menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Malware News

Malware News

source image

Idownloadblog

7d

read

91

img
dot

Image Credit: Idownloadblog

How to protect your iPhone, iPad, and Mac from cyberattacks with Lockdown Mode

  • Apple's Lockdown Mode offers enhanced security for individuals targeted by sophisticated cyberattacks, limiting certain features on iPhone, iPad, or Mac.
  • Lockdown Mode prevents installation of spyware by blocking links in Messages, limiting functions in apps like Photos, FaceTime, and web browsing.
  • It restricts auto-joining non-secure Wi-Fi, blocks unknown FaceTime calls, excludes location sharing, and disables complex web technologies.
  • The mode prevents installation of configuration profiles, blocks certain app invitations, disables Game Center, and may affect AirDrop and Mail app functions.
  • Users can enable Lockdown Mode on iPhone, iPad, or Mac individually through device settings, with options to exclude websites or apps.
  • Excluded websites can be managed in settings to access trusted sites normally, and users can enable 2G connectivity if necessary.
  • To turn off Lockdown Mode, users need to access Privacy & Security settings and disable Lockdown Mode, restarting the device to resume normal operations.
  • Additional security features like Stolen Device Protection and Advanced Data Protection for iCloud are also recommended by Apple.

Read Full Article

like

5 Likes

share

1 Share

source image

Cybersecurity-Insiders

7d

read

45

img
dot

Image Credit: Cybersecurity-Insiders

Beware of fake file converting websites that instead push Malware

  • The FBI has issued a warning about the risks associated with deceptive file converting websites.
  • Some of these tools distribute malware, including ransomware.
  • Fraudulent sites often target users looking to convert documents, redirecting them to scams involving online betting or cryptocurrency investment schemes.
  • Users are advised to be cautious, verify website authenticity, and use trusted cybersecurity measures to prevent malware infections.

Read Full Article

like

2 Likes

share

Share

source image

Siliconangle

7d

read

91

img
dot

Image Credit: Siliconangle

Malicious AI tool mentions surge 200% across dark web channels in 2024

  • A report by KELA Research and Strategy Ltd. reveals a 200% increase in mentions of malicious AI tools on cybercrime forums in 2024.
  • The report also highlights a 52% rise in AI jailbreak discussions and the distribution of 'dark AI tools' used for phishing, malware development, and financial fraud.
  • AI-powered cyber threats are accelerating phishing campaigns, malware development, and deceptive social engineering.
  • KELA recommends implementing AI-driven security measures and employee training to combat the growing AI-powered cybercrime threat.

Read Full Article

like

5 Likes

share

1 Share

source image

Siliconangle

7d

read

203

img
dot

Image Credit: Siliconangle

Chainguard introduces libraries for secure language dependency management

  • Secure software supply chain solution provider Chainguard Inc. has launched Chainguard Libraries, a product line that offers secure language libraries built directly from source in supply-chain levels.
  • Chainguard Libraries provides a standardized endpoint for developers to consume language dependencies safely and securely, eliminating the risk of malware and other supply chain security threats.
  • The public registries such as PyPI, Maven, and NPM, which lack proper vetting and digital attestations, are vulnerable to attackers injecting malware into software packages.
  • Chainguard is expanding its offering beyond containerized application deployments to deliver safe open source across various compute modalities and the software development lifecycle.

Read Full Article

like

12 Likes

share

2 Shares

source image

Securityaffairs

1w

read

196

img
dot

Image Credit: Securityaffairs

Medusa ransomware uses malicious Windows driver ABYSSWORKER to disable security tools

  • Medusa ransomware campaign tracked by Elastic Security Labs.
  • Attackers use a malicious Windows driver named ABYSSWORKER to disable EDR tools.
  • Driver masquerades as a CrowdStrike Falcon driver and is signed with a revoked Chinese certificate.
  • ABYSSWORKER uses various techniques to obstruct static analysis and disable EDR systems.

