menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Malware News

Malware News

source image

Medium

4w

read

200

img
dot

Image Credit: Medium

Hiding Processes from the Userland with a Kernel Driver

  • This article explains a technique for hiding processes from userland applications using a custom Windows kernel driver.
  • During the initialization of the driver, a device is created that allows communication between user-mode applications and the driver through a specific I/O control code.
  • The driver further calculates memory offsets for process IDs and names tailored to specific OS versions.
  • The ability to unlink a process from the system's monitoring tools makes it invisible to utilities like Task Manager.
  • This sophisticated technique involves manipulating internal process structures, allowing programs to run undetected.
  • User-mode applications can request the driver to hide specific processes by handling I/O control requests, showcasing a seamless interaction between userland and kernel-level operations.
  • This knowledge provides insight into how rootkits function and emphasizes the importance of understanding low-level system programming.
  • Proper error handling is integrated into this communication flow, ensuring that the userland application can handle any issues that arise during the interaction with the driver.
  • Responsible usage is paramount in the realm of malware development as you continue to explore these techniques.

Read Full Article

like

12 Likes

source image

Securityaffairs

4w

read

0

img
dot

Image Credit: Securityaffairs

Security Affairs newsletter Round 499 by Pierluigi Paganini – INTERNATIONAL EDITION

  • A cyberattack on gambling giant IGT disrupted portions of its IT systems
  • China-linked APT Gelsemium uses a new Linux backdoor dubbed WolfsBane
  • Microsoft seized 240 sites used by the ONNX phishing service
  • U.S. CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog

Read Full Article

like

Like

source image

Securityaffairs

4w

read

164

img
dot

Image Credit: Securityaffairs

China-linked APT Gelsemium uses a new Linux backdoor dubbed WolfsBane

  • China-linked APT Gelsemium has deployed a new Linux backdoor called WolfsBane in attacks targeting East and Southeast Asia.
  • The backdoor WolfsBane is a Linux version of Gelsevirine, a Windows backdoor previously used by Gelsemium APT.
  • The shift to targeting Linux reflects APT groups adapting to enhanced Windows defenses and focusing on vulnerabilities in internet-facing Linux systems.
  • The initial access method used by Gelsemium APT is still unclear, but researchers believe web application vulnerabilities were exploited.

Read Full Article

like

9 Likes

source image

Mcafee

4w

read

254

img
dot

Image Credit: Mcafee

How to Protect Your Social Media Passwords with Multi-factor Verification

  • Two-step verification, two-factor authentication, multi-factor authentication…whatever your social media platform calls it, it’s an excellent way to protect your accounts.
  • Multi-factor verification, also known as two-step verification, adds an extra layer of security to your social media accounts by requiring an additional code or authentication method along with your login credentials.
  • Using strong and unique passwords is crucial for account security, and a password manager can help generate and store them securely.
  • Here are the steps to set up multi-factor authentication for Facebook, Instagram, WhatsApp, YouTube, and TikTok.

Read Full Article

like

15 Likes

source image

Securityaffairs

4w

read

196

img
dot

Image Credit: Securityaffairs

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

  • Mexico is investigating a ransomware attack targeting its legal affairs office.
  • The ransomware gang Ransomhub claimed responsibility for the attack.
  • Stolen files include contracts, insurance, and financial documents.
  • This is not the first time Mexico's government has been targeted in a hack involving sensitive information.

Read Full Article

like

11 Likes

source image

Socprime

4w

read

232

img
dot

Image Credit: Socprime

Fickle Stealer Malware Detection: New Rust-Based Stealer Disguises as Legitimate Software to Steal Data from Compromised Devices

  • A new Rust-based stealer malware called Fickle Stealer has emerged.
  • Fickle Stealer disguises itself as GitHub Desktop software for Windows.
  • The malware employs various anti-malware and detection evasion techniques.
  • Fickle Stealer poses a significant threat to compromised devices and data.

