menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Malware News

Malware News

source image

Pymnts

1w

read

384

img
dot

Image Credit: Pymnts

Business Infrastructure Under Siege as Cybercriminals Target Data Transfer Points

  • Cybercriminals are targeting critical business infrastructure that handles sensitive data.
  • Exploiting a security flaw in Cleo's enterprise file transfer tools, cybercriminals gain control of affected systems.
  • Recent attacks on enterprise solutions highlight the shift in cybercriminals' focus on critical infrastructure.
  • Securing infrastructure that handles data should be a top priority, including regular audits, patching, monitoring, and incident response plans.

Read Full Article

like

23 Likes

source image

Cybersecurity-Insiders

1w

read

21

img
dot

Image Credit: Cybersecurity-Insiders

Rising Cyber Extortion Threats Targeting Large Companies in 2024

  • Hacking groups are increasingly targeting large organizations for significant payouts, exploiting vulnerabilities in the supply chain.
  • A growing number of businesses are opting to pay the ransom, with some paying record amounts.
  • Factors contributing to this shift include increased law enforcement efforts, advanced backup systems, and free decryption tools.
  • Ransomware attacks are expected to increase by 50%, with finance, healthcare, technology, and logistics sectors at higher risk.

Read Full Article

like

1 Like

source image

TechCrunch

1w

read

175

img
dot

Image Credit: TechCrunch

Researchers uncover Chinese spyware used to target Android devices

  • Security researchers have uncovered a new surveillance tool called EagleMsgSpy used by Chinese law enforcement.
  • The spyware has been operational since at least 2017 and is used by public security bureaus in China.
  • EagleMsgSpy can collect extensive information from Android devices, including call logs, GPS coordinates, and messages from third-party apps.
  • The tool is likely being used for domestic surveillance, but anyone traveling to the region could be at risk.

Read Full Article

like

10 Likes

source image

Securityaffairs

1w

read

197

img
dot

Image Credit: Securityaffairs

Operation Digital Eye: China-linked relies on Visual Studio Code Remote Tunnels to spy on Europen entities

  • An alleged China-linked APT group targeted large business-to-business IT service providers in Southern Europe as part of Operation Digital Eye campaign.
  • The attack campaign, known as Operation Digital Eye, lasted for approximately three weeks from late June to mid-July 2024.
  • The attackers utilized Visual Studio Code and Microsoft Azure for command-and-control operations in an attempt to avoid detection.
  • The campaign highlights the increasing sophistication of China-linked APT threats and their use of innovative strategies to orchestrate complex and hard-to-detect attacks.

Read Full Article

like

11 Likes

source image

Pymnts

2w

read

373

img
dot

Image Credit: Pymnts

OFAC Sanctions Parties Involved in Compromise of 81,000 Firewalls

  • The Office of Foreign Assets Control (OFAC) has sanctioned a China-based cybersecurity company and one of its employees for their involvement in the compromise of 81,000 firewalls.
  • Sichuan Silence Information Technology Company and its employee Guan Tianfeng were found to have used a zero-day exploit in a firewall product to deploy malware, aiming to steal data and infect victims' systems.
  • Over 23,000 of the compromised firewalls were in the United States, including those protecting critical infrastructure companies.
  • The Department of Justice has charged Guan Tianfeng with conspiracy to develop and deploy the malware, and the Department of State has announced a reward of up to $10 million for information about Guan Tianfeng or Sichuan Silence.

Read Full Article

like

22 Likes

source image

TechCrunch

2w

read

0

img
dot

Image Credit: TechCrunch

US sanctions Chinese cybersecurity firm for firewall hacks targeting critical infrastructure

  • The U.S. sanctions Chinese cybersecurity company and employee for firewall hacks targeting critical infrastructure
  • The employee of Sichuan Silence exploited a zero-day vulnerability in Sophos firewalls
  • Approximately 81,000 firewalls were compromised in the hacking campaign
  • The purpose of the exploit was to steal data and attempt to infect victims' systems with ransomware

