Search cyberveille.decio.ch

Found 581 bookmarks

Custom sorting

Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild

Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]

#avast #EN #2022 #Rootkit #Linux #Syslogk #malware #Adore-Ng

·decoded.avast.io·Jun 14, 2022

Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild

Gimmick MacOS Malware Spreads Through Customized Files, Enables MacOS CodeSign Bypass - CloudSEK

We discovered that Gimmick MacOS malware communicates only through their C2 server hosted on Google Drive. The malware was discovered in the first week of May and it has been actively targeting macOS devices

#Cloudsek #EN #2022 #malware #macOS #Gimmick #C2

·cloudsek.com·May 27, 2022

Gimmick MacOS Malware Spreads Through Customized Files, Enables MacOS CodeSign Bypass - CloudSEK

Researchers devise iPhone malware that runs even when device is turned off

Research is largely theoretical but exposes an overlooked security issue.

#arstechnica #EN #2022 #iPhone #study #malware #Bluetooth #Darmstadt #university

·arstechnica.com·May 18, 2022

Researchers devise iPhone malware that runs even when device is turned off

A closer look at Eternity Malware

In this analysis, Cyble looks at the Eternity Malware suite, listing a wide variety of malware for sale on Telegram.

#Cyble #2022 #EN #Eternity #Malware #Telegram #analysis

·blog.cyble.com·May 16, 2022

A closer look at Eternity Malware

Russia’s Sandworm hackers attempted a third blackout in Ukraine

The attack was the first in five years to use Sandworm's Industroyer malware.

#Sandworm #Industroyer #arstechnica #2022 #EN #cyberwar #Ukraine #blackout #malware #ICS

·arstechnica.com·Apr 13, 2022

Russia’s Sandworm hackers attempted a third blackout in Ukraine

Raccoon Stealer: “Trash panda” abuses Telegram

We recently came across a stealer, called Raccoon Stealer, a name given to it by its author. Raccoon Stealer uses the Telegram infrastructure to store and update actual C&C addresses. Raccoon Stealer is a password stealer capable of stealing not just passwords, but various types of data, including: Cookies, saved logins and forms data from […]

#avast #stealer #EN #2022 #RaccoonStealer #Telegram #research #malware #passwordstealer

·decoded.avast.io·Mar 13, 2022

Raccoon Stealer: “Trash panda” abuses Telegram

Malware now using stolen NVIDIA code signing certificates

Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. This week, NVIDIA confirmed that they suffered a cyberattack that allowed threat actors to steal employee credentials and proprietary data.

#bleepingcomputer #Nvidia #certificates #malware #EN #2022 #code #signing

·bleepingcomputer.com·Mar 6, 2022

Malware now using stolen NVIDIA code signing certificates

Phishing attacks target countries aiding Ukrainian refugees

A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees.

#Belarus #Europe #Ghostwriter #Malware #Phishing #TA445 #Ukraine #UNC1151 #bleepingcomputer #EN #2022 #refugees

·bleepingcomputer.com·Mar 2, 2022

Phishing attacks target countries aiding Ukrainian refugees

Destructive Malware Targeting Organizations in Ukraine

Actions to Take Today: • Set antivirus and antimalware programs to conduct regular scans. • Enable strong spam filters to prevent phishing emails from reaching end users. • Filter network traffic. • Update software. • Require multifactor authentication. Leading up to Russia’s unprovoked attack against Ukraine, threat actors deployed destructive malware against organizations in Ukraine to destroy computer systems and render them inoperable.

#uscert #csirt #cert #CISA #EN #2022 #alert #WhisperGate #HermeticWiper #malware

·cisa.gov·Mar 1, 2022

Destructive Malware Targeting Organizations in Ukraine

TrickBot malware operation shuts down, devs move to BazarBackdoor

The TrickBot malware operation has shut down after its core developers move to the Conti ransomware gang to focus development on the stealthy BazarBackdoor and Anchor malware families.

