Schneier on Security

FEBRUARY 16, 2021

Interesting story about a barcode scanner app that has been pushing malware on to Android phones. It’s been around since 2017 and is owned by the Ukrainian company Lavabird Ldt. It is baffling to me that an app developer with a popular app would turn it into malware. The app is called Barcode Scanner.

Advertising 314

Advertising Malware 314

Krebs on Security

MAY 14, 2019

Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003 , citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.

Malware 264

Malware Ransomware Authentication 264

Krebs on Security

FEBRUARY 17, 2021

million in a 2018 ATM cash out scheme targeting a Pakistani bank; and a total of $112 million in virtual currencies stolen between 2017 and 2020 from cryptocurrency companies in Slovenia, Indonesia and New York. In reality, prosecutors say, the programs were malware or downloaded malware after the applications were installed.

Cryptocurrency 326

Cryptocurrency Financial Services Banking Government 326

Security Boulevard

JANUARY 17, 2022

Ukraine is again under malware attack. And the tactics look strikingly similar to 2017’s NotPetya hack by the Russian GRU. The post ‘Russian’ Wiper Malware: ‘Prelude to war’ in Ukraine appeared first on Security Boulevard.

Malware 144

Malware Hacking Social Engineering Engineering 144

Tech Republic Security

FEBRUARY 15, 2022

Dubbed TA2541 by Proofpoint researchers, the group has been attacking targets in several critical industries since 2017 with phishing emails and cloud-hosted malware droppers. The post Researchers discover common threat actor behind aviation and defense malware campaigns appeared first on TechRepublic.

Malware 148

Malware Phishing 148

Malwarebytes

OCTOBER 18, 2024

The vulnerability, tracked as CVE-2024-44133 was fixed in the September 16 update for Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later).

Adware 144

Adware Spyware Mobile Technology 144

Krebs on Security

AUGUST 14, 2020

Sources close to the investigation tell KrebsOnSecurity the malware is known as Defray. Defray was first spotted in 2017, and its purveyors have a history of specifically targeting companies in the healthcare space. R1 RCM declined to discuss the strain of ransomware it is battling or how it was compromised.

Ransomware 363

Ransomware Healthcare Insurance Phishing 363

Security Boulevard

NOVEMBER 7, 2022

What’s the best way for a company to test its malware defenses in real-life scenarios? In fact, a 2017 report predicted that by 2020 businesses will be hit by a threat actor every eleven seconds. The post Safely Test Your Malware, Ransomware and Virus Defenses appeared first on Security Boulevard.

Malware 134

Malware Ransomware Security Awareness Cybersecurity 134

Security Affairs

DECEMBER 17, 2024

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. The Federal Bureau of Investigation (FBI) released a Private Industry Notification (PIN) to warn of HiatusRAT malware campaigns targeting Chinese-branded web cameras and DVRs. ” reads the PIN report.

Architecture 107

Architecture Internet Internet Malware 107

The Hacker News

AUGUST 20, 2021

ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017.

Malware 145

Malware 145

CyberSecurity Insiders

JULY 27, 2022

A novel malware named CosmicStrand is said to be targeting the old motherboards offered by Asus and Gigabyte and the crux is that it can survive operating system re-installs and it survives in Unified Extensible Firmware Interface (UEFIs) unlike just the storage drive.

Malware 129

Malware Firmware Antivirus Marketing 129

The Hacker News

APRIL 10, 2023

Over one million WordPress websites are estimated to have been infected by an ongoing campaign to deploy malware called Balada Injector since 2017. The massive campaign, per GoDaddy's Sucuri, "leverages all known and recently discovered theme and plugin vulnerabilities" to breach WordPress sites.

Malware 144

Malware 144

Security Affairs

OCTOBER 30, 2023

A sophisticated malware tracked as StripedFly remained undetected for five years and infected approximately one million devices. Researchers from Kaspersky discovered a sophisticated malware, dubbed StripedFly, that remained under the radar for five years masquerading as a cryptocurrency miner. “What was the real purpose?

