menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Malware News

Malware News

source image

Securityaffairs

3d

read

128

img
dot

Image Credit: Securityaffairs

Australian Firstmac Limited disclosed a data breach after cyber attack

  • Firstmac Limited, one of the largest non-bank lenders in Australia, disclosed a data breach after the Embargo extortion group leaked over 500GB of data allegedly stolen from the company.
  • The breach resulted in unauthorized access to customer information, including names, contact information, date of birth, external bank account details, and driver's license numbers.
  • Firstmac Limited assures that customer funds are secure, and there is no evidence of any impact on current customer accounts.
  • Impacted customers are being provided with identity theft protection services and advised to monitor their bank accounts for suspicious activity.

Read Full Article

like

7 Likes

share

1 Share

source image

Cybersecurity-Insiders

3d

read

229

img
dot

Image Credit: Cybersecurity-Insiders

BlackBasta Ransomware targeted nearly 500 firms till May 2024

  • The BlackBasta Ransomware gang has targeted nearly 500 entities from April 2022 to May 2024.
  • They have primarily focused on healthcare-related entities in Australia, Europe, and North America.
  • A separate report reveals a 500% increase in average ransom payments by victims in 2023.
  • Paying the ransom doesn't guarantee a decryption key or prevent the sale of stolen data on the dark web.

Read Full Article

like

13 Likes

share

3 Shares

source image

Medium

4d

read

161

img
dot

Image Credit: Medium

Decrypting Ransomware: Unveiling the Digital Hostage Crisis.

  • Ransomware is a type of malware that encrypts or prevents access to vital information and systems within an organization.
  • There are two types of ransomware: encrypting ransomware and locker ransomware.
  • Encrypting ransomware encrypts important files and demands ransom for decryption, while locker ransomware takes over systems and prevents access until demands are met.
  • To protect against ransomware, it is important to be aware of its strategies, implement proactive security measures, and promote a culture of cyber awareness.

Read Full Article

like

9 Likes

share

2 Shares

source image

Medium

4d

read

376

img
dot

Image Credit: Medium

Steal RDP Password with API Hooking

  • RDPCredentialStealer is a malware that exploits Remote Desktop Protocol to steal sensitive user data using API Hooking with Detours in C++.
  • API Hooking intercepts function calls made by a target application and redirects them to malicious code, allowing the attacker to manipulate or capture sensitive information.
  • The malware is capable of infiltrating RDP sessions and pilfering valuable credentials without raising suspicion.
  • This article provides a deep dive into the mechanics of API Hooking and the RDPCredentialStealer’s operations.
  • RDPCredentialStealer silently infiltrates RDP sessions and steals user credentials, which can be used maliciously to gain unauthorized access to critical systems and sensitive data.
  • The article also highlights broader implications of RDPCredentialStealer and the potential impact on organizations and individuals.
  • The purpose of the tool is to raise awareness and encourage proactive security practices rather than facilitate malicious activities. Individuals and organizations can implement measures such as multi-factor authentication, security updates, and intrusion detection and prevention systems to safeguard their RDP environments.
  • RDP Credential Stealer is solely intended for educational and research purposes and should be used with appropriate legal rights and authorization.
  • Through comprehensive analysis and insights, the article aims to raise awareness among users, system administrators, and security professionals alike.
  • Get ready to unlock the secrets of ethical malware development with their unique course available from $15.

Read Full Article

like

22 Likes

share

5 Shares

source image

Medium

4d

read

319

img
dot

Image Credit: Medium

Into the Dark World of Lockbit 3.0: A Practical Showcase of RAAS and PDF Trojan Technique

  • Lockbit 3.0 is a highly sophisticated ransomware that is continuously evolving and adapting to evade detection.
  • It offers improved encryption techniques and expanded attack vectors, posing a significant threat to organizations and individuals.
  • Lockbit ransomware utilizes the concept of Ransomware-as-a-Service (RAAS) to allow cybercriminals to lease the ransomware infrastructure and customize their attacks without technical expertise.
  • The practical demonstration showcases how attackers use Lockbit builders and scripting languages like AutoIT to craft sophisticated ransomware payloads.
  • It also demonstrates how attackers conceal the malicious Lockbit payload within innocent files such as PDFs to lure victims into unwittingly executing the ransomware payload.
  • The Lockbit 3.0 attack results in the encryption of files, alteration of system settings, and potential data loss, thereby highlighting the critical need for proactive cybersecurity measures.
  • Adversaries could employ social engineering techniques to distribute the disguised ransomware Trojan through email attachments or downloads.
  • The file extension manipulation technique with tools like charmap can further disguise the Trojan and make it appear as a harmless PDF document to unsuspecting victims.
  • The practical demonstration underscores the importance of vigilance and cautious behavior when handling file attachments and downloads.
  • The future outlook of ransomware attacks remains challenging. However, implementing robust preventive measures, staying vigilant against emerging threats, and fostering a cybersecurity-aware culture can mitigate their impact.

