Lucene search
K

254 matches found

thn
thn
added 2022/02/28 11:10 a.m.28 views

Rebirth of Emotet: New Features of the Botnet and How to Detect it

One of the most dangerous and infamous threats is back again. In January 2021, global officials took down the botnet. Law enforcement sent a destructive update to the Emotet's executables. And it looked like the end of the trojan's story. But the malware never ceased to surprise. November 2021, i...

Exploits0
threatpost
threatpost
added 2022/02/25 9:32 p.m.210 views

TrickBot Takes a Break, Leaving Researchers Scratching Their Heads

The group behind the TrickBot malware is back after an unusually long lull between campaigns, according to researchers — but it’s now operating with diminished activity. They concluded that the pause could be due to the TrickBot gang making a large operational shift to focus on partner malware,...

8.8AI score
Exploits0References11
thn
thn
added 2022/02/25 7:30 a.m.9 views

Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure

The modular Windows crimeware platform known as TrickBot formally shuttered its infrastructure on Thursday after reports emerged of its imminent retirement amid a lull in its activity for almost two months, marking an end to one of the most persistent malware campaigns in recent years. "TrickBot ...

0.9AI score
Exploits0
thn
thn
added 2022/02/24 1:28 p.m.29 views

TrickBot Gang Likely Shifting Operations to Switch to New Malware

TrickBot, the infamous Windows crimeware-as-a-service CaaS solution that's used by a variety of threat actors to deliver next-stage payloads like ransomware, appears to be undergoing a transition of sorts, with no new activity recorded since the start of the year. The lull in the malware campaign...

1.9AI score
Exploits0
threatpost
threatpost
added 2022/02/16 10:34 p.m.225 views

TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands

Cyberattackers are targeting 60 different high-profile companies with the TrickBot malware, researchers have warned, with many of those in the U.S. The goal is to attack those companies’ customers, according to Check Point Research CPR, which are being cherry-picked for victimization. According t...

8.7AI score
Exploits0References10
hackread
hackread
added 2022/02/16 5:19 p.m.19 views

Trickbot malware infects 140,000+ customer devices of tech giants

By Waqas According to researchers, TrickBot malware has targeted customers of over 60 high-profile corporations since November 2020 including Google,… This is a post from HackRead.com Read the original post: Trickbot malware infects 140,000+ customer devices of tech giants...

4AI score
Exploits0
thn
thn
added 2022/02/16 2:3 p.m.33 views

TrickBot Malware Targeted Customers of 60 High-Profile Companies Since 2020

The notorious TrickBot malware is targeting customers of 60 financial and technology companies, including cryptocurrency firms, primarily located in the U.S., even as its operators have updated the botnet with new anti-analysis features. "TrickBot is a sophisticated and versatile malware with mor...

0.9AI score
Exploits0
thn
thn
added 2022/02/08 3:37 a.m.65 views

Microsoft Temporarily Disables MSIX App Installers to Prevent Malware Abuse

Microsoft last week announced that it's temporarily disabling the MSIX ms-appinstaller protocol handler in Windows following evidence that a security vulnerability in the installer component was exploited by threat actors to deliver malware such as Emotet, TrickBot, and Bazaloader. MSIX, based on...

7.1CVSS7.7AI score0.10295EPSS
Exploits1
threatpost
threatpost
added 2022/02/01 2:0 p.m.58 views

Living Off the Land: How to Defend Against Malicious Use of Legitimate Utilities

Living-off-the-land binaries LOLBins are no joke: Cyberattackers have been increasingly making use of them to hide their malicious work from security solutions. It’s time for threat hunters and IT security staff to familiarize themselves with how these are used in the attack chains of some of the...

8.6AI score
Exploits0References12
wired
wired
added 2022/02/01 12:0 p.m.12 views

Inside Trickbot, Russia’s Notorious Ransomware Gang

Internal messages WIRED has viewed shed new light on the operators of one of the world's biggest botnets...

3.4AI score
Exploits0
threatpost
threatpost
added 2022/01/27 3:0 p.m.23 views

Shipment-Delivery Scams Become the Favored Way to Spread Malware

Threat actors are increasingly using scams that spoof package couriers like DHL or the U.S. Postal Service in authentic-looking phishing emails that attempt to dupe victims into downloading credential-stealing or other malicious payloads, researchers have found. Researchers from Avanan, a Check...

7AI score
Exploits0References11
threatpost
threatpost
added 2022/01/26 10:39 p.m.33 views

TrickBot Crashes Security Researchers’ Browsers in Latest Upgrade

Trojan titan TrickBot has added a striking anti-debugging feature that detects security analysis and crashes researcher browsers before its malicious code can be analyzed. The new anti-debugging feature was discovered by Security Intelligence analysts with IBM, who reported the emergence of a...

7.2AI score
Exploits0References4
hackread
hackread
added 2022/01/26 6:39 p.m.20 views

TrickBot malware now crashes researchers’ devices to evade analysis

By Deeba Ahmed Since the return of TrickBot malware researchers are observing additional features and capabilities which makes its detection and… This is a post from HackRead.com Read the original post: TrickBot malware now crashes researchers’ devices to evade analysis...

4.1AI score
Exploits0
thn
thn
added 2022/01/25 12:12 p.m.17 views

TrickBot Malware Using New Techniques to Evade Web Injection Attacks

The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defense to slip past antimalware products. "As part of that escalation, malware injections have been fitted with added protection to keep...

0.3AI score
Exploits0
malwarebytes
malwarebytes
added 2022/01/24 3:39 p.m.303 views

Microsoft is now disabling Excel 4.0 macros by default

Back in October 2021, Microsoft announced in an email sent to customers that it planned to disable Excel 4.0 macros by default to protect customers from malicious documents. Now, Microsoft says that change has happened. Good news Sometimes good news in the security world comes later than expected...

9.3CVSS8.8AI score0.99945EPSS
Exploits33
qualysblog
qualysblog
added 2022/01/06 2:5 p.m.119 views

Emotet Re-emerges with Help from TrickBot

Emotet has recently reemerged after being taken down less than a year ago by global law enforcement as coordinated by Europol and Eurojust. The takedown was achieved after law enforcement compromised a command-and-control system, and then pushed a specially crafted update to Emotet agents that...

9.3CVSS1.3AI score0.99693EPSS
Exploits61
hivepro
hivepro
added 2021/12/16 11:12 a.m.156 views

Microsoft released patch for actively exploited spoofing vulnerability

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Microsoft AppX has a spoofing vulnerability that has been assigned CVE-2021-43890. Attackers are taking advantage of this critical vulnerability by deploying well-known malwares such as Emotet, Trickbot, and Bazaloader. Thi...

6CVSS8.6AI score0.10295EPSS
Exploits1
nvd
nvd
added 2021/12/15 3:15 p.m.30 views

CVE-2021-43890

We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader. An attacker...

7.1CVSS0.10295EPSS
Exploits1References6
osv
osv
added 2021/12/15 3:15 p.m.5 views

CVE-2021-43890

We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader. An attacker...

7.1CVSS5.8AI score0.10295EPSS
Exploits1References6
attackerkb
attackerkb
added 2021/12/15 3:15 p.m.78 views

CVE-2021-43890

We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader. An attacker...

7.1CVSS7.5AI score0.10295EPSS
In wildExploits1References6Affected Software1
Rows per page
Query Builder