A naukri.com initiative
Malware News
Siliconangle
8h
190
Image Credit: Siliconangle
SentinelOne report highlights shared tactics between HellCat and Morpheus ransomware groups
- SentinelOne Inc. report highlights evolving tactics of HellCat and Morpheus ransomware groups.
- HellCat and Morpheus leverage identical payloads in their ransomware campaigns, suggesting a possible shared codebase or builder application.
- Both groups target high-value sectors including pharmaceuticals, manufacturing, and government entities.
- The findings emphasize the importance of organizations adopting robust cybersecurity measures.
Read Full Article
11 Likes
Cybersecurity-Insiders
12h
111
Image Credit: Cybersecurity-Insiders
Bashe Ransomware strikes ICICI Bank
- A ransomware group named Bashe has launched a cyberattack on ICICI Bank.
- The group breached the bank's systems and stole data, which is now up for sale on the dark web.
- Bashe is notorious for its aggressive tactics and has set a deadline of January 24, 2025, to release the stolen data online.
- ICICI Bank, a major Indian financial institution, is currently investigating the incident.
Read Full Article
6 Likes
Cybersecurity-Insiders
1d
42
Image Credit: Cybersecurity-Insiders
Microsoft Teams delivers ransomware and passwords of Cybersecurity vendors leaked
- Microsoft Teams is being exploited to spread ransomware through vishing and email bombing, raising concerns for enterprise security.
- Two cybercriminal groups are using social engineering and software vulnerabilities within Microsoft Teams to deploy malware.
- Phishing campaigns impersonating trusted brands like Microsoft continue to be a growing trend, infecting victims with malware and compromising networks.
- Passwords belonging to employees of major cybersecurity vendors have been leaked on the dark web, raising concerns about data breaches and the vulnerabilities within the industry.
Read Full Article
2 Likes
Cybersecurity-Insiders
2d
272
Image Credit: Cybersecurity-Insiders
Ransomware attack shuts Britain High School
- A ransomware attack has caused Blacon High School in Britain to temporarily close.
- The attack occurred on January 17, 2025, and the school's systems recovery is taking longer than anticipated.
- The exact timeline for reopening remains unclear, and the school's IT staff are working tirelessly to recover data.
- Experts warn that schools in the UK are vulnerable to such attacks, and investments in cybersecurity measures are needed.
Read Full Article
16 Likes
Securityaffairs
3d
371
Image Credit: Securityaffairs
Malicious npm and PyPI target Solana Private keys to steal funds from victims’ wallets
- Researchers have discovered malicious npm and PyPI packages designed to target Solana private keys and steal funds from victims' wallets.
- The malicious npm packages allowed threat actors to exfiltrate Solana private keys via Gmail.
- The attackers used names typosquatting popular libraries and exfiltrated the stolen information via Gmail's SMTP servers.
- The packages are still live on npm despite experts' requests for removal, and two GitHub repositories were reported for supporting the malware campaign.
Read Full Article
22 Likes
Cybersafe
3d
288
Image Credit: Cybersafe
Hackers target Solana Wallets with Malicious npm and PyPI Packages
- Cybersecurity researchers have found malicious npm and PyPI packages targeting Solana wallets.
- The npm packages steal Solana wallet private keys and exfiltrate them via Gmail's SMTP.
- Some npm packages drain wallet contents and masquerade as legitimate Solana development tools.
- A destructive 'kill switch' functionality was found in some npm packages, deleting files on trigger.
Read Full Article
17 Likes
Siliconangle
7d
199
Image Credit: Siliconangle
Building a cyber-resilient culture: Flipping the script on attackers
- A cyber-resilient culture is critical in today's digital landscape to anticipate, withstand, recover from, and adapt to cyber risks.
- Building a cyber-resilient culture requires leadership support, continuous training, updated technologies, and clear communication of cybersecurity best practices across all levels of the organization.
- Operational resilience is a key foundation of a cyber-resilient culture, involving people, processes, and technology.
- Ransomware acts as a wake-up call, exposing vulnerabilities and driving organizations towards a more resilient cybersecurity framework.
Read Full Article
11 Likes
Digitaltrends
1d
327
Image Credit: Digitaltrends
Careful — this Google ad could swipe your bank data without you knowing
- Cybercriminals are using malicious Google ads to trick users into visiting fake websites.
