Malware News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Malware News

Securityaffairs

392

Image Credit: Securityaffairs

NailaoLocker ransomware targets EU healthcare-related entities

NailaoLocker ransomware targeted European healthcare organizations between June and October 2024.
The malware campaign, called The Green Nailao, involved the use of ShadowPad, PlugX, and the newly discovered NailaoLocker ransomware.
The attack exploited a zero-day vulnerability in Check Point VPN appliances, allowing the threat actors to access sensitive information and move laterally through the network.
Although the campaign shares similarities with China-linked APT groups, attribution remains uncertain.

Read Full Article

23 Likes

TechCrunch

Image Credit: TechCrunch

UK healthcare giant HCRG confirms hack after ransomware gang claims theft of sensitive data

U.K. healthcare giant HCRG Care Group is investigating a cybersecurity incident after a ransomware gang claimed to have breached the company’s systems and stolen sensitive data.
The Medusa ransomware group has allegedly stolen more than two terabytes of data, including employees’ personal information, medical records, financial records, and government identification documents.
HCRG has confirmed the incident and is working with external forensic specialists to investigate. It has informed the Information Commissioner's Office and other regulators.
The Medusa ransomware group is demanding a $2 million ransom from HCRG, threatening to publish the stolen data if the payment is not made.

Read Full Article

5 Likes

Socprime

234

Image Credit: Socprime

Ghost (Cring) Ransomware Detection: The FBI, CISA, and Partners Warn of Increasing China-Backed Group’s Attacks for Financial Gain

The FBI, CISA, and partners issue a joint alert warning of increasing Ghost (Cring) ransomware attacks by China-backed hackers for financial gain globally.
Ransomware recovery costs have surged to $2.73M in 2024, driving the need for advanced detection methods and cyber defense technology.
SOC Prime Platform offers detection rules to combat Ghost (Cring) ransomware, mapped to the MITRE ATT&CK framework for streamlined threat investigation.
Security professionals can access a broad set of detection rules compatible with various security solutions to detect vulnerability exploitation threats.
China-backed APT groups have been targeting organizations across 70+ countries since early 2021 using outdated software vulnerabilities and sophisticated attack techniques.
Ghost (Cring) ransomware operators leverage tools like Cobalt Strike, Mimikatz, and ransomware executables like Cring.exe and ElysiumO.exe to execute attacks and evade defenses.
Defenders recommend cybersecurity best practices such as maintaining backups, patching systems, and implementing MFA to mitigate the risks of Ghost (Cring) ransomware attacks.
The group employs ransom notes threatening data sale if ransoms are unpaid but rarely exfiltrates large data amounts, relying on encrypted email services for communication.
They disable security measures, encrypt files, clear logs, and hinder recovery efforts to maximize impact, emphasizing swift ransomware deployment over persistence.
To combat the increasing threats posed by Ghost (Cring) ransomware attacks, organizations are advised to enhance their cybersecurity posture and adopt proactive defense strategies.

Read Full Article

14 Likes

Cybersecurity-Insiders

248

Image Credit: Cybersecurity-Insiders

Ransomware attacks on Food and Agriculture sector could intensify

Ransomware attacks on Food and Agriculture sectors may intensify, according to a report.
Ransomware attacks in the sector increased by 27% in 2024.
These attacks put both customers and partners at risk, potentially causing shortages and supply chain disruptions.
New ransomware groups, such as RansomHub, are targeting the Food and Agriculture sectors.

Read Full Article

14 Likes

Discover more

Arstechnica

412

Image Credit: Arstechnica

Microsoft warns that the powerful XCSSET macOS malware is back with new tricks

Microsoft has detected a new variant of XCSSET, a powerful macOS malware.
This is the first publicly known update to the malware since 2022.
XCSSET initially gained attention for exploiting two zero-day vulnerabilities.
The malware has resurfaced in 2021, exploiting new zero-day vulnerabilities.

Read Full Article

24 Likes

Digitaltrends

343

Image Credit: Digitaltrends

Updated macOS malware variant uncovered by Microsoft

Microsoft has uncovered an updated variant of the XCSSET macOS malware, which is targeting Apple devices.
The new version of XCSSET features enhanced obfuscation methods and new infection strategies.
The malware uses infected projects in Apple's Xcode platform to infiltrate devices.
Microsoft has only observed limited attacks with this new variant but is sharing information to raise awareness.

Read Full Article

20 Likes

Securityaffairs

252

Image Credit: Securityaffairs

China-linked APT group Winnti targets Japanese organizations since March 2024

China-linked APT group Winnti targeted Japanese organizations in a cyberespionage campaign named RevivalStone in March 2024.
The campaign focused on manufacturing, materials, and energy sectors, utilizing an advanced version of the Winnti malware.
Winnti is part of a larger umbrella group consisting of several APT groups, including Winnti, Gref, PlayfullDragon, APT17, and others.
The attack chain involved exploiting an SQL injection, deploying a WebShell, conducting reconnaissance, and installing Winnti malware through a shared account.

