menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Malware News

Malware News

source image

Securityaffairs

1M

read

85

img
dot

China’s Volt Typhoon botnet has re-emerged

  • The China-linked Volt Typhoon’s botnet has resurfaced using the same infrastructure and techniques, per SecurityScorecard researchers.
  • Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. and Guam without being detected.
  • The group managed to maintain access without being detected for as long as possible.
  • The APT group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.
  • In December 2023, the Black Lotus Labs team at Lumen Technologies linked a small office/home office (SOHO) router botnet to the operations of China-linked threat actor Volt Typhoon.
  • The U.S. government neutralized the Volt Typhoon botnet taking over its C2 and deleting the bot from infected devices. However, despite the botnet disruption, Volt Typhoon remains active.
  • In February, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assessed that People’s Republic of China (PRC) state-sponsored cyber actors warned that the APT group had been pre-positioning itself on IT networks.
  • SecurityScorecard warned that the botnet is back, and it is composed of compromised Netgear ProSafe, Cisco RV320/325 and Mikrotik networking devices.
  • While Volt Typhoon doesn’t use ransomware, its ecosystem benefits from Ransomware-as-a-Service (RaaS), where ransom payments fund advanced tools.
  • Volt Typhoon is both a resilient botnet—and a warning. Without decisive action, this silent threat could trigger a critical infrastructure crisis driven by vulnerabilities left unresolved.

Read Full Article

like

5 Likes

source image

Cybersecurity-Insiders

1M

read

401

img
dot

Image Credit: Cybersecurity-Insiders

Hacking Groups Collaborate for Double Ransom Scheme

  • Cybercriminal groups are teaming up to maximize profits by deploying two types of malicious attacks in succession.
  • The strategy involves spreading information-stealing malware first, followed by a ransomware attack.
  • Recent incidents in Colombia and the BlackCat (ALPHV) ransomware group highlight this trend of collaboration.
  • Experts warn that this trend could become more common in the future.

Read Full Article

like

24 Likes

source image

TechJuice

1M

read

171

img
dot

Image Credit: TechJuice

NCERT Warns of Hackers Targeting Pakistanis through Android Apps

  • The National Computer Emergency Response Team (CERT) has issued an advisory about hackers targeting Pakistani officials through compromised Android apps.
  • These malicious apps, available on the Google Play Store, aim to collect sensitive personal and financial data from users' mobile devices.
  • CERT advises users to uninstall suspicious apps and take proactive measures such as verifying app developers' identity and reviewing app permissions.
  • Additional security measures like strong passwords, multifactor authentication, and data backup are recommended to reduce the impact of a compromise.

Read Full Article

like

10 Likes

source image

Siliconangle

1M

read

428

img
dot

Image Credit: Siliconangle

Zscaler launches Zero Trust Segmentation to enhance security across branches and clouds

  • Zscaler Inc. has launched Zero Trust Segmentation, a solution that enhances security across branches and clouds.
  • Zero Trust Segmentation eliminates the need for traditional firewalls, SD-WANs, and site-to-site VPNs by turning branches, factories, and cloud environments into isolated, secure "virtual islands."
  • By connecting directly to the Zscaler cloud platform, Zero Trust Segmentation enforces business policies to prevent ransomware spread, secure IoT and operational technology systems, and reduce network complexity.
  • The offering comes in two parts: Zero Trust Segmentation for Branch and Factories, and Zero Trust Segmentation for Data Centers and Public Clouds.

Read Full Article

like

25 Likes

source image

Securityaffairs

1M

read

126

img
dot

Image Credit: Securityaffairs

A cyberattack on payment systems blocked cards readers across stores and gas stations in Israel

  • A cyberattack in Israel disrupted credit card readers across stores and gas stations.
  • The attack was a DDoS attack that targeted the company responsible for the operations of the devices.
  • The attack lasted for an hour but was mitigated, and no personal or financial data was compromised.
  • The attack is believed to be linked to ongoing military operations, and an Iran-linked hacker group claimed responsibility.