Malware 138

Malware Cryptocurrency Ransomware Hacking 138

Penetration Testing

SEPTEMBER 12, 2024

In a newly uncovered advanced malware campaign, threat actors are using a complex, fileless approach to deliver the Remcos Remote Access Trojan (RAT), leveraging a benign-looking Excel document as the... The post Fileless Remcos RAT Campaign Leverages CVE-2017-0199 Flaw appeared first on Cybersecurity News.

Malware 87

Malware Cybersecurity 87

The Hacker News

JANUARY 16, 2023

Central Intelligence Agency (CIA)'s Hive multi-platform malware suite, the source code of which was released by WikiLeaks in November 2017. Unidentified threat actors have deployed a new backdoor that borrows its features from the U.S.

Malware 144

Malware 144

Krebs on Security

APRIL 7, 2022

The DOJ said it did not seek to disinfect compromised devices; instead, it obtained court orders to remove the Cyclops Blink malware from its “command and control” servers — the hidden machines that allowed the attackers to orchestrate the activities of the botnet. energy facilities. ” HYDRA. . ” HYDRA. .

Marketing 298

Marketing Energy and Utilities Malware Ransomware 298

SecureList

MARCH 10, 2025

We continued to monitor the group throughout the rest of the year, observing intense activity that included updates to SideWinder’s toolset and the creation of a massive new infrastructure to spread malware and control compromised systems. Additionally, they change the names and paths of their malicious files.

Energy and Utilities 119

Energy and Utilities Malware Government Phishing 119

Schneier on Security

MARCH 9, 2021

WannaCry was a 2017 cyberattack, based on a NSA-discovered and Russia-stolen-and-published Windows vulnerability. Even if we assume that the report is self-serving to the company that wrote it, and that the statistic is not generally representative, this is still a disaster. The number should be 0%.

Technology 362

Technology Software Malware 362

CyberSecurity Insiders

JANUARY 17, 2022

Microsoft has issued an official warning to all IT and not-for-profit organizations, along with some critical government organizations across Ukraine, that their digital infrastructure could be targeted by a dreaded data wiping malware campaign.

Malware 139

Malware Government Technology Authentication 139

Security Affairs

DECEMBER 21, 2023

Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882, to spread the Agent Tesla malware. Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882 (CVSS score: 7.8), as part of phishing campaigns to spread the Agent Tesla malware.

Malware 132

Malware Phishing Spyware Cyber threats 132

Schneier on Security

JANUARY 25, 2022

billion in business interruption losses from the Notpetya cyber attack of 2017 which were claimed against “all risks” property re/insurance policies providing coverage for losses resulting from destruction or corruption of computer data and software. Merck suffered US$1.4

Insurance 224

Insurance Cyber Attacks Government Malware 224

CyberSecurity Insiders

JANUARY 4, 2022

A new malware developed by China is on the prowl on the web and is seen targeting Japanese companies for now. First it sneaks into the network to evaluate the target defense-line and then a second stage malware is then induced and executed to conduct espionage, data steal and such.

Malware 132

Malware Manufacturing Media Phishing 132

Krebs on Security

JULY 29, 2019

Marcus Hutchins , the “accidental hero” who helped arrest the spread of the global WannaCry ransomware outbreak in 2017, will receive no jail time for his admitted role in authoring and selling malware that helped cyberthieves steal online bank account credentials from victims, a federal judge ruled Friday.

Banking 216

Banking Malware Government Education 216

Security Boulevard

MARCH 20, 2025

Amost a dozen state-sponsored threat groups from Russia, China, and North Korea have been exploiting a security flaw in WIndows in attacks on governments and critical infrastructure that date back to 2017. According to Trend Micro's VDI unit, Microsoft has no plans to patch the vulnerability.

Government 100

Government Social Engineering Engineering Malware 100

SecureList

OCTOBER 15, 2024

RTF exploit RTF files were specifically crafted by the attacker to exploit CVE-2017-11882, a memory corruption vulnerability in Microsoft Office software. The malware uses different strings to load libraries and functions required for execution. In particular, Avast and AVG solutions are of interest to the malware.

