Custom search

Fortinet Vulnerability Exploited To Deploy RMM tools And PowerShell Backdoors

Threat actors have been discovered to be exploiting a Fortinet Forticlient EMS vulnerability for installing unauthorized RMM tools and

Bleeping Computer

New Latrodectus malware replaces IcedID in network breaches

A relatively new malware called Latrodectus is believed to be an evolution of the IcedID loader, seen in malicious email campaigns since November 2023.

The Hacker News

Mispadu Trojan Targets Europe, Thousands of Credentials Compromised

Banking trojan Mispadu expands from Latin America, now targets users in Italy, Poland & Sweden. Finance, automotive, legal & commercial entities at ri

Cyber Security News

Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)

This weekly cybersecurity news recap keeps you informed about the latest threats, exposures, mitigation techniques, and emerging malicious tactics that could compromise systems.

Cyber Security News

Hackers Using Weaponized PDF Files to Deliver Mispadu Banking Malware

Mispadu, a banking trojan targeting Latin America, attacks Europe, stealing credentials through phishing emails and malicious URLs.

Security Affairs

Iran-Linked APT TA450 embeds malicious links in PDF attachments

In recent campaigns, Iran-linked APT group MuddyWater used a legitimate Remote Monitoring and Management (RMM) solution called Atera.

The Hacker News

Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks

Iran-linked hackers, MuddyWater, launch new phishing attacks against Israeli organizations.

Trend Micro

TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types

CVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems.

Security Affairs

“gitgub” campaign targets Github users with RisePro info-stealer

Cybersecurity researchers discovered multiple GitHub repositories hosting cracked software that are used to drop the RisePro info-stealer.

Security Affairs

Recent DarkGate campaign exploited Microsoft Windows zero-day

Researchers recently uncovered a DarkGate campaign in mid-January 2024, which exploited Microsoft zero-day vulnerability

DarkReading

Windows SmartScreen Bypass Flaw Exploited to Drop DarkGate RAT

Attackers use Google redirects in their phishing attack leveraging a now-patched vulnerability that aims to spread the multifaceted malware.

The Hacker News

DarkGate Malware Exploits Recently Patched Microsoft Flaw in Zero-Day Attack

A new DarkGate malware campaign uses a recently patched #MicrosoftWindows flaw (CVE-2024-21412) to deploy malicious software via bogus installers.

Bleeping Computer

Hackers abuse Windows SmartScreen flaw to drop DarkGate malware

A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers.

Bleeping Computer

Hackers exploit Windows SmartScreen flaw to drop DarkGate malware

A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers.

Trend Micro

CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign

In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.

HACKRead

New CHAVECLOAK Banking Trojan Targets Brazilians via Malicious PDFs

Watch out for the new CHAVECLOAK banking Trojan as it spreads its infection through SMS phishing, phishing emails, and hacked websites.

The Hacker News

Banking Trojans Target Latin America and Europe Through Google Cloud Run

Cybersecurity experts uncover a surge in phishing attacks using Google Cloud Run to distribute banking malware across LATAM and Europe.

HACKRead

Russian Ministry Software Backdoored with North Korean KONNI Malware

Discover the latest cybersecurity revelation: KONNI malware, linked to North Korea, targets the Russian Ministry of Foreign Affairs.

Cyber Security News

Hackers Heavily Abusing Google Cloud Run to Deliver Banking Malware

Large-scale malware distribution campaigns are abusing Google Cloud Run to transmit banking trojans, including Astaroth.

The Hacker News

Russian Government Software Backdoored to Deploy Konni RAT Malware

Russian government software compromised in suspected North Korean cyberattack. Konni RAT backdoor discovered in Ministry of Foreign Affairs tool.

CyberNews

Even adult toys want your personal information: don’t plug them into a USB

Hackers are always trying new methods to deliver information stealers that extract information about crypto wallets and credentials.

Bleeping Computer

Hackers abuse Google Cloud Run in massive banking trojan campaign

Security researchers are warning of hackers abusing the Google Cloud Run service to distribute massive volumes of banking trojans like Astaroth, Mekotio, and Ousaban.

Trend Micro

Earth Preta Campaign Uses DOPLUGS to Target Asia

In this blog entry, we focus on Earth Preta's campaign that employed a variant of the DOPLUGS malware to target Asian countries.

