Tag: malware
-
APT47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell.The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis published…
-
China-linked hackers target Linux systems with new spying malware
by
in SecurityNewsFirst seen on therecord.media Jump to article: therecord.media/china-hackers-linux-malware-target
-
Russian TAG-110 Hacked 60+ Users With HTML Loaded Python Backdoor
by
in SecurityNewsThe Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central Asia, East Asia, and Europe by deploying custom malware, HATVIBE and CHERRYSPY, to compromise government entities, human rights groups, and educational institutions. Initial access is typically gained through phishing or exploiting vulnerable web services, as the campaign’s goal is to…
-
Hackers Use Telegram Channels To Deliver Lumma Stealer Sophisticatedly
Lumma Stealer, a sophisticated information-stealing malware, is spreading through Telegram channels, exploiting the platform’s popularity to bypass traditional security measures and target unsuspecting users, potentially compromising sensitive data. The Telegram channel >>hitbase,
-
Raspberry Robin Employs TOR Network For C2 Servers Communication
Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection and analysis by infiltrating systems primarily via USB drives, utilizing the TOR network for covert communication with its C2 servers. The malware’s multi-layered structure and extensive use of anti-analysis methods hinder security measures. Raspberry Robin poses a significant threat by…
-
Russian Cyber Spies Target Organizations with HatVibe and CherrySpy Malware
by
in SecurityNewsRussian-aligned TAG-110 uses custom tools to spy on governments, human rights groups and educational institutions in Europe and Asia First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-cyber-spies-hatvibe/
-
Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia
by
in SecurityNewsThreat actors with ties to Russia have been linked to a cyber espionage campaign aimed at organizations in Central Asia, East Asia, and Europe.Recorded Future’s Insikt Group, which has assigned the activity cluster the name TAG-110, said it overlaps with a threat group tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0063,…
-
Malware Bypasses Microsoft Defender and 2FA to Steal $24K in Crypto
by
in SecurityNewsMalware bypasses Microsoft Defender and 2FA, stealing $24K in cryptocurrency via a fake NFT game app. Learn how… First seen on hackread.com Jump to article: hackread.com/malware-bypasses-microsoft-defender-2fa-crypto/
-
Zscaler entwickelt SmokeBuster zur Bekämpfung der SmokeLoader-Malware
by
in SecurityNews
Tags: malwareSmokeBuster hat darüber hinaus ein Feature implementiert, das es Malware-Analysten ermöglicht, SmokeLoaders Threads zu beenden, auszusetzen oder aufzunehmen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/zscaler-entwickelt-smokebuster-zur-bekaempfung-der-smokeloader-malware/a39030/
-
l+f: Pentester auf der dunklen Seite der Macht
by
in SecurityNews
Tags: malwareMalware-Entwickler wollen die Qualität ihrer Erpressungstrojaner verbessern und suchen dafür professionelle Hilfe. First seen on heise.de Jump to article: www.heise.de/news/l-f-Pentester-auf-der-dunklen-Seite-der-Macht-10101016.html
-
Sync-Scheduler Malware: Unveiling a Sophisticated Espionage Attack
by
in SecurityNewsIn a detailed report, the BlackBerry Research and Intelligence Team has revealed a highly targeted cyber espionage campaign against the Pakistan Navy, executed by a sophisticated and likely state-sponsored threat... First seen on securityonline.info Jump to article: securityonline.info/sync-scheduler-malware-unveiling-a-sophisticated-espionage-attack/
-
Chinese APT Gelsemium Deploys ‘Wolfsbane’ Linux Variant
In a sign of the times, a backdoor malware whose ancestors date back to 2005 has morphed to target Linux systems. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/chinese-apt-gelsemium-wolfsbane-linux-variant
-
Chinese hackers target Linux with new WolfsBane malware
A new Linux backdoor called ‘WolfsBane’ has been discovered, believed to be a port of Windows malware used by the Chinese ‘Gelsemium’ hacking group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-gelsemium-hackers-use-new-wolfsbane-linux-malware/
-
UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants
by
in SecurityNewsBy Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer and Vitor Ventura. Cisco Talos has observed a new wave of attacks active since at least late … First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/uat-5647-romcom/
-
Linux Malware WolfsBane and FireWood Linked to Gelsemium APT
New Linux malware WolfsBane and FireWood have been linked to Gelsemium APT, a cyber-espionage group targeting critical systems First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/linux-malware-wolfsbane-firewood/
-
Vietnam’s Infostealer Crackdown Reveals VietCredCare and DuckTail
by
in SecurityNewsGroup-IB revealed key differences in VietCredCare and DuckTail infostealer malware targeting Facebook Business accounts First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/vietnams-infostealer-vietcredcare/
-
QuantumSoftware kombiniert KI-Engines, Post-Quantum-Verschlüsselung und DevOps-Optimierung
by
