Malware News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Malware News

Securityaffairs

147

Image Credit: Securityaffairs

Criminal group UAC-0173 targets the Notary Office of Ukraine

Criminal group UAC-0173 is targeting the Notary Office of Ukraine.
The campaign, which started in mid-January 2025, uses the DCRat malware.
Phishing messages with malicious links are being sent to notaries in Ukraine.
CERT-UA has provided recommendations to enhance cybersecurity and prevent further attacks.

Read Full Article

8 Likes

Securityaffairs

259

Image Credit: Securityaffairs

DragonForce Ransomware group is targeting Saudi Arabia

DragonForce ransomware has recently been reported to target organizations in the Kingdom of Saudi Arabia (KSA).
The attack is a part of the rising cyber threats facing the region, particularly against critical infrastructure and major corporations.
This is the first time the ransomware gang has targeted a large KSA enterprise entity, with over 6 TB of data being exfiltrated.
The targeting of KSA by ransomware groups raises concerns about the security of critical infrastructure in the region.

Read Full Article

15 Likes

Cybersecurity-Insiders

228

Image Credit: Cybersecurity-Insiders

LockBit ransomware gang sends a warning to FBI Director Kash Patel

LockBit ransomware group warns FBI Director Kash Patel about his subordinates focusing on manipulating narratives rather than performing their duties.
LockBit, a notorious cybercrime group, has a history of ransomware attacks and was previously targeted by a coordinated operation named Operation Cronos.
LockBit re-emerged as LockBit 2.0 after the crackdown, targeting critical federal infrastructure ahead of the 2024 elections.
The group is now using a new tactic by directly reaching out to FBI Director Kash Patel, possibly as part of a psychological operation.

Read Full Article

13 Likes

Bitcoinist

Image Credit: Bitcoinist

Crypto Scam Alert: Hackers Use GitHub To Steal Funds—Kaspersky

Hackers are using fake repositories on GitHub to distribute malware and steal personal data and cryptocurrency, according to security firm Kaspersky.
These deceptive repositories mimic legitimate open-source projects and trick unsuspecting developers and merchants.
The malware distributed through these repositories includes remote access trojans, clipboard hijackers, and data-extracting software, which allow the attackers to access sensitive information such as browser histories, cryptocurrency wallet details, and login credentials.
Kaspersky advises users to exercise extreme caution when downloading code from GitHub and recommends implementing maximum security measures to prevent falling victim to these types of attacks.

Read Full Article

4 Likes

Discover more

Securityaffairs

120

Image Credit: Securityaffairs

New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus

A new Ghostwriter campaign is targeting opposition activists in Belarus and Ukrainian military and government organizations.
The campaign uses a new variant of PicassoLoader and has been active since late 2024.
The Ghostwriter threat actor, linked to the government of Belarus, is known for conducting cyberespionage operations.
The campaign confirms the close ties between Ghostwriter and the Belarusian government in targeting opposition and associated organizations.

Read Full Article

7 Likes

Medium

331

Image Credit: Medium

Cyberattack on Genea Fertility Clinic Exposes 940GB of Sensitive IVF Patient Data

In a significant cybersecurity breach, hackers exposed 940GB of sensitive medical data stolen from Genea Fertility Clinic in Australia.
The breach by the Termite ransomware group included medical histories, government IDs, Medicare card numbers, and health insurance details.
The attack not only affects the patients but also poses a threat to the broader healthcare system due to the personal nature of the stolen data.
Hackers exploited Genea's Citrix environment, allowing them to siphon patient data over a two-week period.
Stolen health records on the dark web can be used for illegal medical claims, identity fraud, and unauthorized drug prescriptions.
Although financial information was not accessed, a substantial amount of personal data like government IDs and medical histories was stolen.
Genea is taking legal action to prevent further distribution of the leaked data but faces challenges in mitigating the breach's impact.
The breach has raised concerns about patient data security and led to demands for enhanced cybersecurity measures and transparency from Genea.
The incident has affected Genea's operations, causing disruption to services like the MyGenea app for tracking fertility treatments.
This breach underscores the urgent need for stronger cybersecurity measures in the healthcare industry to protect sensitive patient data.
Both healthcare providers and individuals must prioritize cybersecurity to prevent future attacks and safeguard confidential medical information.

Read Full Article

19 Likes

TechDigest

385

Image Credit: TechDigest

Britain named worst in Europe for malware attacks

Britain has the highest rate of malware attacks in Europe, according to NordVPN's Threat Protection Report.
Last year, NordVPN's Threat Protection Pro service blocked over 669 million malware incidents in the UK.
Cybercriminals frequently impersonate well-known brands like Google, Facebook, and Microsoft to trick victims into divulging personal information.
NordVPN's report also highlights the importance of caution when interacting with online platforms, emphasizing phishing attacks and intrusive ads.

Read Full Article

23 Likes

TechCrunch

Image Credit: TechCrunch

Hackers publish sensitive patient data allegedly stolen from Australian IVF provider Genea

Hackers claim to have published a trove of sensitive data belonging to IVF patients after a cyberattack on Genea, one of Australia’s largest fertility providers.
Samples of the allegedly stolen data, seen by TechCrunch, appear to show government-issued identification documents and sensitive medical records.
Genea noted that hackers compromised its patient management system, containing patients' contact details, medical histories, test results, and medications.
Genea confirmed no evidence of compromise to patients' financial information, and is working to restore its systems following the cyberattack.

Read Full Article

Securityaffairs

197

Image Credit: Securityaffairs

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Researchers found an updated LightSpy spyware with enhanced data collection features targeting social media platforms like Facebook and Instagram.
ThreatFabric researchers discovered a macOS version of LightSpy spyware in May 2024 and observed threat actors using publicly available exploits to deliver macOS implants.
The LightSpy spyware can steal files, record audio, harvest various data, and grant attackers control over the infected device.
The new version of LightSpy supports data extraction features targeting Facebook and Instagram application database files.