Read Full Article

like

Like

source image

Cybersecurity-Insiders

2w

read

193

img
dot

Image Credit: Cybersecurity-Insiders

Ransomware related news trending on Google

  • Cipla has become a victim of the Akira ransomware attack which stole 70GB of sensitive data. Reports suggest stolen data includes financial documents, customer contact information, and employee details.
  • Electrica Group, the company responsible for Romania's electricity distribution, has reported a ransomware attack that targeted its IT infrastructure and SCADA systems.
  • Black Basta ransomware group has been launching sophisticated social engineering attacks. The group floods victims with high volume of emails, often containing malicious attachments or links.
  • Artivion, a cardiac equipment manufacturer, has suffered a ransomware attack. The firm manufactures heart valves, stents, and prosthetics.
  • The recent surge in ransomware attacks highlights the growing threat to industries, such as healthcare, energy, and global supply chains.
  • Businesses should prioritise security and invest in advanced threat detection systems.
  • Employees must be continuously trained to recognise and respond to cyber threats to limit the security risks.
  • Collaboration between private organisations, government agencies, and cybersecurity experts will be crucial in the face of evolving threats.

Read Full Article

like

11 Likes

source image

Securityaffairs

2w

read

370

img
dot

Image Credit: Securityaffairs

Romanian energy supplier Electrica Group is facing a ransomware attack

  • Romanian energy supplier Electrica Group is facing a ransomware attack.
  • The attack hasn't affected critical systems but may cause temporary disruptions in customer services.
  • Electrica is implementing internal cybersecurity protocols and collaborating with national cybersecurity authorities.
  • The attack is believed to be a retaliation for Romania annulling its presidential election over alleged Russian interference.

Read Full Article

like

22 Likes

source image

Medium

2w

read

4

img
dot

Image Credit: Medium

Register Windows Object Callbacks from Kernel Driver

  • This article demonstrates how to monitor access to Windows process objects using a kernel driver.
  • A kernel driver is employed to intercept handle creation and duplication events for process objects.
  • The driver registers callbacks using the ObRegisterCallbacks function to hook into these operations.
  • By leveraging kernel-mode access, this approach allows for deeper system monitoring and control.

Read Full Article

like

Like

source image

TechCrunch

2w

read

370

img
dot

Image Credit: TechCrunch

US medical device giant Artivion says hackers stole files during cybersecurity incident

  • Artivion, a medical device company, experienced a cybersecurity incident that disrupted its services.
  • The incident involved the acquisition and encryption of data, suggesting a ransomware attack.
  • Certain systems were taken offline in response, causing disruptions to order and shipping processes.
  • Artivion does not expect a significant financial impact from the incident.

Read Full Article

like

22 Likes

source image

Socprime

2w

read

336

img
dot

Image Credit: Socprime

UAC-0185 aka UNC4221 Attack Detection: Hackers Target the Ukrainian Defense Forces and Military-Industrial Complex

  • Hackers have targeted Ukrainian defense organizations and the military-industrial complex in a series of phishing attacks using the UAC-0185 (aka UNC4221) group.
  • CERT-UA issued a security alert notifying cyber defenders of the attacks, which masquerade the sender as the Ukrainian Union of Industrialists and Entrepreneurs (UUIE).
  • The attacks involve email spoofing and lures recipients with invitations to a conference on transitioning Ukraine's defense industry products to NATO standards.
  • The UAC-0185 group is known for credential theft, remote access to military systems, and the use of custom tools like MESHAGENT and UltraVNC.

Read Full Article

like

20 Likes

source image

TechCrunch

2w

read

2.5k

img
dot

Image Credit: TechCrunch

Blue Yonder investigating data theft claims after ransomware gang takes credit for cyberattack

  • Supply chain software company Blue Yonder is investigating claims of data theft after a ransomware gang takes credit for a cyberattack.
  • The Arizona-based company, which provides software to organizations like DHL and Starbucks, experienced a ransomware incident on November 21.
  • The ransomware gang, known as Termite, claims to have stolen 680 gigabytes of data and threatens to use it for future attacks.
  • Blue Yonder is working with external cybersecurity experts to address the claims, while the investigation remains ongoing.

