menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Malware News

Malware News

source image

Securityaffairs

1h

read

58

img
dot

Image Credit: Securityaffairs

CISA warns of RESURGE malware exploiting Ivanti flaw

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of RESURGE malware, targeting a vulnerability in Ivanti Connect Secure (ICS) appliances.
  • RESURGE malware exploits the CVE-2025-0282 flaw in Ivanti Connect Secure appliances and has been used in attacks.
  • The malware creates web shells, bypasses integrity checks, and facilitates credential harvesting and privilege escalation.
  • CISA provides details about the malicious Linux shared object file 'libdsupgrade.so' and the log-tampering variant of 'SPAWNSLOTH' associated with the RESURGE malware.

Read Full Article

like

3 Likes

source image

Securityaffairs

11h

read

126

img
dot

Image Credit: Securityaffairs

Sam’s Club Investigates Alleged Cl0p Ransomware Breach

  • Sam's Club, a Walmart-owned membership warehouse club chain, is investigating the alleged Cl0p ransomware security breach.
  • The Cl0p ransomware group listed Sam's Club among its victims, accusing the company of ignoring security.
  • Sam's Club announced that it is actively investigating the matter, but has seen no evidence of a breach.
  • In December 2024, the Cl0p ransomware group claimed to have breached multiple companies through the Cleo file transfer software vulnerability.

Read Full Article

like

7 Likes

source image

Securityaffairs

1d

read

327

img
dot

Image Credit: Securityaffairs

Experts warn of the new sophisticate Crocodilus mobile banking Trojan

  • The new Android trojan Crocodilus exploits accessibility features and targets users in Spain and Turkey.
  • Crocodilus uses overlay attacks, keylogging, and remote access to steal banking and crypto credentials.
  • The trojan supports advanced keylogger capabilities and a wide range of bot and RAT commands.
  • Crocodilus is linked to the threat actor 'sybra' and poses a significant threat to banks and cryptocurrency wallets.

Read Full Article

like

19 Likes

source image

Pymnts

2d

read

354

img
dot

Image Credit: Pymnts

Google Suspends Account of Advertiser That Distributed Malware

  • Google suspended the account of an advertiser that distributed malware through sponsored Google ads.
  • The ads pretended to offer access to DeepSeek but actually delivered malware.
  • Google detected the malware campaign and suspended the advertiser's account.
  • This incident is part of a series of cyberthreats reported in recent months.

Read Full Article

like

21 Likes

source image

Securityaffairs

2d

read

277

img
dot

Image Credit: Securityaffairs

Crooks are reviving the Grandoreiro banking trojan

  • Crooks are reviving the Grandoreiro banking trojan.
  • Grandoreiro is a modular backdoor with various capabilities including keylogging, command execution, and web-injects.
  • The trojan has been active since 2016 and initially targeted Brazil but expanded to Mexico, Portugal, and Spain.
  • The recent phishing campaigns use VPS hosting, obfuscation, and malicious ZIP files to evade detection and steal credentials.

Read Full Article

like

16 Likes

source image

Socprime

2d

read

3

img
dot

Image Credit: Socprime

CoffeeLoader Detection: A New Sophisticated Malware Family Spread via SmokeLoader

  • CoffeeLoader is a new sophisticated malware that evades security protection by using advanced evasion techniques and Red Team methods spread via SmokeLoader.
  • With over 1 billion malware strains circulating and 300 new malware pieces daily, early detection of emerging threats is crucial.
  • SOC Prime Platform offers detection algorithms against CoffeeLoader attacks, compatible with various security solutions and mapped to the MITRE ATT&CK framework.
  • Security professionals can hunt for IOCs using Zscaler research and Uncoder AI to transform IOCs into custom queries for SIEM or EDR platforms.
  • CoffeeLoader, discovered in September 2024, is designed to download and execute secondary payloads stealthily using unique GPU-based packing techniques.
  • The malware samples are packed, with CoffeeLoader mimicking ASUS's legitimate Armoury Crate utility using a packer called Armoury.
  • CoffeeLoader establishes persistence via Windows Task Scheduler and uses varied evasion tactics like call stack spoofing, sleep obfuscation, and Windows fibers.
  • It employs HTTPS for C2 communication, domain generation algorithms, and certificate pinning if primary C2 channels fail.
  • CoffeeLoader, spread through SmokeLoader, shares similarities with it in behaviors like scheduled tasks for persistence and utilizing low-level Windows APIs.
  • While a new SmokeLoader version shares some evasion features with CoffeeLoader, the relation between the two remains unclear.

Read Full Article

like

Like

source image

Idownloadblog

2d

read

341

img
dot

Image Credit: Idownloadblog

Ian Beer publishes in-depth analysis of BLASTPASS zero-click iMessage exploit from 2023

  • Google Project Zero researcher Ian Beer has published an in-depth analysis of the BLASTPASS zero-click iMessage exploit.
  • The exploit allowed attackers to compromise iPhones and iPads without any user input, by sending malicious images via iMessage.
  • Beer's analysis highlights the need for sandboxing to treat all incoming attacker-controlled data as untrusted, rather than simply trusting file extensions.
  • While the BLASTPASS exploit has been patched by Apple, the analysis suggests similar attacks may continue to be developed in the future.