Read Full Article

like

13 Likes

source image

Cybersecurity-Insiders

4w

read

317

img
dot

Image Credit: Cybersecurity-Insiders

Professionalization seen in Russian Cyber Crime groups linked to Ransomware

  • A disturbing new trend shows the increasing professionalization of cybercrime, with hacking groups in Russia actively advertising job openings for pen testers. These positions require expertise in penetration testing, which checks identified vulnerabilities and helps attackers to infiltrate networks more efficiently. In the first week of November 2024, several job posting platforms were found to be listing vacancies for pen testers. Cybersecurity firm Cato Networks highlights that the hackers are filling these advertised positions in an anonymous manner via online platforms, with most communication taking place in encrypted environments such as TOR and Telegram.
  • The Cato CTRL SASE Threat Report revealed how cybercriminals are increasingly using Shadow AI, a term that refers to the illegal use of AI technologies and tools in cybercrime activities. The report emphasizes the potential dangers of Shadow AI, which has become an integral tool in the cybercriminal toolkit, as the possibilities for their misuse in criminal activities continue to expand.
  • Law enforcement agencies are closely monitoring these emerging trends globally, focusing on the illegal use of AI and the hiring of pen testers by hacking groups. Operation Cronos, a large-scale effort led by Europol in collaboration with other law enforcement agencies, serves as a prime example of proactive steps being taken to combat cybercrime. Even the FBI is working on this issue, monitoring suspects (in many cases, catching them in the act) using advanced tools and techniques.
  • The increasing professionalization of cybercrime, reflected in hiring pen testers by Russian hacking groups, serves as a reminder of the ever-evolving nature of cyber threats. Therefore, both the public and private sectors should remain vigilant and proactive in their defense strategies.
  • The rise of Shadow AI and the growing demand for specialized skills such as penetration testing by criminal groups highlight the need for enhanced international cooperation, and improved cybersecurity awareness, as cybercrime continues to pose a significant threat.

Read Full Article

like

19 Likes

source image

TechJuice

4w

read

331

img
dot

Image Credit: TechJuice

6 Major Threats to Your Phone and How to Stay Protected

  • Your phone can face several types of threats like phishing scams, accidental drops, water damage, public Wi-Fi hacking, malware and virus attacks, and phone theft.
  • Phishing scam is a type of fraud in which cybercriminals send fake emails, texts, or websites to gain sensitive information from the users. Google's Pixel phones and Google Play Protect are designed to protect the users against such threats.
  • Accidental drops and water damage remain the most common phone damage types. Preventive measures include buying shock-absorbing phone cases and screen protectors, using phone grips, and being mindful of using the phone in slippery conditions.
  • Water damage to your phone can result in corrosion, short circuits, and irreparable damage to your phone's internal components. Phones rated as IP68 are dust- and water-resistant to a certain level.
  • Using public Wi-Fi can expose your sensitive data to hackers who use tools like man-in-the-middle scams to steal your information. Using VPN is crucial while using public Wi-Fi networks to encrypt your internet data and avoid being hacked.
  • Downloading malicious apps or clicking on infected links can expose your Android phone to malware and viruses. Using antivirus programs and only downloading apps from trusted sources can help to avoid malware attacks.
  • Phone theft can result in personal data, financial accounts, and identity theft. Using strong passwords, enabling Find My Device in Android settings, being mindful of surroundings, and avoiding leaving the phone alone can help to avoid phone theft.

Read Full Article

like

19 Likes

source image

Cybersecurity-Insiders

4w

read

407

img
dot

Image Credit: Cybersecurity-Insiders

Cybersecurity news headlines trending on Google

  • A new variant of ransomware called Helldown is now targeting Linux and VMware server environments.
  • Helldown shares code with Darkrace and Donex, and it can disrupt Virtual Machines within controlled environments.
  • The group responsible for spreading Helldown ransomware has attacked at least 41 victims in the US and Europe.
  • India has imposed a five-year ban on WhatsApp data sharing and fined it $850 million for inadequate user information.

