menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Malware News

Malware News

source image

Pymnts

2w

read

255

img
dot

Image Credit: Pymnts

UnitedHealth Group CEO Said Hackers Struck Via Citrix Portal

  • Hackers broke into UnitedHealth Group's Change Healthcare unit's systems through Citrix portal.
  • The hackers gained access using compromised credentials and exfiltrated data, followed by the deployment of ransomware.
  • It is unclear which vulnerability was exploited, but U.S. officials previously warned about security loopholes in Citrix tools.
  • UnitedHealth Group is collaborating with the FBI and cybersecurity firms to investigate the hack and strengthen their cyber defenses.

Read Full Article

like

15 Likes

share

3 Shares

source image

Medium

2w

read

160

img
dot

Image Credit: Medium

The Perilous Waters of Data Leakage and Extortion

  • Data leakage occurs when sensitive information is inadvertently exposed due to various factors, ranging from inadequate security measures to sophisticated cyber-attacks.
  • Extortion in the realm of cybersecurity has taken a more menacing turn with the advent of ransomware and double extortion tactics.
  • The Change Healthcare incident is a textbook example of how sophisticated the tactics of cybercriminals have become, threatening to leak stolen data unless a ransom is paid.
  • Implementing robust preventative measures, such as Zero Trust model adoption, regular security audits, and employee training, is crucial to safeguard against data leakage and extortion.

Read Full Article

like

9 Likes

share

2 Shares

source image

Infoblox

2w

read

281

img
dot

Image Credit: Infoblox

Catching Threat Actors in DNS Using Infoblox Threat Intel

  • Infoblox takes a unique approach to threat detection and response using AI and patented algorithms to identify dangerous domains before actors use them.
  • Infoblox Threat Intel specializes in DNS, combining DNS expertise with data science techniques to identify suspicious domains and track threat actors.
  • Infoblox Threat Intel detects 60% of threats before the first DNS query and blocks attacks on average 63 days earlier.
  • Infoblox Threat Intel adds close to 4 million new malicious and suspicious domains monthly and analyzes 70 billion DNS events daily.

Read Full Article

like

16 Likes

share

3 Shares

source image

Gbhackers

2w

read

234

img
dot

Grafana Tool Vulnerability Let Attackers Inject SQL Queries

  • The popular open-source platform Grafana has a severe SQL injection vulnerability.
  • Attackers with valid credentials can execute arbitrary SQL commands, leading to data leakage and other security breaches.
  • The vulnerability affects all versions of Grafana and poses a significant threat to organizations using the tool.
  • Proper validation of SQL queries is lacking, allowing attackers to inject malicious SQL code.

Read Full Article

like

14 Likes

share

3 Shares

source image

Medium

2w

read

294

img
dot

Image Credit: Medium

Logic Bombs: A TryHackMe Write-up

  • A logic bomb is a series of instructions designed to attack a computer after certain conditions are met.
  • Remaining dormant and undetected by antivirus software and other security measures, logic bombs can be triggered to delete files and services, interrupt network connections, eat up resources, corrupt data, etc.

Read Full Article

like

17 Likes

share

4 Shares

source image

Gbhackers

2w

read

286

img
dot

KageNoHitobito Ransomware Attacking Windows Users Around the Globe

  • A new ransomware named KageNoHitobito is targeting Windows users across multiple countries.
  • It encrypts their data and demands a ransom through advanced methods.
  • The ransomware exploits Windows system vulnerabilities and avoids encrypting critical system files.
  • Another ransomware called DoNex, which encrypts files on local and network drives, has also emerged.

Read Full Article

like

17 Likes

share

4 Shares

source image

Gbhackers

2w

read

186

img
dot

Android Malware Brokewell With Complete Device Takeover Capabilities

  • A new family of mobile malware known as “Brokewell” has been found to have a wide range of device takeover capabilities.
  • Brokewell threatens the banking sector by giving attackers remote access to mobile banking resources.
  • The malware is still under development and will likely be offered as a rental service through underground channels.
  • Brokewell steals user credentials through overlay attacks and can remotely control infected devices.

Read Full Article

like

11 Likes

share

2 Shares

source image

Gbhackers

2w

read

4

img
dot

Fileless .NET Based Code Injection Attack Delivers AgentTesla Malware

  • A recent malware campaign used a VBA macro in a Word document to download and execute a 64-bit Rust binary.
  • The malware utilizes fileless injection techniques to load a malicious AgentTesla payload into memory without writing files to disk.
  • The malware patches the 'EtwEventWrite' API to disable Event Tracing for Windows (ETW), downloads a shellcode containing the AgentTesla payload, and executes it.
  • The shellcode uses API hashing to dynamically resolve APIs and allocates memory to run the decoded AgentTesla payload.

