PT-2026-27351

Name of the Vulnerable Software and Affected Versions EnTech Taiwan TVicPort Product version 4.0 Description An issue in the TVicPort64.sys component allows attackers to escalate privileges by sending crafted IOCTL 0x80002008 requests. This can lead to a kernel takeover via a Bring Your Own...

A week in security (December 1 – December 7)

Last week on Malwarebytes Labs: Leaks show Intellexa burning zero-days to keep Predator spyware running How scammers use fake insurance texts to steal your identity Canadian police trialing facial recognition bodycams Update Chrome now: Google fixes 13 security issues affecting billions Attackers...

ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves

This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we've seen arrests, spies at work, and big power moves online. Hackers are getting caught. Spies are getting better at their jobs. Even simple things like browser add-ons and smart home gadget...

What We Do In The Shadow (AI): New Malware Strain Vamps Up

...

Off Your Docker: Exposed APIs Are Targeted in New Malware Strain

...

Eldorado Ransomware Targeting Windows and Linux with New Malware

Another day, another threat against Windows and Linux systems!...

CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK

The Computer Emergency Response Team of Ukraine CERT-UA has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The activity, which was detected by the...

Iran-Linked OilRig Targets Middle East Governments in 8-Month Cyber Campaign

The Iran-linked OilRig threat actor targeted an unnamed Middle East government between February and September 2023 as part of an eight-month-long campaign. The attack led to the theft of files and passwords and, in one instance, resulted in the deployment of a PowerShell backdoor called...

APT34 Deploys Phishing Attack With New Malware

We observed and tracked the advanced persistent threat APT APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to...

Russia-Linked Hackers Launches Espionage Attacks on Foreign Diplomatic Entities

The Russia-linked APT29 aka Cozy Bear threat actor has been attributed to an ongoing cyber espionage campaign targeting foreign ministries and diplomatic entities located in NATO member states, the European Union, and Africa. According to Poland's Military Counterintelligence Service and the CERT...

North Korean UNC2970 Hackers Expands Operations with New Malware Families

A North Korean espionage group tracked as UNC2970 has been observed employing previously undocumented malware families as part of a spear-phishing campaign targeting U.S. and European media and technology organizations since June 2022. Google-owned Mandiant said the threat cluster shares "multipl...

A week in security (August 1 - August 7)

Last week on Malwarebytes Labs: Have we lost the fight for data privacy? Lock and Code S03E16 Wrestling star Mick Foleys Twitter compromised, selling PS5 consoles Millions of Arris routers are vulnerable to path traversal attacks When a sextortion victim fights back How to protect yourself and yo...

New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware

We recently found a new advanced persistent threat APT group that we have dubbed Earth Berberoka aka GamblingPuppet. This APT group targets gambling websites on Windows, macOS, and Linux platforms using old and new malware families...

OceanLotus hackers hit macOS users with new malware

By Sudais Asif For now, researchers believe that the malware is targeting Vietnamese users however it is about time it hits macOS users around the world. This is a post from HackRead.com Read the original post: OceanLotus hackers hit macOS users with new malware...

Talos Incident Response announces new, lower price through July 25

Today’s world looks very different than three months ago. More people work remotely than ever before. IT teams work around the clock to expand capacity and new software and services are being deployed to handle the load. Within this new remote environment, we have seen new malware families and...

Turla APT Returns with New Malware, Anti-Censorship Angle

The Turla APT has revamped its arsenal in 2019, creating new weapons and tools for targeting government entities. It’s now using booby-trapped anti-internet censorship software as an initial infection vector, suggesting Turla is going after dissident or other civil-society targets. The...

Threatpost News Wrap Podcast for May 18

Threatpost editors Tom Spring, Tara Seals and Lindsey O’Donnell discuss the week’s information security news, including some interesting new malware, a Linux patch that made waves, social engineering gambits and a major banking theft from the second-largest economy in Latin America...

Windows Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware

For cybercriminals, speed is the name of the game. It takes newly released malware an average of just four hours to achieve its goal—steal financial information, extort money, or cause widespread damage. In a recent report, the Federal Trade Commission FTC said that cybercriminals will use hacked...

Integrity Clientless Security (ICS) Update 3.7.111.0

Check Point Integrity ™ Clientless Security ICS protects your Web site by detecting and disabling spyware processes and allowing you to enforce security policies before a user logs onto your network. Using ICS you can prevent users with potentially harmful software from accessing your Web site, a...

Integrity Clientless Security (ICS) Update 3.7.88.0

Check Point Integrity ™ Clientless Security ICS for Connectra prevents users with potentially harmful software from accessing your network and requires that they conform to the organization?s antivirus and firewall policies. For more information, please refer to Connectra documentation and to ICS...