Read Full Article

like

19 Likes

share

4 Shares

source image

Medium

4d

read

305

img
dot

Image Credit: Medium

Cybersecurity Breach Targets British Columbia Libraries, Threatening User Data

  • A cyberattack targeted British Columbia libraries, threatening user data.
  • The hacker demanded a ransom in exchange for not releasing sensitive user information.
  • No passwords or email contents were compromised, but email exchanges between addresses were accessed.
  • The Cariboo Regional District library was affected, and measures have been taken to enhance cybersecurity.

Read Full Article

like

18 Likes

share

4 Shares

source image

Cybersecurity-Insiders

4d

read

320

img
dot

Image Credit: Cybersecurity-Insiders

Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware

  • Redline malware is responsible for around 170 million passwords stolen in the last six months
  • Password-stealing malwares like Redline, Vidar, Raccoon Stealer and Meta steal credentials from individuals
  • The stolen credentials extracted by this type of malware will be sold on the dark web and used to steal information and money from victims
  • Password reuse is a problem that persists in the business world and employees reusing work passwords on other vulnerable sites or devices could lead to compromised passwords being used and eventually exploited by hackers
  • Deeper analysis of password-stealing malware is conducted to arm security professionals and businesses with the relevant knowledge to stay safe against latest threats
  • The RedLine malware is often bundled together with cryptocurrency miners and phishing is the main method for its distribution with cybercriminals exploiting global events
  • The Vidar malware employs sophisticated tactics to target specific regions and expands its distribution through PPI malware service PrivateLoader, the Fallout Exploit Kit, and the Colibri loader
  • The Raccoon Stealer malware operates under a ‘malware-as-a-service’ model and those selling it even market the malware with “test weeks,” giving hackers the opportunity to sample the product
  • Stolen credentials are highly coveted assets sold in bulk on the dark web for financial gain
  • Password reuse presents a major vulnerability in the realm of cybercrime, as even strong passwords can be compromised if reused on unsecure platforms

Read Full Article

like

19 Likes

share

4 Shares

source image

Medium

4d

read

61

img
dot

Image Credit: Medium

Russian hacker Dmitry Khoroshev unmasked as LockBit ransomware administrator

  • The UK's National Crime Agency (NCA) has identified the administrator of LockBit ransomware as Dmitry Khoroshev, a Russian citizen.
  • Khoroshev, also known as LockBitSupp and putinkrab, is subject to an asset freeze and travel ban, with a reward of up to $10 million for information leading to his arrest.
  • Authorities have obtained over 2,500 decryption keys and are reaching out to LockBit ransomware victims to provide support.
  • Khoroshev faces a potential sentence of 185 years in prison and a $250,000 fine for each charge.

Read Full Article

like

3 Likes

share

Share

source image

Insider

4d

read

309

img
dot

Image Credit: Insider

Hackers are now targeting the children of corporate executives in elaborate ransomware attacks

  • Hackers are targeting the children of corporate executives in elaborate ransomware attacks.
  • Mandiant, a leading cybersecurity firm, reports the rise of ransomware attacks targeting executive's children.
  • Hackers are using techniques such as SIM swapping and caller ID spoofing on children's phones.
  • These attacks put an extra burden on executives who must choose between protecting customers and their families.

Read Full Article

like

18 Likes

share

4 Shares

source image

Securityaffairs

4d

read

97

img
dot

Image Credit: Securityaffairs

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

  • Black Basta ransomware affiliates have breached over 500 organizations between April 2022 and May 2024, FBI and CISA reported.
  • The Black Basta ransomware-as-a-service (RaaS) has targeted 12 critical infrastructure sectors, including Healthcare and Public Health.
  • The group has accumulated at least $107 million in Bitcoin ransom payments and has infected over 329 victims.
  • US agencies recommend implementing various mitigations, including prompt updates, multi-factor authentication, secure remote access software, backups, and following the #StopRansomware Guide.