Read Full Article

like

24 Likes

source image

Medium

1M

read

429

img
dot

Image Credit: Medium

Helldown Ransomware: How It Wipes Out Data & Shuts Down Entire Networks in Minutes

  • Helldown is a ransomware strain that targets networks relying on Linux servers, VMware setups, and vulnerable firewalls.
  • By exploiting unpatched Zyxel VPN vulnerabilities, Helldown quickly spreads across networks.
  • It encrypts files, leaving victims with the option to pay the ransom or risk losing their data.
  • Helldown's speed and scope can cripple businesses, causing significant downtime and potential data breaches.

Read Full Article

like

25 Likes

source image

Securityaffairs

1M

read

13

img
dot

Image Credit: Securityaffairs

Russian Phobos ransomware operator faces cybercrime charges

  • Russian Phobos ransomware operator Evgenii Ptitsyn extradited from South Korea to the US to face cybercrime charges.
  • Ptitsyn allegedly managed the sale, distribution, and operation of the Phobos ransomware.
  • The Phobos ransomware operation targeted over 1,000 entities worldwide, extorting more than $16 million in ransom payments.
  • Ptitsyn faces multiple charges including wire fraud, computer fraud and abuse, and extortion.

Read Full Article

like

Like

source image

Dev

1M

read

125

img
dot

Image Credit: Dev

Issue 71 of AWS Cloud Security Weekly

  • AWS introduced Resource Control Policies (RCPs) in AWS Organizations to restrict external access to AWS resources.
  • AWS IAM Access Analyzer's unused access findings now allow excluding specific accounts, roles, or users from analysis.
  • IAM introduced new capability to centrally manage root credentials from the AWS Organizations Management account.
  • AWS introduced Amazon Route 53 Resolver DNS Firewall Advanced to monitor and block suspicious DNS traffic.

Read Full Article

like

7 Likes

source image

Securityaffairs

1M

read

228

img
dot

Image Credit: Securityaffairs

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

  • Chinese threat actors exploit a zero-day vulnerability in Fortinet's Windows VPN client.
  • The vulnerability allows the threat actors to steal user credentials and server details.
  • The exploit is carried out using the custom malware called DeepData.
  • Volexity researchers reported the vulnerability to Fortinet, but it remains unresolved.

Read Full Article

like

13 Likes

source image

TechCrunch

1M

read

80

img
dot

Image Credit: TechCrunch

US extradites Russian accused of extorting millions in Phobos ransomware payments 

  • Evgenii Ptitsyn, an alleged Russian hacker, has been extradited to the US to face charges related to the Phobos ransomware operation.
  • The Phobos ransomware operation extorted at least $16 million from over a thousand public and private victims globally.
  • Ptitsyn is accused of administering the sale, distribution, and operation of Phobos, and the victims include various organizations from the US.
  • Ptitsyn has been charged with wire fraud conspiracy, wire fraud, conspiracy to commit computer fraud and abuse, and intentional damage to protected computers and extortion.

Read Full Article

like

4 Likes

source image

Securityaffairs

1M

read

398

img
dot

Image Credit: Securityaffairs

Great Plains Regional Medical Center ransomware attack impacted 133,000 individuals

  • A ransomware attack on Great Plains Regional Medical Center compromised personal data of 133,000 individuals, exposing sensitive information.
  • The attack occurred on September 8, 2024, and an investigation was launched with the help of a cybersecurity firm.
  • Files were accessed, encrypted, and copied by the threat actor between September 5 and September 8, 2024.
  • The exposed patient information includes names, demographic and health insurance information, clinical treatment details, and in some cases, Social Security and driver's license numbers.

Read Full Article

like

23 Likes

For uninterrupted reading, download the app