180 matches found
CoinVault Ransomware Authors Sentenced to 240 Hours of Community Service
Almost three years after the arrest of two young Dutch brothers, who pleaded guilty to their involvement in creating and distributing CoinVault ransomware malware, a district court in Rotterdam today sentenced them to 240 hours of community service. In 2015, the two suspects — Melvin 25-year-old...
Chinese Hackers Carried Out Country-Level Watering Hole Attack
Cybersecurity researchers have uncovered an espionage campaign that has targeted a national data center of an unnamed central Asian country in order to conduct watering hole attacks. The campaign is believed to be active covertly since fall 2017 but was spotted in March by security researchers fr...
Adobe Issues Patch for Actively Exploited Flash Player Zero-Day Exploit
If you have already uninstalled Flash player, well done! But if you haven't, here's another great reason for ditching it. Adobe has released a security patch update for a critical vulnerability in its Flash Player software that is actively being exploited in the wild by hackers in targeted attack...
Design/Logic Flaw
The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry...
Word Attachment Delivers FormBook Malware, No Macros Required
A new wave of document attacks targeting inboxes do not require enabling macros in order for adversaries to trigger an infection chain that ultimately delivers FormBook malware. Researchers at Menlo Security are reporting a wave of attacks that began last month that are targeting financial and...
Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection
Introduction TLS Thread Local Storage callbacks are provided by the Windows operating system to support additional initialization and termination for per-thread data structures. As previously reported, malicious TLS callbacks, as an anti-analysis trick, have been observed for quite some time and...
BankBot Returns On Play Store – A Never Ending Android Malware Story
Even after so many efforts by Google for making its Play Store away from malware, shady apps somehow managed to fool its anti-malware protections and infect people with malicious software. A team of researchers from several security firms has uncovered two new malware campaigns targeting Google...
Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks
The threat to sensitive financial information is greater than ever. Data breaches, phishing attacks, and other forms of information theft are all too common in today’s threat landscape. Point-of-sale systems and ATMs have been targeted by hackers. Information-stealing trojans pose a risk to data...
System Compromise
npm-script-demo compromises the system. It is possible because the module can create an unauthorized connection to a command and control server when it is installed...
Malicious Chrome Extension Steals Data Posted to Any Website
Malicious browser extensions continue to bear fruit for hackers who have been using them to spread banking malware and adware, and hijacking popular add-ons to spread other nasty code. The latest abuse involves a Google Chrome extension being spread in phishing emails that steals any data posted...
First Android Malware Found Exploiting Dirty COW Linux Flaw to Gain Root Privileges
Nearly a year after the disclosure of the Dirty COW vulnerability that affected the Linux kernel, cybercriminals have started exploiting the vulnerability against Android users, researchers have warned. Publicly disclosed last year in October, Dirty COW was present in a section of the Linux...
Graftor - But I Never Asked for This…
This post is authored by Holger Unterbrink and Matthew MolyettOverviewFree software often downloaded from large freeware distribution sites is a boon for the internet, providing users with functionality that otherwise they would not be able to use. Often users, happy that they are getting somethi...
Gazer: A New Backdoor Targets Ministries and Embassies Worldwide
Security researchers at ESET have discovered a new malware campaign targeting consulates, ministries and embassies worldwide to spy on governments and diplomats. Active since 2016, the malware campaign is leveraging a new backdoor, dubbed Gazer, and is believed to be carried out by Turla advanced...
Mobile WireX DDoS Botnet 'Neutralized' by Collaboration of Competitors
A collaboration between leading content delivery networks and technology companies—some of them competitors—is in the midst of shutting down the largest botnet of mobile devices ever recorded. The WireX botnet was detected on Aug. 17 after businesses in a number industries, most notably...
WAP-billing Trojan-Clickers on rise
During the preparation of the "IT threat evolution Q2 2017" report I found several common Trojans in the "Top 20 mobile malware programs" list that were stealing money from users using WAP-billing - a form of mobile payment that charges costs directly to the user's mobile phone bill so they don't...
UCL Ransomware Linked to AdGholas Malvertising Group
A ransomware attack that closed off access to personal and shared drives at University College London last week has been linked to a malvertising campaign spreading Mole, a variant of CryptoMix ransomware. Kafeine, a white-hat who works for Proofpoint and is known for his research into exploit...
First Android-Rooting Trojan With Code Injection Ability Found On Google Play Store
A new Android-rooting malware with an ability to disable device’ security settings in an effort to perform malicious tasks in the background has been detected on the official Play Store. What's interesting? The app was smart enough to fool Google security mechanism by first pretending itself to b...
Judy Android Malware Infects Over 36.5 Million Google Play Store Users
Security researchers have claimed to have discovered possibly the largest malware campaign on Google Play Store that has already infected around 36.5 million Android devices with malicious ad-click software. The security firm Checkpoint on Thursday published a blog post revealing more than 41...
Hackers Using Fake Cellphone Towers to Spread Android Banking Trojan
Chinese Hackers have taken Smishing attack to the next level, using rogue cell phone towers to distribute Android banking malware via spoofed SMS messages. SMiShing — phishing attacks sent via SMS — is a type of attack wherein fraudsters use number spoofing attack to send convincing bogus message...
Powerful Extensible Wireless Drop Box: Pina Colada
Powerful Extensible Wireless Drop Box Pina Colada, a powerful and extensible wireless drop box, capable of performing a wide range of remote offensive attacks on a network. It can currently be controlled only via a command line interface, but a Command and Control remote server functionality is...