Read Full Article

like

20 Likes

source image

Medium

4d

read

4

img
dot

Image Credit: Medium

To Pay Or Not To Pay: A Hacking Victim’s Dilemma

  • Ransomware is commonly delivered via phishing or by exploiting security holes in computer's operating systems.
  • Once infected, the hacker demands a ransom in order to restore access to the encrypted data.
  • Law enforcement agencies advise against paying the ransom, as it encourages hackers to create more ransomware.
  • It is important to verify if you are a victim of actual ransomware and take steps to remove the malware while ensuring data protection.

Read Full Article

like

Like

source image

Securityaffairs

11h

read

154

img
dot

Image Credit: Securityaffairs

Security Affairs newsletter Round 517 by Pierluigi Paganini – INTERNATIONAL EDITION

  • FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme
  • Experts warn of the new sophisticate Crocodilus mobile banking Trojan
  • Russian authorities arrest three suspects behind Mamont Android banking trojan
  • Mozilla fixed critical Firefox vulnerability CVE-2025-2857

Read Full Article

like

9 Likes

source image

Siliconangle

2d

read

385

img
dot

Image Credit: Siliconangle

Report warns that browser-native ransomware is a growing threat to enterprise data

  • A new report warns about the rise of browser-native ransomware, posing a threat to enterprise data protection.
  • Browser-native ransomware operates within the browser and does not require any downloads, targeting the victim's digital identity.
  • The attacks leverage AI agents to automate the majority of the attack sequence, making social engineering and interference from attackers minimal.
  • The report advises enterprises to reconsider their browser security strategy and invest in a browser-native solution to combat the next generation of ransomware attacks.

Read Full Article

like

23 Likes

source image

Securityaffairs

3d

read

251

img
dot

Image Credit: Securityaffairs

Crooks target DeepSeek users with fake sponsored Google ads to deliver malware

  • Cybercriminals are exploiting the popularity of DeepSeek by using fake sponsored Google ads to distribute malware.
  • Crooks are using DeepSeek as a lure to trap unsuspecting Google searchers.
  • The researchers observed that cybercriminals created a convincing fake DeepSeek website linked to malicious Google ads.
  • The researchers recommend avoiding clicking on sponsored search results and always verifying the advertiser by checking the details behind the URL to ensure it’s the legitimate brand owner.

Read Full Article

like

15 Likes

source image

Cybersecurity-Insiders

3d

read

132

img
dot

Image Credit: Cybersecurity-Insiders

NHS LockBit ransomware attack yields £3.07 million penalty on tech provider

  • The UK's Information Commissioner's Office (ICO) has fined technology provider Advanced Computer Software Group £3.07 million for its role in the LockBit ransomware attack on the National Health Service (NHS).
  • Around 79,000 individuals, including patients and staff, were affected by the breach, which occurred through a third-party technology provider.
  • The ICO determined that Advanced failed to implement proper security measures, such as Multi-Factor Authentication, and exposed sensitive data to cybercriminals.
  • The fine demonstrates the ICO's commitment to holding businesses accountable for data breaches and highlights the importance of proactive cybersecurity measures.

Read Full Article

like

7 Likes

source image

TechCrunch

4d

read

322

img
dot

Image Credit: TechCrunch

UnitedHealth removes mentions of DEI from its website

  • UnitedHealth Group has removed much of its website mentioning its diversity, equity, and inclusion (DEI) policies.
  • Multiple web pages dedicated to DEI no longer load and redirect to a 'page not found' error.
  • The company removed a 2022 blog post featuring a conversation with its vice president of DEI.
  • UnitedHealth replaced 'Diversity, Equity, and Inclusion' with a 'Culture of Belonging' page which does not include previous references to diversity efforts.

Read Full Article

like

19 Likes

source image

Securityaffairs

4d

read

72

img
dot

Image Credit: Securityaffairs

New ReaderUpdate malware variants target macOS users

  • Multiple versions of the ReaderUpdate malware variants, written in Crystal, Nim, Rust, and Go, are targeting macOS users, according to SentinelOne researchers.
  • ReaderUpdate, a macOS malware loader, first appeared in 2020 and was later found delivering Genieo adware.
  • The malware variants are distributed in five different source languages, including Go, Crystal, Nim, Rust, and compiled Python.
  • The malware obfuscates strings and URLs, making it difficult to analyze and detect the threats it poses.

Read Full Article

like

4 Likes

source image

BGR

4d

read

52

img
dot

Image Credit: BGR

Update Chrome immediately to patch Google’s first first zero-day of 2025

  • Google has patched a critical Chrome zero-day vulnerability
  • The vulnerability was discovered during an investigation into a phishing campaign targeting Russian media outlets, universities, and government agencies.
  • The exploit bypassed Chrome's sandbox protection and allowed the deployment of spyware-grade malware.
  • Google issued a fix for the zero-day vulnerability with Chrome version 134.0.6998.178 and users are advised to update immediately.

Read Full Article

like

3 Likes

For uninterrupted reading, download the app