- Targeted Spy Campaign Hits Russian Service Centers
June 7, 2018
A series of espionage attacks have been uncovered, targeted at service centers in Russia that provide maintenance and support for a variety of electronic goods. The payload is a commercial version of the Imminent Monitor tool, which is freely available for purchase as legitimate software. Its developers explicitly prohibit any usage of the tool in a malicious way ...
- VPNFilter Malware Impact Larger Than Previously Thought
June 6, 2018
Researchers say the impact of the VPNFilter malware discovered last month is larger than originally reported. On Wednesday, Cisco Talos researchers said they now believe the malware has infected twice the number of router brands than previously stated. They added that VPNFilter also delivers a more potent punch than they originally thought, and have identified a previously ...
- Prowli Malware Targeting Servers, Routers, and IoT Devices
June 6, 2018
After the discovery of massive VPNFilter malware botnet, security researchers have now uncovered another giant botnet that has already compromised more than 40,000 servers, modems and internet-connected devices belonging to a wide number of organizations across the world. Dubbed Operation Prowli, the campaign has been spreading malware and injecting malicious code to take over servers and websites around ...
- Nocturnal Stealer Lets Low-Skilled Cybercrooks Harvest Sensitive Info
May 31, 2018
The Nocturnal Stealer malware has crept into the Dark Web like a thief in the night, offering criminals a lucrative payday for a small price — and little effort. It’s a commodity malware, debuting on an underground forum in March for the low price of $25. It steals things, including 28 different kinds of cryptocurrency wallets, ...
- Brazilian Banking Trojan Communicates Via Microsoft SQL Server
May 29, 2018
Researchers have discovered a banking trojan making waves in Brazil with an array of tricks up its sleeve, including using an unusual command and control (C&C) server and a full-screen social-engineering overlay form. Researchers at IBM X-Force research on Tuesday revealed that attackers are using the malware – dubbed MnuBot –mainly in Brazil to perform illegal ...
- VPNFilter Malware Infects 500k Routers Including Linksys, MikroTik, NETGEAR
May 23, 2018
Malware called VPNFilter has infected 500,000 router brands ranging from Linksys, MikroTik, NETGEAR and TP-Link that are mostly used in home offices. Researchers at Cisco Talos said they decided to warn the public of the threat despite the fact the infected devices and malware are still under investigation. Researchers said their investigation into VPNFilter has been ...
- One Year After WannaCry: A Fundamentally Changed Threat Landscape
May 17, 2018
It’s been one year this week since the ransomware known as WannaCry infected more than 200,000 machines in 150 countries, causing billions of dollars in damages and grinding global business to a halt. The speed and scale of the attack – helped along by leaked National Security Agency hacking tools – was obviously notable, but ...
- GandCrab Ransomware Found Hiding on Legitimate Websites
May 10, 2018
The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns. What’s interesting is that GandCrab payload was found hiding on legitimate but compromised websites. These, when analyzed, were found to be riddled with vulnerabilities stemming from outdated software, highlighting one ...
- This malware checks your system temperature to sidestep sandboxing
May 1, 2018
GravityRAT is a Trojan which checks the temperature of a system to detect the presence of virtual machines (VMs) and prevent efforts at analysis by researchers. By taking thermal readings, the Remote Access Trojan (RAT), which has become a recent menace in India, attempts to find out whether or not VMs are being employed for the ...
- New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia
April 23, 2018
Symantec has identified a new attack group dubbed Orangeworm deploying the Kwampirs backdoor in a targeted attack campaign against the healthcare sector and related industries. Symantec has identified a previously unknown group called Orangeworm that has been observed installing a custom backdoor called Trojan.Kwampirs within large international corporations that operate within the healthcare sector in the United States, ...