Read Full Article

like

11 Likes

share

2 Shares

source image

Unite

1w

read

33

img
dot

Image Credit: Unite

Preventing Ransomware Attacks: Proactive Measures to Shield Your Business

  • Ransomware attacks pose a significant threat to businesses, causing disruptions and financial losses.
  • Implementing strong endpoint security is crucial, especially for organizations with remote teams.
  • Establishing BYOD policies and enforcing better password practices can enhance cybersecurity.
  • Regular data backups following the 3-2-1 rule are essential for recovery after a cyberattack.
  • Network segmentation and access control help limit the spread of ransomware within a system.
  • Conducting vulnerability assessments and penetration testing can identify security weaknesses.
  • Data security compliance and ethical AI practices are vital for safeguarding critical business data.
  • Encryption protocols and AI compliance standards play a key role in data protection.
  • Adopting a proactive risk management approach can reduce the likelihood of falling victim to ransomware attacks.
  • Following comprehensive strategies can enhance cybersecurity readiness and protect businesses from cyber threats.

Read Full Article

like

2 Likes

share

Share

source image

Securityaffairs

1w

read

1k

img
dot

Image Credit: Securityaffairs

FBI warns of malicious free online document converters spreading malware

  • The FBI warns of a significant increase in scams involving free online document converters to infect users with malware.
  • Threat actors are using malicious online document converters to steal sensitive information and infect systems with malware.
  • Fake file converters and download tools can provide resulting files containing hidden malware, giving criminals access to victims' devices.
  • The FBI advises staying cautious online, keeping antivirus software updated, and reporting any incidents to IC3.gov.

Read Full Article

like

26 Likes

share

9 Shares

source image

Securityaffairs

1w

read

62

img
dot

Image Credit: Securityaffairs

Cloak ransomware group hacked the Virginia Attorney General’s Office

  • The Cloak ransomware group claims responsibility for a cyberattack on the Virginia Attorney General’s Office that occurred in February.
  • A cyberattack on the Virginia Attorney General’s Office forced officials to shut down IT systems, including email and VPN, and revert to paper filings.
  • The group said that the waiting period had expired and claimed the theft of 134GB of sensitive data.
  • The Cloak ransomware group has been active since at least 2023 and breached more than one hundred organizations across the years.

Read Full Article

like

3 Likes

share

Share

source image

Securityaffairs

1w

read

281

img
dot

Image Credit: Securityaffairs

Security Affairs newsletter Round 516 by Pierluigi Paganini – INTERNATIONAL EDITION

  • U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash
  • Zero-day broker Operation Zero offers up to $4 million for Telegram exploits
  • RansomHub affiliate uses custom backdoor Betruger
  • Pennsylvania State Education Association data breach impacts 500,000 individuals

Read Full Article

like

16 Likes

share

3 Shares

source image

Medium

1w

read

189

img
dot

Image Credit: Medium

A Deep Dive into Malware Static Analysis: Dissecting Windows Reverse Shell for Threat Insights

  • John, the junior security analyst, conducted static analysis on a reverse shell malware to gather insights on the threat.
  • In static analysis, the file type of the malware was determined to be a 64-bit Windows PE file using tools like 'file' command on Kali Linux and hexdump.
  • Hashes (MD5, SHA1, SHA256) were generated for the malware to identify replicas and search for results online.
  • By analyzing the strings in the binary, John found clues that the malware communicated over the internet using cmd.exe.
  • Comments in the code and the type of strings present provided insights into the functionality and possible development environment of the malware.
  • Detection of a packed file, indicated by decreased file size and lack of readable strings, led to the discussion on packers, cryptors, and tools like ExeInfo for unpacking.
  • Further analysis involved examining PE Headers, DOS Header, File Header, Optional Header, sections, and imports to gather more information on the malware.
  • The compilation date, application type, and imported functions provided additional details on the malware's behavior.
  • Overall, John's thorough analysis provided a deeper understanding of the malware's structure and functionalities despite attempts to obfuscate it.
  • The article emphasizes the importance of static analysis in dissecting malware to unveil its potential threats and capabilities.

