A naukri.com initiative
Malware News
Socprime
4d
4
Image Credit: Socprime
CoffeeLoader Detection: A New Sophisticated Malware Family Spread via SmokeLoader
- CoffeeLoader is a new sophisticated malware that evades security protection by using advanced evasion techniques and Red Team methods spread via SmokeLoader.
- With over 1 billion malware strains circulating and 300 new malware pieces daily, early detection of emerging threats is crucial.
- SOC Prime Platform offers detection algorithms against CoffeeLoader attacks, compatible with various security solutions and mapped to the MITRE ATT&CK framework.
- Security professionals can hunt for IOCs using Zscaler research and Uncoder AI to transform IOCs into custom queries for SIEM or EDR platforms.
- CoffeeLoader, discovered in September 2024, is designed to download and execute secondary payloads stealthily using unique GPU-based packing techniques.
- The malware samples are packed, with CoffeeLoader mimicking ASUS's legitimate Armoury Crate utility using a packer called Armoury.
- CoffeeLoader establishes persistence via Windows Task Scheduler and uses varied evasion tactics like call stack spoofing, sleep obfuscation, and Windows fibers.
- It employs HTTPS for C2 communication, domain generation algorithms, and certificate pinning if primary C2 channels fail.
- CoffeeLoader, spread through SmokeLoader, shares similarities with it in behaviors like scheduled tasks for persistence and utilizing low-level Windows APIs.
- While a new SmokeLoader version shares some evasion features with CoffeeLoader, the relation between the two remains unclear.
Read Full Article
Like
Idownloadblog
4d
349
Image Credit: Idownloadblog
Ian Beer publishes in-depth analysis of BLASTPASS zero-click iMessage exploit from 2023
- Google Project Zero researcher Ian Beer has published an in-depth analysis of the BLASTPASS zero-click iMessage exploit.
- The exploit allowed attackers to compromise iPhones and iPads without any user input, by sending malicious images via iMessage.
- Beer's analysis highlights the need for sandboxing to treat all incoming attacker-controlled data as untrusted, rather than simply trusting file extensions.
- While the BLASTPASS exploit has been patched by Apple, the analysis suggests similar attacks may continue to be developed in the future.
Read Full Article
21 Likes
Securityaffairs
5d
257
Image Credit: Securityaffairs
Crooks target DeepSeek users with fake sponsored Google ads to deliver malware
- Cybercriminals are exploiting the popularity of DeepSeek by using fake sponsored Google ads to distribute malware.
- Crooks are using DeepSeek as a lure to trap unsuspecting Google searchers.
- The researchers observed that cybercriminals created a convincing fake DeepSeek website linked to malicious Google ads.
- The researchers recommend avoiding clicking on sponsored search results and always verifying the advertiser by checking the details behind the URL to ensure it’s the legitimate brand owner.
Read Full Article
15 Likes
Cybersecurity-Insiders
5d
135
Image Credit: Cybersecurity-Insiders
NHS LockBit ransomware attack yields £3.07 million penalty on tech provider
- The UK's Information Commissioner's Office (ICO) has fined technology provider Advanced Computer Software Group £3.07 million for its role in the LockBit ransomware attack on the National Health Service (NHS).
- Around 79,000 individuals, including patients and staff, were affected by the breach, which occurred through a third-party technology provider.
- The ICO determined that Advanced failed to implement proper security measures, such as Multi-Factor Authentication, and exposed sensitive data to cybercriminals.
- The fine demonstrates the ICO's commitment to holding businesses accountable for data breaches and highlights the importance of proactive cybersecurity measures.
Read Full Article
8 Likes
TechCrunch
5d
328
Image Credit: TechCrunch
UnitedHealth removes mentions of DEI from its website
- UnitedHealth Group has removed much of its website mentioning its diversity, equity, and inclusion (DEI) policies.
- Multiple web pages dedicated to DEI no longer load and redirect to a 'page not found' error.
- The company removed a 2022 blog post featuring a conversation with its vice president of DEI.
- UnitedHealth replaced 'Diversity, Equity, and Inclusion' with a 'Culture of Belonging' page which does not include previous references to diversity efforts.
Read Full Article
19 Likes
Securityaffairs
5d
73
Image Credit: Securityaffairs
New ReaderUpdate malware variants target macOS users
- Multiple versions of the ReaderUpdate malware variants, written in Crystal, Nim, Rust, and Go, are targeting macOS users, according to SentinelOne researchers.
- ReaderUpdate, a macOS malware loader, first appeared in 2020 and was later found delivering Genieo adware.
- The malware variants are distributed in five different source languages, including Go, Crystal, Nim, Rust, and compiled Python.
- The malware obfuscates strings and URLs, making it difficult to analyze and detect the threats it poses.
Read Full Article
4 Likes
BGR
6d
53
Image Credit: BGR
Update Chrome immediately to patch Google’s first first zero-day of 2025
- Google has patched a critical Chrome zero-day vulnerability
- The vulnerability was discovered during an investigation into a phishing campaign targeting Russian media outlets, universities, and government agencies.
- The exploit bypassed Chrome's sandbox protection and allowed the deployment of spyware-grade malware.
- Google issued a fix for the zero-day vulnerability with Chrome version 134.0.6998.178 and users are advised to update immediately.
