Found 3149 bookmarks
Custom sorting
U.S. banks processed about $1.2 billion in ransomware payments in 2021
U.S. banks processed about $1.2 billion in ransomware payments in 2021
  • U.S. banks and financial institutions processed more than $1 billion in potential ransomware-related payments in 2021. * It’s a new record and almost triple the amount that was reported the previous year. * Over half the ransomware attacks are attributed to suspected Russian cyber hackers, according to a new report.
#cnbc#EN#2022#ransomware#financial#banks#record#ransomware-related#payments#2021
·cnbc.com·
U.S. banks processed about $1.2 billion in ransomware payments in 2021
New Azov data wiper tries to frame researchers and BleepingComputer
New Azov data wiper tries to frame researchers and BleepingComputer
A new and destructive 'Azov Ransomware' data wiper is being heavily distributed through pirated software, key generators, and adware bundles, trying to frame well-known security researchers by claiming they are behind the attack.
#EN#bleepingcomputer#2022#Azov-Ransomware#researchers#BleepingComputer#Data-Wiper#Security-Researcher#Ukraine
·bleepingcomputer.com·
New Azov data wiper tries to frame researchers and BleepingComputer
Unmasking WindTape - Speaker Deck
Unmasking WindTape - Speaker Deck
The offensive macOS cyber capabilities of the WINDSHIFT APT group provide us with the opportunity to gain insight into the Apple-specific approaches employed by an advanced adversary. In this talk we’ll comprehensively dissect OSX.WindTape, a second-stage tool utilized by the WINDSHIFT APT group when targeting Apple systems. First we’ll discuss the malware’s anti-analysis mechanisms, and then once these have been thwarted, we’ll explore its capabilities. To conclude, we’ll present heuristic methods that can generically both detect and prevent WindTape, as well as other advanced macOS threats.
#patrickwardle#EN#2022#WINDSHIFT#APT#macOS
·speakerdeck.com·
Unmasking WindTape - Speaker Deck
How we handled a recent phishing incident that targeted Dropbox
How we handled a recent phishing incident that targeted Dropbox
We were recently the target of a phishing campaign that successfully accessed some of the code we store in GitHub. No one’s content, passwords, or payment information was accessed, and the issue was quickly resolved. Our core apps and infrastructure were also unaffected, as access to this code is even more limited and strictly controlled. We believe the risk to customers is minimal. Because we take our commitment to security, privacy, and transparency seriously, we have notified those affected and are sharing more here.
#dropbox#EN#2022#incident#phishing#GitHub
·dropbox.tech·
How we handled a recent phishing incident that targeted Dropbox
Fodcha Is Coming Back, Raising A Wave of Ransom DDoS
Fodcha Is Coming Back, Raising A Wave of Ransom DDoS
Background On April 13, 2022, 360Netlab first disclosed the Fodcha botnet. After our article was published, Fodcha suffered a crackdown from the relevant authorities, and its authors quickly responded by leaving "Netlab pls leave me alone I surrender" in an updated sample.No surprise, Fodcha's authors didn't really stop updating after the fraudulent surrender, and soon a new version was released. In the new version, the authors of Fodcha redesigned the communication protocol and started to us
#netlab360#EN#2022#Fodcha#botnet#DDoS
·blog.netlab.360.com·
Fodcha Is Coming Back, Raising A Wave of Ransom DDoS
What is ransomware-as-a-service and how is it evolving?
What is ransomware-as-a-service and how is it evolving?
Ransomware attacks are becoming more frequent and costlier—breaches caused by ransomware grew 41 percent in the last year, the average cost of a destructive attack rising to $5.12 milllion. What’s more, a good chunk of the cyber criminals doing these attacks operate on a ransomware-as-a-service (RaaS) model.
#malwarebytes#EN#2022#ransomware-as-a-service#RaaS
·malwarebytes.com·
What is ransomware-as-a-service and how is it evolving?
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread.
#microsoft#EN#2022#Raspberry-Robin#malware#ecosystem#FakeUpdates#DEV-0651
·microsoft.com·
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri
SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri
Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets. This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone.