Read Full Article

like

Like

share

Share

source image

Medium

2w

read

191

img
dot

Image Credit: Medium

Exploring Shellcode Execution in Remote Processes

  • Shellcode execution in remote processes is a technique that allows attackers to inject malicious code into legitimate processes to evade detection and carry out various tasks.
  • This technique falls under the MITRE ATT&CK framework, specifically under defense evasion, execution, persistence, and command and control tactics.
  • By injecting shellcode into remote processes, attackers can bypass security controls, exploit vulnerabilities, establish persistence, and control compromised systems.
  • An example of injecting shellcode into a Windows remote process is provided for reference.

Read Full Article

like

11 Likes

share

2 Shares

source image

Medium

2w

read

286

img
dot

Image Credit: Medium

Malware Analysis Handbook — 1

  • Malware refers to any software designed to harm or exploit computing devices.
  • Windows Defender classifies malware into different categories based on their behavior.
  • Malware analysis is the process of understanding the behavior and purpose of suspicious files or URLs.
  • Fingerprinting and dynamic analysis are important methods used in malware analysis.

Read Full Article

like

17 Likes

share

4 Shares

source image

Medium

2w

read

17

img
dot

Image Credit: Medium

Evaluating Website Safety with urlscore.ai

  • URLScore.ai offers a Browsing Risk Test to determine the safety level of URLs.
  • Users have the option to keep their scan results private for added privacy and security.
  • URLScore.ai's CheckScan Tech provides detailed insights into website infrastructure and security risks.
  • The platform uses AI technology and real-time updates to assess website safety and support various business use cases.

Read Full Article

like

1 Like

share

Share

source image

Securityaffairs

2w

read

325

img
dot

Image Credit: Securityaffairs

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

  • Hackers may have accessed thousands of accounts on the California state welfare platform
  • Brokewell Android malware supports an extensive set of Device Takeover capabilities
  • Experts warn of an ongoing malware campaign targeting WP-Automatic plugin
  • Kaiser Permanente data breach may have impacted 13.4 million patients

Read Full Article

like

19 Likes

share

4 Shares

source image

Kitploit

2w

read

117

img
dot

Image Credit: Kitploit

CrimsonEDR - Simulate The Behavior Of AV/EDR For Malware Development Training

  • CrimsonEDR is an open-source project designed to simulate the behavior of AV/EDR for malware development training.
  • It offers various detection methods to identify malware patterns and evade Endpoint Detection and Response (EDR).
  • Features include detecting direct syscall usage, NTDLL unhooking, AMSI and ETW patch detection, PE stomping, reflective PE loading, and more.
  • To use CrimsonEDR, it requires installation and usage steps as outlined in the documentation provided.

Read Full Article

like

7 Likes

share

1 Share

source image

Securityaffairs

2w

read

326

img
dot

Image Credit: Securityaffairs

Targeted operation against Ukraine exploited 7-year-old MS Office bug

  • A hacking campaign targeted Ukraine exploiting a seven-year-old vulnerability in Microsoft Office to deliver Cobalt Strike.
  • Researchers discovered a malicious PPSX file containing a remote link to exploit CVE-2017-8570.
  • The payload included a cracked version of Cobalt Strike and implemented features to evade detection.
  • The attacks originated from Ukraine, with the second stage hosted on a Russian VPS provider and the C2 server registered in Warsaw, Poland.

Read Full Article

like

19 Likes

share

4 Shares

source image

Securityaffairs

2w

read

170

img
dot

Image Credit: Securityaffairs

Brokewell Android malware supports an extensive set of Device Takeover capabilities

  • Researchers have identified a new Android malware called Brokewell, which implements a wide range of device takeover capabilities.
  • Brokewell employs overlay attacks to capture credentials and steal cookies from legitimate applications.
  • The malware supports 'accessibility logging' and records device events, potentially compromising data from all applications.
  • Brokewell also includes spyware functionalities, such as gathering device information and recording audio.

Read Full Article

like

10 Likes

share

2 Shares

Prev

1
2
3
4
5
6
7
8
9
10

Next

For uninterrupted reading, download the app