Lucene search
K

17 matches found

HackRead
HackRead
added 2026/03/04 9:27 p.m.9 views

Fake Zoom, Teams Meeting Invites Use Compromised Certificates to Drop Malware

A new phishing campaign is using stolen certificates from TrustConnect Software PTY LTD to sign malware. By impersonating updates for Zoom and Microsoft Teams, hackers install RMM tools to gain persistent, privileged access to networks...

5.9AI score
Exploits0
HackRead
HackRead
added 2025/03/25 11:56 a.m.11 views

Medusa Ransomware Disables Anti-Malware Tools with Stolen Certificates

Cybercriminals exploit AbyssWorker driver to disable EDR systems, deploying MEDUSA ransomware with revoked certificates for stealthy attacks...

7.3AI score
Exploits0
Securelist
Securelist
added 2022/12/22 8:0 a.m.28 views

Ransomware and wiper signed with stolen certificates

Introduction On July 17, 2022, Albanian news outlets reported a massive cyberattack that affected Albanian government e-services. A few weeks later, it was revealed that the cyberattacks were part of a coordinated effort likely intended to cripple the countrys computer systems. On September 10,...

1.1AI score
Exploits0
hivepro
hivepro
added 2022/10/18 4:16 a.m.13 views

WIP19 targets IT service providers and telcos with custom malware

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary WIP19, a Chinese APT group is using legitimate and stolen certificates to sign malware, such as SQLMaggie, ScreenCap, and a credential dumper which it then used to target telecommunications and IT service...

3.4AI score
Exploits0
Trellix
Trellix
added 2022/03/23 12:0 a.m.22 views

Trellix Global Defenders: LAPSUS$ Data Breaches and Proactive Protections

Trellix Global Defenders: LAPSUS$ Data Breaches and Proactive Protections By Taylor Mullins · March 23, 2022 Trellix is continuing to monitor the threat activity related to the LAPSUS$ threat group and their recent breaches of large organizations such as NVIDIA, Samsung, Microsoft, and Okta. This...

0.9AI score
Exploits0
Trellix
Trellix
added 2022/03/23 12:0 a.m.7 views

Trellix Global Defenders: LAPSUS$ Data Breaches and Proactive Protections

Trellix Global Defenders: LAPSUS$ Data Breaches and Proactive Protections By Taylor Mullins · March 23, 2022 Trellix is continuing to monitor the threat activity related to the LAPSUS$ threat group and their recent breaches of large organizations such as NVIDIA, Samsung, Microsoft, and Okta. This...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/16 10:29 a.m.5 views

Trojanized Security Software Hits South Korea Users in Supply-Chain Attack

Cybersecurity researchers took the wraps off a novel supply chain attack in South Korea that abuses legitimate security software and stolen digital certificates to distribute remote administration tools RATs on target systems. Attributing the operation to the Lazarus Group, also known as Hidden...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2018/07/09 2:57 p.m.1 views

Stolen D-Link Certificate Used to Digitally Sign Spying Malware

Digitally signed malware has become much more common in recent years to mask malicious intentions. Security researchers have discovered a new malware campaign misusing stolen valid digital certificates from Taiwanese tech-companies, including D-Link, to sign their malware and making them look lik...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2017/11/05 10:9 p.m.10 views

The Rise of Super-Stealthy Digitally Signed Malware—Thanks to the Dark Web

Guess what's more expensive than counterfeit United States passports, stolen credit cards and even guns on the dark web? It's digital code signing certificates. A recent study conducted by the Cyber Security Research Institute CSRI this week revealed that stolen digital code-signing certificates...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2015/06/15 11:21 a.m.13 views

Duqu 2.0 Attackers Used Stolen Foxconn Certificate to Sign Driver

The attackers behind the recently disclosed Duqu 2.0 APT have used stolen digital certificates to help sneak their malware past security defenses, and one of the certificates used in the attacks was issued to Foxconn, the Chinese company that manufactures products for Apple, BlackBerry, Dell, and...

0.3AI score
Exploits0References3
ThreatPost
ThreatPost
added 2014/11/10 10:41 a.m.89 views

Darkhotel APT Group Targeting Top Executives in Long-Term Campaign

APT groups tend to be grouped together in a large amorphous blob of sinister intentions and similar targets, but not all APT crews are created equal. Researchers have identified a group that’s been operating in Asia for at least seven years and has been using hotel networks as key infection point...

10CVSS0.4AI score0.99883EPSS
Exploits19References3
ThreatPost
ThreatPost
added 2014/05/14 12:13 a.m.10 views

Mozilla Asks CAs for Details on Subordinate Certificate Controls

Mozilla has warned certificate authorities included in its root CA Certificate Program that they only have a few weeks left to comply with the company’s new policy, which requires CAs to adhere to the CA/Browser Forum Baseline Requirements and provide proof of audits of their subordinate...

0.3AI score
Exploits0References5
ThreatPost
ThreatPost
added 2013/04/11 1:12 p.m.13 views

Winnti Cyberespionage Campaign Targets Gaming Companies

A cybercrime gang has been running roughshod over the gaming industry for years using malware signed with valid digital certificates to steal source code and valuable in-game currency for a number of popular online games. Researchers at Kaspersky Lab this morning published a report on the Winnti...

0.3AI score
Exploits0References5
ThreatPost
ThreatPost
added 2012/05/15 1:51 p.m.11 views

Stolen Certificates Found in Malware Possibly Targeting Tibetan Groups

The recent trend of attackers using stolen digital certificates to make their malicious executables look legitimate is continuing unabated, with researchers now having come across a series of variants of the Etchfro Trojan that are using certificates taken from several companies and issued by...

0.7AI score
Exploits0References4
ThreatPost
ThreatPost
added 2011/11/22 2:14 p.m.13 views

How the Duqu Authors May Have Erred

Duqu has been called the spawn of Stuxnet, or maybe some sort of stepchild or second cousin. That initial analysis came from some similarities in the code of the two attack tools, and now that researchers have had more time to pull Duqu apart and see how it works, it seems more and more likely th...

7.3AI score
Exploits0References2
ThreatPost
ThreatPost
added 2011/11/14 5:10 p.m.7 views

Stolen Government Certificate Used to Sign Malware

F-Secure researchers claim that malware spreading via malicious PDF files is signed with a valid certificate stolen from the Government of Malaysia, in just the latest evidence that scammers are using gaps in the security of digital certificates to help spread malicious code. The malware,identifi...

1.1AI score
Exploits0References5
ThreatPost
ThreatPost
added 2010/11/24 2:49 p.m.16 views

Web-Based Malware Doubles from 2009, Likely to Persist in 2011

There’s been a significant uptick in Web-based malware, with infections nearly double those from this time last year, and predictions are that Web based attacks will get worse before they get better. In their Q3 Malware Update, security firm Dasient estimated there were over 1.5 million malicious...

1.5AI score
Exploits0References3
Rows per page
Query Builder