menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Malware News

Malware News

source image

Securityaffairs

3w

read

252

img
dot

Image Credit: Securityaffairs

Russian group RomCom exploited Firefox and Tor Browser zero-days to target attacks Europe and North America

  • The Russian RomCom group exploited Firefox and Tor Browser zero-day vulnerabilities in attacks on users in Europe and North America.
  • The first zero-day, tracked as CVE-2024-9680, is a use-after-free issue in Firefox Animation Timelines.
  • The second zero-day, CVE-2024-49039, is a Windows Task Scheduler privilege escalation flaw.
  • RomCom used the vulnerabilities to deploy a backdoor on victims' systems through a fake website.

Read Full Article

like

15 Likes

source image

Securityintelligence

4w

read

4

img
dot

Image Credit: Securityintelligence

What’s up India? PixPirate is back and spreading via WhatsApp

  • PixPirate is a remote access tool (RAT) malware campaign that recently began infecting users in India via Smishing campaigns and WhatsApp spam messages from infected users.
  • The newer campaign uses a downloader application that prompts the target victim to update the application and install other untrusted apps, which installs the PixPirate droppee malware.
  • Although no Indian banks are targeted specifically by PixPirate, the malware seems to be laying the groundwork for future campaigns in the country.
  • The new campaign includes a new version of the downloader that uses a YouTube video to show targets how to install the malware, which has already been viewed over 78,000 times.
  • The downloader app supports PixPirate's incognito mode that allows the malware to sustain long periods on the victim's device.
  • The malware is activated by the downloader using an API command to find the related droppee app activity holding specific unique action items
  • WhatsApp is an integral part of PixPirate's operations and is used to spread the malware and infect other victims and devices. The malware can disguise itself and read contact lists and block and unblock WhatsApp user accounts.
  • WhatsApp messages are more reliable than SMS messages and tend to be sent from a known contact, which lowers a victim's awareness and makes malicious messages more effective.
  • The long-term consequences of a successful PixPirate infection can be significant and should not be minimized by banks, financial institutions, and businesses.
  • IOCs: Downloader SHA256: 1196c9f7102224eb1334cef1b0b1eab070adb3826b714c5ebc932b0e19bffc55, Droppee SHA256: d723248b05b8719d5df686663c47d5789c323d04cd74b7d4629a1a1895e8f69a.

Read Full Article

like

Like

source image

TechCrunch

4w

read

239

img
dot

Image Credit: TechCrunch

Major UK, US stores face ongoing disruption after ransomware attack hits supply chain giant Blue Yonder

  • A ransomware attack on Blue Yonder, a major supply chain software provider, is causing disruptions to operations at major U.S. and U.K. stores and retailers.
  • Blue Yonder experienced disruptions to its managed services hosted environment due to a ransomware incident.
  • The company is working to recover from the attack, but there is no timeline for restoration.
  • Some supermarkets and retailers have confirmed disruption, while others like Tesco and DHL Supply Chain remain unaffected.

Read Full Article

like

14 Likes

source image

Cybersecurity-Insiders

4w

read

155

img
dot

Image Credit: Cybersecurity-Insiders

How Android and iOS Devices Are Affected by Stalkerware

  • Stalkerware, a type of malicious software that lets someone secretly track and monitor another person’s device, has become a growing concern for mobile users.
  • Stalkerware affects both Android and iOS devices but varies in ways it operates and the methods used to install it.
  • Android being an open-source operating system makes it more prone to stalkerware, while iOS offers a more secure environment.
  • Stalkerware on Android devices is considered the installation of malicious apps disguised as other system services or by physical access to the device.
  • Once installed, stalkerware on Android runs in the background, and it's hard to detect, especially if it’s configured to run invisibly or be disguised as another app.
  • Stalkerware on iOS devices can still be installed despite Apple’s strict app review process and controls.
  • The real danger of stalkerware lies in its ability to control and manipulate a victim’s life in subtle ways by tracking their every move.
  • Regardless of the platform, the best defense against stalkerware is awareness—understanding the risks, regularly reviewing app permissions, and using robust security measures to protect personal information.

