter large language model (LLM), has sparked significant interest due to its innovative use of Chain-of-Thought (CoT) reasoning. CoT reasoning enables the model to break down complex problems into intermediate steps, enhancing performance on tasks such as mathematical problem-solving. However, this transparency comes with unintended vulnerabilities. By explicitly sharing its…
-
New Credit Card Skimming Campaign Uses Browser Extensions to Steal Financial Data
by
in SecurityNewsA newly discovered credit card skimming campaign, dubbed >>RolandSkimmer,
-
Chinese Hackers Exploit Ivanti VPN Vulnerability to Deliver Malware Payloads
by
in SecurityNewsIvanti disclosed a critical security vulnerability, CVE-2025-22457, affecting its Connect Secure (ICS) VPN appliances, particularly versions 22.7R2.5 and earlier. This buffer overflow vulnerability enables attackers to achieve remote code execution when exploited successfully. Security researchers from Mandiant and Ivanti have confirmed active exploitation of this vulnerability in the wild, targeting ICS 9.X (end-of-life) and earlier…
-
In Other News: Apple Improving Malware Detection, Cybersecurity Funding, Cyber Command Chief Fired
by
in SecurityNewsNoteworthy stories that might have slipped under the radar: Apple adding TCC events to Endpoint Security, cybersecurity funding report for Q1 2025, Trump fires the head of NSA and Cyber Command. The post In Other News: Apple Improving Malware Detection, Cybersecurity Funding, Cyber Command Chief Fired appeared first on SecurityWeek. First seen on securityweek.com Jump…
-
OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers
by
in SecurityNewsA novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting (BPH) provider called Proton66 to facilitate their operations.The findings come from DomainTools, which detected the activity after it discovered a phony website named cybersecureprotect[.]com hosted on Proton66 that masqueraded as an antivirus service.The threat intelligence firm said it First seen…
-
Privilegierte Zugänge werden zum Sicherheitsrisiko
by
in SecurityNews
Tags: access, ai, api, apple, authentication, best-practice, cisco, cloud, cyber, cyberattack, dark-web, hacker, mail, malware, mfa, microsoft, password, phishing, ransomware, risk, service, tool, vpn, vulnerabilityKriminelle bevorzugen Phishing als Erstzugriffsmethode und nutzen legale Tools für unauffällige Angriffe auf sensible Systeme, wie eine aktuelle Studie herausfand.Der Missbrauch legitimer privilegierter Zugänge (legitimate privileged access) nimmt zu . Wie der Cisco Talos’ Jahresrückblick 2024 herausfand, nutzten Angreifer immer öfter gestohlene Identitäten für ihre Attacken, darunter auch Ransomware-Erpressungen. Dafür missbrauchen die HackerAnmeldedaten,Tokens,API-Schlüssel undZertifikate.Angriffe dieser…
-
CERT-UA reports attacks in March 2025 targeting Ukrainian agencies with WRECKSTEEL Malware
by
in SecurityNewsCERT-UA reported three cyberattacks targeting Ukraine’s state agencies and critical infrastructure to steal sensitive data. The Computer Emergency Response Team of Ukraine (CERT-UA) reported three cyberattacks in March 2025 targeting Ukrainian agencies and infrastructure to steal sensitive data. This activity is tracked under the identifier UAC-0219. >>The Ukrainian government’s computer emergency response team, CERT-UA, is…
-
Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
by
in SecurityNewsIvanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure that has come under active exploitation in the wild.The vulnerability, tracked as CVE-2025-22457 (CVSS score: 9.0), concerns a case of a stack-based buffer overflow that could be exploited to execute arbitrary code on affected systems.”A stack-based buffer overflow in Ivanti Connect…
-
CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware
by
in SecurityNews
Tags: attack, computer, country, cyber, cyberattack, email, infrastructure, malware, phishing, ukraineThe Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less than three cyber attacks were recorded against state administration bodies and critical infrastructure facilities in the country with an aim to steal sensitive data.The campaign, the agency said, involved the use of compromised email accounts to send phishing messages containing links pointing…
-
Covert compromise facilitated by new crop of malware loaders
by
in SecurityNews
Tags: malwareFirst seen on scworld.com Jump to article: www.scworld.com/brief/covert-compromise-facilitated-by-new-crop-of-malware-loaders
-
Breach Roundup: Fast Flux DNS Misuse Evades Easy Detection
by
in SecurityNewsAlso: Gootloader Malware, GCHQ Intern Pleads Guilty, Check Point Breach Update. This week, a Fast Flux warning, Gootloader malware, an GCHQ intern pleaded guilty to stealing top secret data and Check Point undercuts hacking claim. Also, Google rolled out end-to-end encryption for some Gmail users, Apple backported patches and Dutch prosecutors cut internet access. First…
-
Counterfeit Phones Carrying Hidden Revamped Triada Malware
by