Read Full Article

like

8 Likes

source image

Securityaffairs

2w

read

245

img
dot

Image Credit: Securityaffairs

Mandiant devised a technique to bypass browser isolation using QR codes

  • Mandiant has revealed a technique to bypass browser isolation using QR codes.
  • Browser isolation separates web browsing from the user's device by running the browser in a secure environment.
  • Mandiant's technique involves embedding C2 data in a QR code displayed on a legitimate web page.
  • The implant captures a screenshot, decodes the QR code, and communicates with the attacker-controlled server.

Read Full Article

like

14 Likes

source image

Cybersecurity-Insiders

2w

read

107

img
dot

Image Credit: Cybersecurity-Insiders

The Rising Threat of Pegasus Spyware: New Findings and Growing Concerns

  • The scope of the Pegasus spyware's reach is far more extensive and troubling than initially suspected. Researchers have identified five new variants of Pegasus targeting iPhones and Android devices that are impacting ordinary individuals. These new strains of Pegasus are persisting undetected on public phones, quietly infiltrating phones, collecting personal data, and evading the detection of most conventional anti-malware solutions. The shift in the NSO Group's business strategy has turned Pegasus into a global surveillance weapon. The spyware is now available on various dark web platforms, and it is being distributed through third-party websites, particularly those hosted in China. The growing accessibility of spyware tools raises issues about personal freedoms, digital security, and the ethical boundaries of surveillance.
  • The use of spyware to infiltrate someone's device without their consent is illegal in most parts of the world, and rightfully so. Given the widespread and largely unregulated availability of spyware tools, there is a growing call for stricter international regulations governing their use. As mobile devices become an integral part of our daily lives, it is crucial for both individuals and organizations to be proactive in securing their mobile devices and to remain vigilant about potential threats.
  • A recent study by iVerify, a mobile security research company, reveals that the spyware is no longer just a tool for high-level surveillance but is becoming a pervasive threat to everyday users, regardless of their social status or prominence. The findings reveal that Pegasus is more prevalent than ever and points to a serious gap in the ability of conventional security tools to identify and neutralize sophisticated spyware like Pegasus.
  • Initially, NSO Group developed the Pegasus spyware as a tool for law enforcement and intelligence agencies, aimed at tracking criminal activity and terrorists. The company's business model shifted in the following years, and NSO began offering the spyware to private clients, which led to widespread abuse and the targeting of journalists, activists, and political figures. These versions are now being used by unauthorized individuals and groups to infiltrate phones for a variety of illicit purposes, including corporate espionage, blackmail, and even political surveillance.
  • iVerify's investigation, based on data collected through its Mobile Threat Hunting feature, indicates that these new strains of Pegasus spyware are circulating widely. The study serves as a stark reminder that no one, not even the most ordinary of individuals, is immune to the risks of digital surveillance. As Pegasus evolves, it is crucial for both individuals and organizations to remain vigilant and prioritize the protection of their personal data against increasingly sophisticated threats.
  • The growing presence of Pegasus highlights the urgent need for increased awareness and vigilance among mobile users, and the battle against digital espionage is far from over. While some countries have introduced legislative measures to protect citizens from spyware, the pace of technological advancement continues to outstrip regulatory efforts, leaving millions of people vulnerable to these kinds of attacks.
  • As of now, iVerify has not been able to trace the exact identities of those behind the release of these new variants of Pegasus. The company has discovered the malware on seven devices out of 1000 examined so far, and they are continuing to investigate the full scope of the attack. iVerify plans to issue an update on their findings as more information becomes available.
  • The battle against digital espionage is far from over, and as Pegasus evolves, so must our defenses. The disturbing findings from iVerify's research signal a troubling trend in the evolution of digital surveillance. As the threat of Pegasus continues to grow, it is crucial for both individuals and organizations to be proactive in securing their mobile devices.

Read Full Article

like

6 Likes

source image

BGR

2w

read

38

img
dot

Image Credit: BGR

This virtual meeting app is actually crypto-stealing malware

  • A sophisticated scam targeting those who work in Web3 with crypto-stealing has been uncovered.
  • The scam is conducted by a company called Meetio, which has repeatedly changed names.
  • The scammers create elaborate fake websites and impersonate contacts to gain trust.
  • Targets are prompted to download a malicious meeting app that can steal cryptocurrency.

Read Full Article

like

2 Likes

For uninterrupted reading, download the app