Tag: malware
-
Mysterious Elephant Using Hajj-Themed Bait in Attacks
Group Deploys Upgraded Malware Disguised as Microsoft File on Pilgrimage Goers. A South Asian threat actor identified as Mysterious Elephant or APT-K-47 by Knownsec 404 researchers is using a Hajj-themed lure to trick victims into malicious payload disguised as a Windows file. The hacker is using upgraded Asyncshell malware disguised as a Microsoft Compiled HTML…
-
China’s Salt Typhoon hackers target telecom firms in Southeast Asia with new malware
by
in SecurityNewsFirst seen on therecord.media Jump to article: therecord.media/china-salt-typhoon-targets-southeast-asia-telecom
-
Act fast to snuff out employee curiosity over ‘free’ AI apps
by
in SecurityNewsThe word “free” has always tempted employees who are looking for an app or template to make their work easier. These days, combine “free” with “AI” and the lure is almost irresistible.Since the release of ChatGPT in late 2022, free AI-themed apps have exploded. Unfortunately, some are created by threat actors. One of the latest…
-
Weaponized pen testers are becoming a new hacker staple
by
in SecurityNews
Tags: access, attack, cloud, credentials, defense, google, hacker, iam, intelligence, linux, macOS, malicious, malware, microsoft, open-source, password, penetration-testing, RedTeam, software, strategy, threat, tool, vulnerability, windowsMalicious adaptations of popular red teaming tools like Cobalt Strike and Metasploit are causing substantial disruption, emerging as a dominant strategy in malware campaigns.According to research by threat-hunting firm Elastic, known for its search-powered solutions, these two conventional penetration testing tools were weaponized to account for almost half of all malware activities in 2024.”The most…
-
Hundreds of code libraries posted to NPM try to install malware on dev machines
by
in SecurityNewsThese are not the the developer tools you think they are. First seen on arstechnica.com Jump to article: arstechnica.com/security/2024/11/javascript-developers-targeted-by-hundreds-of-malicious-code-libraries/
-
Android Trojan that intercepts voice calls to banks just got more stealthy
by
in SecurityNewsFakeCall malware can reroute calls intended for banks to attacker-controlled numbers. First seen on arstechnica.com Jump to article: arstechnica.com/information-technology/2024/10/android-trojan-that-intercepts-voice-calls-to-banks-just-got-more-stealthy/
-
Finastra investigates breach potentially affecting top global banks
by
in SecurityNews
Tags: attack, banking, breach, communications, corporate, credentials, cybersecurity, dark-web, data, finance, fintech, ibm, malware, network, ransomware, service, software, threatPopular financial software and services provider, Finastra, whose clientele includes 45 of the world’s top 50 banks, is reportedly warning these institutes of a potential breach affecting one of its internally hosted file transfer platforms.In an Incident Disclosure letter sent to its customer firms, first obtained and reported by cybersecurity journalist Brian Krebs, Finastra said…
-
IoT Device Traffic Up 18% as Malware Attacks Surge 400%
by
in SecurityNewsZscaler’s latest report finds 54.5% of IoT attacks target manufacturing, with the industry suffering more than three times the weekly attacks of other sectors First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iot-device-traffic-malware-attacks/
-
Malware campaign abused flawed Avast Anti-Rootkit driver
by
in SecurityNewsThreat actors exploit an outdated Avast Anti-Rootkit driver to evade detection, disable security tools, and compromise the target systems. Trellix researchers uncovered a malware campaign that abused a vulnerable Avast Anti-Rootkit driver (aswArPot.sys) to gain deeper access to the target system, disable security solutions, and gain system control. This alarming tactic corrupts trusted kernel-mode drivers,…
-
Salt Typhoon hackers backdoor telcos with new GhostSpider malware
The Chinese state-sponsored hacking group Salt Typhoon has been observed utilizing a new “GhostSpider” backdoor in attacks against telecommunication service providers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/salt-typhoon-hackers-backdoor-telcos-with-new-ghostspider-malware/
-
Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks
by
in SecurityNewsPhishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims to fake login pages hosted on Weebly, targeting telecommunications and financial sectors in late October 2024. Financially motivated threat actors exploit Weebly’s ease of use and reputation to host phishing pages, bypassing security measures and leveraging the platform’s legitimacy to…
-
Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials
by
