menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Malware News

Malware News

source image

Securelist

2w

read

113

img
dot

Image Credit: Securelist

Kaspersky Security Bulletin 2024. Statistics

  • During the reporting period from November 2023 to October 2024, Kaspersky solutions stopped over 300 million malware attacks launched from online resources globally.
  • Kaspersky detected over 85 million unique malicious URLs and blocked over 72 million unique malicious objects with the help of Web Anti-Virus components.
  • Ransomware attacks were prevented on the computers of over 300,000 unique users, and miners were stopped from infecting nearly 1 million unique users.
  • Moreover, Kaspersky prevented the launch of banking, ATM, or PoS malware on the devices of over 200,000 users.

Read Full Article

like

6 Likes

source image

Silicon

3w

read

78

img
dot

Image Credit: Silicon

UK Underestimates Threat Of Cyber-Attacks, Says NCSC Head

  • The new head of GCHQ’s National Cyber Security Centre (NCSC) has used his first speech to warn that the cyber risk to the UK is “widely underestimated.”
  • NCSC’s Richard Horne emphasised the need for sustained vigilance in an increasingly aggressive online world.
  • Horne issued a rallying call for collective action against an increasingly complex array of threats.
  • The NCSC is a National Technical Authority and has been publishing advice, guidance and frameworks since its inception, but these must be put into practice urgently across the board.
  • Countries like Russia and China pose increased risk in cyberspace to the UK, with increasingly sophisticated cyber attacks.
  • Organisations must invest in cybersecurity and see it as both an essential foundation for their operations, and a driver for growth, innovation and purpose.
  • The volume and severity of cyber threats against the UK has not been fully appreciated, including the escalating nature of cyber attacks against critical infrastructure supply chains.
  • The NCSC has handled an increasing number of incidents and sees ransomware as the most pervasive cyber threat to the UK.
  • The the real-world impact of cyberattacks and their potential to cause human costs must not be ignored amid our dependence on technology.
  • Lastly, cybercriminals are using artificial intelligence tools to increase the volume and height of impact in cyberattacks.

Read Full Article

like

4 Likes

source image

Neuways

3w

read

365

img
dot

Image Credit: Neuways

Top 5 Cyber Security Trends for 2025

  • The importance of third-party risk management will grow significantly, especially as generative AI tools become a standard part of software development.
  • Macs are becoming prime targets for cyber criminals, with a rise in macOS vulnerabilities and increasing sophistication of attacks.
  • Identity and access management (IAM) is shifting from IT to security teams, aligning IAM strategies with threat prevention and response.
  • Geopolitical tensions are driving fragmentation in cyber regulations, creating a complex environment for businesses operating across borders.
  • Social engineering attacks fueled by AI are on the rise, emphasizing the importance of employee training and awareness.

Read Full Article

like

21 Likes

source image

Krebsonsecurity

3w

read

179

img
dot

Why Phishers Love New TLDs Like .shop, .top and .xyz

  • Phishing attacks have risen almost 40% in the year up to August 2024 in new generic top-level domains, including .shop, .top, and .xyz, as 37% of cybercrime domains reported between September 2023 and August 2024 were in new gTLDs.
  • Interisle Consulting’s phishing report shows that these new gTLDs only have an 11% share of the new domains market in the same period.
  • .com and .net domains comprised50% of the domains registered in the previous year but represented just over 40% of cybercrime domains.
  • A near-equal 37% of cybercrime domains were registered through new gTLDs due to their cheap or free registration and insufficient identity verification requirements.
  • ICANN plans to propose new gTLDs again in 2026 despite reports of phishers abusing these domains.
  • New gTLD registrars tend to sell domains cheaply to customers who buy them in bulk but end up losing out as criminals and spammers never renew.
  • This past year, the US Postal Service was the most common target of phishing attacks, while cybercriminals are increasingly turning to subdomain providers to disguise their criminal activity.
  • Interisle tracked more than 1.18 million cases of subdomains being used for phishing in the past year, and more than half of those were subdomains at Google.
  • Subdomain providers should limit the number of subdomains a customer can create at one time and suspend automated, high-volume automated account sign-ups.

