Lucene search
K

20 matches found

Microsoft Secure
Microsoft Secure
added 2025/05/21 4:0 p.m.27 views

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

Over the past year, Microsoft observed the persistent growth and operational sophistication of Lumma Stealer, an infostealer malware used by multiple financially motivated threat actors to target various industries. Our investigation into Lumma Stealer’s distribution infrastructure reveals a...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/18 7:10 a.m.19 views

Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT

Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service DDoS malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States. "From 2020 to 2023, the XorDDoS trojan has increased significantly...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2025/04/17 10:0 a.m.16 views

Unmasking the new XorDDoS controller and infrastructure

Cisco Talos observed an existing distributed denial-of-service DDoS malware known as XorDDoS, continuing to spread globally between November 2023 and February 2025. A significant finding shows that over 70 percent of attacks using XorDDoS targeted the United States from Nov. 2023 to Feb. 2025. Th...

8.5AI score
Exploits0
The Hacker News
The Hacker News
added 2024/05/03 12:35 p.m.13 views

Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications

Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control C&C infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/03/14 10:23 a.m.37 views

RedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate Espionage

The Russian-speaking cybercrime group called RedCurl is leveraging a legitimate Microsoft Windows component called the Program Compatibility Assistant PCA to execute malicious commands. "The Program Compatibility Assistant Service pcalua.exe is a Windows service designed to identify and address...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/27 3:56 p.m.34 views

Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers

Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware called CryptBot and "decelerate" its growth. The tech giant's Mike Trinh and Pierre-Marc Bureau said the efforts are part of steps it takes to "not...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/16 1:39 p.m.40 views

Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration

The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems. That's according to Cado Security, which found the sample after Sysdig detailed a sophisticated attack known as SCARLETEEL aime...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/07/28 10:58 a.m.54 views

Chinese Hackers Implant PlugX Variant on Compromised MS Exchange Servers

A Chinese cyberespionage group known for targeting Southeast Asia leveraged flaws in the Microsoft Exchange Server that came to light earlier this March to deploy a previously undocumented variant of a remote access trojan RAT on compromised systems. Attributing the intrusions to a threat actor...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/04/06 9:37 p.m.18 views

A deep dive into Saint Bot, a new downloader

This post was authored by Hasherezade with contributions from Hossein Jazi and Erika Noerenberg In late March 2021, Malwarebytes analysts discovered a phishing email with an attached zip file containing unfamiliar malware. Contained within the zip file was a PowerShell script masquerading as a li...

8.4AI score
Exploits0
FireEye
FireEye
added 2020/10/28 12:0 a.m.258 views

Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser

Throughout 2020, ransomware activity has become increasingly prolific, relying on an ecosystem of distinct but co-enabling operations to gain access to targets of interest before conducting extortion. Mandiant Threat Intelligence has tracked several loader and backdoor campaigns that lead to the...

9.3CVSS1.6AI score0.99512EPSS
Exploits75References9
ThreatPost
ThreatPost
added 2020/08/27 11:14 a.m.18 views

Revamped Qbot Trojan Packs New Punch: Hijacks Email Threads

Attacks attributed to the Qbot trojan, known as the “Swiss Army knife” of malware, are on the uptick with a reported 100,000 recent infections, according to researchers. Qbot, an ever-evolving information-stealing trojan that’s been around since 2008, has shifted tactics again and adopted a bevy ...

Exploits0References8
ThreatPost
ThreatPost
added 2020/06/18 8:49 p.m.117 views

Google Yanks 106 ‘Malicious’ Chrome Extensions

Google removed 106 Chrome browser extensions Thursday from its Chrome Web Store in response to a report that they were being used to siphon sensitive user data. In the research, also published Thursday, Awake Security alleged millions of Chrome users have been targeted by threat actors. The...

0.8AI score
Exploits0References5
The Hacker News
The Hacker News
added 2019/01/21 3:37 p.m.174 views

New malware found using Google Drive as its command-and-control server

Since most security tools also keep an eye on the network traffic to detect malicious IP addresses, attackers are increasingly adopting infrastructure of legitimate services in their attacks to hide their malicious activities. Cybersecurity researchers have now spotted a new malware attack campai...

7.4AI score
Exploits0
Securelist
Securelist
added 2018/04/16 8:30 a.m.45 views

Roaming Mantis uses DNS hijacking to infect Android smartphones

In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. According to ou...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2018/02/28 7:16 a.m.44 views

CannibalRAT targets Brazil

This post was authored by Warren Mercer and Vitor Ventura Introduction Talos has identified two different versions of a RAT, otherwise known as a remote access trojan, that has been written entirely in Python and is wrapped into a standalone executable. The RAT is impacting users of a Brazilian...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2017/10/05 5:18 a.m.16 views

Inside the CCleaner Backdoor Attack

MADRID—As the investigation continues into the backdoor planted inside CCleaner, two members of parent company Avast’s threat intelligence team said today the desktop and cloud versions of the popular software contained different payloads. The revelation was made during a talk at Virus Bulletin...

7.4AI score
Exploits0References9
ThreatPost
ThreatPost
added 2017/02/08 8:21 a.m.18 views

Macro Malware Comes to macOS

Macro-based malware has crossed the divide between the Windows and Mac platforms. A cybercrime group whose command and control infrastructure resolves to an IP address geo-located in Russia is using a Word document laced with a malicious macro that executes solely on macOS. Following the same...

0.2AI score
Exploits0References2
FireEye
FireEye
added 2016/06/10 10:0 a.m.11 views

Connected Cars: The Open Road for Hackers

As vehicles become both increasingly complex and better connected to the Internet, their newfound versatility may be manipulated for malicious purposes. Three of the most concerning potential threats looking ahead to the next few years are those posed by manipulating vehicle operation, ransomware...

0.2AI score
Exploits0
ThreatPost
ThreatPost
added 2012/08/30 6:12 p.m.50 views

Oracle Releases Fix For Java CVE-2012-4681 Flaw

Oracle on Thursday released a new version of Java that included a fix for the CVE-2012-4681 vulnerability that has been used in limited targeted attacks in the last couple of weeks. The release of Java 7 update 7 comes about four days after the Java flaw was publicly disclosed, but several months...

10CVSS1.6AI score0.98536EPSS
Exploits10References4
ThreatPost
ThreatPost
added 2009/11/09 3:58 p.m.12 views

How to Take Down a Botnet

The botnet problem has reached epidemic levels in recent months, with the continued growth of large-scale botnets, as well as the identification of smaller, more targeted networks around the world. But researchers have been taking steps to disrupt botnets of late, with some notable successes, as...

0.2AI score
Exploits0References1
Rows per page
Query Builder