Archive for the ‘Malware’ Category

Google OAuth client library flaw allowed to deploy of malicious payloads

Google addressed a high-severity flaw in its OAuth client library for Java that could allow attackers with a compromised token to deploy malicious payloads. Google addressed a high-severity authentication bypass flaw in Google OAuth Client Library for Java, tracked as CVE-2021-22573 (CVS Score 8.7), that could be exploited by an attacker with a compromised token to deploy […]

Leave a Comment

Microsoft warns of the rise of cryware targeting hot wallets

Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns of the rise of cryware, malicious software used to steal info an dfunds from non-custodial cryptocurrency wallets, also known as hot wallets. Data stolen from this kind of malware includes private keys, seed phrases, and […]

Leave a Comment

New Nerbian RAT spreads via malspam campaigns using COVID-19

Researchers spotted a new remote access trojan, named Nerbian RAT, which implements sophisticated evasion and anti-analysis techniques. Researchers from Proofpoint discovered a new remote access trojan called Nerbian RAT that implements sophisticated anti-analysis and anti-reversing capabilities. The malware spreads via malspam campaigns using COVID-19 and World Health Organization (WHO) themes. The name of the RAT […]

Leave a Comment

CERT-UA warns of malspam attacks distributing the Jester info stealer

The Computer Emergency Response Team of Ukraine (CERT-UA) warns of attacks spreading info-stealing malware Jester Stealer. The Computer Emergency Response Team of Ukraine (CERT-UA) has detected malspam campaigns aimed at spreading an info-stealer called Jester Stealer. The malicious messages spotted by the Ukrainian CERT have the subject line “chemical attack” and contain a link to a […]

Leave a Comment

Vulnerable Docker Installations Are A Playhouse for Malware Attacks

Uptycs researchers identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API. The Uptycs Threat Research team has identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API port 2375. The attacks are related to crypto miners and reverse shells on the vulnerable servers using base64-encoded commands in the cmdline, built […]

Leave a Comment

Nation-state Hackers Target Journalists with Goldbackdoor Malware

A campaign by APT37 used a sophisticated malware to steal information about sources , which appears to be a successor to Bluelight. Sophisticated hackers believed to be tied to the North Korean government are actively targeting journalists with novel malware dubbed Goldbackdoor. Attacks have consisted of multistage infection campaign with the ultimate goal of stealing […]

Leave a Comment

China-linked Hafnium APT leverages Tarrask malware to gain persistence

China-linked Hafnium APT group started using a new piece of new malware to gain persistence on compromised Windows systems. The China-backed Hafnium cyberespionage group is likely behind a piece of a new malware, dubbed Tarrask, that’s used to maintain persistence on compromised Windows systems, reported Microsoft Threat Intelligence Center (MSTIC) experts. HAFNIUM primarily targets entities in the United States […]

Leave a Comment

macOS Malware of Chinese Hackers Storm Cloud Exposed

The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics

Leave a Comment

Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing

The CERT of Ukraine (CERT-UA) warned of a spear-phishing campaign targeting Ukrainian armed forces personnel. The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of an ongoing spear-phishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel. The Ukrainian agency attributes the campaign to the Belarus-linked cyberespionage group tracked as UNC1151. In mid-January, […]

Leave a Comment

Microsoft Safety Scanner

Microsoft Safety Scanner is a scan tool designed to find and remove malware from Windows computers. Simply download it and run a scan to find malware and try to reverse changes made by identified threats. Download Microsoft Safety Scanner (32-bit) Download Microsoft Safety Scanner (64-bit)  Note Starting November 2019, Safety Scanner will be SHA-2 signed […]

Leave a Comment

Microsoft: Data-wiping malware disguised as ransomware targets Ukraine again

Microsoft said today that it has observed a destructive attack taking place in Ukraine where a malware strain has wiped infected computers and then tried to pass as a ransomware attack, but without providing a ransomware payment and recovery mechanism. “At present and based on Microsoft visibility, our investigation teams have identified the malware on […]

Leave a Comment

Threat actors can bypass malware detection due to Microsoft Defender weakness

A weakness in the Microsoft Defender antivirus can allow attackers to retrieve information to use to avoid detection. Threat actors can leverage a weakness in Microsoft Defender antivirus to determine in which folders plant malware to avoid the AV scanning. Microsoft Defender allows users to exclude locations on their machines that should be excluded from […]

Leave a Comment

Wormable Windows HTTP hole – what you need to know

Yesterday was the first Patch Tuesday of 2022, with more than 100 security bugs fixed. We wrote up an overview of the updates, as we do every month, over on our sister site news.sophos.com: First Patch Tuesday of 2022 repairs 102 bugs. For better or for worse, one update has caught the media’s attention more than any […]

Leave a Comment

Researchers used electromagnetic signals to classify malware infecting IoT devices

A team of academics (Duy-Phuc Pham, Damien Marion, Matthieu Mastio and Annelie Heuser) from the Research Institute of Computer Science and Random Systems (IRISA) have devised a new approach that analyzes electromagnetic field emanations from the Internet of Things (IoT) devices to detect highly evasive malware. The team of experts presented their technique at the […]

Leave a Comment

How to implant a malware in hidden area of SSDs with Flex Capacity feature

Researchers devised a series of attacks against SSDs that could allow to implant malware in a location that is not monitored by security solutions. Korean researchers devised a series of attacks against solid-state drives (SSDs) that could allow to implant malware in specific memory locations bypassing security solutions. The attacks work against drives with flex […]

Leave a Comment

Experts warn of a new stealthy loader tracked as BLISTER

Security researchers spotted a campaign that is employing a new stealthy malware tracked as BLISTER that targets windows systems. Elastic Security researchers uncovered a malware campaign that leverages a new malware and a stealthy loader tracked as BLISTER, that uses a valid code signing certificate issued by Sectigo to evade detection. BLISTER loads second-stage payloads […]

Leave a Comment

Crooks bypass a Microsoft Office patch for CVE-2021-40444 to spread Formbook malware

Cybercriminals have found a way to bypass the patch for a recent Microsoft Office vulnerability tracked as CVE-2021-40444 (CVSS score of 8.8). The bad news is that threat actors are using it to distribute the Formbook malware. The CVE-2021-40444 is a remote code execution security flaw that affected the MSHTML file format. the security defect can be […]

Leave a Comment

Pegasus: Google reveals how the sophisticated spyware hacked into iPhones without user’s knowledge

Pegasus spyware was allegedly used by governments to spy upon prominent journalists, politicians and activists. A Google blog has revealed how the sophisticated software was used to attack iPhone users. The software used a vulnerability in iMessages to hack into iPhones without the user’s knowledge. The Pegasus spyware, developed by Israel’s NSO group, made headlines for being used by […]

Leave a Comment

VirusTotal Collections allows enhancing the sharing of Indicators of Compromise (IoCs)

VirusTotal announced VirusTotal Collections, a new service that allows security researchers to share sets of Indicators of Compromise (IoCs). VirusTotal announced VirusTotal Collections, a new service that allows threat researchers to share Indicators of Compromise (IoCs). A collection is a live report that includes IoCs associated with a specific threat and it is available for […]

Leave a Comment

The Pegasus project: key takeaways for the corporate world

Forbidden Stories, a Paris-based non-profit organisation that seeks to ensure the freedom of speech of journalists, recently announced that the Pegasus Project surveillance solution by the Israeli NSO Group selected 50,000 phone numbers for surveillance by its customers following a data leak.  The NSO Group has always maintained that the purpose of the Pegasus Project […]

Leave a Comment