Krebs on Security

APRIL 19, 2019

Marcus Hutchins, a 24-year-old blogger and malware researcher arrested in 2017 for allegedly authoring and selling malware designed to steal online banking credentials, has pleaded guilty to criminal charges of conspiracy and to making, selling or advertising illegal wiretapping devices. The government says between July 2012 and Sept.

Banking 221

Banking Malware Advertising Government 221

Krebs on Security

NOVEMBER 13, 2019

In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT , a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme.

Malware 225

Malware Advertising Marketing System Administration 225

Schneier on Security

MARCH 28, 2019

The attack took place between June and November 2018 and according to our telemetry, it affected a large number of users. [.]. Kaspersky Labs is reporting on a new supply chain attack they call "Shadowhammer.". In January 2019, we discovered a sophisticated supply chain attack involving the ASUS Live Update Utility.

Hacking 278

Hacking Malware 278

Krebs on Security

AUGUST 16, 2020

A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem. In fact, CVE-2020-1464 was first spotted in attacks used in the wild back in August 2018.

Antivirus 363

Antivirus Malware Software 363

Digital Shadows

MARCH 17, 2025

Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. CVE-2018-13379: The Eternal Exploit What is CVE-2018-13379?

VPN 133

VPN Authentication Ransomware Risk 133

Security Affairs

MARCH 20, 2025

The archive contains a fake PDF report and DarkTortilla malware, which acts as a launcher for the Dark Crystal RAT ( DCRat ). DCRat first appeared in the threat landscape in 2018, but a year later it was redesigned and relaunched. In March 2025, threat actors distributed archived messages through Signal.

Computers and Electronics 107

Computers and Electronics Telecommunications Malware Surveillance 107

Krebs on Security

JANUARY 2, 2019

The company says its systems were hit by the Ryuk ransomware, the same malware strain that crippled printing and delivery operations for multiple major U.S. 29, 2018, the attackers broke in through a compromised login account on Christmas Eve and quickly began infecting servers with the Ryuk ransomware strain.

Ransomware 258

Ransomware Malware Backups Accountability 258

The Hacker News

JUNE 13, 2024

Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least 2018.

Malware 135

Malware 135

Krebs on Security

AUGUST 25, 2021

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for using a clever piece of digital clipboard-stealing malware that let them siphon his crypto holdings.

Cryptocurrency 361

Cryptocurrency Malware Mobile Accountability 361

Security Affairs

NOVEMBER 1, 2024

ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants. The experts noticed that a portion of the CVE-2018-4404 exploit is likely borrowed from the Metasploit framework.

Spyware 141

Spyware Media Malware Hacking 141

SecureList

JUNE 15, 2023

Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercriminal community. A MaaS operator is typically a team consisting of several people with distinct roles.

Malware 144

Malware Ransomware Cybercrime Hacking 144

The Last Watchdog

APRIL 21, 2021

At the time, in the spring of 2018, only 25 percent of commercial websites used HTTPS; today adoption is at 98 percent and rising. Attackers are taking advantage of TLS-protected web and cloud services, for malware delivery and for command-and-control, right under the noses of IT security teams and most security technologies.”.

Malware 214

Malware Firewall Encryption Digital transformation 214

Security Affairs

NOVEMBER 2, 2024

Since 2018, Sophos has faced increasingly aggressive campaigns, including the India-based Sophos subsidiary Cyberoam, where attackers exploited a wall-mounted display for initial access. The threat actors exploited vulnerabilities in networking devices used by businesses to gain a foothold by installing custom malware.

Firmware 120

Firmware Government Firewall Malware 120

Krebs on Security

JULY 8, 2019

But GandCrab far eclipsed the success of competing ransomware affiliate programs largely because its authors worked assiduously to update the malware so that it could evade antivirus and other security defenses. It remains unclear how many individuals were active in the core GandCrab malware development team.

Ransomware 277

Ransomware Accountability Cybercrime Passwords 277

Adam Levin

JANUARY 25, 2019

Trojan horse-based malware attacks and spyware rose sharply in 2018 as ransomware-based attacks declined, according to a new report published by Malwarebytes. Kaspersky and McAfee Labs both reported a 30% decline in ransomware attacks in 2018. “[T]he

Spyware 212

Spyware Ransomware Malware Banking 212

The Hacker News

DECEMBER 27, 2024

The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns targeting "several dozen users" in 2024.

Malware 121

Malware Cyber Attacks Phishing 121

Malwarebytes

OCTOBER 28, 2021

Unlike traditional malware, which relies on a file being written to a disk, fileless malware is intended to be memory resident only, ideally leaving no trace after its execution. For an attacker, fileless malware has two major advantages: There is no file for traditional anti-virus software to detect. Is fileless malware new?

Malware 136

Malware Artificial Intelligence Software Ransomware 136

Krebs on Security

DECEMBER 19, 2018

The software giant said it learned about the weakness ( CVE-2018-8653 ) after receiving a report from Google about a new vulnerability being used in targeted attacks. “As the flaw is being actively exploited in the wild, users are urged to update their systems as soon as possible to reduce the risk of compromise,” Narang said. .

Internet 255

Internet Internet Software Engineering 255

SecureList

OCTOBER 29, 2024

Attackers are increasingly distributing malware through a rather unusual method: a fake CAPTCHA as the initial infection vector. As with the previous stage, the victim doesn’t always encounter malware. Known since 2018, Amadey has been the subject of numerous security reports.