- One recent example involves a fake Homebrew website that steals personal and banking data.
- The ad displays the correct URL but redirects users to a clone site with a similar URL.
- Google is working on increasing its automated systems and human reviewers to combat URL cloaking.
Read Full Article
19 Likes
Inkbotdesign
2d
366
Top 10 Tips to Keep your WordPress Site Safe
- Website security cannot be negotiated. If you're running a WordPress site, you must prioritize security.
- Some common threats to WordPress sites include malware, hacking, DDoS attacks, and brute force attacks.
- To keep your WordPress site safe, you should keep WordPress core, themes, and plugins updated, use strong passwords and enable Two-Factor Authentication, install a security plugin, regularly back up your site, use HTTPs, limit login attempts, implement least privilege principles, monitor and audit your site regularly, disable file editing and use a Web Application Firewall (WAF).
- Regularly updating WordPress themes, core and plugins can make your site less vulnerable to attacks. Enable automatic updates, regularly check for updates and test updates on a staging site.
- Use strong passwords and enable Two-Factor Authentication to add an extra layer of security. Password managers can help you generate and store passwords securely.
- Security plugins act as your security guard by providing real-time protection. Features they offer include Malware Scanning, Firewall Protection, Login Alerts, and Brute Force Protection. Make sure to choose a reputable plugin and keep it updated.
- Regular backups save your website's data and, if necessary, help you recover it. Choose a WordPress backup plugin or an external service like VaultPress, use scheduled automated backups, store backups off-site, and test your backups regularly.
- Using HTTPS encrypts the data exchanged between your browser and server, which makes it much more challenging for opportunistic hackers to intercept sensitive information. It also impacts your SEO ranking.
- Limiting login attempts makes it significantly harder for hackers to gain entry to your site. Implement this by using a plugin, customizing lockout duration, setting up notifications, and whitelisting your IP.
- Implementing least privilege principles ensures that users only have the necessary access--nothing more. Assign administrative roles wisely, regularly review user access, employ temporary access, and use a user management plugin.
- Monitoring and auditing your WordPress site regularly helps you catch potential threats before they become significant problems. Set up security alerts, use site monitoring tools, conduct regular security audits, review access logs and user activity, and always backup before making changes.
- Disabling file editing protects your site from malicious attacks and accidental changes that could break your site. It's a straightforward process that involves accessing your wp-config.php file, adding code to it, and saving the changes.
- Using a Web Application Firewall (WAF) adds another layer of protection to your website. A WAF monitors traffic patterns and blocks malicious activities such as SQL injection and cross-site scripting. Choose a reputable WAF provider, sign up and configure settings, define security rules, and regularly review logs.
Read Full Article
22 Likes
Securityaffairs
2d
199
Image Credit: Securityaffairs
New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers
- Researchers have discovered a new Mirai botnet variant called Murdoc Botnet which targets vulnerabilities in AVTECH IP cameras and Huawei HG532 routers.
- The botnet has been active since at least July 2024, with over 1300 IPs found active in the campaign, mainly in Malaysia, Thailand, Mexico, and Indonesia.
- The botnet uses existing exploits to download next-stage payloads and specifically targets IoT devices through command-line injection and shell scripts.
- Other recent Mirai-based botnets, such as Gayfemboy, have also been observed exploiting vulnerabilities in various devices.
Read Full Article
12 Likes
Medium
3d
83
Image Credit: Medium
Share Objects from Kernel Driver to Userland using Shared Memory
- Allocate a section of shared memory accessible by both the kernel driver and userland application.
- Create an event in the kernel driver using functions like ZwCreateEvent or KeInitializeEvent.
- Write the handle of the event into the shared memory for userland application access.
- Userland application retrieves the event handle from the shared memory to establish communication.
Read Full Article
5 Likes
Securityaffairs
3d
111
Image Credit: Securityaffairs
Esperts found new DoNot Team APT group’s Android malware
- Researchers linked the threat actor DoNot Team to a new Android malware that was employed in highly targeted cyber attacks.
- The DoNot APT group, also known as APT-C-35 and Origami Elephant, has been active since 2016 and focuses on government and military organizations in South Asian countries.
- The recently discovered Android malware, named 'Tanzeem' and 'Tanzeem Update', mimics chat functionality and uses the OneSignal platform for delivering phishing links through notifications.
