menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Malware News

Malware News

source image

TechCrunch

2h

read

132

img
dot

Image Credit: TechCrunch

Clop ransomware gang takes credit for latest mass hack that breached dozens of companies

  • Clop ransomware gang takes credit for latest mass hack that breached dozens of companies.
  • Clop exploited a bug in Cleo Software's widely used corporate file transfer tools.
  • At least 66 companies had their data stolen by the ransomware gang.
  • Clop plans to extort the victims by revealing their hacked names and demanding ransom.

Read Full Article

like

7 Likes

source image

Cybersecurity-Insiders

12h

read

227

img
dot

Image Credit: Cybersecurity-Insiders

What is Ransomware Impersonation and Its Impact on Data Networks?

  • Ransomware impersonation is a cyberattack where hackers disguise themselves as legitimate organizations to extort ransom from victims.
  • Attackers use tactics like phishing emails or fraudulent phone calls to deceive victims.
  • The impact of ransomware impersonation includes data loss, reputation damage, extended downtime, legal consequences, financial impact, and network vulnerability exploitation.
  • To protect against ransomware impersonation, businesses should invest in cybersecurity defenses, employee training, and data backup solutions.

Read Full Article

like

13 Likes

source image

Siliconangle

15h

read

1.2k

img
dot

Image Credit: Siliconangle

Fortinet warns of malicious Python packages targeting credentials and user data

  • Fortinet Inc.'s FortiGuard Labs has discovered two malicious Python packages that pose a high risk of credential theft, data exfiltration, and unauthorized system access.
  • The first vulnerability, Zebo-0.1.0, exhibits sophisticated malware behavior, including keylogging, screen capturing, and data exfiltration to remote servers.
  • The second vulnerability, Cometlogger-0.1, targets system credentials and user data, evades detection, and can steal a wide array of user data.
  • To prevent infection, it is recommended to verify third-party scripts, implement firewalls and intrusion detection systems, and train employees to recognize phishing attempts.

Read Full Article

like

11 Likes

source image

Securityintelligence

1d

read

330

img
dot

Image Credit: Securityintelligence

2024 trends: Were they accurate?

  • Artificial intelligence played a crucial role in cybersecurity, protecting systems, critical information, and sensitive data during the Paris Olympics. Threat actors also employed AI to more effectively execute cyberattacks, with many automating processes such as vulnerability scanning, exploitation, and data exfiltration. Deepfake technology too became an increasing threat, with attackers using it to generate convincing fake calls and content to deceive and steal from individuals and companies. Quantum computing also emerged as a top concern, with harvest-now, decrypt-later attacks becoming increasingly common. Unfortunately, the jury is still out on whether there was a recession in ransomware attacks.
  • Throughout 2024, there was a growing use of artificial intelligence in the cybersecurity sector. For example, Microsoft's internal response teams used a large language model to manage requests and tickets, saving 20 hours per person each week.
  • The use of AI technology for cyberattacks also increased, making it easier for attackers to log in than to hack in. Large-scale social engineering attacks are predicted to involve generative AI by 2027.
  • The use of deepfake technology increased in 2024, with a number of high-profile cases making headlines. Even the Paris Olympics became a target of deepfake campaigns.
  • Quantum computing became an increasingly urgent concern in 2024, as symmetric cryptography was predicted to be unsafe by 2029 and even asymmetric cryptography is expected to be fully breakable by 2034.
  • Experts predicted ransomware attacks would decrease as more companies pledged not to pay ransoms. However, Wired reported that ransomware showed no signs of slowing down in 2024.
  • Despite the increase in cyberthreats, the experts were largely on target with their 2024 cybersecurity predictions.
  • As we move into 2025, the prediction game starts all over again as we wonder what's in store for the future of cybersecurity.