Read Full Article

like

9 Likes

source image

Cybersecurity-Insiders

4w

read

350

img
dot

Image Credit: Cybersecurity-Insiders

Starbucks targeted by a ransomware attack

  • Starbucks, a major player in the food and beverage industry, was targeted by a ransomware attack causing disruptions in their IT systems.
  • The attack primarily affected employee information and did not extend to customer-facing services.
  • Speculation has arisen about the involvement of notorious ransomware groups, but no definitive proof has been found yet.
  • Starbucks and Blue Yonder, the supply chain software provider, are actively working on investigating and mitigating the effects of the attack.

Read Full Article

like

21 Likes

source image

Securityaffairs

4w

read

226

img
dot

Image Credit: Securityaffairs

The source code of Banshee Stealer leaked online

  • The source code of Banshee Stealer, a MacOS Malware-as-a-Service, leaked online.
  • Russian hackers promoted BANSHEE Stealer, a macOS malware capable of stealing browser data and crypto wallets.
  • BANSHEE Stealer supports evasion techniques, checks for debugging and virtualization, and targets multiple browsers.
  • After the source code leak, the operators shut down their operations.

Read Full Article

like

13 Likes

source image

Securelist

4w

read

239

img
dot

Image Credit: Securelist

Analysis of Elpaco: a Mimic variant

  • Elpaco is a variant of the Mimic ransomware that was discovered by Kaspersky in a recent incident response case.
  • The malware used a 7-Zip installer mechanism for ransomware attacks and abused the Everything library for easy-to-use GUI customization.
  • The artifact also has features for disabling security mechanisms and running system commands.
  • DC.exe is called during runtime by svhostss.exe, with the /D available command for disabling.
  • The ransomware operator can select entire drives for encryption, perform a process injection to hide malicious processes, customize the ransom note, change the encryption extension, set the order of encryption based on the original file format, and exclude specific directories, files or formats from encryption.
  • Elpaco encrypts the victim’s files with the stream cipher ChaCha20, and the key for this cipher is encrypted by the asymmetric encryption algorithm RSA-4096.
  • Mimic variants, including Elpaco, have been used by threat actors on a massive scale targeting multiple countries worldwide.
  • Elpaco deletes itself from infected machines after encrypting the files to evade detection and analysis.
  • Kaspersky products detect the threat described in this article with the following verdicts: HEUR:Trojan-Ransom.Win32.Generic (dropper) and HEUR:Trojan-Ransom.Win32.Mimic.gen (svhostss.exe).
  • The TTPs identified from the malware analysis include Network Share Discovery, Command and Scripting Interpreter, Data Encrypted for Impact, Service Stop, Inhibit System Recovery, and others.

Read Full Article

like

14 Likes

source image

Insider

4w

read

1.8k

img
dot

Image Credit: Insider

Ransomware attack leaves Starbucks using pens and paper to track employee hours

  • Starbucks' payment and scheduling system has been hit with a ransomware attack, causing disruptions in employee pay.
  • The attack on Blue Yonder, the company that makes the software, began on November 21 and has caused outages in Starbucks's system for tracking employee hours and payments.
  • Starbucks has issued guidance to its employees on how to handle pay disruptions caused by the Blue Yonder outage.
  • The outage has forced employees to track their shifts using pens and paper.

Read Full Article

like

26 Likes

source image

Pymnts

4w

read

244

img
dot

Image Credit: Pymnts

Ransomware Attack Targets Supply Chain Management Software Provider Blue Yonder

  • Supply chain management software provider Blue Yonder has been targeted by a ransomware attack.
  • The attack has affected customers like Starbucks and U.K. grocery chain Morrisons.
  • Blue Yonder is working with external cybersecurity firms to recover from the attack.
  • Starbucks and Morrisons have implemented backup systems while waiting for services to be restored.

Read Full Article

like

14 Likes

source image

Siliconangle

4w

read

75

img
dot

Image Credit: Siliconangle

Ransomware attack on Panasonic’s Blue Yonder disrupts supply chains in UK and US

  • A ransomware attack on Panasonic Corp.-owned supply chain management company Blue Yonder Group Inc. caused disruptions and delays in the U.K. and U.S.
  • The attack was detected on Nov. 21, and Blue Yonder has provided updates on its website, but without much detail.
  • Blue Yonder is working with external cybersecurity firms to restore systems safely, with no timeline for restoration at this point.
  • The outage has impacted grocery chains in the U.K. and affected companies in the U.S., including Starbucks, Proctor & Gamble, and Albertsons.

