A naukri.com initiative
Malware News
Securityaffairs
3w
350
Image Credit: Securityaffairs
Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner
- A large-scale cryptocurrency miner campaign is targeting Russian users with SilentCryptoMiner.
- Threat actors are disguising the malware as a tool to bypass internet restrictions.
- Over 2,000 victims have been identified, with the true number potentially higher.
- The malware campaign was spread via malicious archives, YouTube, and Telegram channels.
Read Full Article
21 Likes
Securelist
3w
52
Image Credit: Securelist
SideWinder targets the maritime and nuclear sectors with an updated toolset
- SideWinder, a prolific APT group, targeted military and government entities across South and Southeast Asia, the Middle East, and Africa in 2024.
- They expanded activities to infect maritime infrastructures, logistics companies, and nuclear energy sectors, focusing on countries like Djibouti, Egypt, and South Asia.
- The group constantly updates its toolset, alters infection techniques, and counters security software detections with new malware versions within hours of being identified.
- In 2024, SideWinder extensively targeted maritime and logistics sectors, using spear-phishing emails with malicious DOCX files exploiting CVE-2017-11882 vulnerability.
- The infection flow involved multi-level processes to install malware like 'StealerBot,' designed for espionage purposes.
- Various themed malicious documents, including those related to nuclear power plants and maritime infrastructures, were used in the attacks.
- The malware components included anti-analysis techniques, sophisticated loaders, and updated versions to evade detections.
- SideWinder targeted diverse sectors beyond government and military, affecting industries like telecommunications, consulting, IT services, real estate, and hotels.
- Countries targeted in 2024 include Bangladesh, Cambodia, Indonesia, Myanmar, Pakistan, Sri Lanka, UAE, along with diplomatic entities in Afghanistan, Algeria, China, Saudi Arabia, and others.
- To mitigate SideWinder's threat, patch management, comprehensive security solutions, employee training, and monitoring are recommended to safeguard critical assets against sophisticated attacks.
Read Full Article
3 Likes
Securityaffairs
3w
184
Image Credit: Securityaffairs
Security Affairs newsletter Round 514 by Pierluigi Paganini – INTERNATIONAL EDITION
- Akira ransomware gang used an unsecured webcam to bypass EDR
- Japanese telecom giant NTT suffered a data breach that impacted 18,000 companies
- Mirai-based botnets exploit CVE-2025-1316 zero-day in Edimax IP cameras
- International law enforcement operation seized the domain of the Russian crypto exchange Garantex
Read Full Article
11 Likes
Securityaffairs
3w
348
Image Credit: Securityaffairs
Mirai-based botnets exploit CVE-2025-1316 zero-day in Edimax IP cameras
- Mirai-based botnets are exploiting a zero-day flaw, tracked as CVE-2025-1316, in Edimax IP cameras, to achieve remote command execution.
- US CISA warns about the botnets exploiting the vulnerability in Edimax IC-7100 IP cameras.
- The vulnerability (CVE-2025-1316) allows for remote code execution in Edimax IC-7100 IP cameras.
- The vendor has not addressed the vulnerability in the end-of-life Edimax IP cameras.
Read Full Article
20 Likes
Cybersecurity-Insiders
3w
163
Image Credit: Cybersecurity-Insiders
From Crisis to Confidence: Navigating Ransomware Incidents with Expert Guidance
- Cybersecurity is crucial for business continuity, with ransomware being a significant threat to organizations.
- Organizations can build confidence in handling ransomware incidents with the right knowledge and tools.
- Identifying warning signs like network activity spikes and system slowdowns can indicate a ransomware attack.
- Timely isolation and containment of ransomware incidents can prevent serious damage and disruptions.
- Conducting a thorough assessment post-attack helps in understanding the extent of damage and potential data compliance issues.
- Working with cybersecurity professionals is crucial for both prevention and recovery from ransomware attacks.
- Exploring different recovery options and avoiding negotiating or paying ransoms can be safer for businesses.
