A naukri.com initiative
Malware News
Gbhackers
1w
248
Hackers Exploit Microsoft Graph API For C&C Communications
- An emerging threat leverages Microsoft’s Graph API to facilitate command-and-control (C&C) communications through Microsoft cloud services.
- Symantec discovered a previously undocumented malware called BirdyClient or OneDriveBirdyClient, which targeted an organization in Ukraine and abused Microsoft OneDrive for C&C by connecting to the Graph API to upload and download files.
- The malware's core functionality reveals an evolving technique that leverages trusted cloud services for malicious purposes by unknown threat actors.
- This approach helps attackers hide their malicious communications in legitimate cloud traffic, making detection difficult.
Read Full Article
14 Likes
Securityaffairs
1w
364
Image Credit: Securityaffairs
ZLoader Malware adds Zeus’s anti-analysis feature
- Zloader, a modular trojan based on the leaked ZeuS source code, has added an anti-analysis feature similar to the original ZeuS 2.x code.
- The anti-analysis feature prevents Zloader malware execution on machines different from the original infection, enhancing its stealthiness.
- Zloader terminates abruptly if copied and executed on another system after the initial infection, using a registry key/value check in the Windows registry to implement this feature.
- This anti-analysis technique makes Zloader more challenging to detect and analyze, suggesting a more targeted distribution strategy.
Read Full Article
21 Likes
Gbhackers
1w
8
Threat Actors Renting Out Compromised Routers To Other Criminals
- APT actors and cybercriminals exploit compromised routers for their malicious activities.
- FBI disrupted a botnet of compromised Ubiquiti EdgeRouters used by Pawn Storm for espionage.
- Other threat actors were found using Ngioweb malware on EdgeRouters for a different botnet.
- Importance of securing internet-facing routers highlighted due to cybercriminals using them for malware installation.
Read Full Article
Like
Securityaffairs
2w
360
Image Credit: Securityaffairs
Ukrainian REvil gang member sentenced to 13 years in prison
- A Ukrainian national, a member of the REvil group, has been sentenced to more than 13 years in prison for his role in extortion activities.
- Yaroslav Vasinskyi (24), aka Rabotnik, has been sentenced to more than 13 years in prison and must pay $16 million in restitution for conducting numerous ransomware attacks and extorting victims.
- Vasinskyi, a member of the REvil ransomware gang, was sentenced for carrying out more than 2,500 ransomware attacks and demanding over $700 million in ransom payments.
- He was charged for orchestrating the ransomware attacks on the Kaseya MSP platform and was arrested while trying to enter Poland. He was extradited to the U.S. in March 2022.
Read Full Article
21 Likes
Medium
2w
64
Image Credit: Medium
The Power of AI in Cybersecurity: Google’s Gemini 1.5 Pro
- Google’s Gemini 1.5 Pro is an advanced AI tool designed to revolutionize malware analysis in cybersecurity.
- Gemini 1.5 Pro can handle large volumes of complex code, allowing quick and accurate analysis.
- While there are still challenges to address, Gemini 1.5 Pro has the potential to transform cybersecurity.
- By improving threat detection and response, Gemini 1.5 Pro contributes to a safer digital world.
Read Full Article
3 Likes
Gbhackers
2w
326
GoldDigger Malware Using Deep Fake AI Photos To Hijack Bank Accounts
- Hackers use deep fake AI photos to impersonate individuals online, allowing them to deceive or gain unauthorized access to sensitive information.
- GoldFamily, an evolved version of GoldDigger trojan, targets iOS devices to steal facial recognition data and bank access using AI for biometric authentication attacks.
- Infoblox's DNS Early Detection Program identifies potentially malicious domains rapidly, enabling early blocking to prevent attacks before they unfold.
- Proactive identification through DNS analysis empowers a defense-in-depth strategy against deepfake authentication attacks like GoldFamily.
Read Full Article
19 Likes
Cybersafe
2w
363
Cuttlefish malware targets enterprise-grade SOHO routers
- A new malware family called Cuttlefish has been discovered, targeting enterprise-grade and small office/home office (SOHO) routers.
- Cuttlefish creates a proxy or VPN tunnel on compromised routers to steal public cloud authentication data from internet traffic.
- The malware primarily steals authentication data from web requests passing through the router, performs DNS and HTTP hijacking, and can interact with other devices on the network.
