Learn about the key macOS malware families from 2024, including tactics, IoCs, opportunities for detection, and links to further reading.
Cybercriminals use GhostGPT, an uncensored AI chatbot, for malware creation, BEC scams, and more. Learn about the risks and how AI fights back.
#chatbot #creation #cybercriminals #fights #ghostgpt #learn #malware #risks #scams #uncensored
Hackers are distributing close to 1,000 web pages mimicking Reddit and the WeTransfer file sharing service that lead to downloading the Lumma Stealer malware.
In addition to the new backConnect malware developed by Qbot operators, research has emerged tying zloader[4] activity to that of the BlackBasta ransomware operation. It is highly likely this new side loading backConnect malware has been or is going to be utilized to further ransomware attacks.
Since the end of 2024, we have been continuously monitoring large-scale DDoS attacks orchestrated by an IoT botnet exploiting vulnerable IoT devices such as wireless routers and IP cameras.
Third-party scripts are a key part of the supply chain, giving 3rd party access to sensitive data or allowing malicious actions in the browser of your user. c/side helps you regain control over your website.
Executive Summary: Since September, Check Point Research (CPR) has been monitoring a new version of the Banshee macOS Stealer, a malware that steals
In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities were deemed as highly significant due to the widespread use of LDAP in Windows environments:
CVE-2024-49112: A remote code execution (RCE) bug that attackers can exploit by sending specially crafted LDAP requests, allowing them to execute arbitrary code on the target system.
CVE-2024-49113: A denial-of-service (DoS) vulnerability that can be exploited to crash the LDAP service, leading to service disruptions.
In this blog entry, we discuss a fake proof-of-concept (PoC) exploit for CVE-2024-49113 (aka LDAPNightmare) designed to lure security researchers into downloading and executing information-stealing malware.
This post is part of an analysis that I have carried out during my spare time, motivated by a friend that asked me to have a look at the DDosia project related to the NoName057(16) group. The reason behind this request was caused by DDosia client changes for performing the DDos attacks. Because of that, all procedures used so far for monitoring NoName057(16) activities did not work anymore.
A large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run PowerShell commands to verify they are not a bot.
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
A deep dive into macOS malware this year.
The team at CYFIRMA analyzed a malicious Android sample designed to target high-value assets in Southern Asia. This sample, attributed to an unknown threat actor, was generated using the Spynote Remote Administration Tool. While the specifics of the targeted asset remain confidential, it is likely that such a target would attract the interest of APT groups. However, we are restricted from disclosing further details about the actual target and its specific region. For a comprehensive analysis, please refer to the detailed report
The scourge of “malvertising” is nothing new, but the tactic is still so effective that it's contributing to the rise of investment scams and the spread of new strains of malware.
Understand the threat of PHP reinfector malware on WordPress sites, compromising plugins like Imagify and using malicious admin users.
The Banshee Stealer macOS malware operation, which emerged earlier this year, was reportedly shut down following a source code leak.
We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us? Our Trellix Advanced Research Center team recently uncovered a malicious campaign that does just that. Instead of bypassing defenses, this malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda. The malware exploits the deep access provided by the driver to terminate security processes, disable protective software, and seize control of the infected system.
In a recent cyber campaign, the Chinese state-sponsored threat group TAG-112 compromised two Tibetan websites, Tibet Post and Gyudmed Tantric University, to deliver the Cobalt Strike malware. Recorded Future’s Insikt Group discovered that the attackers embedded malicious JavaScript in these sites, which spoofed a TLS certificate error to trick visitors into downloading a disguised security certificate. This malware, often used by threat actors for remote access and post-exploitation, highlights a continued cyber-espionage focus on Tibetan entities. TAG-112’s infrastructure, concealed using Cloudflare, links this campaign to other China-sponsored operations, particularly TAG-102 (Evasive Panda).
We analyze FrostyGoop malware, which targets OT systems. This article walks through newly discovered samples, indicators, and also examines configurations and network communications. We analyze FrostyGoop malware, which targets OT systems. This article walks through newly discovered samples, indicators, and also examines configurations and network communications.
