Malware

September 20, 2023

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known ransomware IOCs and TTPs associated with the Snatch ransomware variant identified through FBI investigations as recently as June 1, 2023. Since mid-2021, Snatch threat actors have consistently evolved their tactics to take advantage of ...

September 19, 2023

Cisco Talos recently discovered a new malware family we’re calling “HTTPSnoop” being deployed against telecommunications providers in the Middle East. HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers and devices to listen to incoming requests for specific HTTP(S) URLs and execute that content on the ...

September 18, 2023

Included in the September 2023 Patch Tuesday updates was a fix for a vulnerability which has been dubbed ThemeBleed. A Proof-of-Concept (PoC) exploit has been released by Gabe Kirkpatrick, one of the researchers acknowledged for reporting the vulnerability. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The ThemeBleed vulnerability was listed ...

September 18, 2023

Kuwait’s finance ministry said on Monday that one of its systems had suffered a cyberattack in the early morning but that the ministry continued to work normally. The ministry said in a statement that protection systems and procedures had been activated and “the level of the hacking attempt is being assessed.” Read more… Source:  Alarabiya News  

September 14, 2023

During the investigation of the cyberattack against Northwestern Polytechnical University (NPU), a leading Chinese aviation university, China has successfully extracted multiple samples of the spyware named SecondDate, and with the collaborative efforts of partners in various countries, the real identity of the US’ National Security Agency (NSA) personnel responsible for launching the cyberattack on NPU ...

September 13, 2023

A new ransomware family calling itself 3AM has emerged. To date, the ransomware has only been used in a limited fashion. Symantec’s Threat Hunter Team, part of Broadcom, has seen it used in a single attack by a ransomware affiliate that attempted to deploy LockBit on a target’s network and then switched to 3AM when ...

September 13, 2023

Trend Micro researchers have been observing malware families RedLine and Vidar since the middle of 2022, when both were used by threat actors to target victims via spear-phishing scams. Earlier this year, RedLine targeted the hospitality industry with its info stealer malware. Their latest investigations show that the threat actors behind RedLine and Vidar now ...

September 12, 2023

In July 2023, Zscaler ThreatLabz discovered new malicious activity perpetuated by the Pakistan-based advanced persistent threat group (APT36). APT36 is a sophisticated cyber threat group with a history of conducting targeted espionage operations in South Asia. Zscaler ThreatLabz observed APT36 targeting Indian government sectors using a previously undocumented Windows RAT, new cyber espionage utilities for ...

September 12, 2023

One of the most exciting aspects of malware analysis is coming across a family that is new or rare to the reversing community. Determining the function of the malware, who created it, and the reasons behind it become a mystery to solve. The previously unseen dropper variant FortiGuard Labs researchers recently found, named MidgeDropper, has ...

September 12, 2023

UPDATE 13.09.2023. Free Download Manager team issued an official statement regarding this incident. Kaspersky unveiled a malicious campaign in which an installer of the Free Download Manager software was employed to disseminate a Linux backdoor for a minimum of three years. Researchers discovered that victims were infected when they downloaded the software from the official website, ...