10 matches found
Torrent for DiCaprio’s “One Battle After Another” Movie Drops Agent Tesla
Bitdefender researchers warn that the torrent for Leonardo DiCaprio’s One Battle After Another is a trap deploying Agent Tesla malware. Learn how the fileless LOTL attack targets unsuspecting Windows users...
Albabat, Kasseika, Kuiper: New Ransomware Gangs Rise with Rust and Golang
Cybersecurity researchers have detected in the wild yet another variant of the Phobos ransomware family known as Faust. Fortinet FortiGuard Labs, which detailed the latest iteration of the ransomware, said it's being propagated by means of an infection that delivers a Microsoft Excel document .XL...
Python-Based PyLoose Fileless Attack Targets Cloud Workloads for Cryptocurrency Mining
A new fileless attack dubbed PyLoose has been observed striking cloud workloads with the goal of delivering a cryptocurrency miner, new findings from Wiz reveal. "The attack consists of Python code that loads an XMRig Miner directly into memory using memfd, a known Linux fileless technique,"...
A proxyjacking campaign is looking for vulnerable SSH servers
A researcher at Akamai has posted a blog about a worrying new trend--proxyjacking--where criminals sell your bandwidth to a third-party proxy service. To understand how proxyjacking works, well need to explain a few things. There are several legitimate services that pay users to share their surpl...
APT Attack Injects Malware into Windows Error Reporting
A campaign that injects malware into the Windows Error Reporting WER service to evade detection is potentially the work of a Vietnamese APT group, researchers said. The attack, discovered on Sept. 17 by researchers at Malwarebytes Threat Intelligence Team, lures its victims with a phishing campai...
A week in security (March 12 – March 18)
Last week on Malwarebytes Labs, we took a look at the inner workings of a fileless attack, explored what happened in a zero day ransomware attack aimed at South Koreans, gave you hints and tips for avoiding cold calls, and took a deep dive into the secretive world of GrayKey. Other news The Equif...
Hancitor: fileless attack with a DLL copy trick
This article was authored by David Sánchez, Mickaël Roger, and Jérôme Segura During the past few years, malicious spam campaigns have proven to be one of the most efficient infection vectors, in part due to a combination of social engineering and a regular number of Office vulnerabilities. The...
Process Doppelgänging: New Malware Evasion Technique Works On All Windows Versions
A team of security researchers has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools. Dubbed Process Doppelgänging, the new fileless code injection technique takes advantage of a built-in Windows function an...
November 7, 2017 – Morning Cyber Coffee Headlines – “Election Day” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! November 7, 2017 - Headlines Carbon Black in the News: CRN Exclusive: Carbon...
New Fileless Attack Using DNS Queries to Carry Out PowerShell Commands
A unique attack called DNSMessenger uses DNS queries to carry out malicious PowerShell commands on compromised computers, a method that researchers said makes it difficult to detect that a remote access Trojan is being dropped onto targeted systems. According to experts at Cisco’s security resear...