Read Full Article

11 Likes

Cybersecurity-Insiders

Image Credit: Cybersecurity-Insiders

Ransomware hackers are more interested in data exfiltration than encryption

Ransomware hackers are now more interested in data exfiltration rather than encryption.
Recent trends show that cybercriminals prefer stealing data as it is faster and carries a lower risk of being traced.
Law enforcement interventions, such as discouraging ransom payments and tracing cryptocurrency, have led hackers to focus on data exfiltration.
To mitigate risks, organizations should deploy threat monitoring systems, maintain regular backups, and notify authorities to reduce the spread of cybercrime.

Read Full Article

3 Likes

Securityaffairs

250

Image Credit: Securityaffairs

GitVenom campaign targets gamers and crypto investors by posing as fake GitHub projects

GitVenom is a malware campaign targeting GitHub users, posing as open-source projects.
Threat actors created fake GitHub repositories with malicious code, disguised as automation tools and crypto bots.
Malicious payloads were stored in the fake projects to download further components and execute them.
The campaign targeted gamers and crypto investors with a variety of malicious activities including stealing credentials and cryptocurrency hijacking.

Read Full Article

15 Likes

Qualys

376

Image Credit: Qualys

Defense Lessons From the Black Basta Ransomware Playbook

The cybersecurity world was shocked by a massive leak of Black Basta's internal communications revealing their attack tactics, operations, and leadership.
Lessons learned from the leak include the importance of immediate patching, tighter access controls, and rapid incident response to strengthen defenses against ransomware threats.
Black Basta exploits vulnerabilities like exposed RDP servers, weak authentication mechanisms, and malware droppers to breach systems, emphasizing the need for organizations to understand their playbook.
The ransomware group actively targets vulnerabilities such as exposed RDP and VPN services, known CVEs, and uses malware droppers to deliver payloads.
A list of Top 20 CVEs actively exploited by Black Basta is provided, urging IT security professionals to patch these vulnerabilities immediately to prevent potential attacks.
Critical misconfigurations that should be fixed immediately, including SMBv1 enabled systems, default credentials, weak VPN configurations, and exposed RDP, are highlighted as key vulnerabilities exploited by Black Basta.
Black Basta's tactics involve a layered approach of credential theft, service exploitation, social engineering, and persistence, accelerating from initial access to network-wide compromise swiftly.
Automated scripts are used post-exploitation to dump credentials, disable security tools, and deploy ransomware quickly, emphasizing the need for proactive detection and response measures.
Qualys offers solutions to align with the recommendations to detect and mitigate Black Basta's tactics, leveraging CyberSecurity Asset Management, Patch Management, and VMDR for vulnerability detection and prioritization.
Qualys Query Language (QQL) can help identify assets exposed to ransomware-targeted CVEs, misconfigurations, and security gaps, enabling faster remediation and risk-based prioritization against evolving threats like Black Basta.

Read Full Article

22 Likes

Kaspersky

444

Image Credit: Kaspersky

Malicious code in fake GitHub repositories | Kaspersky official blog

Researchers at Kaspersky have uncovered a malicious campaign called GitVenom targeting GitHub users.
In this campaign, unknown actors created over 200 repositories containing fake projects with malicious code.
The repositories appeared legitimate with well-designed README.MD files and a large number of commits, creating the illusion of authenticity.
The malicious components found in these repositories include a Node.js stealer, AsyncRAT Trojan, Quasar backdoor, and a clipper.

Read Full Article

26 Likes

Securityaffairs

Image Credit: Securityaffairs

A large botnet targets M365 accounts with password spraying attacks

A botnet of 130,000+ devices is targeting Microsoft 365 (M365) accounts through password-spraying attacks, bypassing multi-factor authentication.
The attackers exploit basic authentication, allowing them to steal credentials transmitted in plain form.
The password-spray attacks are recorded in Non-Interactive Sign-In logs, often overlooked by security teams, enabling attackers to conduct high-volume attempts undetected.
SecurityScorecard advises affected organizations to rotate credentials and reassess their authentication strategies to combat these ongoing botnet attacks.

Read Full Article

2 Likes

Securelist

Image Credit: Securelist

The GitVenom campaign: cryptocurrency theft using GitHub

The GitVenom campaign utilizes fake projects with malicious code on GitHub to target users, reflecting a rising trend of using open-source code as a lure for attacks.
Threat actors created hundreds of repositories with fake projects like Instagram automation tools and hacking utilities designed to appear legitimate.
Repositories contained well-crafted README.md files and artificially inflated commit counts to deceive potential victims.
Malicious code was hidden in various programming languages like Python, JavaScript, C, C++, and C#, executing actions different from what was described in the fake projects.
The attackers used encrypted scripts, malicious functions, and batch scripts to implant and execute the malicious code within the projects.
The malicious payloads aimed to download further components from an attacker-controlled repository, including a Node.js stealer, AsyncRAT implant, Quasar backdoor, and a clipboard hijacker.
Potential victims worldwide, with notable activity in Russia, Brazil, and Turkey, have been targeted by the GitVenom campaign over the past few years.
It is critical for developers to cautiously assess and verify third-party code from platforms like GitHub to prevent incorporating malicious code into their projects.
The campaign's impact has been substantial, with infection attempts continuing globally, emphasizing the need for heightened vigilance in handling open-source code.
Reference hashes for infected repository archives are provided as a resource for identification and mitigation of the GitVenom threat.

Read Full Article

4 Likes

For uninterrupted reading, download the app