#rambo.codes#EN#2022#iOS#bug#Siri#SiriSpy#Bluetooth#AirPods#privacy
·rambo.codes·
SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri
Pro-PRC DRAGONBRIDGE Influence Campaign Leverages New TTPs to Aggressively Target U.S. Interests, Including Midterm Elections
Pro-PRC DRAGONBRIDGE Influence Campaign Leverages New TTPs to Aggressively Target U.S. Interests, Including Midterm Elections
Mandiant has recently observed DRAGONBRIDGE, an influence campaign we assess with high confidence to be operating in support of the political interests of the People’s Republic of China (PRC), aggressively targeting the United States by seeking to sow division both between the U.S. and its allies and within the U.S. political system itself. Recent narratives include: * Claims that the China-nexus threat group APT41 is instead a U.S. government-backed actor. * Aggressive attempts to discredit the U.S. democratic process, including attempts to discourage Americans from voting in the 2022 U.S. midterm elections. * Allegations that the U.S. was responsible for the Nord Stream gas pipeline explosions.
#Mendiant#2022#EN#PRC#China#US#DRAGONBRIDGE#Campaign#Influence#TTPs#Midterm
·mandiant.com·
Pro-PRC DRAGONBRIDGE Influence Campaign Leverages New TTPs to Aggressively Target U.S. Interests, Including Midterm Elections
Stranger Strings: An exploitable flaw in SQLite
Stranger Strings: An exploitable flaw in SQLite
Trail of Bits is publicly disclosing CVE-2022-35737, which affects applications that use the SQLite library API. CVE-2022-35737 was introduced in SQLite version 1.0.12 (released on October 17, 2000) and fixed in release 3.39.2 (released on July 21, 2022). CVE-2022-35737 is exploitable on 64-bit systems, and exploitability depends on how the program is compiled; arbitrary code execution is confirmed when the library is compiled without stack canaries, but unconfirmed when stack canaries are present, and denial-of-service is confirmed in all cases.
#trailofbits#EN#2022#CVE-2022-35737#SQLite
·blog.trailofbits.com·
Stranger Strings: An exploitable flaw in SQLite
Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries
Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries
Threat actor RomCom RAT is now targeting Ukrainian military institutions. Known to deploy spoofed versions of popular software Advanced IP Scanner, once exposed, RomCom RAT switched to PDF Filler, another popular application, which indicates the group behind it is actively developing new capabilities.
#blackberry#EN#2022#Research#Unattributed#RomCom#Advanced-IP-Scanner#RAT
·blogs.blackberry.com·
Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries
SHA-3 Buffer Overflow
SHA-3 Buffer Overflow
Over the past few months, I’ve been coordinating the disclosure of a new vulnerability that I’ve found. Today is the disclosure date, so I am excited that I can finally talk about what I’ve been working on! The vulnerability has been assigned CVE-2022-37454 and bug reports are available for Python, PHP, PyPy, SHA3 for Ruby, and XKCP.
#mouha.be#EN#2022#CVE-2022-37454#SHA-3#Buffer-Overflow#vulnerability#XKCP
·mouha.be·
SHA-3 Buffer Overflow
“Dormant Colors”: Live Campaign With Over 1M Data Stealing Extensions Installed
“Dormant Colors”: Live Campaign With Over 1M Data Stealing Extensions Installed
The “Dormant Colors” is yet another vast campaign of malicious extensions with millions of active installations worldwide, this time with a color-related theme and full of deception all through the chain. It starts with the trickery malvertising campaign, continues with a crafty novel way to side-load the real malicious code without anyone noticing (until now!), and finally with stealing not only your searches and browsing data, but also affiliation to 10,000 targeted sites — a capability that is easily leveraged for targeted spear phishing, account takeover and credential extraction — all using this powerful network of millions of infected computers worldwide!
#guardiosecurity#EN#2022#Campaign#Data#Stealing#malicious#Extensions#browser#Chrome#Edge
·guardiosecurity.medium.com·
“Dormant Colors”: Live Campaign With Over 1M Data Stealing Extensions Installed
Mirai, RAR1Ransom, and GuardMiner – Multiple Malware Campaigns Target VMware Vulnerability
Mirai, RAR1Ransom, and GuardMiner – Multiple Malware Campaigns Target VMware Vulnerability
n April, VMware patched a vulnerability CVE-2022-22954. It causes server-side template injection because of the lack of sanitization on parameters “deviceUdid” and “devicetype”. It allows attackers to inject a payload and achieve remote code execution on VMware Workspace ONE Access and Identity Manager. FortiGuard Labs published Threat Signal Report about it and also developed IPS signature in April.
#fortinet#EN#2022#VMware#CVE-2022-22954#vulnerability#Campaigns#deviceUdid#devicetype
·fortinet.com·
Mirai, RAR1Ransom, and GuardMiner – Multiple Malware Campaigns Target VMware Vulnerability