Read Full Article

like

7 Likes

source image

Socprime

1M

read

153

img
dot

Image Credit: Socprime

Interlock Ransomware Detection: High-Profile and Double-Extortion Attacks Using a New Ransomware Variant

  • Adversaries employ new Interlock ransomware in big-game hunting and double-extortion attacks.
  • Interlock ransomware variant targets organizations globally in various sectors.
  • Interlock ransomware operators maintain a data leak site and exploit unpatched vulnerabilities.
  • Interlock ransomware encrypts files and demands ransom under threat of data leakage.

Read Full Article

like

9 Likes

source image

Securityaffairs

1M

read

343

img
dot

Image Credit: Securityaffairs

Ymir ransomware, a new stealthy ransomware grow in the wild

  • Kaspersky researchers discovered a new ransomware family called Ymir ransomware.
  • Ymir ransomware was deployed after breaching systems via PowerShell commands.
  • The ransomware uses the stream cipher ChaCha20 algorithm to encrypt files.
  • The attack involved the use of RustyStealer malware as a precursor to weaken defenses.

Read Full Article

like

20 Likes

source image

Cybersecurity-Insiders

1M

read

185

img
dot

Image Credit: Cybersecurity-Insiders

Rising Threat of Malware and DDoS Attacks on Government Organizations

  • The FBI and CISA have issued warnings about the increasing threat of DDoS attacks on government organizations, including election infrastructure.
  • Attacks on everyday devices with weak security, such as IP cameras, are being used as backdoors to initiate widespread cyberattacks.
  • Potential impacts of these attacks include compromised physical security, delayed voting, and eroded public confidence in election integrity.
  • Mitigation strategies include regular firmware updates, network segmentation, and enforcing strict authentication measures.

Read Full Article

like

11 Likes

source image

Cybersecurity-Insiders

1M

read

49

img
dot

Image Credit: Cybersecurity-Insiders

The Growing Threat of Ransomware in 2024: What You Need to Know

  • Ransomware attacks are increasingly becoming a top of mind challenge for organizations as they are causing operational disruptions and other material harms.
  • Between Q1 and Q2 of 2024, there has been a 20% surge in the number of organizations featured on ransomware leak sites, demonstrating the escalating threat of ransomware attacks.
  • Phishing attacks along with malware delivering ransomware are some of the common ways ransomware infiltrates an organization’s systems.
  • Remote Access Trojans (RATs) or Loaders are used to deliver ransomware, and the use of legitimate file-sharing websites makes it harder to differentiate between benign and malicious behavior.
  • Ransomware is most often delivered through the use of Initial Access Brokers (IABs), which sell access to infected computers across organizations, making it important for organizations to focus on how they procure IT resources from third-party vendors.
  • Companies and cybersecurity teams should examine real-world examples of malware that bypass Secure Email Gateways (SEGs) to gain a deeper understanding of the current threat landscape.
  • Implementing security awareness training that instills a sense of suspicion when it comes to online interactions and activities is one of the most effective steps a company can take to bolster proactive defenses.
  • Some of the notable ransomware groups observed bypassing SECs in the past six months include LockBit 3.0, BlackCat, BianLian, Akira, and BlackSuit.
  • Preventive measures and early detection are important to minimize the impact of an attack.
  • Ensuring security standards are met throughout supply chains and that third party access is tightly controlled is vitally important to mitigating risks.

Read Full Article

like

2 Likes

source image

Medium

1M

read

1.2k

img
dot

Image Credit: Medium

Amazon Confirms Data Breach: What It Means for Employee Security and Penetration Testing

  • Amazon confirms a data breach involving employee information caused by a vendor hack.
  • Over 2.8 million lines of Amazon employee data were leaked, but sensitive data was not compromised.
  • The breach highlights the risks associated with third-party service providers and the importance of penetration testing.
  • Wire Tor offers a 50% discount on penetration testing services to protect businesses from cyberattacks.

