Threats & Malware, Vulnerabilities
December 21, 2023
Via: The RegisterSecurity vendor Sonatype believes developers are failing to address the critical remote code execution (RCE) vulnerability in the Apache Struts 2 framework, based on recent downloads of the code. The vulnerability, tracked as CVE-2023-50164, is rated 9.8 out of 10 […]
Threats & Malware, Virus & Malware
December 20, 2023
Via: Security AffairsResearchers from AT&T Alien Labs uncovered a previously undetected Go-based information stealer dubbed JaskaGO that targets Windows and macOS systems. JaskaGO is a sophisticated malware that supports an extensive array of commands and can maintain persistence in different ways. The […]
December 19, 2023
Via: The RegisterMultiple sources are confirming the resurgence of Qakbot malware mere months after the FBI and other law enforcement agencies shuttered the Windows botnet. Microsoft Threat Intelligence reckons a new Qakbot phishing campaign is active as of December 11 but attack […]
Threats & Malware, Vulnerabilities
December 19, 2023
Via: SecureWorldThis morning, the Qualys Threat Research Unit released its 2023 Threat Landscape Year in Review report. In 2023, the Qualys Threat Research Unit (TRU) witnessed a critical trend in exploiting high-risk vulnerabilities. Its analysis reveals a startling insight into how […]
December 15, 2023
Via: The RegisterIncident responders say they’ve found a new type of multi-platform malware abusing the New Kind of Network (NKN) protocol. Dubbed “NKAbuse” by the researchers, the Go-based backdoor offers criminal attackers a range of possibilities, including being able to DDoS or […]
December 11, 2023
Via: The RegisterResearch into Lazarus Group’s attacks using Log4Shell has revealed novel malware strains written in an atypical programming language. DLang is among the newer breed of memory-safe languages being endorsed by Western security agencies over the past few years, the same […]
December 5, 2023
Via: The RegisterThe government of the United Kingdom has issued a strongly worded denial of a report that the Sellafield nuclear complex has been compromised by malware for years. The report, appearing in The Guardian, claimed that the controversial complex was hacked […]
December 1, 2023
Via: The RegisterAnother member of the Trickbot malware crew now faces a lengthy prison sentence amid US law enforcement’s ongoing search for its leading members. Russian national Vladimir Dunaev, 40, faces a maximum sentence of 35 years in prison for his involvement […]
November 30, 2023
Via: The RegisterThe Black Basta ransomware group has reportedly generated upwards of $100 million in revenue since it started operations in April 2022. Joint research from Corvus Insurance and blockchain analysis company Elliptic estimates the crew has scooped up at least $107 […]
November 17, 2023
Via: SecureWorldThe United States National Security Agency (NSA) has raised concerns about Chinese government-backed hackers embedding themselves within U.S. critical infrastructure networks, posing a significant threat to the nation’s security and economic stability. These hackers, operating under the moniker “Volt Typhoon,” […]
Threats & Malware, Virus & Malware
November 16, 2023
Via: The RegisterAffiliates of the ALPHV/BlackCat ransomware-as-a-service operation are turning to malvertising campaigns to establish an initial foothold in their victims’ systems. Paid adverts for popular business software such as Slack and Cisco AnyConnect are being used to lure corporate victims into […]
November 14, 2023
Via: The RegisterGoogle has sued three scammers for offering a fake download of its Bard AI chatbot that contained malware capable of stealing credentials for small business’ social media accounts. The web giant’s lawsuit [PDF], filed on Monday in a San Jose […]
Threats & Malware, Virus & Malware
November 10, 2023
Via: Security AffairsMicrosoft reported the exploitation of a zero-day vulnerability, tracked as CVE-2023-47246, in the SysAid IT support software in limited attacks. The IT giant linked the attacks to the Clop ransomware gang (aka Lace Tempest). The company reported the flaw to […]
Threats & Malware, Virus & Malware
November 7, 2023
Via: The RegisterA brand-new macOS malware strain from North Korean state-sponsored hackers has been spotted in the wild. Dubbed “ObjCShellz” by researchers at Jamf, the malware is thought to be a later-stage payload in the multi-stage RustBucket campaign targeting organizations in the […]
November 7, 2023
Via: TechRadarHackers have found a way to bypass Android’s “Restricted Settings” and install malware on a victim’s devices. Restricted Settings is a security feature first introduced in Android 13 that prevents apps downloaded from non-vetted sources (i.e. places other than the […]
Application security, Security
November 1, 2023
Via: The RegisterCybercriminals are once again abusing macro-enabled Excel add-in (XLL) files in malware attacks at a vastly increased rate, according to new research. HP Wolf Security revealed that .xlam files are now the seventh most commonly abused file extension in Q3 […]
November 1, 2023
Via: Security AffairsDuring a forensics investigation, Security Joes Incident Response team discovered a new Linux Wiper malware they tracked as BiBi-Linux Wiper. Pro-Hamas hacktivist group used the wiper to destroy the infrastructure of Israeli companies. The researchers noticed that the malware is […]
October 25, 2023
Via: TechRadarCybersecurity researchers from Kaspersky have revealed more details on TriangleDB, a piece of malware that targeted a zero-day vulnerability recently discovered in the iOS operating system. In a detailed technical writeup, Kaspersky said the malware contains at least four different […]
Threats & Malware, Vulnerabilities
October 23, 2023
Via: The RegisterAfter a six-day wait, Cisco started rolling out a patch for a critical bug that miscreants had exploited to install implants in thousands of devices. Alas, it seems to have been largely useless. The flaw in the networking giant’s IOS […]
October 23, 2023
Via: Natalie DunnThe digital landscape has revolutionized our lives, connecting people across the globe. However, alongside the many positive aspects, there exists a dark underbelly of cybercrime, where hackers operate with impunity. One essential tool in the arsenal of these malicious actors […]