DarkReading
Hackers Posing as Law Firms Phish Global Orgs
Companies trust lawyers with the most sensitive information they've got. Attackers are aiming to exploit that bond to deliver malware.
Security Affairs
IDAT Loader used to infect a Ukraine entity in Finland with Remcos RAT
A new malware campaign is targeting a Ukraine entity in Finland with Remcos RAT distributed via a loader called IDAT Loader.
Cyber Security News
Hackers Use Steganography Methods To Hide Malware In PNG File
Steganography is employed by threat actors to hide malicious payloads in benign files such as pictures or documents.
Cyber Security News
Hackers Poison SEO Results To Deploy Gootloader Malware And Steal RDP Access
Hackers poison the SEO results to manipulate search engine rankings by misdirecting users to malicious sites.
Bleeping Computer
New IDAT loader version uses steganography to push Remcos RAT
A hacking group tracked as 'UAC-0184' was observed utilizing steganographic image files to deliver the Remcos remote access trojan (RAT) onto the systems of a Ukrainian entity operating in Finland.
The Hacker News
New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT
Ukrainian entities in Finland targeted in a malicious campaign distributing Remcos RAT using IDAT Loader.
The DFIR Report
SEO Poisoning to Domain Control: The Gootloader Saga Continues - The DFIR Report
Key Takeaways More information about Gootloader can be found in the following reports: The DFIR Report, GootloaderSites, Mandiant, Red Canary, & Kroll. An audio version of this report can be … Read More
The Hacker News
HijackLoader Evolves: Researchers Decode the Latest Evasion Methods
HijackLoader, a loader malware, has undergone updates to its defense evasion techniques, making it stealthier and more complex.
SC Magazine
New HijackLoader variant evades detection, enhances persistence
Security pros say it almost looks like the malware developers have an EDR product manager on staff.
The Hacker News
SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks
Cybersecurity experts reveal the inner workings of SystemBC's command-and-control (C2) server, a dangerous malware available on the dark web.
Cyber Security News
Top 10 Notorious Ransomware Gangs of 2023
Top 10 Notorious Ransomware Gangs of 2023. LockBit. Alphv/Black. Cat. Clop. Royal. Black Byte. Black Basta. Ragnar Locker. Vice Society.
The Hacker News
New JinxLoader Targeting Users with Formbook and XLoader Malware
A new malware loader called JinxLoader is being used by threat actors to deliver payloads such as Formbook and XLoader.
The Hacker News
New Malvertising Campaign Distributing PikaBot Disguised as Popular Software
PikaBot, a dangerous loader, is spreading via malvertising campaigns targeting users searching for legit software like AnyDesk
The Hacker News
Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide
Play ransomware, impacting 300 entities worldwide, employs a double-extortion model by exfiltrating data before encryption.
Cyber Security News
Weekly Cyber Security News Roundup for the Week of November 13th to 18th
Welcome to the Cyber Security News Recap, a weekly publication by Cyber Writes. Our aim is to bring you up-to-date information on the latest developments in the field of cybersecurity.
The Hacker News
New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World
HijackLoader, a new stealthy malware loader, is making waves in the cybercriminal world. Learn how it delivers dangerous payloads and evades security
Cyber Security News
Hackers Attacking Power Generator Systems to Infect With Ransomware
A new variant of SystemBC malware was found to be deployed to a critical infrastructure target. There have been several Ransomware attacks during the second quarter of 2023.
Security Affairs
Security Affairs newsletter Round 432 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Police dismantled bulletproof hosting service provider Lolek Hosted Python URL parsing function flaw can enable command execution […]
Security Affairs
Power Generator in South Africa hit with DroxiDat and Cobalt Strike
Threat actors employed a new variant of the SystemBC malware, named DroxiDat, in attacks aimed at African critical infrastructure. Researchers from Kaspersky’s Global Research and Analysis Team (GReAT) reported that an unknown threat actor used a new variant of the SystemBC proxy malware, named DroxiDat, in an attack against a power generation company in southern Africa. SystemBC was […]
Infosecurity News
DroxiDat-Cobalt Strike Duo Targets Power Generator Network
Kaspersky said the attackers deployed the payload to collect valuable system information
The Hacker News
New SystemBC Malware Variant Targets South African Power Company
Russian threat actors suspected in cyber attack on South African power company using a new variant of the SystemBC malware called DroxiDat
The Record
Southern African power generator targeted with DroxiDat malware
Researchers have uncovered a suspected cyberattack targeting a power generator in southern Africa with a new variant of the SystemBC malware.
The Hacker News
New Report Exposes Vice Society's Collaboration with Rhysida Ransomware
New report uncovers connections between Rhysida and Vice Society ransomware groups. Provides details on targeting, tools, and victim profiles.