Read Full Article

like

19 Likes

source image

Cybersecurity-Insiders

1d

read

88

img
dot

Image Credit: Cybersecurity-Insiders

Germany Investigates BadBox Malware Infections, Targeting Over 192,000 Devices

  • Germany has launched an investigation into reports of a significant cyber threat believed to be linked to the BadBox Malware, which has allegedly infected over 192,000 devices across the country.
  • The malware primarily targets devices running outdated or unsupported operating systems, bypassing traditional security features and engaging in activities such as data exfiltration, ad fraud and espionage, ransomware distribution, and acting as a proxy.
  • Experts emphasize the importance of regular device updates, installing reliable security software, being cautious about suspicious apps or downloads, and following best practices for mobile security to protect against such threats.
  • Ongoing investigations aim at mitigating the impact of BadBox and similar malware, highlighting the need for global cooperation in cybersecurity and ongoing education and awareness around digital safety practices.

Read Full Article

like

5 Likes

source image

Securityaffairs

2d

read

372

img
dot

Image Credit: Securityaffairs

BadBox rapidly grows, 190,000 Android devices infected

  • Experts uncovered a botnet of 190,000 Android devices infected by BadBox bot, primarily Yandex smart TVs and Hisense smartphones.
  • Bitsight researchers sinkholed a BADBOX domain and identified over 160,000 unique infected devices in 24 hours.
  • BADBOX-infected devices primarily found in Russia, China, India, Belarus, Brazil, and Ukraine, are sending telemetry to a C2 server.
  • The BadBox malware conducts ad fraud, creates email and messaging accounts for spreading disinformation, and can download additional payloads.

Read Full Article

like

22 Likes

source image

Cybersecurity-Insiders

12h

read

314

img
dot

Image Credit: Cybersecurity-Insiders

Can Ransom Payments Be Recovered or reimbursed? A Closer Look at Cybercrime and Law Enforcement Efforts

  • Recovering ransom payments from cybercriminals is a complex and challenging issue.
  • The arrest of Rostislav Panev, a key player in the LockBit ransomware group, sheds light on law enforcement efforts.
  • Recovering ransom payments is difficult due to the anonymity of cryptocurrencies and the complexity of tracing funds.
  • Organizations should focus on prevention and data backup strategies to mitigate the damage caused by ransomware attacks.

Read Full Article

like

18 Likes

source image

Arstechnica

1d

read

123

img
dot

Image Credit: Arstechnica

Health care giant Ascension says 5.6 million patients affected in cyberattack

  • Health care company Ascension lost sensitive data for nearly 5.6 million individuals in a cyberattack attributed to a ransomware gang.
  • The attack caused disruptions, errors, delayed or lost lab results, and diversions of ambulances to other hospitals.
  • Investigation revealed that affected individuals' data included names, medical information, payment information, insurance information, government identification, and other personal information.

Read Full Article

like

7 Likes

source image

Cybersecurity-Insiders

1d

read

139

img
dot

Image Credit: Cybersecurity-Insiders

Lazarus launches malware on Nuclear power org and Kaspersky Telegram Phishing scams

  • The Lazarus Group, funded by the North Korean government, is targeting employees within nuclear power organizations and critical infrastructure sectors through highly advanced malware campaigns, facilitating data theft, espionage, and ransomware infections.
  • The hackers use phishing emails disguised as career opportunities or industry-specific announcements and execute the malware on the victim's system upon a click or download of the attachment.
  • Lazarus Group is primarily focusing on nuclear organizations and energy firms in the USA, UK, Canada, and Australia that handle sensitive information, working as high-potential targets.
  • The malware campaign, dubbed 'Operation DreamJob,' is named for the way the Lazarus Group cleverly uses job-related phishing tactics to exploit human behaviors like curiosity and professional ambition.
  • While the Lazarus Group's activities are currently limited to specific regions, namely the UK, USA, Canada, and Australia, the risk of these attacks spreading to other countries is high.
  • Kaspersky, the Russian cybersecurity firm, warns of Telegram phishing scams that offer discounted Telegram Premium services to trick users into clicking malicious links, leading to data theft, malware infections, and unauthorized payload downloads.
  • Experts recommend carefully verifying links and obtaining Premium services only through the official Telegram website, avoiding third-party offers and discount coupons that may be scams.
  • Organizations must strengthen their defenses through robust technical defenses and employee education to reduce human error, the weakest link in the security chain.
  • State-sponsored hacking groups play an increasing role in the global cybersecurity landscape, calling for public-private collaboration to safeguard critical infrastructure from these persistent threats.
  • Vigilance is key to early detection systems to prevent these types of attacks.

