A naukri.com initiative
Malware News
Pymnts
7d
228
Image Credit: Pymnts
Biden Administration to Propose Cybersecurity Standards for Hospitals, Other Entities
- The Biden administration plans to propose cybersecurity standards for hospitals and other entities that receive funding from Medicare and Medicaid.
- The rulemaking will establish minimum cybersecurity requirements to protect patient information and address vulnerabilities in the healthcare sector.
- The proposal comes after a cyberattack on Change Healthcare, highlighting the need for improved cybersecurity measures.
- Resistance is expected, with the American Hospital Association previously opposing mandatory standards, emphasizing a sectorwide approach to cyber resiliency.
Read Full Article
13 Likes
Medium
7d
132
Image Credit: Medium
Persistent API Hooking with Detours via DLL Injection
- API Hooking intercepts and alters the behavior of functions in software systems.
- Detours is a popular library that allows the interception and redirection of function calls.
- DLL Injection involves loading a custom DLL into the address space of a running process to execute code.
- API Hooking persistence can be achieved by combining Detours and DLL Injection.
- The C++ code example showcases the risks of malicious API Hooking for persistence in a targeted system.
- The validates.h header file defines IsProcessRunning and IsDLLLoaded functions to check running processes and loaded DLLs.
- This proof of concept uses C++ to detect running processes and monitor DLL loading in a Windows environment.
- The knowledge shared should be used responsibly and for educational purposes only.
- Any usage of these techniques for malicious purposes is strictly illegal and unethical.
- As responsible programmers, we must safeguard the integrity, security, and privacy of systems and users.
Read Full Article
7 Likes
Mjtsai
7d
295
Apple Platform Security Guide (May 2024)
- The latest Apple Platform Security Guide (May 2024) covers various topics like Cryptex1 Image4 Manifest Hash, Cryptex1 Generation, BlastDoor for Messages, IDSLockdown Mode security, and WidgetKit security.
- Apple silicon provides data-independent timing (DIT) to prevent leaking internal information through timing variations on ARM64 instructions that depend on data values.
- XProtect in macOS includes technology to remediate infections based on updates delivered from Apple and uses behavioral analysis to detect unknown malware, improving macOS security.
- The XProtectBehaviorService in Apple's security documentation is a behavior logging service but lacks reporting, blocking, or remediation capabilities.
Read Full Article
17 Likes
Sentinelone
7d
33
Image Credit: Sentinelone
macOS Cuckoo Stealer | Ensuring Detection and Defense as New Samples Rapidly Emerge
- A new malware family has emerged called 'Cuckoo Stealer', that can act both as an infostealer and as spyware.
- Trojanized applications - such as PDF converters, cleaners, and uninstallers - contain a malicious binary named upd in the macOS folder.
- Apple's codesign utility will provide identical output for all these samples.
- The malware uses a heavy use of XOR'd strings in an attempt to hide its behavior from simple static signature scanners and current samples call the decrypt routine precisely 223 times.
- Analysis reveals that it makes various uses of AppleScript to duplicate files and folders of interest and to steal the user’s admin password in plain text.
- SentinelOne Singularity detects Cuckoo Stealer and prevents its execution when the policy is set to Protect/Protect.
- Enterprises are advised to use third party security solutions to ensure that devices are protected against this and other threats targeting macOS devices in the fleet.
- Indicators of Compromise are available in the article for detection and defense.
Read Full Article
2 Likes
Securityaffairs
7d
87
Image Credit: Securityaffairs
Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs
- Threat actors exploit recently disclosed Ivanti Connect Secure (ICS) vulnerabilities to deploy the Mirai botnet.
- Researchers from Juniper Threat Labs reported that threat actors are exploiting recently disclosed Ivanti Connect Secure (ICS) vulnerabilities CVE-2023-46805 and CVE-2024-21887 to drop the payload of the Mirai botnet.
- The vulnerabilities include an authentication bypass issue and a command injection vulnerability, which when exploited together allow threat actors to execute arbitrary commands on vulnerable systems without authentication.
- The discovery of Mirai botnet delivery through these exploits highlights the ever-evolving landscape of cyber threats and the need to understand and address such vulnerabilities for network security.
Read Full Article
5 Likes
Gbhackers
7d
342
Polish Government Under Sophisticated Cyber Attack From APT28 Hacker Group
- The Polish computer emergency response team CERT.pl has issued a warning about an ongoing cyberattack campaign by the notorious APT28 hacking group, also known as Fancy Bear or Sofacy.
- The campaign is targeting various Polish government institutions with a new strain of malware.
- The attack begins with spear-phishing emails containing malicious attachments or links.
- The malware used in this campaign is a new variant of the X-Agent backdoor, enabling the attackers to execute arbitrary commands and exfiltrate data.
Read Full Article
20 Likes
Cybersecurity-Insiders
7d
137
Image Credit: Cybersecurity-Insiders
LockBit Ransomware Group demands $200 million ransom from Boeing
- Boeing fell victim to a ransomware attack in October 2023.
- Hackers demanded a $200 million ransom from Boeing.
- The demand sets a new precedent in ransomware crimes.
- Paying the ransom does not guarantee a decryption key.
Read Full Article
8 Likes
Siliconangle
1w
0
Image Credit: Siliconangle
Healthcare provider Ascension warns that it has suffered from a ‘cyber security event’
- U.S. healthcare provider Ascension has suffered from a 'cyber security event' causing disruptions to clinical operations.