in SecurityNewsDie neue Check-Point-Quantum-Firewall-Software R82 kombiniert KI-Engines, Post-Quantum-Verschlüsselung und DevOps-Optimierungen für skalierbare und vereinfachte Rechenzentrumsoperationen. Check Point präsentiert damit eine KI-basierte Netzwerksicherheitslösung der nächsten Generation. Bei einem globalen Anstieg der Cyber-Angriffe um 75 Prozent bietet R82 KI-gestützte Engines, die Schutz vor Zero-Day-Bedrohungen, sowie Phishing, Malware und DNS-Exploits (Domain Name System) gewährleisten. Darüber hinaus enthält sie neue…
-
Lumma Stealer Proliferation Fueled by Telegram Activity
by
in SecurityNewsSpreading malware via Telegram channels allows threat actors to bypass traditional detection mechanisms and reach a broad, unsuspecting audience First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lumma-stealer-proliferation-fueled/
-
Researchers Detailed FrostyGoop Malware Attacking ICS Devices
by
in SecurityNewsFrostyGoop, a newly discovered OT-centric malware that exploited Modbus TCP to disrupt critical infrastructure in Ukraine, capable of both internal and external attacks, targets industrial control systems (ICS) devices. By sending malicious Modbus commands, FrostyGoop can cause physical damage to the environment, as analysis has uncovered additional samples, configuration files, and network communication patterns associated…
-
Malware-Kampagne lockt Opfer mit kostenlosem KI-Videoeditor
by
in SecurityNewsAuf sozialen Medien haben Kriminelle eine Kampagne für einen kostenlosen KI-Videoeditor gestartet. Stattdessen gab es jedoch Infostealer. First seen on heise.de Jump to article: www.heise.de/news/Malware-Kampagne-lockt-Opfer-mit-kostenlosem-KI-Videoeditor-10082265.html
-
NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data
by
in SecurityNewsThreat hunters are warning about an updated version of the Python-based NodeStealer that’s now equipped to extract more information from victims’ Facebook Ads Manager accounts and harvest credit card data stored in web browsers.”They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement,” Netskope Threat…
-
Earth Kasha Expands Operations: New LODEINFO Malware Hits Government and High-Tech
by
in SecurityNewsIn a detailed report by Trend Micro, the emergence of a new LODEINFO malware campaign has been linked to Earth Kasha, a threat group operating within what the researchers term... First seen on securityonline.info Jump to article: securityonline.info/earth-kasha-expands-operations-new-lodeinfo-malware-hits-government-and-high-tech/
-
Check Point Unveils New AI-Powered Network Security Software Amidst Rising Global Threats
Today, Check Point Software has unveiled its new Check Point Quantum Firewall Software R82 (R82), as well as additional innovations for the Infinity Platform. The R82 delivers new AI-powered engines to prevent against zero-day threats including phishing, malware, and domain name system (DNS) exploits. It also includes new architectural changes and innovations that drive DevOps…
-
ANY.RUN Sandbox Automates Interactive Analysis of Complex Cyber Attack Chains
ANY.RUN, a well-known interactive malware analysis platform, has announced Smart Content Analysis, an enhancement to its Automated Interactivity feature. This new mechanism is designed to automatically analyze and detonate complex malware and phishing attacks, providing investigators with quicker and more detailed insights into malicious behavior. Speed Optimization for Investigations: Accelerates the analysis workflow, saving time…
-
Water Barghest Botnet Comprised 20,000+ IoT Devices By Exploiting Vulnerabilities
by
in SecurityNewsWater Barghest, a sophisticated botnet, exploits vulnerabilities in IoT devices to enlist them in a residential proxy marketplace by leveraging automated scripts to identify vulnerable devices from public databases like Shodan. When the device is compromised, the Ngioweb malware is installed in a stealthy manner, thereby establishing a connection to command-and-control servers. The infected device…
-
North Korean IT Worker Using Weaponized Video Conference Apps To Attack Job Seakers
by
in SecurityNewsNorth Korean IT workers, operating under the cluster CL-STA-0237, have been implicated in recent phishing attacks leveraging malware-infected video conference apps. The group, likely based in Laos, has demonstrated a sophisticated approach, infiltrating a U.S.-based SMB IT services company to gain access to sensitive information and secure a position at a major tech company. It…
-
Juice Jacking: FBI warnt vor öffentlichen USB-Ladestationen
by
in SecurityNews
Tags: malwareÜber manipulierte öffentliche USB-Ladestationen versuchen Kriminelle seit Langem, Malware auf angeschlossene Geräte zu schmuggeln. Jetzt warnt auch da… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/juice-jacking-fbi-warnt-vor-offentlichen-usb-ladestationen
-
Russian suspected Phobos ransomware admin extradited to US over $16M extortion
by
in SecurityNewsThis malware is FREE for EVERY crook ($300 decryption keys sold separately) First seen on theregister.com Jump to article: www.theregister.com/2024/11/19/suspected_phobos_admin/
-
Bitwarden exploited in new Facebook malvertising campaign
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/bitwarden-exploited-in-new-facebook-malvertising-campaign
-
Infostealers deployed via novel BabbleLoader malware
by
in SecurityNews
Tags: malwareFirst seen on scworld.com Jump to article: www.scworld.com/brief/infostealers-deployed-via-novel-babbleloader-malware