Adware 124

Adware Malware Cryptocurrency Password Management 124

Security Affairs

JULY 14, 2024

A Dark Gate malware campaign from March-April 2024 demonstrates how attackers exploit legitimate tools and services to distribute malware. Palo Alto Networks Unit 42 researchers shared details about a DarkGate malware campaign from March-April 2024. The malware is considered a sophisticated threat and is continuously improved.

Malware 132

Malware Cybercrime Software Phishing 132

Security Affairs

DECEMBER 26, 2024

In November 2024, the Akamai Security Intelligence Research Team (SIRT) observed increased activity targeting the URI /cgi-bin/cgi_main.cgi , linked to a Mirai-based malware campaign exploiting an unassigned RCE vulnerability in DVR devices, including DigiEver DS-2105 Pro. ” reads the analysis published by Akamai. in newer ones.

Manufacturing 88

Manufacturing Malware Firmware IoT 88

Malwarebytes

FEBRUARY 19, 2025

These findings come from the 2025 State of Malware report. The threat of info stealers Info stealers are a type of malware that do exactly as they saythey steal information from peoples devices. But the variety of information that these pieces of malware can steal makes them particularly dangerous.

Malware 129

Malware Software Passwords Cryptocurrency 129

Krebs on Security

FEBRUARY 4, 2020

The government says Quantum Stresser had more than 80,000 customer subscriptions, and that during 2018 the service was used to conduct approximately 50,000 actual or attempted attacks targeting people and networks worldwide. and international authorities in December 2018 as part of a coordinated takedown targeting attack-for-hire services.

Internet 324

Internet Internet Government Accountability 324

CyberSecurity Insiders

APRIL 18, 2022

A malware dubbed MyloBot malware is seen sending extortion emails to victims and demanding a payment of $2,732 in digital currency. This malware that was first detected in 2018 has anti-debugging capabilities and the potential to remove other malware already installed in the system or network.

Malware 135

Malware Firewall Software Ransomware 135

Security Affairs

FEBRUARY 26, 2025

ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants. The experts noticed that a portion of the CVE-2018-4404 exploit is likely borrowed from the Metasploit framework.

Data collection 103

Data collection Spyware Media Surveillance 103

SecureList

MARCH 11, 2025

Since the beginning of the year, we’ve been tracking in our telemetry a new wave of DCRat distribution, with paid access to the backdoor provided under the Malware-as-a-Service (MaaS) model. The cybercriminal group behind it also offers support for the malware and infrastructure setup for hosting the C2 servers.

Passwords 85

Passwords Malware Advertising Software 85

Security Affairs

FEBRUARY 2, 2024

The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. ” reads the alert published by CERT-UA.

Malware 135

Malware Internet Internet DDOS 135

Security Affairs

JULY 25, 2022

Operators behind the Amadey Bot malware use the SmokeLoader to distribute a new variant via software cracks and keygen sites. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows operators to install additional payloads. Then the malware contacts the C2 and sends system information (i.e.

Software 131

Software Malware Cybercrime VPN 131

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. LFI CVE-2018-16763 Fuel CMS 1.4.1 LFI CVE-2018-16763 Fuel CMS 1.4.1 The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” ” concludes the report.

Malware 145

Malware DDOS IoT Cybercrime 145

SecureBlitz

MARCH 5, 2024

Security researchers have identified a new and concerning malware threat: a multi-platform framework called “MATA.” ” This framework has been targeting victims globally since at least April 2018.

Malware 105

Malware Cybersecurity Antivirus 105

Troy Hunt

MARCH 26, 2018

Shofiur R" found troyhunt.com on a "free online malware scanner" and tried to scare me into believing my site had security vulnerabilities then shake me down for a penetration test. pic.twitter.com/lifCZRcICF — Troy Hunt (@troyhunt) March 20, 2018. Here's the tl;dr - someone named "Md. Ooh, he’s good! Suggestions?

Scams 221

Scams Penetration Testing Accountability Data breaches 221

Malwarebytes

FEBRUARY 24, 2022

According to a joint security advisory published yesterday by US and UK cybersecurity and law enforcement agencies, a new malware called Cyclops Blink has surfaced to replace the VPNFilter malware attributed to the Sandworm group, which has always been seen as a Russian state-sponsored group. Cyclops Blink.

Malware 145

Malware Firewall Firmware DDOS 145

Krebs on Security

JUNE 15, 2021

Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot , a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. nl — circa October 2018. 6 in Miami, Fla.

Cybercrime 354

Cybercrime Ransomware Passwords Banking 354

Krebs on Security

FEBRUARY 4, 2025

The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled , English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. 30, the U.S.

eCommerce 202

eCommerce Cybercrime Accountability Passwords 202

SecureList

OCTOBER 15, 2024

SideWinder, aka T-APT-04 or RattleSnake, is one of the most prolific APT groups that began its activities in 2012 and was first publicly mentioned by us in 2018. The malware uses different strings to load libraries and functions required for execution. In particular, Avast and AVG solutions are of interest to the malware.

Malware 143

Malware Encryption Architecture Phishing 143

Krebs on Security

APRIL 7, 2022

The DOJ said it did not seek to disinfect compromised devices; instead, it obtained court orders to remove the Cyclops Blink malware from its “command and control” servers — the hidden machines that allowed the attackers to orchestrate the activities of the botnet. energy facilities. ” HYDRA. . ” HYDRA.

Marketing 301

Marketing Energy and Utilities Malware Ransomware 301

CyberSecurity Insiders

DECEMBER 2, 2022

New malware is on the prowl and is seen spreading malicious software in disguise of applications meant for teaching, reading, and other education-related activities. ZIMPERIUM is the firm that conducted the study and discovered the infection in the wild in 2018.

Accountability 115

Accountability Malware Education Software 115