Read Full Article

like

8 Likes

source image

Securityaffairs

1d

read

230

img
dot

Image Credit: Securityaffairs

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

  • A U.S. court ruled in favor of WhatsApp against NSO Group, holding the spyware vendor liable for exploiting a flaw to deliver Pegasus spyware.
  • WhatsApp won a legal case against NSO Group in a U.S. court over exploiting a vulnerability to deliver Pegasus spyware.
  • The court found NSO Group liable for breaching WhatsApp's terms of service by using the platform for malicious purposes.
  • NSO Group was ordered to provide details regarding the complete functionality of the spyware, covering the period before and after the alleged attack.

Read Full Article

like

13 Likes

source image

Securelist

1d

read

266

img
dot

Image Credit: Securelist

Cloud Atlas seen using a new tool in its attacks

  • Cloud Atlas has been found to be using a previously undocumented toolset in which the group heavily used in 2024.
  • The group targets Eastern Europe and Central Asia mostly.
  • Victims get infected through phishing emails with a malicious document.
  • The HTA files in the document exploit vulnerabilities in formula editors to download and execute malware code.
  • After the download is complete, the malware adds a registry key to run an auto script 'VBShower Launcher'.
  • VBCloud, a new tool, is being used to steal data from the infected system.
  • VBCloud module duplicates the core functionality of VBShower and uses public cloud storage as C2 server.
  • The group uses PowerShell scripts to perform a range of tasks on the infected system.
  • Phishing emails continue to play an important role as an initial access point.
  • Cloud Atlas has been observed to attack victims in Russia, Belarus, Canada, Moldova, Israel, Kyrgyzstan, Vietnam, and Turkey.

Read Full Article

like

16 Likes

source image

Securityaffairs

1d

read

137

img
dot

Image Credit: Securityaffairs

Lazarus APT targeted employees at an unnamed nuclear-related organization

  • The North Korea-linked Lazarus Group targeted employees of an unnamed nuclear-related organization in January 2024.
  • The attacks are believed to be part of the cyber espionage campaign Operation Dream Job.
  • Lazarus used a complex infection chain involving multiple types of malware.
  • The group used compromised WordPress web servers as command and control servers.

Read Full Article

like

8 Likes

source image

Securityaffairs

2d

read

120

img
dot

Image Credit: Securityaffairs

Security Affairs newsletter Round 503 by Pierluigi Paganini – INTERNATIONAL EDITION

  • BadBox rapidly grows, 190,000 Android devices infected
  • Romanian national sentenced to 20 years for NetWalker ransomware attacks
  • Sophos fixes critical vulnerabilities in its Firewall product
  • U.S. CISA adds BeyondTrust software flaw to its Known Exploited Vulnerabilities catalog

Read Full Article

like

7 Likes

source image

Securityaffairs

3d

read

35

img
dot

Image Credit: Securityaffairs

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

  • Romanian national Daniel Christian Hulea, 30, was sentenced to 20 years in prison for his role in NetWalker ransomware attacks, pleading guilty to fraud charges in June.
  • Hulea admitted to extorting 1,595 bitcoin (~$21.5M) in ransom payments from organizations worldwide, including healthcare during COVID-19.
  • Romanian authorities arrested Hulea in July 2023 and extradited him to the U.S. under the U.S.-Romania extradition treaty.
  • The NetWalker ransomware group has targeted various victims, including K-Electric, Dirección Nacional de Migraciones, and the University of California San Francisco.

Read Full Article

like

2 Likes

source image

TechCrunch

4d

read

193

img
dot

Image Credit: TechCrunch

Ransomware attack on health giant Ascension hits 5.6 million patients

  • A ransomware attack on Ascension, a U.S. healthcare giant, has impacted 5.6 million patients.
  • Hackers were able to steal personal and sensitive health information during the cyberattack.
  • The attack caused disruptions in the hospital system, leading to delayed or lost lab results and medication errors.
  • The Black Basta gang is responsible for the attack, making it the third-largest healthcare-related breach of 2024.

Read Full Article

like

11 Likes

For uninterrupted reading, download the app