in SecurityNewsThe malware, first discovered in 2016, has been updated over the years, and the latest version is now hiding in the firmware of counterfeit mobile phones. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/counterfeit-phones-infected-triada-malware
-
Ivanti patches Connect Secure zero-day exploited since mid-March
by
in SecurityNews
Tags: china, espionage, exploit, ivanti, malware, remote-code-execution, update, vulnerability, zero-dayIvanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ivanti-patches-connect-secure-zero-day-exploited-since-mid-march/
-
Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware
by
in SecurityNewsMicrosoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials.”These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection,” Microsoft said in a report shared with…
-
Hackers hit Ukrainian state agencies, critical infrastructure with new ‘Wrecksteel’ malware
by
in SecurityNewsA Ukrainian cyber agency said a suspected espionage campaign using the new malware has been active seen the fall, with at least three incidents detected in March. First seen on therecord.media Jump to article: therecord.media/hackers-ukraine-critical-infrastructure-malware
-
Cryptohack Roundup: Q1 Sees Record Hacks
by
in SecurityNewsAlso: SEC Drops Kraken, Consensys and Cumberland DRW Lawsuits. This week, hack stats, Hamas crypto funds seizure, conclusion of Kraken, Consensys and Cumberland DRW lawsuits, Kentucky dropped its Coinbase suit, Trump pardoned BitMex co-founders, Lazarus’s new tactics, and Crocodilus malware’s crypto targets. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cryptohack-roundup-q1-sees-record-hacks-a-27916
-
UAC-0219 Hackers Leverage WRECKSTEEL PowerShell Stealer to Extract Data from Computers
by
in SecurityNews
Tags: attack, computer, cyber, cyberattack, data, government, group, hacker, malware, powershell, tool, ukraineIn a concerning development, CERT-UA, Ukraine’s Computer Emergency Response Team, has reported a series of cyberattacks attributed to the hacker group identified as UAC-0219. These attacks, which have been ongoing since the fall of 2024, utilize an advanced PowerShell-based malware tool named WRECKSTEEL to infiltrate computers and extract sensitive data. The primary targets include government…
-
Hackers hit Ukrainian state agencies, critical infrastructure with new ‘Wrecksteel’ malware
by
in SecurityNewsA Ukrainian cyber agency said a suspected espionage campaign using the new malware has been active seen the fall, with at least three incidents detected in March. First seen on therecord.media Jump to article: therecord.media/hackers-ukraine-critical-infrastructure-malware
-
UAC-0219 Hackers Leverage WRECKSTEEL PowerShell Stealer to Extract Data from Computers
by
in SecurityNews
Tags: attack, computer, cyber, cyberattack, data, government, group, hacker, malware, powershell, tool, ukraineIn a concerning development, CERT-UA, Ukraine’s Computer Emergency Response Team, has reported a series of cyberattacks attributed to the hacker group identified as UAC-0219. These attacks, which have been ongoing since the fall of 2024, utilize an advanced PowerShell-based malware tool named WRECKSTEEL to infiltrate computers and extract sensitive data. The primary targets include government…
-
Hackers target Ukrainian state agencies, critical infrastructure with new ‘Wrecksteel’ malware
by
in SecurityNewsA Ukrainian cyber agency said a suspected espionage campaign using the new malware has been active seen the fall, with at least three incidents detected in March. First seen on therecord.media Jump to article: therecord.media/hackers-ukraine-critical-infrastructure-malware
-
Evilginx stiehlt Zugangsdaten und trickst die Multi-Faktor-Authentifizierung aus
by
in SecurityNewsEine böswillige Mutation des weit verbreiteten Nginx-Webservers erleichtert bösartige Adversary-in-the-Middle-Attacken. Sophos-X-Ops haben in einem Versuchsaufbau das kriminelle Potential von Evilginx analysiert und geben Tipps für den Schutz. Evilginx ist eine Malware, die auf dem legitimen und weit verbreiteten Open-Source-Webserver Nginx basiert. Sie kann dazu verwendet werden, Benutzernamen, Passwörter und Sitzungs-Token zu stehlen und sie bietet…
-
Amateur Hacker Leverages Russian Bulletproof Hosting Server to Spread Malware
by
in SecurityNewsThe cybercriminal uses the service of Proton66, an infamous Russian-based bulletproof hosting provider, to deploy malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/coquettte-hacker-malware-bph/
-
Evilginx: Die nginx-Mutation, die MFA-Schutz aushebelt
by
in SecurityNewsSicherheitsforscher von Sophos X-Ops haben die Funktionsweise und das Gefährdungspotenzial von Evilginx untersucht. Die auf dem weit verbreiteten Open-Source-Webserver nginx basierende Malware stellt eine erhebliche Bedrohung für die IT-Sicherheit dar, indem sie gezielte Adversary-in-the-Middle (AitM)-Angriffe ermöglicht und dabei sogar Multi-Faktor-Authentifizierung (MFA) aushebeln kann. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/evilginx-nginx-mutation-mfa-schutz