Read Full Article

15 Likes

Securityaffairs

271

Image Credit: Securityaffairs

New XCSSET macOS malware variant used in limited attacks

Microsoft discovered a new variant of the Apple macOS malware XCSSET that was employed in limited attacks.
The latest variant of the XCSSET malware supports enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies.
The new variant of the malware uses two methods for persistence: the “zshrc” method and the “dock” method.
Microsoft Defender for Endpoint on Mac detects XCSSET, including this latest variant.

Read Full Article

16 Likes

Digitaltrends

Image Credit: Digitaltrends

Hackers opted for ransomware in 2024 for faster and more advanced attacks

Ransomware attacks are becoming more frequent and advanced, with hackers striking faster than ever before.
Ransomware-as-a-service offerings play a significant role in the rise of ransomware attacks, as the developers invest heavily in advanced toolsets and templates.
Hackers spend between 74 minutes and 2 hours on ransomware attacks before being detected, utilizing intricate strategies.
It is crucial for organizations to implement their own safety measures, such as multifactor authentication, access controls, patch management, data protection, and cybersecurity awareness training.

Read Full Article

2 Likes

Medium

289

Image Credit: Medium

String Crypter Visual Studio Extension

String Crypter Visual Studio Extension is designed to create a simple tool within Visual Studio to encrypt and decrypt strings using the XOR encryption technique.
The extension provides an easy-to-use interface to generate encrypted strings and also generates C++ code for decryption.
The XOR encryption technique is the core of this extension, and it encrypts or decrypts the input string using the XOR operation.
The String Crypter Visual Studio Extension makes it simple to encrypt and decrypt strings directly within the Visual Studio environment.

Read Full Article

17 Likes

Securityaffairs

239

Image Credit: Securityaffairs

New Golang-based backdoor relies on Telegram for C2 communication

Netskope Threat Labs discovered a Golang-based backdoor using Telegram for C2 communication, believed to be of Russian origin.
The backdoor exploits cloud apps to evade detection and acts as a backdoor after execution.
The malware connects to Telegram using an open-source Go package and supports four commands, including executing PowerShell commands and self-destruction.
The use of cloud apps presents challenges to defenders, and this backdoor highlights the utilization of such apps by attackers.

Read Full Article

14 Likes

Cybersecurity-Insiders

447

Image Credit: Cybersecurity-Insiders

Akira Ransomware is now targeting legacy servers of defunct companies

The Akira Ransomware gang has targeted a defunct Australian media company, Regency Media, and leaked valuable data on the dark web.
Regency Media, which has been non-operational for over two years, had sensitive information including personal details, non-disclosure agreements, and financial records stolen.
The stolen data consists of approximately 16GB of information, raising questions as to why the cyber criminals targeted an inactive company.
While the motive for targeting Regency Media remains unclear, cybersecurity experts suspect that the breach may have occurred around the time the company ceased operations in 2023.

Read Full Article

26 Likes

Socprime

325

Image Credit: Socprime

RedCurl/EarthKapre APT Attack Detection: A Sophisticated Cyber-Espionage Group Uses a Legitimate Adobe Executable to Deploy a Loader

The EarthKapre or RedCurl APT cyber-espionage group has targeted legal sector organizations with Indeed-themed phishing attacks.
In their latest attack, they employed reconnaissance commands, data exfiltration, and the deployment of the EarthKapre/RedCurl loader.
State-sponsored cyber groups from China, North Korea, Iran, and Russia demonstrated enhanced offensive capabilities in 2024.
RedCurl (EarthKapre APT) conducted a sophisticated operation targeting organizations in the legal sector.
SOC Prime Platform offers Sigma rules to detect potential RedCurl APT attacks effectively.
Security professionals can utilize eSentire’s Threat Response Unit analysis and Uncoder AI to hunt for IOCs and enhance threat detection.
The use of a legitimate Adobe executable, ADNotificationManager.exe, was observed in the latest RedCurl APT attack.
The attack involved phishing emails with malicious PDFs leading to the deployment of the EarthKapre loader.
RedCurl/EarthKapre malware uses various techniques like SysInternals AD Explorer and 7-Zip for data exfiltration.
Adversaries exploit different stages of attack, including string decryption functions and C2 infrastructure hosted on Cloudflare, to gather victim information.

Read Full Article

19 Likes

Securityaffairs

403

Image Credit: Securityaffairs

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog
Attackers exploit recently disclosed Palo Alto Networks PAN-OS firewalls bug
Valve removed the game PirateFi from the Steam video game platform because it contained malware
Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel

Read Full Article

24 Likes

Cybersecurity-Insiders

358

Image Credit: Cybersecurity-Insiders

Chinese Threat Group conducting espionage found moonlighting with ransomware

Chinese state-sponsored hackers known as Emperor Dragonfly have been found engaging in ransomware attacks in addition to their espionage operations.
This development suggests that some state actors are now involved in financially motivated cybercrime, potentially due to personal financial incentives or disruptions in state-backed cyber operations.
The trend of state-sponsored hackers moonlighting as ransomware operators raises questions about attribution and the impact on global cyber warfare policies.
There is speculation that the shift may be driven by inconsistent government funding for cyber operations, leading hackers to seek alternative income sources.

Read Full Article

21 Likes

For uninterrupted reading, download the app