in SecurityNewsThe Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced techniques, whereas recent variants focus on stealing Facebook Ads Manager budget details, potentially enabling malicious ad campaigns. Now they pilfer credit card information alongside browser credentials, and to bypass security measures, the malware utilizes Windows Restart Manager to unlock browser…
-
Malware Exploits Trusted Avast Anti-Rootkit Driver to Disable Security Software
by
in SecurityNewsMalware exploits legitimate Avast anti-rootkit driver to disable security software. Trellix researchers uncover the attack and provide mitigation steps. First seen on hackread.com Jump to article: hackread.com/malware-avast-anti-rootkit-driver-bypass-security/
-
Flying Under the Radar – Security Evasion Techniques
by
in SecurityNewsDive into the evolution of phishing and malware evasion techniques and understand how attackers are using increasingly sophisticated methods to bypass security measures.The Evolution of Phishing Attacks”I really like the saying that ‘This is out of scope’ said no hacker ever. Whether it’s tricks, techniques or technologies, hackers will do anything to evade detection and…
-
Uncle Sam outs a Russian accused of developing Redline infostealing malware
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/10/29/russian_redline_malware/
-
Russia-linked APT TAG-110 uses targets Europe and Asia
by
in SecurityNewsRussia-linked threat actors TAG-110 employed custom malware HATVIBE and CHERRYSPY to target organizations in Asia and Europe. Insikt Group researchers uncovered an ongoing cyber-espionage campaign by Russia-linked threat actor TAG-110 that employed custom malware tools HATVIBE and CHERRYSPY. The campaign primarily targeted government entities, human rights groups, and educational institutions in Central Asia, East Asia,…
-
Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections
by
in SecurityNewsCybersecurity researchers have uncovered a new malicious campaign that leverages a technique called Bring Your Own Vulnerable Driver (BYOVD) to disarm security protections and ultimately gain access to the infected system.”This malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda,” Trellix…
-
WolfsBane Chinesische Hacker bauen Backdoors in Linux ein
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/neue-linux-backdoor-wolfsbane-cybersecurity-bericht-a-b6f2d35625113cea670df3d992bcc192/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 21
by
in SecurityNewsSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Fake AI video generators infect Windows, macOS with infostealers How Italy became an unexpected spyware hub Babble Babble Babble Babble Babble Babble BabbleLoader One Sock Fits All: The use and abuse of the NSOCKS botnet Helldown…
-
Fake ChatGPT, Claude PyPI packages spread JarkaStealer malware
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/fake-chatgpt-claude-pypi-packages-spread-jarkastealer-malware
-
Malware auf Spotify: Wie Kriminelle die Streaming-Plattform missbrauchen
by
in SecurityNews
Tags: malwareFirst seen on t3n.de Jump to article: t3n.de/news/malware-auf-spotify-wie-kriminelle-die-streaming-plattform-missbrauchen-1659491/
-
Tickt in der frei verfügbaren Open-Source-Software eine Security-Zeitbombe?
by
in SecurityNewsOpen-Source: Meldungen, dass Cyberkriminelle Open-Source-Software mit gefährlichen Exploits oder Backdoors infiltrieren, häufen sich. Tickt in der frei verfügbaren Software eine Security-Zeitbombe? Wie können sich insbesondere Entwickler vor gefährlichen Backdoors oder Malware schützen? Netzpalaver hat zu dieser Fragestellung einige Statements aus der Netzpalaver-Community eingefangen, die sukzessive nachfolgend veröffentlicht werden. Statement von Harold Butzbach, Sysdig Statement […]…
-
Inside the Massive Crime Industry That’s Hacking Billion-Dollar Companies
by
in SecurityNewsWhen you download a piece of pirated software, you might also be getting a piece of infostealer malware, and entering a highly complex hacking ecosyst… First seen on wired.com Jump to article: www.wired.com/story/inside-the-massive-crime-industry-thats-hacking-billion-dollar-companies/
-
APT47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell.The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis published…
-
China-linked hackers target Linux systems with new spying malware
by
in SecurityNewsFirst seen on therecord.media Jump to article: therecord.media/china-hackers-linux-malware-target
-
Russian TAG-110 Hacked 60+ Users With HTML Loaded Python Backdoor
by
in SecurityNewsThe Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central Asia, East Asia, and Europe by deploying custom malware, HATVIBE and CHERRYSPY, to compromise government entities, human rights groups, and educational institutions. Initial access is typically gained through phishing or exploiting vulnerable web services, as the campaign’s goal is to…