menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Malware News

Malware News

source image

Medium

5h

read

147

img
dot

Image Credit: Medium

Massive Data Breach Exposes 122 Million Business Contacts: Are You Protected? ️

  • A significant data breach has exposed the personal and professional information of 122 million individuals, originating from B2B data aggregator DemandScience.
  • B2B data aggregators like DemandScience store large volumes of sensitive data, making them attractive targets for cybercriminals.
  • To prevent breaches, B2B aggregators should implement stricter controls, conduct regular security audits, and communicate transparently with customers.
  • Wire Tor offers comprehensive Pentesting services to identify vulnerabilities, secure data assets, and provide ongoing support.

Read Full Article

like

8 Likes

share

2 Shares

source image

Cybersecurity-Insiders

13h

read

322

img
dot

Image Credit: Cybersecurity-Insiders

Hacking Groups Collaborate for Double Ransom Scheme

  • Cybercriminal groups are teaming up to maximize profits by deploying two types of malicious attacks in succession.
  • The strategy involves spreading information-stealing malware first, followed by a ransomware attack.
  • Recent incidents in Colombia and the BlackCat (ALPHV) ransomware group highlight this trend of collaboration.
  • Experts warn that this trend could become more common in the future.

Read Full Article

like

19 Likes

share

4 Shares

source image

Siliconangle

1d

read

359

img
dot

Image Credit: Siliconangle

Zscaler launches Zero Trust Segmentation to enhance security across branches and clouds

  • Zscaler Inc. has launched Zero Trust Segmentation, a solution that enhances security across branches and clouds.
  • Zero Trust Segmentation eliminates the need for traditional firewalls, SD-WANs, and site-to-site VPNs by turning branches, factories, and cloud environments into isolated, secure "virtual islands."
  • By connecting directly to the Zscaler cloud platform, Zero Trust Segmentation enforces business policies to prevent ransomware spread, secure IoT and operational technology systems, and reduce network complexity.
  • The offering comes in two parts: Zero Trust Segmentation for Branch and Factories, and Zero Trust Segmentation for Data Centers and Public Clouds.

Read Full Article

like

21 Likes

share

5 Shares

source image

Socprime

1d

read

130

img
dot

Image Credit: Socprime

Interlock Ransomware Detection: High-Profile and Double-Extortion Attacks Using a New Ransomware Variant

  • Adversaries employ new Interlock ransomware in big-game hunting and double-extortion attacks.
  • Interlock ransomware variant targets organizations globally in various sectors.
  • Interlock ransomware operators maintain a data leak site and exploit unpatched vulnerabilities.
  • Interlock ransomware encrypts files and demands ransom under threat of data leakage.

Read Full Article

like

7 Likes

share

1 Share

source image

Cybersecurity-Insiders

1d

read

158

img
dot

Image Credit: Cybersecurity-Insiders

Rising Threat of Malware and DDoS Attacks on Government Organizations

  • The FBI and CISA have issued warnings about the increasing threat of DDoS attacks on government organizations, including election infrastructure.
  • Attacks on everyday devices with weak security, such as IP cameras, are being used as backdoors to initiate widespread cyberattacks.
  • Potential impacts of these attacks include compromised physical security, delayed voting, and eroded public confidence in election integrity.
  • Mitigation strategies include regular firmware updates, network segmentation, and enforcing strict authentication measures.