Bleeping Computer

New Qbot malware variant uses fake Adobe installer popup for evasion

The developer of Qakbot malware, or someone with access to the source code, seems to be experimenting with new builds as fresh samples have been observed in email campaigns since mid-December.

Cyber Security News

Water Hydra Group Exploits Microsoft Defender SmartScreen Zero-Day Flaw

Threat actors exploit Microsoft Defender SmartScreen zero-day flaws to circumvent the security mechanisms designed to protect users.

The Hacker News

Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses

Bumblebee, QakBot, Zloader, & PikaBot are back, sneakier than ever. Don't trust those shady emails or downloads.

The Hacker News

Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days

Microsoft's latest Patch Tuesday tackles 73 vulnerabilities, including actively exploited zero-days.

Cyber Security News

Coyote Malware Leverage NodeJS to Attack Users of 60+ Bank Users

Cybersecurity analysts at Kaspersky Labs recently discovered Coyote malware that leverages the NodeJS to attack users of more than 60 banks.

Krebs on Security

Fat Patch Tuesday, February 2024 Edition

Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks.

Trend Micro

CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day

The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.

DarkReading

'Coyote' Malware Begins Its Hunt, Preying on 61 Banking Apps

Brazil, the world's center for banking Trojan malware, has produced one of its most advanced tools yet. And as history shows, Coyote may soon expand its territory.

SecurityWeek

Cybersecurity M&A Roundup: 34 Deals Announced in January 2024

Thirty-four cybersecurity-related merger and acquisition (M&A) deals were announced in January 2024.

The Hacker News

DirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and Cryptojacking

Over 2,000 Ukrainian computers infected with DirtyMoe malware: This malware is capable of stealing cryptocurrency and launching denial-of-service atta

Security Affairs

PurpleFox malware infected at least 2,000 computers in Ukraine

The CERT-UA reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country.

Bleeping Computer

PurpleFox malware infects thousands of computers in Ukraine

The Computer Emergency Response Team in Ukraine (CERT-UA) is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country.

Bleeping Computer

PurpleFox malware infected thousands of systems in Ukraine

The Computer Emergency Response Team in Ukraine (CERT-UA) is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country.

The Hacker News

AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks

Mexican banks under attack! Spear-phishing campaign using modified AllaKore RAT targets large companies.

The Cyber Express

A Covert Cyberattack: MetaStealer Malware Targets US Asylum Seekers

Cyble Research and Intelligence Labs (CRIL) has identified an ongoing campaign targeting individuals seeking asylum in the United States through

HACKRead

The Fake Fix: New Chae$ 4.1 Malware Hides in Driver Downloads

The original Chae$ malware was identified in September 2023, and its latest version, dubbed Chae$ 4.1, employs advanced code polymorphism to bypass antivirus detection.

Infosecurity News

TA866 Resurfaces in Targeted OneDrive Campaign

Proofpoint said it thwarted a large-scale campaign on January 11 primarily targeting North America

DarkReading

'Chaes' Infostealer Code Contains Hidden Threat Hunter Love Notes

Analysis of the infostealer malware version 4.1 includes hidden ASCII art and a shout-out thanking cybersecurity researchers.

Cyber Security News

Top 10 Vulnerabilities That Were Exploited the Most In 2023

Some of the vulnerabilities were added to the CISA’s Known Exploited Vulnerabilities catalog marking them as extremely important to patch.

DarkReading

Qakbot Sightings Confirm Law Enforcement Takedown Was Only a Setback

Microsoft and several others have reported seeing the noxious malware surfacing again in a campaign targeting the hospitality industry.

The Hacker News

New Malvertising Campaign Distributing PikaBot Disguised as Popular Software

PikaBot, a dangerous loader, is spreading via malvertising campaigns targeting users searching for legit software like AnyDesk

Cyber Security News

PikaBot Attacking Windows Machine via Malicious Search Ads

At the forefront of this digital onslaught is the insidious PikaBot, a malware variant that ingeniously exploits the expansive reach of Google Ads.

Infosecurity News

Qakbot’s Low-Volume Resurgence Targets Hospitality

Researchers observed malicious files advancing through email, PDF, URL and MSI

Security Affairs

Qakbot is back and targets the Hospitality industry

Experts warn of a new phishing campaign distributing the QakBot malware, months after law enforcement dismantled its infrastructure.