Read Full Article

like

10 Likes

source image

Securityaffairs

3w

read

218

img
dot

Image Credit: Securityaffairs

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

  • Energy industry contractor ENGlobal Corporation disclosed a ransomware attack on November 25, disrupting operations.
  • The threat actors gained unauthorized access to the company's IT system and encrypted some data files.
  • ENGlobal Corporation is currently working with external cybersecurity specialists to investigate and remediate the incident.
  • It is unclear when full access to the company's IT systems will be restored, and the impact on its financial condition and operations is being assessed.

Read Full Article

like

13 Likes

source image

Socprime

3w

read

249

img
dot

Image Credit: Socprime

SmokeLoader Malware Detection: Notorious Loader Reemerges to Target Companies in Taiwan

  • The SmokeLoader malware has reemerged and is targeting Taiwanese companies in various sectors.
  • SmokeLoader, typically used as a downloader for deploying other malicious samples, is now directly executing attacks by retrieving plugins from its C2 server.
  • Security professionals can rely on SOC Prime Platform for collective cyber defense and access dedicated Sigma rules to detect SmokeLoader attacks.
  • SmokeLoader belongs to the adversary toolkit of the financially motivated UAC-0006 group and has been used in phishing campaigns against Ukraine in the past.

Read Full Article

like

15 Likes

source image

Neuways

3w

read

433

img
dot

Image Credit: Neuways

Blue Yonder Ransomware Attack Demonstrates the Vital Role of Cyber Resilience and Business Continuity

  • The recent ransomware attack targeting Blue Yonder has disrupted supply chain operations, affecting companies like Starbucks.
  • The incident highlights the need for robust cyber security measures and business continuity plans.
  • Supply chains are prime targets for cybercriminals, emphasizing the shared responsibility between businesses and technology partners.
  • Neuways offers solutions to ensure continuity, enhance threat intelligence, and establish manual failovers.

Read Full Article

like

26 Likes

source image

Securityaffairs

3w

read

96

img
dot

Image Credit: Securityaffairs

Poland probes Pegasus spyware abuse under the PiS government

  • Poland is investigating the alleged misuse of Pegasus spyware by the previous administration.
  • Former head of Poland's internal security service, Piotr Pogonowski, was arrested to testify before parliament.
  • The spyware was used to spy on the phone of the opposition-linked Polish mayor in 2018-2019.
  • NSO Group, the vendor behind Pegasus, admitted mistakes and canceled several contracts after the abuse of its software was exposed.

Read Full Article

like

5 Likes

source image

Securityaffairs

3w

read

197

img
dot

Image Credit: Securityaffairs

BootKitty Linux UEFI bootkit spotted exploiting LogoFAIL flaws

  • The 'Bootkitty' Linux UEFI bootkit exploits the LogoFAIL flaws (CVE-2023-40238) to target systems using vulnerable firmware.
  • Bootkitty is the first UEFI bootkit designed to target Linux systems.
  • The bootkit disables the kernel's signature verification feature and preloads unknown ELF binaries via the Linux init process.
  • Bootkitty bypasses UEFI Secure Boot and exploits the LogoFAIL flaw to compromise systems running on vulnerable firmware.

Read Full Article

like

11 Likes

source image

Cybersecurity-Insiders

3w

read

381

img
dot

Image Credit: Cybersecurity-Insiders

How Data Backups Turn Vital in Ransomware Scenarios

  • Ransomware attacks have surged in recent years, both in scale and impact.
  • The global cost of ransomware attacks is projected to reach $23 billion by 2027.
  • Businesses must adopt proactive measures to defend against these attacks, and one of the most critical strategies is maintaining regular and secure data backups.
  • Data backups serve as the last line of defense in event of a ransomware attack.
  • Maintaining up-to-date backups ensure that organizations have copies of their critical data that can be restored quickly, without the need to negotiate with cybercriminals.
  • Downtime is one of the most costly aspects of a ransomware attack. With a reliable backup strategy, organizations can recover their systems in a fraction of the time.
  • Businesses can avoid falling into the trap of paying the ransom by restoring their files from backups and resuming operations.
  • A well-designed backup plan is essential for overall data protection and cyber resilience, enabling organizations to withstand a variety of threats and recover quickly.
  • Organizations should follow the 3-2-1 backup strategy and perform backups regularly to ensure that data is up to date.
  • Backups must be secured with encryption and stored in protected environments with access restricted to authorized personnel only.