Read Full Article

like

17 Likes

source image

Medium

1M

read

379

img
dot

Image Credit: Medium

FBI Warns of Cybercriminals Exploiting Fake Emergency Data Requests (EDRs)! ️

  • The FBI has warned about cybercriminals exploiting fake emergency data requests (EDRs).
  • These fraudulent requests allow threat actors to access sensitive information under the guise of urgency.
  • The FBI reports a significant increase in cybercrime forums discussing the misuse of EDRs to target US-based organizations.
  • Organizations need to prioritize data protection and take necessary steps to prevent risks from fake EDRs.

Read Full Article

like

22 Likes

source image

Securityaffairs

1M

read

189

img
dot

A new fileless variant of Remcos RAT observed in the wild

  • Fortinet researchers discovered a new phishing campaign spreading a variant of the commercial malware Remcos RAT.
  • The phishing messages contain a malicious Excel document disguised as an order file to trick the recipient into opening the document. Upon opening the file, the RCE vulnerability CVE-2017-0199 is exploited.
  • The HTA file is wrapped in multiple layers using different script languages and encoding methods to evade detection.
  • The malicious code downloads an encrypted Remcos RAT file from a remote server, executes it as a fileless version directly into memory, allowing attackers to remotely control the infected system.

Read Full Article

like

11 Likes

source image

Securelist

1M

read

361

img
dot

Image Credit: Securelist

Ymir: new stealthy ransomware in the wild

  • A new ransomware family named “Ymir” has been discovered in active use by hackers. The malware uses tactics such as encryption and PowerShell remote-control to achieve its goals.
  • The attackers gained control via PowerShell remote control commands, and successfully reduced system security before deploying Ymir.
  • Ymir performs a range of operations in memory using malloc, memmove, and memcmp function calls. It also uses CryptoPP functions to encrypt files.
  • Static analysis shows the binary has suspicious API calls to functions such as CryptAcquireContextA, CryptReleaseContext, CryptGenRandom, TerminateProcess and WinExec.
  • The malware also contains a hardcoded list of file name extensions to exclude from encryption.
  • Dynamic analysis reveals hundreds of calls to the memmove function, which are used to load small pieces of instructions into memory for performing malicious functions.
  • The artifact uses the stream cipher ChaCha20 algorithm to encrypt files and appends the extension '.6C5oy2dVr6' for each encrypted file.
  • The article also describes the RustyStealer threat used by the hackers for controlling the affected machines, and their use of PowerShell remote-control capabilities and SystemBC scripts.
  • Various Ymir TTP techniques have been identified, including Command and Scripting Interpreter: PowerShell and Data Encrypted for Impact.
  • Kaspersky products detect this new threat as Trojan-Ransom.Win64.Ymir.gen.

Read Full Article

like

21 Likes

source image

Medium

1M

read

22

img
dot

Image Credit: Medium

Malicious PyPI Package Steals AWS Keys

  • A malicious PyPI package called 'fabrice' has been stealing AWS keys from unsuspecting developers.
  • With over 37,000 downloads, this package poses a significant risk to businesses and developers relying on PyPI.
  • The attack utilizes typosquatting to trick users into downloading the malicious package.
  • The stolen AWS credentials are sent to a VPN server in Paris, making detection and tracing difficult.

Read Full Article

like

1 Like

source image

Securityaffairs

1M

read

208

img
dot

Image Credit: Securityaffairs

Security Affairs newsletter Round 497 by Pierluigi Paganini – INTERNATIONAL EDITION

  • Mazda Connect flaws allow to hack some Mazda vehicles
  • Veeam Backup & Replication exploit reused in new Frag ransomware attack
  • Texas oilfield supplier Newpark Resources suffered a ransomware attack
  • Palo Alto Networks warns of potential RCE in PAN-OS management interface

Read Full Article

like

12 Likes

For uninterrupted reading, download the app