- Executing system restoration involves decrypting files, restoring critical systems, and ensuring backups are malware-free.
- Regularly assessing and improving security measures is essential for long-term ransomware prevention.
- Understanding ransomware risks and proactive protection measures can help businesses confidently navigate security challenges.
Read Full Article
9 Likes
TechCrunch
3w
396
Image Credit: TechCrunch
US charges admins of Garantex for allegedly facilitating crypto money laundering for terrorists and hackers
- The U.S. Department of Justice has charged the administrators of the Russian cryptocurrency exchange Garantex for allegedly facilitating money laundering by criminal and terrorist organizations.
- The charged administrators, Aleksej Besciokov and Aleksandr Mira Serda, are accused of knowing criminal proceeds were laundered through Garantex and concealing illegal activities on the platform.
- Garantex processed over $96 billion in cryptocurrency transactions since 2019, with prosecutors accusing Besciokov of allowing transactions linked to cybercriminals like Lazarus Group.
- The U.S. Secret Service seized Garantex's official websites, and the administrators face charges including money laundering conspiracy and violation of sanctions.
- Despite sanctions, Garantex continued transactions with U.S.-based entities, and U.S. law enforcement froze over $26 million in funds used for money laundering.
- Garantex suspended all services after Tether blocked wallets holding over $28 million, facing challenges from Tether's actions against the Russian crypto market.
- The DOJ emphasized that scammers are posing as Garantex to deceive users for personal data and cautioned against such fraudulent activities.
- The indicted administrators could face up to 20 years in prison for various charges, with uncertainties on whether they have been arrested or not.
- Garantex's association with illicit actors and darknet markets resulted in Western government actions, including sanctions by the U.S. Treasury and European Union.
- However, Garantex redesigned operations to evade sanctions, prompting law enforcement actions and financial seizures by the DOJ to combat money laundering.
- The administrators of Garantex are accused of changing operational cryptocurrency wallets daily to avoid detection by U.S.-based exchanges and facilitating illegal transactions.
Read Full Article
23 Likes
TechCrunch
3w
26
Image Credit: TechCrunch
FBI says scammers are targeting US executives with fake BianLian ransom notes
- Scammers are impersonating the BianLian ransomware gang and targeting US executives with fake ransom notes.
- The fake ransom notes claim that hackers have stolen sensitive data and demand a ransom of $250,000 to $500,000.
- The notes include a QR code linked to a Bitcoin wallet and have a return address in Boston, Massachusetts.
- The FBI has not identified any connections between the scammers and the actual BianLian ransomware gang.
Read Full Article
1 Like
Securityaffairs
3w
268
Image Credit: Securityaffairs
Medusa Ransomware targeted over 40 organizations in 2025
- Medusa ransomware has claimed nearly 400 victims since January 2023, with attacks increasing by 42% between 2023 and 2024.
- Between January and February 2025, the ransomware gang claimed responsibility for over 40 attacks.
- Medusa ransomware targets organizations in healthcare, non-profits, finance, and government sectors, demanding ransoms ranging from $100,000 to $15 million.
- The ransomware group relies on initial access brokers to access target infrastructure and employs various tools like SimpleHelp, AnyDesk, Navicat, RoboCopy, and Rclone for carrying out attacks.
Read Full Article
16 Likes
Cybersecurity-Insiders
3w
4
Image Credit: Cybersecurity-Insiders
Ransomware gangs are now sending threatening typed letters to victimized businesses
- Ransomware gangs are now sending threatening typed letters to victimized businesses.
- Criminals posing as the BianLian group are sending physical letters to business leaders and CTOs.
- The letters claim that the company's database has been compromised and demand a ransom in Bitcoin.
- Experts suggest that these letters may be the work of copycat criminals or intermediaries.
Read Full Article
Like
Securityaffairs
3w
242
Image Credit: Securityaffairs
Qilin Ransomware gang claims the hack of the Ministry of Foreign Affairs of Ukraine
- Qilin Ransomware group claims responsibility for hacking the Ministry of Foreign Affairs of Ukraine.