Bleeping Computer
8Base ransomware gang escalates double extortion attacks in June
A 8Base ransomware gang is targeting organizations worldwide in double-extortion attacks, with a steady stream of new victims since the beginning of June.
Bleeping Computer
Cybersecurity firm Dragos discloses cybersecurity incident, extortion attempt
Industrial cybersecurity company Dragos today disclosed what it describes as a "cybersecurity event" after a known cybercrime gang attempted to breach its defenses and infiltrate the internal network to encrypt devices.
The Hacker News
YouTube Videos Distributing Aurora Stealer Malware via Highly Evasive Loader
A new report has revealed the advanced techniques used by threat actors to deliver the Aurora information stealer malware through the in2al5d p3in4er
CSO
Russian hacktivists deploy new AresLoader malware via decoy installers
The new malware loader can give attackers remote access and the ability to deliver other payloads.
The Hacker News
Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms
Gootkit malware is now targeting healthcare and financial organizations in the US, UK and Australia by using a new method of deployment.
Security Affairs
SmokeLoader campaign distributes new Laplas Clipper malware
Researchers observed a SmokeLoader campaign that is distributing a new clipper malware dubbed Laplas Clipper that targets cryptocurrency users. Cyble researchers uncovered a SmokeLoader campaign that is distributing community malware, such as SystemBC and Raccoon Stealer 2.0, along with a new clipper malware tracked as Laplas. The experts detected more than 180 different samples of the clipper […]
The Hacker News
New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader
A new clipper malware strain known as Laplas is targeting cryptocurrency users via another malware called SmokeLoader.
The Hacker News
Researchers Find Links b/w Black Basta Ransomware and FIN7 Hackers
A new analysis of the hacking tools employed by the Black Basta ransomware operation has revealed its links to FIN7 (aka Carbanak) hacker group.
Trend Micro
LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company
Our blog entry provides a look at an attack involving the LV ransomware on a Jordan-based company from an intrusion analysis standpoint
SecurityWeek
US Agencies Warns of 'Vice Society' Ransomware Gang Targeting Education Sector
The FBI, CISA, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are raising alarm on a ransomware gang’s increased targeting of the education sector.
Trend Micro
Play Ransomware's Attack Playbook Unmasks it as Another Hive Affiliate like Nokoyawa
Play is a new ransomware that takes a page out of Hive and Nokoyawa's playbook. The many similarities among them indicate that Play, like Nokoyawa, may be a Hive affiliate.
Infosecurity News
ModernLoader Delivers Stealers, Cryptominers and RATs Via Fake Amazon Gift Cards
The association between the three apparently unrelated campaigns was made by Cisco Talos
Security Affairs
Three campaigns delivering multiple malware, including ModernLoader and XMRig miner
Researchers spotted three campaigns delivering multiple malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners Cisco Talos researchers observed three separate, but related, campaigns between March and June 2022 that were delivering multiple malware, including the ModernLoader bot (aka Avatar bot), RedLine info-stealer and cryptocurrency miners to victims. ModernLoader is a .NET remote access trojan that […]
The Hacker News
Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers
Researchers uncover three related but distinct campaigns that spread malware such as ModernLoader, RedLine stealer, and cryptocurrency miners.
The Hacker News
Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang
Researchers reveal the inner workings of a cybercriminal group known as the Wizard Spider.
ZDNet
Wizard Spider hackers hire cold callers to scare ransomware victims into paying up | ZDNet
Researchers believe the group has millions of dollars in assets.
DarkReading
More Than Half of Initial Infections in Cyberattacks Come Via Exploits, Supply Chain Compromises
Mandiant data also shows a dramatic drop in attacker dwell time on victim networks in the Asia-Pacific region — to 21 days in 2021 from 76 days in 2020.
Bleeping Computer
Emotet malware campaign impersonates the IRS for 2022 tax season
The Emotet malware botnet is taking advantage of the 2022 U.S. tax season by sending out malicious emails pretending to be the Internal Revenue Service sending tax forms or federal returns.
Bleeping Computer
Mysterious ransomware payment traced to a sensual massage site
A ransomware targeting an Israeli company has led researchers to track a portion of a ransom payment to a website promoting sensual massages.
Bleeping Computer
The Week in Ransomware - May 7th 2021 - Attacking healthcare
While ransomware attacks continued throughout the week, for the most part, it has been quieter than usual, with only a few new variants released.
Bleeping Computer
Cuba Ransomware partners with Hancitor for spam-fueled attacks
The Cuba Ransomware gang has teamed up with the spam operators of the Hancitor malware to gain easier access to compromised corporate networks.