Read Full Article

like

9 Likes

share

2 Shares

source image

Cybersecurity-Insiders

1d

read

42

img
dot

Image Credit: Cybersecurity-Insiders

The Growing Threat of Ransomware in 2024: What You Need to Know

  • Ransomware attacks are increasingly becoming a top of mind challenge for organizations as they are causing operational disruptions and other material harms.
  • Between Q1 and Q2 of 2024, there has been a 20% surge in the number of organizations featured on ransomware leak sites, demonstrating the escalating threat of ransomware attacks.
  • Phishing attacks along with malware delivering ransomware are some of the common ways ransomware infiltrates an organization’s systems.
  • Remote Access Trojans (RATs) or Loaders are used to deliver ransomware, and the use of legitimate file-sharing websites makes it harder to differentiate between benign and malicious behavior.
  • Ransomware is most often delivered through the use of Initial Access Brokers (IABs), which sell access to infected computers across organizations, making it important for organizations to focus on how they procure IT resources from third-party vendors.
  • Companies and cybersecurity teams should examine real-world examples of malware that bypass Secure Email Gateways (SEGs) to gain a deeper understanding of the current threat landscape.
  • Implementing security awareness training that instills a sense of suspicion when it comes to online interactions and activities is one of the most effective steps a company can take to bolster proactive defenses.
  • Some of the notable ransomware groups observed bypassing SECs in the past six months include LockBit 3.0, BlackCat, BianLian, Akira, and BlackSuit.
  • Preventive measures and early detection are important to minimize the impact of an attack.
  • Ensuring security standards are met throughout supply chains and that third party access is tightly controlled is vitally important to mitigating risks.

Read Full Article

like

2 Likes

share

Share

source image

Securelist

2d

read

316

img
dot

Image Credit: Securelist

Ymir: new stealthy ransomware in the wild

  • A new ransomware family named “Ymir” has been discovered in active use by hackers. The malware uses tactics such as encryption and PowerShell remote-control to achieve its goals.
  • The attackers gained control via PowerShell remote control commands, and successfully reduced system security before deploying Ymir.
  • Ymir performs a range of operations in memory using malloc, memmove, and memcmp function calls. It also uses CryptoPP functions to encrypt files.
  • Static analysis shows the binary has suspicious API calls to functions such as CryptAcquireContextA, CryptReleaseContext, CryptGenRandom, TerminateProcess and WinExec.
  • The malware also contains a hardcoded list of file name extensions to exclude from encryption.
  • Dynamic analysis reveals hundreds of calls to the memmove function, which are used to load small pieces of instructions into memory for performing malicious functions.
  • The artifact uses the stream cipher ChaCha20 algorithm to encrypt files and appends the extension '.6C5oy2dVr6' for each encrypted file.
  • The article also describes the RustyStealer threat used by the hackers for controlling the affected machines, and their use of PowerShell remote-control capabilities and SystemBC scripts.
  • Various Ymir TTP techniques have been identified, including Command and Scripting Interpreter: PowerShell and Data Encrypted for Impact.
  • Kaspersky products detect this new threat as Trojan-Ransom.Win64.Ymir.gen.

Read Full Article

like

19 Likes

share

4 Shares

source image

Medium

3d

read

19

img
dot

Image Credit: Medium

Malicious PyPI Package Steals AWS Keys

  • A malicious PyPI package called 'fabrice' has been stealing AWS keys from unsuspecting developers.
  • With over 37,000 downloads, this package poses a significant risk to businesses and developers relying on PyPI.
  • The attack utilizes typosquatting to trick users into downloading the malicious package.
  • The stolen AWS credentials are sent to a VPN server in Paris, making detection and tracing difficult.

Read Full Article

like

1 Like

share

Share

source image

Securityaffairs

9h

read

67

img
dot

Image Credit: Securityaffairs

China’s Volt Typhoon botnet has re-emerged

  • The China-linked Volt Typhoon’s botnet has resurfaced using the same infrastructure and techniques, per SecurityScorecard researchers.
  • In May 2023, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. and Guam without being detected.
  • The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.
  • The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.
  • In December 2023, the Black Lotus Labs team at Lumen Technologies linked a small office/home office (SOHO) router botnet, tracked as KV-Botnet to the operations of China-linked threat actor Volt Typhoon.
  • At the end of 2023, the U.S. government neutralized the Volt Typhoon botnet taking over its C2 and deleting the bot from infected devices.
  • In February, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assessed that People’s Republic of China (PRC) state-sponsored cyber actors warned that the APT group had been pre-positioning itself on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure.
  • In August 2023, Volt Typhoon exploited a zero-day vulnerability, tracked as CVE-2024-39717, in Versa Director, to deploy a custom webshell on breached networks.
  • Now SecurityScorecard warned that the botnet is back, it is composed of compromised Netgear ProSafe, Cisco RV320/325 and Mikrotik networking devices.
  • While Volt Typhoon doesn’t use ransomware, its ecosystem benefits from Ransomware-as-a-Service (RaaS), where ransom payments fund advanced tools, escalating attack risks, especially through third-party and cloud dependencies.

