TA505 Gang Is Back With Newly Polished FlawedGrace RAT

The TA505 cybercrime group is whirring its financial rip-off machinery back up, pelting malware at a range of industries in what was initially low-volume waves that researchers saw spiral up late last month. They do bad things, but they’re so tricky that tracking them is a ton of fun, said Sherro...

Ransomware Gang Arrested for Spreading Locky to Hospitals

A cybercriminal gang have been arrested for spreading the Locky ransomware among hospitals, among other crimes. In an operation spearheaded by Romania’s law enforcement department, four people have been taken into custody after their houses were raided – three in Romania and one in neighboring...

Microsoft Hijacks Necurs Botnet that Infected 9 Million PCs Worldwide

Microsoft today announced that it has successfully disrupted the botnet network of the Necurs malware, which has infected more than 9 million computers globally, and also hijacked the majority of its infrastructure. The latest botnet takedown was the result of a coordinated operation involving...

TA505 Crooks are Now Targeting US Retailers with Personalized Campaigns

Cybercriminals behind the notorious Dridex and Locky ransomware have a new target in their sights – large retail, restaurant and grocery chains located in the US. Researchers are warning the well-known financial criminal group TA505 is behind a new wave of email campaigns distributing personalize...

Massive Malspam Campaign Finds a New Vector for FlawedAmmyy RAT

A widespread spam campaign from the well-known financial criminal group TA505 is spreading the FlawedAmmyy RAT using a brand-new vector: Weaponized PDFs containing malicious SettingContent-ms files. The SettingContent-ms file format was introduced in Windows 10; it allows a user to create...

November 13, 2017 – Morning Cyber Coffee Headlines – “Eric O’ Neill” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! November 13, 2017 - Headlines Carbon Black in the News: Why we need to stop...

Necurs-Based DDE Attacks Now Spreading Locky Ransomware

Microsoft may soon have to reflect on its stance that the use of an Office feature called DDE to execute code on compromised computers doesn’t merit a patch. The SANS Internet Storm Center last night said the Necurs botnet has been spreading Locky ransomware using the DDE attack. Handler Brad...

Unpatched Microsoft Word DDE Exploit Being Used In Widespread Malware Attacks

A newly discovered unpatched attacking method that exploits a built-in feature of Microsoft Office is currently being used in various widespread malware attack campaigns. Last week we reported how hackers could leveraging an old Microsoft Office feature called Dynamic Data Exchange DDE, to perfor...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

Locky Gets Updated to ‘Ykcol’, Part of Rapid-Fire Spam Campaigns

Cybercriminals behind the Locky ransomware have revamped the malware’s code three times in 30-day period and blasted out massive spam campaigns. According to researchers at Trustwave, the latest variant of Locky ransomware is called Ykcol that’s Locky spelled backwards and was part of a Sept. 19...

Locky ransomware campaign launched 20M attacks in a single day

By Uzair Amir Another ‘Aggressive’ Locky ransomware campaign launched with 20 million attacks This is a post from HackRead.com Read the original post: Locky ransomware campaign launched 20M attacks in a single day...

Ransomware Updates: Newest Threats, Protection Best Practices

Ransomware has consistently been in the spotlight since attacks first began emerging a few years ago. Now that new and powerful samples like WannaCry are being used to infiltrate large-scale organizations, ransomware continues to grab headlines. According to Trend Micro, one of the latest...

Partner Perspectives – Detecting Ransomware: Behind the Scenes of an Attack

Editor's Note: This blog originally appeared on RedCanary.com Ransomware has been the threat of the year. If you’ve had even a lazy eye on current events in information security, you’ve heard about the WannaCry infection that recently took out endpoints for hundreds of companies. By now you’ve...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

Fake Chrome & Firefox Font Update Drops RAT and Locky Ransomware

By Waqas Google Chrome with 2 billion active users is the most This is a post from HackRead.com Read the original post: Fake Chrome Firefox Font Update Drops RAT and Locky Ransomware...

A week in security (August 28 – September 3)

Last week, we looked at what actions Kronos can perform in the final installment of a 2-part post. We also dived into Locky, again, a ransomware that just made a comeback, and found that its latest variant as of this writing has anti-sandboxing capabilities. This means that once Locky has...

Massive Locky Ransomware Strain Hits US with Over 23 Million Emails

By Waqas Cybercriminals are becoming more and more skilled regarding technological advancement This is a post from HackRead.com Read the original post: Massive Locky Ransomware Strain Hits US with Over 23 Million Emails...

'HoeflerText' Popups Target Browsers With RAT and Locky Ransomware

A malware campaign utilizing bogus popups that alert users to a missing web-font is targeting Google Chrome and Firefox browser users. The popups contain a malicious JavaScript file that initiates the download of either the NetSupport Manager remote access tool RAT or Locky ransomware. The...

Locky ransomware adds anti sandbox feature (updated)

By Marcelo Rivero and Jérôme Segura The Locky ransomware has been very active since its return which we documented in a previous blog post. There are several different Locky campaigns going on at the same time, the largest being the one from affiliate ID 3 which comes with malicious ZIP containin...

Massive Email Campaign Sends Locky Ransomware to Over 23 Million Users

Whenever we feel like the Locky ransomware is dead, the notorious threat returns with a bang. Recently, researchers from two security firms have independently spotted two mass email campaigns, spreading two different, but new variants of the Locky ransomware. Lukitus Campaign Sends 23 Million...