Malware 143

Malware Encryption Architecture Phishing 143

Security Affairs

DECEMBER 29, 2021

China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. “It means that they are actively developing new malwares.

Malware 144

Malware Phishing Passwords Media 144

Malwarebytes

MARCH 5, 2022

The Formbook malware is an information stealer that is in use by many threat actors. The embedded object downloaded a remote template that exploits CVE-2017-11882 to download and execute the FormBook malware. Recently, the Malwarebytes Threat Intelligence Team found a Formbook campaign targeting oil and gas companies.

Malware 137

Malware Manufacturing Marketing 137

Security Affairs

OCTOBER 16, 2023

Researchers uncovered an ongoing campaign abusing popular messaging platforms Skype and Teams to distribute the DarkGate malware. The threat actors abused popular messaging platforms such as Skype and Teams to deliver a script used as a loader for a second-stage payload, which was an AutoIT script containing the DarkGate malware.

Malware 137

Malware Cryptocurrency Accountability Cybercrime 137

Heimadal Security

OCTOBER 27, 2022

The North Korean cyberespionage group known as Kimsuky has been observed exploiting three different Android malware targeted specifically at South Korean users. Kimsuky, also known as Velvet Chollima, Thallium, or Black Banshee, is a North Korean-based cybercrime group with operations going back to 2017.

Malware 119

Malware Cybercrime Cybersecurity 119

Security Affairs

DECEMBER 15, 2023

Experts uncovered a new Go-based multi-platform malware, tracked as NKAbuse, which is the first malware abusing NKN technology. Researchers from Kaspersky’s Global Emergency Response Team ( GERT ) and GReAT uncovered a new multiplatform malware dubbed NKAbuse. ” reads the report published by Kaspersky.

Malware 140

Malware Architecture Technology DDOS 140

Security Affairs

APRIL 12, 2024

Proofpoint researchers observed a threat actor, tracked as TA547, targeting German organizations with an email campaign delivering the Rhadamanthys malware. The security firm pointed out that this is the first TA547 group to use this malware family. The experts also discovered the attempts of using LLM in malware campaigns.

Malware 133

Malware Social Engineering Retail Engineering 133

Security Affairs

FEBRUARY 2, 2024

The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. ” reads the alert published by CERT-UA.

Malware 135

Malware Internet Internet DDOS 135

Security Affairs

APRIL 21, 2025

. “The threat actor also used other means to distribute the malware, such as attaching the same file to emails and exploiting the Microsoft Office Equation Editor vulnerability (CVE-2017-11882) [1].” Kimsuky also used the forceCopy stealer malware to capture keystrokes and extract files from browser directories.

Phishing 78

Phishing Malware Security Intelligence Hacking 78

Adam Levin

JANUARY 25, 2019

Trojan horse-based malware attacks and spyware rose sharply in 2018 as ransomware-based attacks declined, according to a new report published by Malwarebytes. Ransomware attacks remain a persistent threat, but are not as prevalent as they were at their peak in 2017, which coincided with the meteoric rise in cyptocurrency values.

Spyware 212

Spyware Ransomware Malware Banking 212

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” The post EnemyBot malware adds new exploits to target CMS servers and Android devices appeared first on Security Affairs. LFI CVE-2018-16763 Fuel CMS 1.4.1

Malware 145

Malware DDOS IoT Cybercrime 145

Security Affairs

JANUARY 21, 2025

Researchers found over 100 servers distributing Mirai malware and communicating with compromised IPs, indicating the campaign is ongoing. “Mirai malware, here dubbed as Murdoc Botnet, is a prominent malware family for *nix systems. It mainly targets vulnerable AVTECH and Huawei devices. ” reads the advisory.

IoT 82

IoT Malware Hacking Cybercrime 82

Krebs on Security

FEBRUARY 4, 2020

In 2012 KrebsOnSecurity wrote about the plight of Yuriy “Jtk” Konovalenko , a then 30-year-old Ukrainian man who was rounded up as part of an international crackdown on an organized crime gang that used the ZeuS malware to steal tens of millions of dollars from companies and consumers. Attorney Adam Alexander.

Internet 326

Internet Internet Government Accountability 326