The Hacker News

QakBot Malware Resurfaces with New Tactics, Targeting the Hospitality Industry

QakBot malware returns, using sneaky phishing emails masquerading as IRS employees.

Bleeping Computer

WordPress hosting service Kinsta targeted by Google phishing ads

WordPress hosting provider Kinsta is warning customers that Google ads have been observed promoting phishing sites to steal hosting credentials.

Bleeping Computer

Qbot malware returns in campaign targeting hospitality industry

The QakBot malware is once again being distributed in phishing campaigns after the botnet was disrupted by law enforcement over the summer.

The Hacker News

Researchers Unveal GuLoader Malware's Latest Anti-Analysis Techniques

Threat hunters have discovered new tactics used by the GuLoader malware to evade analysis.

SecurityWeek

Many Consumer, Enterprise Devices Exposed to Attacks via Malicious UEFI Logo Images

LogoFAIL is an UEFI image parser attack allowing hackers to compromise consumer and enterprise devices using malicious logo images.

Cyber Security News

IBM QRadar SIEM Bug Let Remote Attacker Trigger DoS

Multiple vulnerabilities have been found in IBM QRadar Wincollect which were associated with Denial of service that could allow a threat.

Trend Micro

Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing

The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.

Cyber Security News

Hackers Trick Windows Users With Malicious Ads to Deliver Malware

Cybersecurity researchers at Malwarebytes recently identified a malicious campaign that mimics the WindowsReport.com portal.

Bleeping Computer

Google ads push malicious CPU-Z app from fake Windows news site

A threat actor has been abusing Google Ads to distribute a trojanized version of the CPU-Z tool to deliver the Redline info-stealing malware.

The Hacker News

New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers

Malicious sites posing as legit Windows news portals spotted distributing malware disguised as CPU-Z.

Cyber Security News

HelloKitty Ransomware Exploiting Apache ActiveMQ Flaw

The recently disclosed Apache ActiveMQ remote code execution (RCE) flaw, CVE-2023-46604 is being exploited to spread ransomware.

Bleeping Computer

HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks

A remote code execution (RCE) flaw impacting Apache ActiveMQ has been under active exploitation by threat actors who use HelloKitty ransomware payloads.

The Hacker News

HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability

Cybersecurity experts uncover a critical flaw in Apache ActiveMQ. Hackers exploit it for ransomware attacks.

Infosecurity News

DarkGate Malware Campaigns Linked to Vietnam-Based Cybercriminals

WithSecure has found strong indicators that DarkGate attacks are being perpetrated by attackers also using the Ducktail infostealer

Bleeping Computer

Fake KeePass site uses Google Ads and Punycode to push malware

A Google Ads campaign was found pushing a fake KeePass download site that used Punycode to appear as the official domain of the KeePass password manager to distribute malware.

Trend Micro

Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant

Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.

Cyber Security News

Wireshark 4.0.10 Released: What’s New!

Wireshark has been the most widely used open-source Network protocol analyzing tool for several purposes, including troubleshooting, analysis.

Latest Hacking News

Hackers Meddle With Bing Chat Ads To Promote Malicious Links

Researchers have discovered a new phishing campaign that exploits Microsoft’s Bing Chat to promote malicious URLs. The campaign involves creating malicious ads via legit ads businesses to rank higher and appear in Bing Chat responses

Bleeping Computer

Bing Chat responses infiltrated by ads pushing malware

Malicious advertisements are now being injected into Microsoft's AI-powered Bing Chat responses, promoting fake download sites that distribute malware.

The DFIR Report

From ScreenConnect to Hive Ransomware in 61 hours - The DFIR Report

In 2022, The DFIR Report observed an increase in the adversarial usage of Remote Management and Monitoring (RMM) tools. When compared to post-exploitation channels that heavily rely on terminals, such … Read More

Latest Hacking News

Hackers Target Azerbaijan Users With A Novel Rust Malware

Researchers have caught a new malware campaign in the wild that deploys a novel Rust-based malware to Azerbaijan targets. While not linked to a known threat actor group, the campaign still includes some false flags,

The Hacker News

Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign

Researchers warn of a new sophisticated campaign, Operation Rusty Flag, deploying Rust-based malware in Azerbaijan.

