Search cyberveille.decio.ch

Found 603 bookmarks

Custom sorting

Destructive Malware Targeting Organizations in Ukraine

Actions to Take Today: • Set antivirus and antimalware programs to conduct regular scans. • Enable strong spam filters to prevent phishing emails from reaching end users. • Filter network traffic. • Update software. • Require multifactor authentication. Leading up to Russia’s unprovoked attack against Ukraine, threat actors deployed destructive malware against organizations in Ukraine to destroy computer systems and render them inoperable.

#uscert #csirt #cert #CISA #EN #2022 #alert #WhisperGate #HermeticWiper #malware

·cisa.gov·Mar 1, 2022

Destructive Malware Targeting Organizations in Ukraine

TrickBot malware operation shuts down, devs move to BazarBackdoor

The TrickBot malware operation has shut down after its core developers move to the Conti ransomware gang to focus development on the stealthy BazarBackdoor and Anchor malware families.

#BazarBackdoor #Conti #Malware #Ransomware #TrickBot #2002 #EN #bleepingcomputer

·bleepingcomputer.com·Feb 26, 2022

TrickBot malware operation shuts down, devs move to BazarBackdoor

Linux-Targeted Malware Increases by 35% in 2021

CrowdStrike has observed that malware targeting Linux-based systems increased by 35% in 2021. XorDDoS, Mirai and Mozi were the most common malware families.

#CrowdStrike #2021 #EN #Linux #XorDDoS #Mirai #Mozi #malware

·crowdstrike.com·Feb 15, 2022

Linux-Targeted Malware Increases by 35% in 2021

Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.

#bleepingcomputer #EN #2024 #Backdoor #Ivanti #Malware #SSRF #Vulnerability #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Feb 13, 2024

Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

New RustDoor macOS malware impersonates Visual Studio update

A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang.

#bleepingcomputer #EN #2024 #ALPHV #Backdoor #BlackCat #Data-Exfiltration #macOS #Malware #Ransomware

·bleepingcomputer.com·Feb 9, 2024

New RustDoor macOS malware impersonates Visual Studio update

Chinese spies hacked Dutch defence network last year - intelligence agencies

Chinese state-backed cyber spies gained access to a Dutch military network last year, Dutch intelligence agencies said on Tuesday, calling it part of a trend of Chinese political espionage against the Netherlands and its allies.

#reuters #EN #2024 #Fortigate #NL #Netherlands #China #malware #spy

·reuters.com·Feb 7, 2024

Chinese spies hacked Dutch defence network last year - intelligence agencies

Chinese hackers infect Dutch armed forces network with malware

A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service (MIVD) of the Netherlands.

#bleepingcomputer #EN #2024 #Army #China #COATHANGER #Cyber-espionage #Defense #Fortigate #Fortinet #Malware #Netherlands

·bleepingcomputer.com·Feb 6, 2024

Chinese hackers infect Dutch armed forces network with malware

DarkGate malware delivered via Microsoft Teams - detection and response

While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector. Most Teams activity is intra-organizational, but Microsoft enables External Access by default, which allows members of one organization to add users outside the organization to their Teams chats. Perhaps predictably, this feature has provided malicious actors a new avenue by which to exploit untrained or unaware users.

#cybersecurity.att.com #EN #2024 #Microsoft #Teams #phishing #malware

·cybersecurity.att.com·Feb 1, 2024

DarkGate malware delivered via Microsoft Teams - detection and response

Evolution of UNC4990: Uncovering USB Malware's Hidden Depths

UNC4990 uses USB devices for initial infection, and is likely motivated by financial gain.

#mandiant #EN #2024 #UNC4990 #USB #malware

·mandiant.com·Jan 31, 2024

Evolution of UNC4990: Uncovering USB Malware's Hidden Depths

New Go-based Malware Loader Discovered I Arctic Wolf

Arctic Wolf Labs has discovered, based on recent intrusion observations, a new Go-based malware loader named CherryLoader

#arcticwolf #EN #2024 #Go-based #Malware #Loader #analysis #CherryLoader

·arcticwolf.com·Jan 29, 2024

New Go-based Malware Loader Discovered I Arctic Wolf

Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines

Malicious code hiding in seemingly innocent PyPI packages steals your passwords, crypto & more #attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability

#hacking #attacks #information #network #data #to #updates #malware #cyber #today #news #ransomware #breach #security #software #hack #the #hacker #how #computer #vulnerability

·thehackernews.com·Jan 29, 2024

Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines

Info Stealing Packages Hidden in PyPI

An info-stealing PyPI malware author was identified discreetly uploading malicious packages.

#FortiGuard-Labs-Threat-Research #fortinet #2024 #EN #PyPI #malware #Supply-chain-attack

·fortinet.com·Jan 23, 2024

Info Stealing Packages Hidden in PyPI

A backdoor with a cryptowallet stealer inside cracked macOS software

We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware.

#securelist #EN #2024 #Apple #MacOS #Backdoor #Cryptocurrencies #DNS #Malware #Malware-Descriptions #Malware-Technologies #Trojan #Trojan-stealer

·securelist.com·Jan 22, 2024

A backdoor with a cryptowallet stealer inside cracked macOS software

Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability

Over 7,100 WordPress sites have been hit by the 'Balada Injector' malware, which exploits sites using a vulnerable version of the Popup Builder plugin

#thehackernews #2024 #EN #Balada #WP #plugin #WordPress #malware #Injector #infected

·thehackernews.com·Jan 20, 2024

Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability

Jamf Threat Labs Discovers Pirated macOS Apps Similar to ZuRu Malware

Jamf Threat Labs discovers new pirated macOS applications that establish communication with attacker infrastructure, allowing the victim's computer to be controlled by the attacker.