- The group stole sensitive data, including private correspondence, personal information, and official decrees.
- Qilin Ransomware group has been active since at least 2022 and gained attention in June 2024 for attacking Synnovis.
- The group also claimed responsibility for the recent cyberattack on Lee Enterprises, impacting dozens of local newspapers.
Read Full Article
14 Likes
BGR
3w
119
Image Credit: BGR
Secret backdoor for hackers discovered in over 1 million Android devices
- A fraud campaign called BADBOX 2.0 has affected over 1 million unlicensed Android devices.
- The Android devices are not Play Protect certified and lack a vital layer of security.
- The malware infects the devices, providing hackers with remote access and control.
- Infected devices have been found in 222 countries, with a significant portion in Brazil.
Read Full Article
7 Likes
Securelist
3w
220
Image Credit: Securelist
Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity
- The release of DeepSeek-R1, a reasoning large language model, in early 2025 attracted cybercriminals due to its popularity and availability both for local use and as a free service.
- Cybercriminals created fake websites mimicking the official DeepSeek chatbot site to distribute malicious code disguised as a client for the service.
- The fake websites prompted users to download applications that contained malicious payloads, such as a Python stealer script that gathers sensitive data from victims' computers.
- The malicious script is designed to collect data like browser cookies, login credentials, cryptocurrency wallet information, and more, which can lead to severe consequences for victims.
- Other instances involved fake DeepSeek websites distributing Trojans through malicious installers that gain remote access to victims' computers.
- Some campaigns targeted Chinese-speaking users by distributing malicious executable files associated with specific domains.
- Users are advised to be cautious of links from unverified sources, especially for popular services like DeepSeek, which does not have a native Windows client.
- These cybercrime campaigns use various schemes to lure victims, including distributing links through messengers, social networks, typosquatting, and affiliate programs.
- It is emphasized that digital hygiene practices and robust security solutions can significantly reduce the risk of device infection and personal data loss.
- Indicators of compromise, including malicious domains and MD5 hashes, have been provided to help in identifying potential threats related to these cybercriminal activities.
Read Full Article
13 Likes
Securityaffairs
3w
437
Image Credit: Securityaffairs
Chinese Lotus Blossom APT targets multiple sectors with Sagerunex backdoor
- China-linked Lotus Blossom APT targets governments and industries in Asian countries with new Sagerunex backdoor variants.
- Lotus Blossom APT has been using the Sagerunex backdoor since at least 2016.
- Two new Sagerunex backdoor variants use cloud services like Dropbox, Twitter, and Zimbra for C2 communication.
- Lotus Blossom group employs various tools and tactics to evade detection and achieve their objectives.
Read Full Article
26 Likes
Securityaffairs
3w
235
Image Credit: Securityaffairs
Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies
- Ransomware group Hunters International claims to have hacked Tata Technologies, threatening to leak 1.4 TB of stolen data.
- The group claims the theft of 1.4 terabytes of data and is threatening to leak it.
- The ransomware attack took place in January as per a regulatory filing with the Indian National Stock Exchange.
- The company has disconnected some of its IT services to contain the threat, but all systems have now been restored.
Read Full Article
14 Likes
TechCrunch
3w
114
Image Credit: TechCrunch
Broadcom urges VMware customers to patch ‘emergency’ zero-day bugs under active exploitation
- Broadcom has urged VMware customers to patch three zero-day vulnerabilities that are actively being exploited by hackers.
- The vulnerabilities, collectively known as "ESXicape," affect widely-used software hypervisor products - VMware ESXi, Workstation, and Fusion.
- If successfully exploited, the vulnerabilities could allow attackers to escape their sandbox and gain unauthorized access to the hypervisor and subsequently compromise any other virtual machine on the same physical data center.
- Urging customers to apply the patches immediately, Broadcom has released security patches for the vulnerabilities, which were discovered by Microsoft and have been actively targeted by ransomware groups in the past.
Read Full Article
6 Likes
For uninterrupted reading, download the app