menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Malware News

Malware News

source image

Arstechnica

1M

read

386

img
dot

Image Credit: Arstechnica

Hundreds of code libraries posted to NPM try to install malware on dev machines

  • An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository.
  • The malicious packages have names that are similar to legitimate ones for code libraries like Puppeteer and Bignum.js.
  • Researchers from the security firm Phylum discovered the campaign, highlighting the prevalence of supply chain attacks.
  • This attack follows a similar campaign a few weeks ago targeting developers using forks of the Ethers.js library.

Read Full Article

like

23 Likes

share

5 Shares

source image

Securityaffairs

1M

read

327

img
dot

Image Credit: Securityaffairs

July 2024 ransomware attack on the City of Columbus impacted 500,000 people

  • The July 2024 ransomware attack on the City of Columbus, Ohio, impacted 500,000 individuals.
  • The attack was successfully thwarted, and no systems were encrypted.
  • The Rhysida ransomware gang claimed responsibility for the attack and demanded 30 Bitcoin ($1.9 million) for stolen data.
  • The City of Columbus determined that the attack compromised personal and financial information of the affected individuals.

Read Full Article

like

19 Likes

share

4 Shares

source image

TechCrunch

1M

read

13

img
dot

Image Credit: TechCrunch

Columbus says ransomware gang stole personal data of 500,000 Ohio residents

  • The City of Columbus, Ohio confirms that hackers stole personal data of 500,000 residents during a ransomware attack.
  • The compromised information includes names, dates of birth, addresses, identification documents, Social Security numbers, and bank account details.
  • Columbus disconnected its network from the internet to thwart the attack and the ransomware gang responsible demanded 30 bitcoins (around $1.9 million) in exchange for the stolen data.
  • Rhysida, the ransomware gang, claims to have uploaded 3.1 terabytes of unsold data stolen from Columbus on the dark web.

Read Full Article

like

Like

share

Share

source image

Securityaffairs

1M

read

109

img
dot

Image Credit: Securityaffairs

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

  • Chinese threat actors use Quad7 botnet in password-spray attacks
  • FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info
  • Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide
  • PTZOptics cameras zero-days actively exploited in the wild

Read Full Article

like

6 Likes

share

1 Share

source image

Securityaffairs

1M

read

392

img
dot

Image Credit: Securityaffairs

Chinese threat actors use Quad7 botnet in password-spray attacks

  • Microsoft warns Chinese threat actors are using the Quad7 botnet to carry out password-spray attacks and steal credentials.
  • Quad7 botnet, also known as CovertNetwork-1658, targets SOHO devices and VPN appliances.
  • Chinese threat actors, including Storm-0940, are using credentials obtained from Quad7 botnet through password-spray attacks.
  • Microsoft advises organizations to prioritize credential hygiene and harden cloud identities to defend against password spraying.

Read Full Article

like

23 Likes

share

5 Shares

source image

Securityaffairs

1M

read

155

img
dot

Image Credit: Securityaffairs

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

  • Sophos reveals years-long battle with China-linked threat actors using custom implants to track their activities.
  • Sophos publishes a series of reports named 'Pacific Rim' detailing Chinese hackers' operations targeting network devices worldwide for over 5 years.
  • China-linked threat actors targeted multiple vendors, exploited vulnerabilities in networking devices, and used zero-day vulnerabilities.
  • Sophos observed evolving tactics including targeting critical infrastructure, using stealth techniques, and improving operational security.

Read Full Article

like

9 Likes

share

2 Shares

source image

Securityaffairs

1M

read

9

img
dot

Image Credit: Securityaffairs

New LightSpy spyware version targets iPhones with destructive capabilities

  • The new LightSpy spyware version, which targets iOS devices, has destructive abilities that allow it to block compromised devices from booting up.
  • This modular spyware can steal files from popular applications, record audio, harvest browser history, and more.
  • The updated iOS version of LightSpy has expanded plugins to 28, from 12 before, including 7 that disrupt device booting.
  • The iOS version of this spyware targets platforms up to version 13.3, and it gains initial access with the Safari exploit CVE-2020-9802 and for privilege escalation with CVE-2020-3837.
  • This spyware is capable of deleting media files, SMS messages, and contacts, freezing devices, and preventing restarts. Some of the above plugins can simulate fake push notifications with specific URLs.
  • The authors of this spyware used five active C2 servers, and some samples labeled 'DEMO' suggest that the infrastructure might be used for demonstration rather than active deployment.
  • The delivery method for the iOS implant is similar to that of the macOS version, but the two versions rely on different post-exploitation and privilege escalation stages.
  • The researchers suggest that watering hole attacks may be the method of distribution, and they believe the operators have a Chinese origin.
  • Since the threat actors use a 'Rootless Jailbreak' — which doesn't survive a device reboot — a regular reboot may provide some protection for Apple device users.
  • Evidence collected by the researchers suggests that this spyware was developed by the same team that designed the macOS version.