- Unusual activity on select technology network systems led to the detection of the cyber security event.
- Ascension has engaged Google's Mandiant to assist in the investigation and remediation process.
- Ascension advises business partners to temporarily suspend their connections to the Ascension environment as a precaution.
Read Full Article
Like
Securityaffairs
1w
54
Image Credit: Securityaffairs
LockBit gang claimed responsibility for the attack on City of Wichita
- The LockBit ransomware group has claimed responsibility for the attack on the City of Wichita.
- The City of Wichita, Kansas, experienced a ransomware attack and shut down its network to contain the threat.
- The incident took place on May 5th, 2024, and the City is working with security experts and law enforcement agencies.
- The ransomware gang has demanded a ransom payment by May 15, 2024.
Read Full Article
3 Likes
Pymnts
1w
255
Image Credit: Pymnts
MGM Hackers Reportedly Targeting Banks and Insurers
- A group called Scattered Spider, known for a previous massive hack on casinos, is now reportedly targeting banks and insurers.
- Since late last month, Scattered Spider has targeted 29 companies and successfully breached the systems of at least two insurers.
- The hackers used lookalike domains and fake login pages to deceive employees in the sector, utilizing phishing techniques.
- Scattered Spider was also responsible for the ransomware attack on MGM Resorts and a cyberattack on Clorox last year.
Read Full Article
15 Likes
Ibm
1w
402
Image Credit: Ibm
Empowering security excellence: The dynamic partnership between FreeDivision and IBM
- FreeDivision, an IBM Business Partner, leverages IBM Security QRadar EDR to address clients' security concerns.
- Clients rely on FreeDivision for security audit, consultation, incident response, and recovery.
- FreeDivision conducts comprehensive security checks and provides protection against ransomware using IBM QRadar EDR.
- FreeDivision partners with IBM for their intuitive console, unparalleled support, and robust investigation tools.
Read Full Article
24 Likes
Gbhackers
1w
100
Hackers Abuse Google Search Ads to Deliver MSI-Packed Malware
- Hackers have been found exploiting Google search ads to distribute malware through MSI (Microsoft Installer) packages.
- The attackers use legitimate software downloads as a disguise and purchase Google search ads using fake identities connected to Kazakhstan.
- Clicking on the ad redirects users to a phishing site where they are prompted to download an apparently standard software installer.
- Once executed, the installer activates a hidden PowerShell script that connects to the command and control server, initiating the download of the zgRAT malware.
Read Full Article
6 Likes
Securityaffairs
1w
288
Image Credit: Securityaffairs
LiteSpeed Cache WordPress plugin actively exploited in the wild
- Threat actors are exploiting a high-severity vulnerability in the LiteSpeed Cache plugin for WordPress to take over web sites.
- The vulnerability allows for stored cross-site scripting (XSS) attacks, enabling the creation of rogue admin accounts with full control over the website.
- The issue was discovered in February 2024 and affects vulnerable versions of the LiteSpeed plugin.
- The vulnerability was fixed in October 2023 with the release of version 5.7.0.1.
Read Full Article
17 Likes
Securelist
1w
62
Image Credit: Securelist
State of ransomware in 2024
- Ransomware attacks continue to be one of the biggest contemporary cybersecurity threats, affecting organizations and individuals alike on a global scale.
- Kaspersky analyzed the major ransomware trends for the years 2022 and 2023 and revealed that there was a 30% global increase in the number of targeted ransomware groups compared to 2022, with the number of known victims of their attacks rising by a staggering 71%.
- BlackCat/ALPHV was the second most active ransomware in 2023 but in December 2023, the FBI, together with other law enforcement agencies, disrupted BlackCat’s operations and seized several websites of the group.
- Lockbit 3.0 was the most frequently encountered ransomware in 2023 and was active due to its builder leak in 2022.
- Ransomware groups have continued to employ previously identified strategies for intrusion, utilizing similar tools and techniques.
- Legislative measures and policy actions are central to the fight against ransomware. In the United States, legislation like the Cyber Incident Reporting for Critical Infrastructure Act of 2022 aims to enhance incident reporting and resilience against attacks.
- As we look ahead to 2024, we observe a significant shift in the ransomware ecosystem. While many prominent ransomware gangs have disappeared, smaller and more elusive groups are emerging.
- Individuals and organizations should prioritize cybersecurity measures to mitigate the risk of ransomware attacks.
- Implement Managed Detection and Response (MDR) to proactively seek out threats.
- Provide comprehensive cybersecurity training to employees to raise awareness of cyberthreats and best practices for mitigation.
Read Full Article
3 Likes
Cybersecurity-Insiders
1w
339
Image Credit: Cybersecurity-Insiders
Ransomware hackers calling parents from their Children mobile phone numbers
- Cybercriminals are resorting to SIM swapping to target children's phones and use them to contact their parents and issue ransom demands.
- This tactic, known as Caller ID Spoofing, involves cloning a victim's SIM card to impersonate them and make fraudulent calls.
- The psychological impact of receiving a call from a child's phone number can compel victims to pay the ransom to safeguard their child's privacy.
- Corporate executives are also targeted, putting their sensitive information at risk, including the possibility of data being leaked online.
Read Full Article
20 Likes
For uninterrupted reading, download the app