Read Full Article

like

5 Likes

share

1 Share

source image

Medium

5d

read

4

img
dot

Image Credit: Medium

Cyber Insurance: The Essential Protection Your Business Needs in the Digital Age

  • In today’s digital landscape, businesses of all sizes face an ever-increasing risk of cyber attacks, data breaches, and ransomware incidents.
  • According to a recent report by IBM, the average cost of a data breach in 2023 was $4.45 million, a 15% increase over 3 years.
  • The need for robust cyber security measures and comprehensive cyber insurance has never been more pressing.
  • A comprehensive cyber insurance policy can provide coverage for a variety of expenses, such as data breach expenses, network interruptions, cyber extortion, and even social engineering attacks.
  • The consequences of a cyber attack can be far-reaching and devastating for businesses.
  • Cyber insurance can help businesses mitigate these risks by providing financial protection and access to specialized resources.
  • When selecting a cyber insurance policy, it’s essential to consider several key factors to ensure that the coverage meets the specific needs of the organization.
  • The cyber insurance landscape is constantly evolving, with new risks and coverage options emerging regularly.
  • While cyber insurance remains an essential tool for managing cyber risk, businesses must approach it with a clear understanding of its limitations and challenges.
  • By proactively investing in cyber insurance and implementing robust cyber security measures, businesses can position themselves for success in the digital age and protect their most valuable assets from the growing threat of cyber attacks.

Read Full Article

like

Like

share

Share

source image

Medium

5d

read

185

img
dot

Image Credit: Medium

North Korean Hackers Deploy New Golang Malware ‘Durian’ Against Crypto Firms

  • North Korean hackers have deployed a new Golang malware called 'Durian' against crypto firms.
  • The malware boasts comprehensive backdoor functionality, enabling the execution of commands, file downloads, and exfiltration of files.
  • The attacks occurred in August and November 2023, using legitimate South Korean software as an infection pathway.
  • The malware is used to pilfer browser-stored data and has been associated with the Kimsuky hacking group.

Read Full Article

like

11 Likes

share

2 Shares

source image

Cybertalk

6d

read

82

img
dot

Image Credit: Cybertalk

10 ways generative AI drives stronger security outcomes

  • Generative AI has significant potential in the security space, but adoption has been slow due to the complexity of running mature enterprise-ready generative AI.
  • Generative AI can create customized threat scenarios and persona-based risk assessments, making businesses aware of more elusive risks.
  • The technology can enhance honeypot traps and assist with policy development and optimization by analyzing historical security incidents.
  • Generative AI algorithms provide excellent results in malware detection and detecting new malware strains, including ones with self-evolving techniques.
  • Generative AI can assist with writing secure codes by refactoring code to eliminate common security flaws and vulnerabilities.
  • Generative AI’s ability to create synthetic training data has positive implications for privacy and cyber security. It can anonymize medical data and prevent data exposure breaches.
  • Machine learning tools can assist with vulnerability management by analyzing past data and predicting vulnerabilities ahead of time.
  • Generative AI and ML can sift through massive datasets and detect fraud quicker and more accurately than humans.
  • Generative AI can also simulate social engineering attacks for employee training and can be used to develop deepfakes of known persons.
  • A comprehensive account of generative AI opportunities for businesses in the security space. It can strengthen organizational abilities to plan for and contend with emerging cyber threats.

Read Full Article

like

4 Likes

share

1 Share

source image

Gbhackers

6d

read

368

img
dot

HijackLoader Malware Attack Windows Via Weaponized PNG Image

  • Researchers unveil updates to HijackLoader malware, a versatile modular loader.
  • HijackLoader deploys threats like Amadey, Lumma Stealer, Racoon Stealer, and Remcos RAT.
  • The malware uses a PNG image to decrypt and initiate loading of subsequent stages.
  • Indicators of Compromise (IOCs) and list of MITRE ATT&CK techniques provided to help detect and mitigate the impact of the malware.

Read Full Article

like

22 Likes

share

5 Shares

source image

Gbhackers

7d

read

352

img
dot

Researchers Hacked into Apple Infrastructure Using SQL Injection

  • Researchers found a significant SQL injection vulnerability in Apple's Book Travel portal.
  • The vulnerability allowed attackers to exploit the JSON API and gain access to Apple's environment.
  • Researchers successfully conducted Remote Code Execution (RCE) through the SQL injection vulnerability.
  • Apple promptly addressed the issue and implemented a fix within two hours of the report.

Read Full Article

like

21 Likes

share

4 Shares

Prev

1
2
3
4
5
6
7
8
9
10

Next

For uninterrupted reading, download the app