- The malware gathers call logs, contacts, SMS messages, locations, account information, and files stored in external storage, and can also record the screen.
Read Full Article
6 Likes
Hackaday
5d
371
Image Credit: Hackaday
Investigating USB-to-Ethernet Dongles With “Malware” Claims
- A video recently surfaced claiming that certain USB-to-Ethernet dongles contain malware.
- Investigations revealed that the dongles have an additional SPI Flash chip on the PCB, which was misunderstood as a potential spying tool.
- The IC used in these dongles is a clone of the Realtek RTL8152B, and the SPI Flash chip is used for presenting a virtual CD drive.
- While it's possible for chips and firmware to contain backdoors or malware, this case seems to be a misunderstanding rather than intentional spying.
Read Full Article
22 Likes
Infoblox
6d
12
Image Credit: Infoblox
Ransomware Spotlight – How Threat Actors use C2 and Data Exfiltration as Part of Double Extortion
- Ransomware attacks are on the rise and can have serious consequences, including costly downtime, data theft, and reputational damage. The average downtime after a ransomware attack is 22 days, costing companies an estimated $43.2 million. To increase pressure, cybercriminals have deployed double extortion ransomware, where data is stolen and held for ransom. DNS command and control (C2) is a popular communication method for ransomware, used to download the encryption key and execute malicious activities. DNS can also be used for data exfiltration where queries are sent to a malicious server, bypassing data loss prevention tools. DNS-based threat intelligence is a proactive solution to identify ransomware domains before they can be weaponized. Effective mitigation against ransomware involves detecting and blocking C2 communications and monitoring DNS for unusual patterns that may indicate data exfiltration.
- Ransomware attacks have become a significant concern for organizations worldwide, with the frequency and success of these attacks continuing to rise. Ransomware attacks can have devastating consequences for businesses, including costly downtime, data theft, and reputational damage. The average downtime and recovery time after a ransomware attack is 22 days, with a conservative estimate of the cost of downtime being $43.2 million.
- To increase the pressure on victims to pay the ransom, cybercriminals then started to resort to double extortion ransomware, where the attackers not only encrypt sensitive data but also steal the data and threaten to publish it on the dark web if the ransom is not paid.
- DNS C2 is a technique used by cybercriminals to communicate with malware that has infected a target system. Also called beaconing, the malware periodically sends DNS queries to the attacker’s server to check for new commands.
- In addition to using DNS to relay commands/data out of the organization, ransomware attacks, especially ones that are double extortion, as defined at the beginning of this blog, get hold of sensitive data, such as credit card data, and send this data out in DNS queries.
- Phishing, one of the most used delivery methods for ransomware, lure users to domains owned by threat actors. Proactive identification of such domains, even before they are weaponized, is something that DNS threat intel excels at, because it can identify when domains are registered for future malicious purposes and block them, on an average of 63 days ahead of attacks.
- By monitoring DNS traffic and using DNS threat intelligence, organizations can block the C2 communications, preventing the encryption key download and the eventual encryption of data.
- It is important that all DNS record types are examined (e.g.: A, AAAA, CNAME, MX, NS, SOA, TXT, etc.) because malware could use any or multiple of these record types to avoid detection by standard security tools.
- Proactive protection against ransomware is extremely important because once ransomware lands, organizations have only about an hour to detect, investigate and remediate to avoid a broader scale incident.
- Infoblox Threat Defense uses a combination of unique DNS threat intelligence and behavioral analysis, to disrupt and minimize the damage caused by ransomware attacks, while delivering precise protection with 0.0002% false positive rate.
Read Full Article
Like
Securityaffairs
7d
203
Image Credit: Securityaffairs
Prominent US law firm Wolf Haldenstein disclosed a data breach
- Prominent US law firm Wolf Haldenstein disclosed a data breach that exposed the personal information of nearly 3.5 million individuals.
- The security breach occurred on December 13, 2023, but the company discovered the incident only on April 18, 2024, and has now disclosed it.
- The breach may have exposed name, Social Security number, employee identification number, medical diagnosis, and medical claim information.
- Wolf Haldenstein advises affected individuals to monitor their accounts and credit reports for potential identity theft or fraud.
Read Full Article
12 Likes
For uninterrupted reading, download the app