- Cuttlefish targets public cloud-based services and has been active since July 2023, with a recent campaign observed from October 2023 to April 2024.
Read Full Article
20 Likes
Medium
2w
369
Image Credit: Medium
Decrypting: the Cuttlefish Malware Campaign
- The Cuttlefish malware campaign targets enterprise-grade small/home office routers.
- It infects unique IP addresses associated with Turkish telecom providers.
- The malware collects host data and exfiltrates it to an attacker-controlled domain.
- The campaign has been active since October 2023 and shows code similarities with another cluster called HiatusRat.
Read Full Article
22 Likes
Gbhackers
2w
240
REvil Ransomware Affiliate Sentenced for 13 Years in Prison
- A Ukrainian national, Yaroslav Vasinskyi, also known as Rabotnik, has been sentenced to 13 years and seven months in prison.
- Vasinskyi orchestrated over 2,500 ransomware attacks worldwide and demanded over $700 million in ransom payments.
- The Justice Department's international collaboration led to Vasinskyi's extradition from Poland to the United States.
- The Department of Justice has obtained the final forfeiture of millions of dollars in ransom payments, further crippling the financial infrastructure supporting cybercrime.
Read Full Article
14 Likes
Gbhackers
2w
25
USB Malware Attacks Targeting Industrial Systems Adapts LOL Tactics
- Honeywell’s 2024 GARD USB Threat Report reveals a 33% rise in malware detections on USB devices used in industrial settings.
- 26% of the malware can cause major disruptions to operational technology (OT) systems.
- USB-based threats are increasingly targeting industrial control systems (ICS) and Internet of Things (IoT) devices.
- Robust USB security measures are needed to protect critical infrastructure from cyberattacks.
Read Full Article
1 Like
Cybersecurity-Insiders
2w
425
Image Credit: Cybersecurity-Insiders
United Health CEO testifies before senate for ransomware attack
- In February, Change Healthcare experienced a ransomware attack causing disruptions in medical supply chains and billing procedures.
- UnitedHealth CEO, Andrew Witty, testified before the Senate regarding the cyber attack.
- Witty attributed the incident to the absence of multi-factor authentication.
- Initial estimates suggest a financial loss of $22 million, with concerns of it escalating in the coming months.
Read Full Article
25 Likes
readwrite
2w
590
Image Credit: readwrite
Scam alert for Android users as ‘Brokewell’ malware threatens users’ bank accounts
- Android users are being warned about a severe malware called 'Brokewell' that threatens their bank accounts.
- Brokewell is a new virus with Device Takeover capabilities, designed to install an Android application through a fake browser update page.
- The malware poses a significant threat to the banking industry as it provides hackers with remote access to mobile banking assets.
- Brokewell uses overlay attacks to steal user information and can perform Device Takeover attacks with remote control capabilities.
Read Full Article
1 Like
Gbhackers
2w
369
Panda Restaurant Corporate Systems Hacked: Customer Data Exposed
- Panda Restaurant Group, Inc. has confirmed a significant breach in its corporate data systems, potentially compromising customer data.
- The breach did not impact in-store systems or guest experiences.
- Immediate action was taken to secure the compromised systems with the help of cybersecurity experts and law enforcement agencies.
- Panda Restaurant Group is offering affected customers a complimentary membership to an identity protection service to mitigate the risks associated with the breach.
Read Full Article
22 Likes
Arstechnica
2w
98
Image Credit: Arstechnica
Hacker free-for-all fights for control of home and office routers everywhere
- Cybercriminals and nation-state spies coexist inside compromised routers.
- Financially motivated hackers provide spies with access to compromised routers for a fee.
- APT groups take control of devices hacked by cybercrime groups.
- This coexistence creates a blend of financial gain and strategic espionage.
Read Full Article
5 Likes
TechCrunch
2w
421
Image Credit: TechCrunch
UnitedHealthcare CEO says ‘maybe a third’ of US citizens were affected by recent hack
- The recent hack on Change Healthcare systems has left it unclear as to how many Americans were affected.
- During a House hearing, the CEO of UnitedHealth Group, Andrew Witty, estimated that 'maybe a third' of Americans were impacted.
- UnitedHealth Group is still investigating the breach to determine the exact number of people affected.
- The breach occurred due to compromised credentials and the lack of multi-factor authentication on the Change Healthcare Citrix portal.
Read Full Article
25 Likes
For uninterrupted reading, download the app