#BazarBackdoor #Conti #Malware #Ransomware #TrickBot #2002 #EN #bleepingcomputer

·bleepingcomputer.com·Feb 26, 2022

TrickBot malware operation shuts down, devs move to BazarBackdoor

Linux-Targeted Malware Increases by 35% in 2021

CrowdStrike has observed that malware targeting Linux-based systems increased by 35% in 2021. XorDDoS, Mirai and Mozi were the most common malware families.

#CrowdStrike #2021 #EN #Linux #XorDDoS #Mirai #Mozi #malware

·crowdstrike.com·Feb 15, 2022

Linux-Targeted Malware Increases by 35% in 2021

Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.

#bleepingcomputer #EN #2024 #Backdoor #Ivanti #Malware #SSRF #Vulnerability #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Feb 13, 2024

Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

New RustDoor macOS malware impersonates Visual Studio update

A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang.

#bleepingcomputer #EN #2024 #ALPHV #Backdoor #BlackCat #Data-Exfiltration #macOS #Malware #Ransomware

·bleepingcomputer.com·Feb 9, 2024

New RustDoor macOS malware impersonates Visual Studio update

Chinese spies hacked Dutch defence network last year - intelligence agencies

Chinese state-backed cyber spies gained access to a Dutch military network last year, Dutch intelligence agencies said on Tuesday, calling it part of a trend of Chinese political espionage against the Netherlands and its allies.

#reuters #EN #2024 #Fortigate #NL #Netherlands #China #malware #spy

·reuters.com·Feb 7, 2024

Chinese spies hacked Dutch defence network last year - intelligence agencies

Chinese hackers infect Dutch armed forces network with malware

A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service (MIVD) of the Netherlands.

#bleepingcomputer #EN #2024 #Army #China #COATHANGER #Cyber-espionage #Defense #Fortigate #Fortinet #Malware #Netherlands

·bleepingcomputer.com·Feb 6, 2024

Chinese hackers infect Dutch armed forces network with malware

DarkGate malware delivered via Microsoft Teams - detection and response

While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector. Most Teams activity is intra-organizational, but Microsoft enables External Access by default, which allows members of one organization to add users outside the organization to their Teams chats. Perhaps predictably, this feature has provided malicious actors a new avenue by which to exploit untrained or unaware users.

#cybersecurity.att.com #EN #2024 #Microsoft #Teams #phishing #malware

·cybersecurity.att.com·Feb 1, 2024

DarkGate malware delivered via Microsoft Teams - detection and response

Evolution of UNC4990: Uncovering USB Malware's Hidden Depths

UNC4990 uses USB devices for initial infection, and is likely motivated by financial gain.

#mandiant #EN #2024 #UNC4990 #USB #malware

·mandiant.com·Jan 31, 2024

Evolution of UNC4990: Uncovering USB Malware's Hidden Depths

New Go-based Malware Loader Discovered I Arctic Wolf

Arctic Wolf Labs has discovered, based on recent intrusion observations, a new Go-based malware loader named CherryLoader

#arcticwolf #EN #2024 #Go-based #Malware #Loader #analysis #CherryLoader

·arcticwolf.com·Jan 29, 2024

New Go-based Malware Loader Discovered I Arctic Wolf

Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines

Malicious code hiding in seemingly innocent PyPI packages steals your passwords, crypto & more #attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability

#hacking #attacks #information #network #data #to #updates #malware #cyber #today #news #ransomware #breach #security #software #hack #the #hacker #how #computer #vulnerability

·thehackernews.com·Jan 29, 2024

Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines

Info Stealing Packages Hidden in PyPI

An info-stealing PyPI malware author was identified discreetly uploading malicious packages.

#FortiGuard-Labs-Threat-Research #fortinet #2024 #EN #PyPI #malware #Supply-chain-attack

·fortinet.com·Jan 23, 2024

Info Stealing Packages Hidden in PyPI

A backdoor with a cryptowallet stealer inside cracked macOS software

We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware.