Bleeping Computer

Fake Cisco Webex Google Ads abuse tracking templates to push malware

Threat actors use Google Ads tracking templates as a loophole to create convincing Webex software search ads that redirect users to websites that distribute the BatLoader malware.

Bleeping Computer

Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws

Today is Microsoft's September 2023 Patch Tuesday, with security updates for 59 flaws, including two actively exploited zero-day vulnerabilities.

Bleeping Computer

MSI BIOS updates fix Windows unsupported processor BSOD bug

MSI has released BIOS updates to fix a known issue that triggers blue screens of death on Windows computers after installing August 2023 preview updates.

Bleeping Computer

Chaes malware now uses Google Chrome DevTools Protocol to steal data

The Chaes malware has returned as a new, more advanced variant that includes a custom implementation of the Google DevTools protocol for direct access to the victim's browser functions, allowing it to steal data using WebSockets.

The Hacker News

New Python Variant of Chaes Malware Targets Banking and Logistics Industries

Chaes malware leveled up by switching to Python, refining communication, and slipping through defenses.

The Hacker News

Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus

Hackers are now using a sneaky "MalDoc in PDF" technique to hide malicious Word files within PDFs.

Cyber Security News

Threat and Vulnerability Roundup for the week of August 27th to September 2nd

The latest attack techniques, significant weaknesses, and exploits have all been highlighted. We also provide the most latest software upgrades available to keep your devices secure.

The Hacker News

DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates

New malspam campaign uses DarkGate malware to steal data, mine cryptocurrency, and evade detection.

Bleeping Computer

MalDoc in PDFs: Hiding malicious Word docs in PDF files

Japan's computer emergency response team (JPCERT) is sharing a new 'MalDoc in PDF' attack detected in July 2023 that bypasses detection by embedding malicious Word files into PDFs.

Bleeping Computer

Microsoft blames ‘unsupported processor’ blue screens on OEM vendors

Microsoft says the recent wave of blue screens impacting some Windows users is not caused by issues in its August 2023 optional updates.

Bleeping Computer

MSI: Recent wave of Windows blue screens linked to MSI motherboards

MSI has officially confirmed the recent surge of blue screens of death (BSODs) encountered by Windows users after installing this week's optional preview updates is linked to some of its motherboard models.

DarkReading

Attackers Dangle AI-Based Facebook Ad Lures to Hijack Business Accounts

The offending ads and pages leveraged interest in AI to spread a malicious credential-stealing browser extension.

Trend Micro

Profile Stealers Spread via LLM-themed Facebook Ads

In this entry, we discuss how a threat actor abuses paid Facebook promotions featuring LLMs to spread malicious code, with the goal of installing a malicious browser add-on and stealing victims’ credentials.

Infosecurity News

Deceptive AI Bots Spread Malware, Raise Security Concerns

ESET said Facebook promoted the download of what seemed to be Google’s Bard AI tool

Bleeping Computer

Rhysida ransomware behind recent attacks on healthcare

The Rhysida ransomware as a service (RaaS) operation that emerged in May 2023 is gradually leaving the period of obscurity behind, as a recent wave of attacks on healthcare organizations has forced government agencies and cybersecurity companies to pay closer attention to its operations.

Trend Micro

An Overview of the New Rhysida Ransomware

In this blog entry, we will provide details on Rhysida, including its targets and what we know about its infection chain.

Trend Micro

Latest Batloader Campaigns Use Pyarmor Pro for Evasion

In June 2023, Trend Micro observed an upgrade to the evasion techniques used by the Batloader initial access malware, which we’ve covered in previous blog entries.

Cyber Security News

Weekly Roundup of Threat and Vulnerability from July 23rd to 29th

This week's Threat and Vulnerability Roundup is here! We at Cyber Writes take pride in delivering a weekly roundup of the most up-to-date cybersecurity news.

Cyber Security News

Hackers Distribute PurpleFox Malware Using Vulnerable MS-SQL Servers

The purple fox malware has been active since 2018, adopting a new technique to deliver its payload through MS SQL servers.

The Hacker News

Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks

Zero-day vulnerabilities found in Atera remote monitoring software's Windows Installers can lead to privilege escalation attacks

Latest Hacking News