Read Full Article

like

4 Likes

source image

Securityaffairs

4w

read

155

img
dot

Image Credit: Securityaffairs

Zyxel firewalls targeted in recent ransomware attacks

  • Zyxel warns that a ransomware group has been observed exploiting a recently patched command injection issue in its firewalls.
  • Remote, unauthenticated attackers could exploit the flaw to execute OS commands on vulnerable devices.
  • Zyxel addressed the vulnerability with the release of firmware version 5.39 for certain firewall models.
  • Users are advised to update admin and user account passwords for enhanced protection.

Read Full Article

like

9 Likes

source image

Mcafee

4w

read

288

img
dot

Image Credit: Mcafee

This Holiday Season, Watch Out for These Cyber-Grinch Tricks Used to Scam Holiday Shoppers

  • McAfee identified several consumer brands and product categories most frequently used by cybercriminals to trick consumers this holiday shopping season.
  • From October 1 to November 12, 2024, McAfee safeguarded customers from 624,346 suspicious URLs tied to popular consumer brand names.
  • McAfee’s threat research reveals a 33.82% spike in malicious URLs targeting consumers with specific brand names in the run-up to Black Friday and Cyber Monday.
  • Cybercriminals are creating scams that mimic trusted brands and categories consumers trust during the holiday season when people are shopping for the perfect gifts and amazing deals.
  • Handbags and footwear were the two most common product categories for bad actors. Yeezy and Louis Vuitton were the most common brands that trick consumers into engaging with malicious or suspicious sites.
  • Scammers are leveraging luxury brands and tech products to lure consumers into 'deals' on fake e-commerce sites that appear as official brand pages.
  • Consumers can protect themselves from falling victim to fraud by understanding the tactics cybercriminals use and taking a few precautionary measures.
  • Some common tactics scammers are using this holiday season include fake e-commerce sites, phishing sites with customer service bait, and knockoff and counterfeit products.
  • Smart shopping tips to safeguard yourself from holiday scammers include verifying URLs, looking for signs of secure websites, and sticking with trusted sources.
  • McAfee’s threat research team analyzed malicious or suspicious URLs to query the URLs, and the methodology captures instances where users either clicked on or were directed to dangerous sites mimicking trusted brands.

Read Full Article

like

17 Likes

source image

Securityaffairs

4w

read

395

img
dot

Image Credit: Securityaffairs

Malware campaign abused flawed Avast Anti-Rootkit driver

  • Threat actors exploit an outdated Avast Anti-Rootkit driver to evade detection, disable security tools, and compromise the target systems.
  • Trellix researchers discover a malware campaign that abuses a vulnerable Avast Anti-Rootkit driver to gain deeper access to the target system.
  • The malware corrupts trusted kernel-mode drivers, terminates protective processes, and compromises infected systems.
  • Organizations are advised to implement protections against attacks using vulnerable drivers.

Read Full Article

like

23 Likes

source image

Socprime

4w

read

41

img
dot

Image Credit: Socprime

BlackSuit Ransomware Detection: Ignoble Scorpius Escalates Attacks, Targets 90+ Organizations Worldwide

  • BlackSuit ransomware, operated by Ignoble Scorpius, is aggressively targeting over 90 organizations worldwide.
  • There has been a significant surge in BlackSuit ransomware activity, primarily targeting the construction, manufacturing, and education industries.
  • The ransom demands from BlackSuit typically average around 1.6% of the victim organization's annual revenue.
  • Ignoble Scorpius employs various tactics like phishing emails, software supply chain compromises, and credential harvesting to gain access.

Read Full Article

like

2 Likes

source image

Securityaffairs

4w

read

266

img
dot

Image Credit: Securityaffairs

Russia-linked APT TAG-110 uses targets Europe and Asia

  • Russia-linked threat actors TAG-110 employed custom malware HATVIBE and CHERRYSPY to target organizations in Asia and Europe.
  • The campaign primarily targeted government entities, human rights groups, and educational institutions in Central Asia, East Asia, and Europe.
  • The APT used HATVIBE loader to deliver malware like CHERRYSPY, which enables encrypted data exfiltration and system monitoring of targeted entities.
  • TAG-110's operations align with Russia's geopolitical interests, focusing on Central Asia to maintain influence amid strained relations.

Read Full Article

like

16 Likes

For uninterrupted reading, download the app