#securelist #EN #2024 #Apple #MacOS #Backdoor #Cryptocurrencies #DNS #Malware #Malware-Descriptions #Malware-Technologies #Trojan #Trojan-stealer

·securelist.com·Jan 22, 2024

A backdoor with a cryptowallet stealer inside cracked macOS software

Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability

Over 7,100 WordPress sites have been hit by the 'Balada Injector' malware, which exploits sites using a vulnerable version of the Popup Builder plugin

#thehackernews #2024 #EN #Balada #WP #plugin #WordPress #malware #Injector #infected

·thehackernews.com·Jan 20, 2024

Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability

Jamf Threat Labs Discovers Pirated macOS Apps Similar to ZuRu Malware

Jamf Threat Labs discovers new pirated macOS applications that establish communication with attacker infrastructure, allowing the victim's computer to be controlled by the attacker.

#jamf #EN #2024 #macOS #Malware #pirated #applications

·jamf.com·Jan 19, 2024

Jamf Threat Labs Discovers Pirated macOS Apps Similar to ZuRu Malware

MacOS info-stealers quickly evolve to evade XProtect detection

Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently.

#bleepingcomputer #EN #2024 #Information #Malware #Security #Apple #Evasion #Stealer #Info #XProtect #InfoSec #Computer #macOS

·bleepingcomputer.com·Jan 17, 2024

MacOS info-stealers quickly evolve to evade XProtect detection

iShutdown scripts can help detect iOS spyware on your iPhone

Security researchers found that infections with high-profile spyware Pegasus, Reign, and Predator could be discovered on compromised Apple mobile devices by checking Shutdown.log, a system log file that stores reboot events. #Apple #Computer #InfoSec #Logging #Malware #Pegasus #Security #Spyware #iOS #iPhone

#Spyware #iPhone #Malware #Security #Apple #iOS #Pegasus #InfoSec #Logging #Computer

·bleepingcomputer.com·Jan 17, 2024

iShutdown scripts can help detect iOS spyware on your iPhone

Analyzing DPRK's SpectralBlur

In both his twitter (err, X) thread and in a subsequent posting he provided a comprehensive background and triage of the malware dubbed SpectralBlur. In terms of its capabilities he noted: SpectralBlur is a moderately capable backdoor, that can upload/download files, run a shell, update its configuration, delete files, hibernate or sleep, based on commands issued from the C2. -Greg He also pointed out similarities to/overlaps with the DPRK malware known as KandyKorn (that we covered in our “Mac Malware of 2024” report), while also pointing out there was differences, leading him to conclude: We can see some similarities ... to the KandyKorn. But these feel like families developed by different folks with the same sort of requirements. -Greg

#objective-see #EN #2024 #Analysis #macOS #backdoor #SpectralBlur #malware

·objective-see.org·Jan 5, 2024

Analyzing DPRK's SpectralBlur

Objective-See's Blog

A comprehensive analysis of the year's new malware

#objective-see #EN #2024 #retrospective #macos #malware #year #analysis

·objective-see.org·Jan 2, 2024

Objective-See's Blog

Steam game mod breached to push password-stealing malware

Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system.

#bleepingcomputer #Epsilon-Stealer #Game-Mod #Information-Stealer #Malware #Slay-the-Spire #Slay-the-Spire-Downfall #Steam

·bleepingcomputer.com·Dec 30, 2023

Steam game mod breached to push password-stealing malware

Microsoft disables MSIX protocol handler abused in malware attacks

Microsoft has again disabled the MSIX ms-appinstaller protocol handler after multiple financially motivated threat groups abused it to infect Windows users with malware.

#bleepingcomputer #EN #2023 #App-Installer #Malware #Windows #Microsoft #MSIX #CVE-2021-43890

·bleepingcomputer.com·Dec 28, 2023

Microsoft disables MSIX protocol handler abused in malware attacks

Operation Triangulation: The last (hardware) mystery

Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.

#securelist #EN #2023 #Apple #Malware #Reverse-engineering #Targeted-attacks #Triangulation #0-days #iPhone

·securelist.com·Dec 27, 2023

Operation Triangulation: The last (hardware) mystery