Read Full Article
3 Likes
Medium
6d
4
Image Credit: Medium
To Pay Or Not To Pay: A Hacking Victim’s Dilemma
- Ransomware is commonly delivered via phishing or by exploiting security holes in computer's operating systems.
- Once infected, the hacker demands a ransom in order to restore access to the encrypted data.
- Law enforcement agencies advise against paying the ransom, as it encourages hackers to create more ransomware.
- It is important to verify if you are a victim of actual ransomware and take steps to remove the malware while ensuring data protection.
Read Full Article
Like
Securityaffairs
6d
358
Image Credit: Securityaffairs
BlackLock Ransomware Targeted by Cybersecurity Firm
- Resecurity found an LFI flaw in the leak site of BlackLock ransomware, exposing clearnet IPs and server details.
- Cybersecurity experts exploited the vulnerability and obtained additional information related to the ransomware network infrastructure.
- BlackLock Ransomware is one of the fastest-growing strains, targeting organizations in various sectors across different countries.
- The rebranding of BlackLock as Mamona Ransomware and the takeover by DragonForce group are potential developments in this scenario.
Read Full Article
21 Likes
Cybersafe
6d
32
Image Credit: Cybersafe
RedCurl Cyberspies deploy Ransomware to target Hyper-V Servers
- RedCurl, a cyber-espionage group, expands its operations by deploying ransomware targeting Hyper-V servers.
- RedCurl historically focused on data exfiltration, but recently started using ransomware in at least one confirmed case.
- The group uses phishing emails with disguised .img attachments as the initial attack vector.
- RedCurl's new ransomware, named QWCrypt, specifically encrypts virtual machines hosted on Microsoft Hyper-V.
Read Full Article
1 Like
Siliconangle
6d
189
Image Credit: Siliconangle
SecurityScorecard report reveals surge in third-party breaches across industries
- A new report reveals a surge in vendor-driven attacks as third-party breaches increase.
- 36% of all breaches in 2024 were third-party related, with 47% involving technology products and services.
- Retail and hospitality had the highest third-party breach rate at 52%, followed by the technology industry at 47%.
- To counter third-party breaches, organizations are advised to align risk management strategies and prioritize protections for high-risk infrastructure.
Read Full Article
11 Likes
Medium
6d
343
Image Credit: Medium
Heads Up, CS2 Players! Scammers Are Stealing Steam Accounts with Fake Login Screens
- Scammers are stealing Steam accounts with fake login screens.
- They are using a trick called 'Browser-in-the-Browser' to make it look like a legitimate login.
- CS2 players are being targeted due to the value of their accounts and in-game items.
- To stay safe, players should be cautious of fake login screens and enable Steam Guard.
Read Full Article
20 Likes
Securityaffairs
7d
178
Image Credit: Securityaffairs
Android malware campaigns use .NET MAUI to evade detection
- Researchers warn of a new Android malware that uses .NET MAUI to mimic legit services and evade detection.
- The malware disguises itself as legitimate services to steal sensitive information from users.
- It uses hidden C# blob binaries instead of traditional DEX files for evasion.
- Malware authors leverage various techniques like multi-stage loading and encryption to obfuscate the malicious behaviors.
Read Full Article
10 Likes
Pymnts
7d
240
Image Credit: Pymnts
Cybersecurity Agency Faces Scrutiny Amid Spending Cuts, Personnel Shifts
- The Cybersecurity and Infrastructure Security Agency (CISA), a part of the U.S. Department of Homeland Security, is facing scrutiny as the Department of Government Efficiency looks to make spending cuts.
- CISA has clarified that it has not laid off their red team, but has terminated contracts to eliminate duplication of effort.
- However, concerns have been raised about personnel moves at CISA, with former employees emphasizing the potential negative impact on the agency's capabilities.
- CISA plays a crucial role in protecting businesses from cyber threats and has developed tools and frameworks to help organizations enhance their cybersecurity defenses.
Read Full Article
14 Likes
Sentinelone
7d
398
Image Credit: Sentinelone
ReaderUpdate Reforged | Melting Pot of macOS Malware Adds Go to Crystal, Nim and Rust Variants
- ReaderUpdate is a macOS malware loader platform that has been observed since 2020 but largely unnoticed by vendors, delivering Genieo adware.
- New variants in Crystal, Nim, Rust, and Go were identified, with SentinelOne linking them to ReaderUpdate infections.
- The original ReaderUpdate binary is a x86 Mach-O weighing 5.63Mb, embedding Python runtime and an obfuscated script.
- The malware reaches out to C2 domains and delivers payloads like Genieo adware, sharing similarities with older samples.
- ReaderUpdate variants exist in Python, Go, Crystal, Rust, and Nim, primarily targeting x86 Intel architecture.
- These malware variants are commonly distributed through free software or trojanized utility apps, impacting older macOS versions.
- The Go variant's technical breakdown reveals system information collection, C2 communication, and potential for executing remote commands.
- Variant-specific sizes and SHA-1 hashes for the Python, Go, Crystal, Rust, and Nim versions of ReaderUpdate were provided.
- The Go variant of ReaderUpdate has been less common compared to others, with only 9 identified samples linked to 7 unique domains.
- Multiple domains and infrastructure connect different variants, showing an ongoing campaign for stealthy malware distribution.
Read Full Article
23 Likes
For uninterrupted reading, download the app