Read Full Article

like

Like

share

Share

source image

Securityaffairs

1M

read

59

img
dot

Image Credit: Securityaffairs

LottieFiles confirmed a supply chain attack on Lottie-Player

  • LottieFiles confirmed a supply chain attack on Lottie-Player.
  • Threat actors targeted cryptocurrency wallets to steal funds.
  • The attack involved unauthorized versions of the npm package.
  • LottieFiles is investigating the incident and implementing security measures.

Read Full Article

like

3 Likes

share

Share

source image

Cybersecurity-Insiders

1M

read

305

img
dot

Image Credit: Cybersecurity-Insiders

Medusa Ransomware attack impacts 1.8 million patients

  • The Medusa Ransomware attack has affected over 1.8 million patients associated with Summit Pathology Laboratory in Colorado.
  • The breach occurred when an employee clicked on a phishing email, compromising sensitive patient information.
  • Compromised information includes names, addresses, medical histories, and financial data, posing risk for identity theft and fraud.
  • Summit Pathology has paid a ransom to the hackers, sparking outrage and legal ramifications.

Read Full Article

like

18 Likes

share

4 Shares

source image

Pymnts

1M

read

397

img
dot

Image Credit: Pymnts

Securing the Cyber Perimeter Starts With Safeguarding Corporate Emails

  • Amazon's WorkMail enterprise email service now supports multi-factor authentication (MFA) through integration with Amazon Web Services (AWS) Identity and Access Management (IAM) Identity Center.
  • Multi-factor authentication adds an extra layer of security by requiring users to confirm their identity using two or more authentication factors.
  • While it is surprising that Amazon took eight years to implement MFA in its email business, MFA will still need to be manually configured by administrators for each WorkMail user.
  • MFA helps counteract phishing, business email compromise (BEC), and other cyberattacks targeting email accounts and adds a robust layer of protection to sensitive corporate information.

Read Full Article

like

23 Likes

share

5 Shares

source image

Dataprivacyandsecurityinsider

1M

read

388

img
dot

Image Credit: Dataprivacyandsecurityinsider

Scary Halloween News: Jumpy Pisces Using Play Ransomware to Attack Organizations

  • Jumpy Pisces, a North Korean state-sponsored threat group, is collaborating with the Play ransomware group.
  • Jumpy Pisces has previously engaged in cyberespionage, financial crime, and ransomware attacks.
  • This collaboration marks the first observed instance of Jumpy Pisces using an existing ransomware infrastructure.
  • Organizations need to be vigilant as Jumpy Pisces' activity may be a precursor to ransomware attacks.

Read Full Article

like

23 Likes

share

5 Shares

source image

TechCrunch

1M

read

310

img
dot

Image Credit: TechCrunch

2024 looks set to be another record-breaking year for ransomware — and it’s likely going to get worse

  • 2024 is projected to be another record-breaking year for ransomware.
  • Hackers continue to profit from data-theft attacks, with record-breaking ransoms being paid.
  • Younger threat actors joining the ransomware industry may worsen the situation.
  • Banning ransom payments is seen as a possible solution to deter attackers.

Read Full Article

like

18 Likes

share

4 Shares

source image

Cybersecurity-Insiders

1M

read

141

img
dot

Image Credit: Cybersecurity-Insiders

Facebook alerts users about the ongoing Malvertising Campaign

  • Facebook is currently facing a malvertising campaign that spreads malware.
  • The campaign involves the distribution of malware to infiltrate Facebook accounts and capture user credentials.
  • Hackers are using various tactics such as posting malicious links to lure unsuspecting users.
  • Users are advised to enhance their account security through multi-factor authentication methods and remain vigilant against suspicious links.

Read Full Article

like

8 Likes

share

1 Share

source image

Securityaffairs

1M

read

425

img
dot

Image Credit: Securityaffairs

New version of Android malware FakeCall redirects bank calls to scammers

  • The latest FakeCall malware version for Android intercepts outgoing bank calls, redirecting them to attackers to steal sensitive info and bank funds.
  • FakeCall is a banking trojan that impersonates banks in fraudulent calls to obtain sensitive information from victims.
  • The new version of FakeCall sets itself as the default call handler, allowing it to control all outgoing calls and redirect them to scammers.
  • The malware mimics the legitimate Android call interface, displaying the real bank's phone number to deceive users and gain unauthorized access to financial accounts.

Read Full Article

like

25 Likes

share

5 Shares

source image

BGR

1M

read

22

img
dot

Image Credit: BGR

Terrifying Android malware redirects your calls to hackers

  • FakeCall, a sophisticated Android malware, is now capable of redirecting phone calls to hackers.
  • The malware uses a technique called vishing (voice phishing) to trick victims into disclosing sensitive information.
  • By installing the malware, hackers can intercept and control incoming and outgoing calls, making unauthorized connections and replacing dialed numbers with malicious ones.
  • This highlights the importance of avoiding the download of apps or APKs that are not available on the official Google Play store.

Read Full Article

like

1 Like

share

Share

Prev

10
11
12
13
14
15

Next

For uninterrupted reading, download the app