Lucene search
K

254 matches found

Talos Blog
Talos Blog
added 2022/08/05 7:54 p.m.21 views

Threat Roundup for July 29 to August 5

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 29 and Aug. 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/07/08 5:8 a.m.64 views

TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine

In what's being described as an "unprecedented" twist, the operators of the TrickBot malware have resorted to systematically targeting Ukraine since the onset of the war in late February 2022. The group is believed to have orchestrated at least six phishing campaigns aimed at targets that align...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2022/05/24 11:6 a.m.23 views

Malware Analysis: Trickbot

In this day and age, we are not dealing with roughly pieced together, homebrew type of viruses anymore. Malware is an industry, and professional developers are found to exchange, be it by stealing one's code or deliberate collaboration. Attacks are multi-layer these days, with diverse sophisticat...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/05/18 12:7 p.m.29 views

Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang

The inner workings of a cybercriminal group known as the Wizard Spider have been exposed, shedding light on its organizational structure and motivations. "Most of Wizard Spider's efforts go into hacking European and U.S. businesses, with a special cracking tool used by some of their attackers to...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2022/05/09 3:28 a.m.33 views

U.S. Offering $10 Million Reward for Information on Conti Ransomware Hackers

The U.S. State Department has announced rewards of up to $10 million for any information leading to the identification of key individuals who are part of the infamous Conti cybercrime gang. Additionally, it's offering another $5 million for intelligence information that could help arrest or convi...

1.3AI score
Exploits0
Trellix
Trellix
added 2022/03/31 12:0 a.m.180 views

Conti Leaks: Examining the Panama Papers of Ransomware | Trellix

Conti Leaks: Examining the Panama Papers of Ransomware By John Fokker, Jambul Tologonov · March 31, 2022 Introduction It isn’t often the whole world gets an inside look of the business operations of a top tier cybercriminal group. Very early on in the Russian-Ukrainian Crisis the predominantly...

0.1AI score0.26869EPSS
Exploits0
Trellix
Trellix
added 2022/03/31 12:0 a.m.32 views

Conti Leaks: Examining the Panama Papers of Ransomware | Trellix

Conti Leaks: Examining the Panama Papers of Ransomware By John Fokker, Jambul Tologonov · March 31, 2022 Introduction It isn’t often the whole world gets an inside look of the business operations of a top tier cybercriminal group. Very early on in the Russian-Ukrainian Crisis the predominantly...

9.8CVSS9AI score0.26869EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/03/23 9:49 a.m.209 views

Botnet of Thousands of MikroTik Routers Abused in Glupteba, TrickBot Campaigns

Vulnerable routers from MikroTik have been misused to form what cybersecurity researchers have called one of the largest botnet-as-a-service cybercrime operations seen in recent years. According to a new piece of research published by Avast, a cryptocurrency mining campaign leveraging the...

9.1CVSS8.9AI score0.96087EPSS
Exploits23
The Hacker News
The Hacker News
added 2022/03/18 7:31 a.m.121 views

Google Uncovers 'Initial Access Broker' Working with Conti Ransomware Gang

Google's Threat Analysis Group TAG took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations. Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a...

8.8CVSS1.1AI score0.96843EPSS
Exploits38
The Hacker News
The Hacker News
added 2022/03/17 10:5 a.m.150 views

TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control

Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things IoT devices as a go-between for establishing communications with the command-and-control C2 servers. "By using MikroTik routers as proxy server...

9.1CVSS1AI score0.96087EPSS
Exploits23
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/03/16 3:0 p.m.114 views

Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure

Trickbot, a sophisticated trojan that has evolved significantly since its discovery in 2016, has continually expanded its capabilities and, even with disruption efforts and news of its infrastructure going offline, it has managed to remain one of the most persistent threats in recent years. The...

6.4CVSS0.8AI score0.96087EPSS
Exploits23
Microsoft Secure
Microsoft Secure
added 2022/03/16 3:0 p.m.166 views

Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure

Trickbot, a sophisticated trojan that has evolved significantly since its discovery in 2016, has continually expanded its capabilities and, even with disruption efforts and news of its infrastructure going offline, it has managed to remain one of the most persistent threats in recent years. The...

6.4CVSS0.8AI score0.96087EPSS
Exploits23
ThreatPost
ThreatPost
added 2022/03/14 9:50 p.m.384 views

Staff Think Conti Group Is a Legit Employer – Podcast

Thanks to gray-hat Ukrainian hacker ContiLeaks, the Conti ransomware gang spilled its guts in late February. Since then, researchers have been poring over the group’s secrets, including a massive trove of chat logs and other doxxed data, including source code for Conti ransomware, TrickBot malwar...

8.9AI score
Exploits0References8
ThreatPost
ThreatPost
added 2022/03/10 7:54 p.m.173 views

Malware Posing as Russia DDoS Tool Bites Pro-Ukraine Hackers

Looking to cyber-hassle Russia, Ukrainian sympathizers? Be careful — malware is making the rounds, disguised as a pro-Ukraine cyber-tool that will turn around and bite you instead, researchers are warning. In a Wednesday threat advisory, Cisco Talos described a campaign it’s observed in which a...

8.7AI score
Exploits0References21
The Hacker News
The Hacker News
added 2022/03/10 7:18 a.m.27 views

Emotet Botnet's Latest Resurgence Spreads to Over 100,000 Computers

The insidious Emotet botnet, which staged a return in November 2021 after a 10-month-long hiatus, is once again exhibiting signs of steady growth, amassing a swarm of over 100,000 infected hosts for perpetrating its malicious activities. "While Emotet has not yet attained the same scale it once...

2.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/03/07 11:5 a.m.16 views

A week in security (February 28 – March 6)

Last week on Malwarebytes Labs: Beware of malware offering “Warm greetings from Saudi Aramco” Update now! Cisco fixes several vulnerabilities HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine Tips to protect your data, security, and privacy from a hands-on expert...

0.5AI score
Exploits0
ThreatPost
ThreatPost
added 2022/03/02 6:14 p.m.643 views

Conti Ransomware Decryptor, TrickBot Source Code Leaked

The pro-Ukraine member of the Conti ransomware gang who promised to eviscerate the extortionists after they pledged support for the Russian government has spilled yet more Conti guts: The latest dump includes source code for Conti ransomware, TrickBot malware, a decryptor and the gang’s...

10CVSS8.8AI score0.99512EPSS
Exploits75References28
The Hacker News
The Hacker News
added 2022/03/01 2:3 p.m.18 views

Conti Ransomware Gang's Internal Chats Leaked Online After Siding With Russia

Days after the Conti ransomware group broadcasted a pro-Russian message pledging its allegiance to Vladimir Putin's ongoing invasion of Ukraine, an anonymous security researcher using the Twitter handle @ContiLeaks has leaked the syndicate's internal chats. The file dump, published by malware...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/03/01 1:22 p.m.49 views

TrickBot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail

Even as the TrickBot infrastructure closed shop, the operators of the malware are continuing to refine and retool their arsenal to carry out attacks that culminated in the deployment of Conti ransomware. IBM Security X-Force, which discovered the revamped version of the criminal gang's AnchorDNS...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/02/28 12:15 p.m.12 views

TrickBot takes down server infrastructure after months of inactivity

The king of tricks is dead. Long live the new king. Or will it make a comeback? While we already assumed TrickBot was dead in the water, the shutdown of the server infrastructure on February 24, 2022, did not go unnoticed. Is this really the end of one of the most active botnets in the last decad...

7.2AI score
Exploits0
Rows per page
Query Builder