Read Full Article

like

4 Likes

share

Share

source image

TechJuice

13h

read

138

img
dot

Image Credit: TechJuice

NCERT Warns of Hackers Targeting Pakistanis through Android Apps

  • The National Computer Emergency Response Team (CERT) has issued an advisory about hackers targeting Pakistani officials through compromised Android apps.
  • These malicious apps, available on the Google Play Store, aim to collect sensitive personal and financial data from users' mobile devices.
  • CERT advises users to uninstall suspicious apps and take proactive measures such as verifying app developers' identity and reviewing app permissions.
  • Additional security measures like strong passwords, multifactor authentication, and data backup are recommended to reduce the impact of a compromise.

Read Full Article

like

8 Likes

share

1 Share

source image

Securityaffairs

1d

read

107

img
dot

Image Credit: Securityaffairs

A cyberattack on payment systems blocked cards readers across stores and gas stations in Israel

  • A cyberattack in Israel disrupted credit card readers across stores and gas stations.
  • The attack was a DDoS attack that targeted the company responsible for the operations of the devices.
  • The attack lasted for an hour but was mitigated, and no personal or financial data was compromised.
  • The attack is believed to be linked to ongoing military operations, and an Iran-linked hacker group claimed responsibility.

Read Full Article

like

6 Likes

share

1 Share

source image

Securityaffairs

1d

read

293

img
dot

Image Credit: Securityaffairs

Ymir ransomware, a new stealthy ransomware grow in the wild

  • Kaspersky researchers discovered a new ransomware family called Ymir ransomware.
  • Ymir ransomware was deployed after breaching systems via PowerShell commands.
  • The ransomware uses the stream cipher ChaCha20 algorithm to encrypt files.
  • The attack involved the use of RustyStealer malware as a precursor to weaken defenses.

Read Full Article

like

17 Likes

share

4 Shares

source image

Medium

2d

read

1.1k

img
dot

Image Credit: Medium

Amazon Confirms Data Breach: What It Means for Employee Security and Penetration Testing

  • Amazon confirms a data breach involving employee information caused by a vendor hack.
  • Over 2.8 million lines of Amazon employee data were leaked, but sensitive data was not compromised.
  • The breach highlights the risks associated with third-party service providers and the importance of penetration testing.
  • Wire Tor offers a 50% discount on penetration testing services to protect businesses from cyberattacks.

Read Full Article

like

15 Likes

share

3 Shares

source image

Medium

2d

read

329

img
dot

Image Credit: Medium

FBI Warns of Cybercriminals Exploiting Fake Emergency Data Requests (EDRs)! ️

  • The FBI has warned about cybercriminals exploiting fake emergency data requests (EDRs).
  • These fraudulent requests allow threat actors to access sensitive information under the guise of urgency.
  • The FBI reports a significant increase in cybercrime forums discussing the misuse of EDRs to target US-based organizations.
  • Organizations need to prioritize data protection and take necessary steps to prevent risks from fake EDRs.

Read Full Article

like

19 Likes

share

4 Shares

source image

Securityaffairs

2d

read

134

img
dot

Image Credit: Securityaffairs

A new fileless variant of Remcos RAT observed in the wild

  • Fortinet researchers discovered a new phishing campaign spreading a variant of the commercial malware Remcos RAT.
  • The phishing messages contain a malicious Excel document disguised as an order file to trick the recipient into opening the document.
  • Once opened, the RCE vulnerability CVE-2017-0199 is exploited, leading to the download and execution of a series of malicious files.
  • The final payload is the Remcos RAT, which allows attackers to gain remote control over the infected system.

Read Full Article

like

8 Likes

share

1 Share

Prev

1
2
3
4
5
6
7
8
9
10

Next

For uninterrupted reading, download the app