Recherche : [malware]

How ransomware abuses BitLocker | Securelist https://securelist.com/ransomware-abuses-bitlocker/112643/

25/05/2024 19:12:04

The Kaspersky GERT has detected a VBS script that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom.
#BitLocker #Data #Descriptions #Encryption #Incident #Malware #Microsoft #Ransomware #Technologies #Windows #response

Russian hackers use new Lunar malware to breach a European govt's agencies https://www.bleepingcomputer.com/news/security/russian-hackers-use-new-lunar-malware-to-breach-a-european-govts-agencies/#google_vignette

17/05/2024 09:25:27

Security researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad.

Log4j Exploited by XMRig Cryptominer Malware: Analysis & Mitigation https://www.uptycs.com/blog/log4j-campaign-xmrig-malware

16/05/2024 16:56:08

Learn how the Log4j vulnerability (CVE-2021-44228) is exploited by XMRig cryptominer malware. Discover attack methods, indicators, and effective mitigation strategies.

An Infostealer's Brewin': Cuckoo & AtomicStealer Get Creative https://alden.io/posts/infostealers-a-brewin/

15/05/2024 20:54:08

Recent infostealer malware campaign utilizing fake Homebrew websites to deliver Cuckoo and AtomicStealer.

Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign https://thehackernews.com/2024/05/kremlin-backed-apt28-targets-polish.html?m=1

12/05/2024 13:08:34

Russia-Linked APT28 Strikes Poland with Malware Campaign Polish government bodies were hit by a sophisticated malware attack orchestrated by the infam

Eight Arms to Hold You: The Cuttlefish Malware https://blog.lumen.com/eight-arms-to-hold-you-the-cuttlefish-malware/?ref=news.risky.biz

03/05/2024 07:43:56

Executive Summary: The Black Lotus Labs team at Lumen Technologies is tracking a malware platform we’ve named Cuttlefish, that targets networking equipment, specifically enterprise-grade small office/home office (SOHO) routers. This malware is modular, designed primarily to steal authentication material found in web requests that transit the router from the adjacent local area network (LAN). A

Nearly 20% of Docker Hub Repositories Spread Malware & Phishing Scams https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/

01/05/2024 09:38:21

Attackers are using Docker Hub for malicious campaigns of various types, including spreading malware, phishing and scams. Read the analysis of 3 malware campaigns.

Leaked LockBit builder in a real-life incident response case | Securelist https://securelist.com/lockbit-3-0-based-custom-targeted-ransomware/112375/

16/04/2024 14:24:13

Kaspersky researchers revisit the leaked LockBit 3.0 builder and share insights into a real-life incident involving a custom targeted ransomware variant created with this builder.

Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files https://thehackernews.com/2024/04/raspberry-robin-returns-new-malware.html?m=1

14/04/2024 15:30:37

Researchers uncover a fresh wave of the Raspberry Robin campaign spreading malware through malicious Windows Script Files (WSFs) since March 2024.
#attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability

Kaspersky analysis of the backdoor in XZ https://securelist.com/xz-backdoor-story-part-1/112354/

13/04/2024 03:32:39

Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.

Distinctive Campaign Evolution of Pikabot Malware https://www.mcafee.com/blogs/other-blogs/mcafee-labs/distinctive-campaign-evolution-of-pikabot-malware/

05/04/2024 09:10:00

Authored by Anuradha and Preksha Introduction PikaBot is a malicious backdoor that has been active since early 2023. Its modular design is comprised of a

North Korea’s Post-Infection Python Payloads – One Night in Norfolk https://norfolkinfosec.com/north-koreas-post-infection-python-payloads/

04/04/2024 13:29:13

Throughout the past few months, several publications have written about a North Korean threat actor group’s use of NPM packages to deploy malware to developers and other unsuspecting victims. This blog post provides additional details regarding the second and third-stage malware in these attacks, which these publications have only covered in limited detail.

Threat Actors Deliver Malware via YouTube Video Game Cracks https://www.proofpoint.com/uk/blog/threat-insight/threat-actors-deliver-malware-youtube-video-game-cracks

03/04/2024 22:58:20

Key takeaways Proofpoint identified multiple YouTube channels distributing malware by promoting cracked and pirated video games and related content. The video descriptions include links leading t...

AceCryptor malware has surged in Europe, researchers say https://therecord.media/acecryptor-malware-surge-europe-remcos

20/03/2024 22:39:09

Researchers at ESET say they spotted thousands of new infections with AceCryptor, which allows malware to slip into systems without being detected by anti-virus software.

DarkGate Opens Organizations for Attack via Skype, Teams https://www.trendmicro.com/en_us/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html

14/03/2024 11:31:55

From July to September, we observed the DarkGate campaign (detected by Trend Micro as TrojanSpy.AutoIt.DARKGATE.AA) abusing instant messaging platforms to deliver a VBA loader script to victims. This script downloaded and executed a second-stage payload consisting of a AutoIT scripting containing the DarkGate malware code. It’s unclear how the originating accounts of the instant messaging applications were compromised, however is hypothesized to be either through leaked credentials available through underground forums or the previous compromise of the parent organization.

8,000+ Domains of Trusted Brands Hijacked for Massive Spam Operation https://thehackernews.com/2024/02/8000-subdomains-of-trusted-brands.html?m=1

03/03/2024 20:21:17

Over 8,000 subdomains belonging to recognized brands and organizations are being exploited for malicious email distribution.

European Parliament finds spyware on defense committee members’ phones https://www.politico.eu/article/parliament-defense-subcommittee-phones-checked-for-spyware/

21/02/2024 13:23:07

Officials handling security and defense issues were the target of phone hacking, internal email says.

Poland's PM says authorities in the previous government widely and illegally used Pegasus spyware | AP News https://apnews.com/article/poland-government-pegasus-spyware-tusk-duda-78420fc7099401926d28b5be98669192

18/02/2024 18:46:33

Poland’s new prime minister says he has documentation proving that state authorities under the previous government used the powerful Pegasus spyware illegally and targeted a “very long” list of hacking victims.

Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor https://www.bleepingcomputer.com/news/security/hackers-exploit-ivanti-ssrf-flaw-to-deploy-new-dslog-backdoor/

13/02/2024 10:13:40

Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.

New RustDoor macOS malware impersonates Visual Studio update https://www.bleepingcomputer.com/news/security/new-rustdoor-macos-malware-impersonates-visual-studio-update/

09/02/2024 17:20:46

A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang.

Liens par page

Filtres