Read Full Article

like

22 Likes

source image

TechCrunch

3w

read

140

img
dot

Image Credit: TechCrunch

Russian government confirms rare criminal charges against ransomware hacker

  • The Russian government has confirmed the indictment of a 32-year-old resident who is accused of creating and launching ransomware attacks.
  • The accused hacker, named Mikhail Matveev, is on the FBI's most wanted list and is linked to the Babuk, Hive, and LockBit ransomware gangs.
  • Russian authorities have filed criminal charges against Matveev, who planned to use ransomware to encrypt data of commercial organizations and receive a ransom for decryption.
  • The arrest of a ransomware operator in Russia is rare, but the country has been accused of providing a safe haven for cybercriminals.

Read Full Article

like

8 Likes

source image

Pymnts

3w

read

113

img
dot

Image Credit: Pymnts

Staying Safe From AI’s Surging Enterprise Threat This Cyber Monday

  • Artificial intelligence (AI) is a major concern this Cyber Monday as cybercriminals use AI-powered scams and frauds.
  • Companies like Amazon and JPMorgan have witnessed a substantial increase in hacking attempts, thanks to AI tactics.
  • AI-driven cyberattacks have become more sophisticated, targeting financial data, intellectual property, and enterprise systems.
  • Businesses are urged to prioritize proactive defenses, embrace AI-driven cybersecurity solutions, and automate their AP processes.

Read Full Article

like

6 Likes

source image

TechCrunch

3w

read

421

img
dot

Image Credit: TechCrunch

Retail outages drag into second week after Blue Yonder ransomware attack

  • A ransomware attack on supply chain software giant Blue Yonder continues to cause disruption to the company’s customers, almost two weeks after the outage first began.
  • Blue Yonder is making 'good progress' in its recovery, with several impacted customers brought back online.
  • The number of affected customers is still unknown.
  • U.K. supermarket chains Morrisons and Sainsbury’s, along with Starbucks, have confirmed being affected by the ransomware attack.

Read Full Article

like

25 Likes

source image

Securelist

3w

read

258

img
dot

Image Credit: Securelist

Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT

  • Horns&Hooves campaign uses ZIP files containing JScript scripts with lookalike names of customer and partner requests, containing decoy documents related to the organization, and licenses belonging to cybercriminal group TA569.
  • The campaign hitting over one thousand users in Russia began in March 2023, changes were made to the script, while the same distribution method was employed.
  • The early samples, dating back to April and May 2023, used scripts with the HTA.extension. The DOM is used to create nodes, remove nodes, or to replace one node with another.
  • The later versions of the campaign had JS script names like the ones calling on the browser to open or purchase request variations.
  • Using a label or a linked scope, the attackers were able to make the malicious code execute when the corresponding check box in the browser window is checked.
  • The NetSupport RAT which can infiltrate the system through scam websites and fake browser updates, disguised as technical support, is used to remotely manage and gain access to infected devices.
  • BurnsRAT is also utilized by the attackers and RMS is launched as a service, with information regarding the computer sent to the server post installation.
  • Access is gained by TA569, whose security key matched that of the installation configuration file.
  • The stolen documents could be used to further the malicious campaign in the future, as they may possess sensitive corporate information.
  • Phishing scams like the Horns&Hooves campaign often are spearheaded to gain the initial foothold, with the attackers seeking encryption or may sell access to other cybercriminal organizations.

Read Full Article

like

15 Likes

source image

Securityaffairs

3w

read

45

img
dot

Image Credit: Securityaffairs

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

  • 15 SpyLoan Android apps found on Google Play had over 8 million installs
  • Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia
  • Phishing-as-a-Service Rockstar 2FA continues to be prevalent
  • Zello urges users to reset passwords following a cyber attack

Read Full Article

like

2 Likes

For uninterrupted reading, download the app