#jamf #EN #2024 #macOS #Malware #pirated #applications

·jamf.com·Jan 19, 2024

Jamf Threat Labs Discovers Pirated macOS Apps Similar to ZuRu Malware

MacOS info-stealers quickly evolve to evade XProtect detection

Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently.

#bleepingcomputer #EN #2024 #Information #Malware #Security #Apple #Evasion #Stealer #Info #XProtect #InfoSec #Computer #macOS

·bleepingcomputer.com·Jan 17, 2024

MacOS info-stealers quickly evolve to evade XProtect detection

iShutdown scripts can help detect iOS spyware on your iPhone

Security researchers found that infections with high-profile spyware Pegasus, Reign, and Predator could be discovered on compromised Apple mobile devices by checking Shutdown.log, a system log file that stores reboot events. #Apple #Computer #InfoSec #Logging #Malware #Pegasus #Security #Spyware #iOS #iPhone

#Spyware #iPhone #Malware #Security #Apple #iOS #Pegasus #InfoSec #Logging #Computer

·bleepingcomputer.com·Jan 17, 2024

iShutdown scripts can help detect iOS spyware on your iPhone

Analyzing DPRK's SpectralBlur

In both his twitter (err, X) thread and in a subsequent posting he provided a comprehensive background and triage of the malware dubbed SpectralBlur. In terms of its capabilities he noted: SpectralBlur is a moderately capable backdoor, that can upload/download files, run a shell, update its configuration, delete files, hibernate or sleep, based on commands issued from the C2. -Greg He also pointed out similarities to/overlaps with the DPRK malware known as KandyKorn (that we covered in our “Mac Malware of 2024” report), while also pointing out there was differences, leading him to conclude: We can see some similarities ... to the KandyKorn. But these feel like families developed by different folks with the same sort of requirements. -Greg

#objective-see #EN #2024 #Analysis #macOS #backdoor #SpectralBlur #malware

·objective-see.org·Jan 5, 2024

Analyzing DPRK's SpectralBlur

Objective-See's Blog

A comprehensive analysis of the year's new malware

#objective-see #EN #2024 #retrospective #macos #malware #year #analysis

·objective-see.org·Jan 2, 2024

Objective-See's Blog

Steam game mod breached to push password-stealing malware

Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system.

#bleepingcomputer #Epsilon-Stealer #Game-Mod #Information-Stealer #Malware #Slay-the-Spire #Slay-the-Spire-Downfall #Steam

·bleepingcomputer.com·Dec 30, 2023

Steam game mod breached to push password-stealing malware

Microsoft disables MSIX protocol handler abused in malware attacks

Microsoft has again disabled the MSIX ms-appinstaller protocol handler after multiple financially motivated threat groups abused it to infect Windows users with malware.

#bleepingcomputer #EN #2023 #App-Installer #Malware #Windows #Microsoft #MSIX #CVE-2021-43890

·bleepingcomputer.com·Dec 28, 2023

Microsoft disables MSIX protocol handler abused in malware attacks

Operation Triangulation: The last (hardware) mystery

Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.

#securelist #EN #2023 #Apple #Malware #Reverse-engineering #Targeted-attacks #Triangulation #0-days #iPhone

·securelist.com·Dec 27, 2023

Operation Triangulation: The last (hardware) mystery

Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware

Beware of phishing emails with invoice-themed attachments! Attackers are using an old Office vulnerability (CVE-2017-11882) to spread the Agent Tesla

#thehackernews #EN #2023 #malware #Agent-Tesla #CVE-2017-11882 #phishing #email #MSExcel #Excel #vulnerability

·thehackernews.com·Dec 21, 2023

Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware

Qakbot's Back, But Don't Y'all Panic: A Southern Tech Talk

Qakbot, a versatile malware threat, returned after a takedown in August. The new campaign targets the hospitality industry with IRS-themed phishing emails containing malicious PDFs. Microsoft identified the attack, offering two IP addresses for blocking and a way to detect the malware's digital signature.

#itssecurityyall #EN #2023 #Qakbot #return #malware #hospitality #IRS-themed

·itssecurityyall.substack.com·Dec 20, 2023

Qakbot's Back, But Don't Y'all Panic: A Southern Tech Talk

Web injections are back on the rise: 40+ banks affected by new malware campaign

DanaBot is a sophisticated banking trojan targeting financial institutions and their customers. Now, a new global campaign has put more users at risk.

#securityintelligence #EN #2023 #DanaBot #banking #trojan #malware

·securityintelligence.com·Dec 20, 2023

Web injections are back on the rise: 40+ banks affected by new malware campaign

Accidentally Crashing a Botnet

As part of our research into the cryptomining botnet kmsdbot, we rendered it useless.

#akamai #EN #2022 #Security-Research #Research #Bot-Attacks #DDOS #Cyber-Security #Kmsdbot #botnet #SIRT #cryptomining #crash #malware

·akamai.com·Jan 15, 2023

Accidentally Crashing a Botnet

Shc Linux Malware Installing CoinMiner

The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl.

#asec #2023 #EN #Shell #Script #Compiler #analysis #Linux #Malware #CoinMiner #Shc

·asec.ahnlab.com·Jan 4, 2023

Shc Linux Malware Installing CoinMiner

Microsoft links Raspberry Robin malware to Evil Corp attacks

Microsoft has discovered that an access broker it tracks as DEV-0206 uses the Raspberry Robin Windows worm to deploy a malware downloader on networks where it also found evidence of malicious activity matching Evil Corp tactics.