Recherche : [Malware]

Intelligence Brief: Impact of FrostyGoop Modbus Malware on Connected OT Systems https://www.dragos.com/resources/solution-brief/intelligence-brief-impact-of-frostygoop-modbus-malware-on-connected-ot-systems/?ref=news.risky.biz

25/07/2024 15:18:16

In April 2024, FrostyGoop, an ICS malware, was discovered in a publicly available malware scanning repository. FrostyGoop can target devices communicating over Modbus TCP to manipulate control, modify parameters, and send unauthorized command messages. Modbus is a commonly used protocol across all industrial sectors. The Cyber Security Situation Center (CSSC), a part of the Security

NullBulge | Threat Actor Masquerades as Hacktivist Group Rebelling Against AI https://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/

18/07/2024 23:35:48

Actors are masquerading as hacktivists targeting AI-centric communities with commodity malware and customized LockBit payloads.

ClickFix Deception: A Social Engineering Tactic to Deploy Malware https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clickfix-deception-a-social-engineering-tactic-to-deploy-malware/

17/07/2024 10:29:10

Authored by Yashvi Shah and Vignesh Dhatchanamoorthy McAfee Labs has discovered a highly unusual method of malware delivery, referred to by researchers as

CloudSorcerer APT uses cloud services and GitHub as C2 | Securelist https://securelist.com/cloudsorcerer-new-apt-cloud-actor/113056/

11/07/2024 09:57:32

Kaspersky discovered a new APT CloudSorcerer targeting Russian government entities and using cloud services as C2, just like the CloudWizard actor.

EDR as an Offensive Tool https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

09/07/2024 12:26:36

Learn how SafeBreach developed malware integrated within Palo Alto Networks Cortex XDR, exploiting its ransomware protection feature.

Turla: A Master’s Art of Evasion https://www.gdatasoftware.com/blog/2024/07/37977-turla-evasion-lnk-files

08/07/2024 23:09:49

Turla, a well-known piece of malware, has taken to weaponising LNK-files to infect computers. We have observed a current example of this.

Cisco warns of NX-OS zero-day exploited to deploy custom malware https://www.bleepingcomputer.com/news/security/cisco-warns-of-nx-os-zero-day-exploited-to-deploy-custom-malware/

01/07/2024 19:59:25

Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches.

Polyfill, Cloudflare trade barbs after reports of supply chain attack threatening 100k websites https://therecord.media/polyfill-cloudflare-trade-barbs-supply-chain-attack

01/07/2024 12:01:56

Tech giant Cloudflare urged customers to remove a popular open source library used to support older browsers after reports emerged this week that the tool is being used to distribute malware.

New Medusa malware variants target Android users in seven countries https://www.bleepingcomputer.com/news/security/new-medusa-malware-variants-target-android-users-in-seven-countries/

30/06/2024 11:40:32

The Medusa banking trojan for Android has re-emerged after almost a year of keeping a lower profile in campaigns targeting France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey.

South Korean telecom company attacks torrent users with malware — over 600,000 customers report missing files, strange folders, and disabled PCs https://www.tomshardware.com/tech-industry/cyber-security/south-korean-telecom-company-attacks-torrent-users-with-malware-over-600000-people-report-missing-files-strange-folders-and-disabled-pcs

27/06/2024 14:26:33

Korean telecom company KT Corporation sent malware to its subscribers who use Webhard's Grid Service peer-to-peer sharing program to hide their files and stop them from using the service.

XZ backdoor behavior inside OpenSSH https://securelist.com/xz-backdoor-part-3-hooking-ssh/113007/

24/06/2024 16:44:07

In this article, we analyze XZ backdoor behavior inside OpenSSH, after it has achieved RSA-related function hook.

Rafel RAT, Android Malware from Espionage to Ransomware Operations https://research.checkpoint.com/2024/rafel-rat-android-malware-from-espionage-to-ransomware-operations/

24/06/2024 08:51:05

Android, Google’s most popular mobile operating system, powers billions of smartphones and tablets globally. Known for its open-source nature and flexibility, Android offers users a wide array of features, customization options, and access to a vast ecosystem of applications through the Google Play Store and other sources.

However, with its widespread adoption and open environment comes the risk of malicious activity. Android malware, a malicious software designed to target Android devices, poses a significant threat to users’ privacy, security, and data integrity. These malicious programs come in various forms, including viruses, Trojans, ransomware, spyware, and adware, and they can infiltrate devices through multiple vectors, such as app downloads, malicious websites, phishing attacks, and even system vulnerabilities.

PikaBot: a Guide to its Deep Secrets and Operations - Sekoia.io Blog https://blog.sekoia.io/pikabot-a-guide-to-its-deep-secrets-and-operations/

04/06/2024 11:15:28

Uncover an in-depth analysis of PikaBot, a malware loader used by Initial Access Brokers for network compromise and ransomware deployment.

Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities https://thehackernews.com/2024/05/researchers-uncover-active-exploitation.html?m=1

30/05/2024 16:30:28

Researchers have discovered several vulnerabilities in popular WordPress plugins that allow attackers to create rogue admin accounts.
#attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability

macOS version of elusive 'LightSpy' spyware tool discovered https://www.bleepingcomputer.com/news/security/macos-version-of-elusive-lightspy-spyware-tool-discovered/

30/05/2024 12:05:37

A macOS version of the LightSpy surveillance framework has been discovered, confirming the extensive reach of a tool only previously known for targeting Android and iOS devices.

How ransomware abuses BitLocker | Securelist https://securelist.com/ransomware-abuses-bitlocker/112643/

25/05/2024 19:12:04

The Kaspersky GERT has detected a VBS script that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom.
#BitLocker #Data #Descriptions #Encryption #Incident #Malware #Microsoft #Ransomware #Technologies #Windows #response

Russian hackers use new Lunar malware to breach a European govt's agencies https://www.bleepingcomputer.com/news/security/russian-hackers-use-new-lunar-malware-to-breach-a-european-govts-agencies/#google_vignette

17/05/2024 09:25:27

Security researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad.

Log4j Exploited by XMRig Cryptominer Malware: Analysis & Mitigation https://www.uptycs.com/blog/log4j-campaign-xmrig-malware

16/05/2024 16:56:08

Learn how the Log4j vulnerability (CVE-2021-44228) is exploited by XMRig cryptominer malware. Discover attack methods, indicators, and effective mitigation strategies.

An Infostealer's Brewin': Cuckoo & AtomicStealer Get Creative https://alden.io/posts/infostealers-a-brewin/

15/05/2024 20:54:08

Recent infostealer malware campaign utilizing fake Homebrew websites to deliver Cuckoo and AtomicStealer.

Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign https://thehackernews.com/2024/05/kremlin-backed-apt28-targets-polish.html?m=1

12/05/2024 13:08:34

Russia-Linked APT28 Strikes Poland with Malware Campaign Polish government bodies were hit by a sophisticated malware attack orchestrated by the infam

Liens par page

Filtres