Read Full Article

like

11 Likes

share

2 Shares

source image

TechCrunch

1w

read

283

img
dot

Image Credit: TechCrunch

Valve removes video game demo suspected of being malware

  • Valve removed a video game called Sniper: Phantom’s Resolution from its online store Steam.
  • Users reported that the free demo for the game was installing malware on their computers.
  • This is not the first time Valve has encountered such issues, as they dealt with a similar situation last month with a game called PirateFi.
  • Valve has not yet provided any response or comment regarding the removal of the game from their platform.

Read Full Article

like

17 Likes

share

3 Shares

source image

Cybersecurity-Insiders

1w

read

122

img
dot

Image Credit: Cybersecurity-Insiders

Learn Malware Analysis with This Hands-on Course

  • ANY.RUN's Security Training Lab offers a learning environment for analyzing real-world malware and enhancing threat detection skills.
  • The program provides static and dynamic analysis, encryption algorithms, malware capabilities, and analysis of scripts and office files.
  • Audiences include security teams, students, and independent researchers who can benefit from practical tools and interactive tasks.
  • The course equips students with skills such as understanding malware behavior, mapping malware behaviors to known tactics, and using professional tools.

Read Full Article

like

7 Likes

share

1 Share

source image

Securityaffairs

1w

read

169

img
dot

Image Credit: Securityaffairs

RansomHub affiliate uses custom backdoor Betruger

  • Symantec researchers have identified a custom backdoor, named Betruger, linked to an affiliate of the RansomHub operation in recent ransomware attacks.
  • Betruger is a multi-function backdoor used for ransomware attacks that combines several features to minimize detection, such as screenshot capture, credential theft, keystroke logging, network scanning, and privilege escalation.
  • The backdoor is disguised as 'mailer.exe' or 'turbomailer.exe' to appear legitimate, but lacks mailing functions.
  • RansomHub, run by the cybercrime group Greenbottle, has become the most prolific ransomware operation, attracting affiliates by offering better terms and a higher percentage of ransom payments.

Read Full Article

like

10 Likes

share

2 Shares

source image

Kaspersky

1w

read

216

img
dot

Image Credit: Kaspersky

Fog ransomware publishes victim’s IP | Kaspersky official blog

  • Fog ransomware group has been publishing victim's IP addresses along with their data, a tactic not seen before in ransomware attacks.
  • The main purpose of publishing IP addresses is to increase psychological pressure on victims and make the incidents more visible and traceable.
  • Publishing IP addresses can make the victims more likely to face lawsuits and fines, therefore increasing the chances of the victim paying the ransom.
  • To stay safe, it is recommended to raise staff awareness about cyber threats, regularly backup critical data, use effective security solutions, and monitor infrastructure activity.

Read Full Article

like

13 Likes

share

3 Shares

source image

Securelist

1w

read

407

img
dot

Image Credit: Securelist

Threat landscape for industrial automation systems in Q4 2024

  • In Q4 2024, 21.9% of ICS computers had malicious objects blocked, a decrease of 0.1 pp from the previous quarter.
  • Regionally, Africa had the highest percentage (31%), while Northern Europe had the lowest (10.6%).
  • The biometrics sector had the highest percentage of blocked malicious objects among industries.
  • Kaspersky's protection solutions blocked malware from 11,065 different families on ICS systems in Q4 2024.
  • Primary threat sources include the internet, email clients, and removable storage devices.
  • Malicious objects for initial infection included denylisted internet resources and phishing pages.
  • The percentage of ICS computers with blocked malicious scripts and phishing pages rose to 7.11% in Q4.
  • Spyware blocking increased to 4.30%, while ransomware blocking reached its highest value in two years at 0.21%.
  • Next-stage malware such as spyware, ransomware, and miners were utilized after initial infections.
  • Self-propagating malware (worms and viruses) saw increased block rates in Q4 2024.

Read Full Article

like

24 Likes

share

5 Shares

Prev

1
2
3
4
5
6
7
8
9
10

Next

For uninterrupted reading, download the app