TA505 Gang Is Back With Newly Polished FlawedGrace RAT

The TA505 cybercrime group is whirring its financial rip-off machinery back up, pelting malware at a range of industries in what was initially low-volume waves that researchers saw spiral up late last month. They do bad things, but they’re so tricky that tracking them is a ton of fun, said Sherro...

TA505 Crooks are Now Targeting US Retailers with Personalized Campaigns

Cybercriminals behind the notorious Dridex and Locky ransomware have a new target in their sights – large retail, restaurant and grocery chains located in the US. Researchers are warning the well-known financial criminal group TA505 is behind a new wave of email campaigns distributing personalize...

Massive Malspam Campaign Finds a New Vector for FlawedAmmyy RAT

A widespread spam campaign from the well-known financial criminal group TA505 is spreading the FlawedAmmyy RAT using a brand-new vector: Weaponized PDFs containing malicious SettingContent-ms files. The SettingContent-ms file format was introduced in Windows 10; it allows a user to create...

November 13, 2017 – Morning Cyber Coffee Headlines – “Eric O’ Neill” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! November 13, 2017 - Headlines Carbon Black in the News: Why we need to stop...

Necurs-Based DDE Attacks Now Spreading Locky Ransomware

Microsoft may soon have to reflect on its stance that the use of an Office feature called DDE to execute code on compromised computers doesn’t merit a patch. The SANS Internet Storm Center last night said the Necurs botnet has been spreading Locky ransomware using the DDE attack. Handler Brad...

Unpatched Microsoft Word DDE Exploit Being Used In Widespread Malware Attacks

A newly discovered unpatched attacking method that exploits a built-in feature of Microsoft Office is currently being used in various widespread malware attack campaigns. Last week we reported how hackers could leveraging an old Microsoft Office feature called Dynamic Data Exchange DDE, to perfor...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

Locky Gets Updated to ‘Ykcol’, Part of Rapid-Fire Spam Campaigns

Cybercriminals behind the Locky ransomware have revamped the malware’s code three times in 30-day period and blasted out massive spam campaigns. According to researchers at Trustwave, the latest variant of Locky ransomware is called Ykcol that’s Locky spelled backwards and was part of a Sept. 19...

Locky ransomware campaign launched 20M attacks in a single day

By Uzair Amir Another ‘Aggressive’ Locky ransomware campaign launched with 20 million attacks This is a post from HackRead.com Read the original post: Locky ransomware campaign launched 20M attacks in a single day...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

Fake Chrome & Firefox Font Update Drops RAT and Locky Ransomware

By Waqas Google Chrome with 2 billion active users is the most This is a post from HackRead.com Read the original post: Fake Chrome Firefox Font Update Drops RAT and Locky Ransomware...

'HoeflerText' Popups Target Browsers With RAT and Locky Ransomware

A malware campaign utilizing bogus popups that alert users to a missing web-font is targeting Google Chrome and Firefox browser users. The popups contain a malicious JavaScript file that initiates the download of either the NetSupport Manager remote access tool RAT or Locky ransomware. The...

Locky ransomware adds anti sandbox feature (updated)

By Marcelo Rivero and Jérôme Segura The Locky ransomware has been very active since its return which we documented in a previous blog post. There are several different Locky campaigns going on at the same time, the largest being the one from affiliate ID 3 which comes with malicious ZIP containin...

Massive Email Campaign Sends Locky Ransomware to Over 23 Million Users

Whenever we feel like the Locky ransomware is dead, the notorious threat returns with a bang. Recently, researchers from two security firms have independently spotted two mass email campaigns, spreading two different, but new variants of the Locky ransomware. Lukitus Campaign Sends 23 Million...

New Locky Variant 'IKARUSdilapidated' Strikes Again

A second wave of the Locky ransomware variant called IKARUSdilapidated has been identified by security experts. The source of the ransomware is a botnet of zombie computers coordinated to launch phishing attacks that send emails and attachments appearing to come from a targeted recipient’s truste...

Locky ransomware returns to the game with two new flavors

We recently observed a fresh malicious spam campaign pushed through the Necurs botnet distributing so far, two new variants of Locky ransomware. In our last Q2 2017 report on tactics and techniques, we mentioned that Locky ransomware had reappeared with a new extension, but went dark again for...

Locky Ransomware Variant Slips Past Some Defenses

A variant of the notorious Locky ransomware is part of a large scale email-based campaign managing to slip past the defenses of some unsuspecting companies. Beginning on Aug. 9, and lasting three days, ransomware called IKARUSdilapidated landed in tens of thousands of inboxes with email that...

Week in Security (August 7 – August 13)

Last week, we explained how security certificates work and how malware authors have used them to block security software from being downloaded and executed. We also showed how the Magnitude exploit kit is spreading a Cerber ransomware variant that uses binary padding in an attempt to get skipped,...

Player 1 Limps Back Into the Ring - Hello again, Locky!

This post was authored by Alex Chiu, Warren Mercer, and Jaeson Schultz. Sean Baird and Matthew Molyett contributed to this post.Back in May, the Necurs spam botnet jettisoned Locky ransomware in favor of the new Jaff ransomware variant. However, earlier this month Kaspersky discovered a...

Locky Ransomware Roars Back to Life Via Necurs Botnet

Cybercriminals behind the Locky ransomware and Necurs botnet are back in business. Last Friday researchers spotted both delivering nearly 35,000 emails in just a few hours, the first major Locky campaign researchers have seen in months, according to Cisco Talos. Researchers warn the latest Locky...