SecureWorld News

NOVEMBER 2, 2022

government threat report , released this morning and titled "Rise in Mobile Phishing Credential Theft Targeting Public Sector," includes these key findings: Nearly 50% of state and local government employees are running outdated Android operating systems, exposing them to hundreds of device vulnerabilities.

Mobile 118

Mobile Government Phishing Risk 118

Security Affairs

JULY 21, 2021

FormBook is a data-stealing malware that is used in cyber espionage campaigns, like other spyware it is capable of extracting data from HTTP sessions, keystroke logging, stealing clipboard contents. “On February 6, 2020 a new era began: the era of the Formbook successor called XLoader. Pierluigi Paganini.

Spyware 113

Spyware Malware Cybercrime Advertising 113

SecureList

MARCH 25, 2021

This downward trend was not observed in the second half of 2020. Percentage of ICS computers on which malicious objects were blocked, by half-year, 2017 – 2020 ( download ). In H2 2020, the percentage of ICS computers on which malicious objects were blocked increased in relation to H1 in 62% of countries. Northern Europe.

Ransomware 126

Ransomware Spyware Internet Internet 126

SecureList

DECEMBER 16, 2021

In 2020, the group used Manuscrypt in attacks on defense enterprises in different countries. In June 2021, Kaspersky ICS CERT experts identified malware whose loader has some similarities to the Manuscrypt malware, which is part of the Lazarus APT group’s arsenal.

Spyware 136

Spyware Energy and Utilities Malware VPN 136

SecureList

SEPTEMBER 8, 2022

Percentage of ICS computers on which malicious objects were blocked, January – June 2020, 2021, and 2022. Southern Europe leads the ranking of regions by percentage of ICS computers on which malicious email attachments and phishing links were blocked. This is the highest percentage for any six-month reporting period since 2020.

Spyware 126

Spyware Cryptocurrency Ransomware Phishing 126

Malwarebytes

FEBRUARY 16, 2021

In short, in 2020, cyberthreats evolved. of all Mac detections in 2020—the rest can be attributed to Potentially Unwanted Programs (PUPs) and Adware ThiefQuest tricked many researchers into believing it was the first example of ransomware on macOS since 2017, but the malware was hiding its real activity of massive data exfiltration.

Malware 132

Malware Scams Spyware Healthcare 132

SecureList

MARCH 3, 2022

If we compare the numbers from 2020 and 2021, we see that 2021 looks more stable, particularly in H2. The percentage of ICS computers on which malicious objects were blocked in 2021 increased by 1 percentage point from 2020 – from 38.6% Percentage of ICS computers on which spyware was blocked ( download ). Ransomware.

Spyware 131

Spyware Ransomware Cryptocurrency Phishing 131

Security Affairs

MAY 8, 2020

Group-IB, a Singapore-based cybersecurity company, observed the growth of the lifespan of phishing attacks in the second half of 2019. Figure 1 The distribution of web-phishing among target categories . CERT-GIB’s findings indicate that phishing attack perpetrators have revised their so-called target pool. Target reshuffle.

Phishing 87

Phishing Spyware Banking Malware 87

SecureList

NOVEMBER 28, 2024

Based on limited telemetry, we believe with medium to low confidence that some of the initial infections were spear-phishing emails. In this most recent campaign, the actor uses spear-phishing emails, embedding a JavaScript loader as the initial infection vector. PhantomNet is a RAT first described by ESET in late 2020.

Malware 119

Malware Government Software Spyware 119

Security Affairs

APRIL 21, 2020

Hackers launched spear-phishing attacks against organizations in the oil and gas industry sector spreading the Agent Tesla info-stealer malware. To do this, the spyware creates different threads and timer functions in the main function. The attacks aim at infecting victims with the infamous Agent Tesla info-stealer malware.

Spyware 136

Spyware Manufacturing Malware Engineering 136

Security Affairs

FEBRUARY 14, 2021

COMB breach: 3.2B COMB breach: 3.2B COMB breach: 3.2B COMB breach: 3.2B If you want to also receive for free the international press subscribe here.

Phishing 111

Phishing Spyware Data breaches Ransomware 111

Webroot

OCTOBER 25, 2021

Even strong security can’t prevent an account from being hacked if account credentials are stolen in a phishing attack, one of the most common causes of identity theft. In 2020, phishing scams spiked by 510 percent between January and February alone. Web-borne malware remains widespread.

Identity Theft 131

Identity Theft Spyware Phishing Antivirus 131

Security Affairs

MARCH 8, 2020

pic.twitter.com/StU68THrXy — MalwareHunterTeam (@malwrhunterteam) March 6, 2020. The emails provide updates on the Coronavirus outbreak, it includes stats on the epidemic and contains an email of corona-virus@caramail.com that is likely used for phishing purposes. Payload: Formbook (thx @James_inthe_box ).

Malware 145

Malware Scams Social Engineering Phishing 145

Hot for Security

JUNE 18, 2021

A recent phishing campaign targeting Windows machines is attempting to infect users with one of the most recent versions of the Agent Tesla remote access Trojan (RAT). Active for over seven years, Agent Tesla has been used frequently in phishing campaigns seeking to steal user credentials, passwords and sensitive information.

Malware 105

Malware Phishing Spyware Software 105

Hot for Security

JUNE 14, 2021

Most security threats faced by regular users arrive via the Internet, whether it’s a malicious app or a rigged website , a scam delivered through the user’s social media channels, or a phishing scheme carried out via email or SMS. A well-timed phishing attack is all it takes to steal a user’s personal or financial information.

Mobile 132

Mobile Malware Media Spyware 132

Security Affairs

AUGUST 16, 2020

gun exchange site on hacking forum Threat Report Portugal: Q2 2020 Emotet malware employed in fresh COVID19-themed spam campaign PoC exploit code for two Apache Struts 2 flaws available online XCSSET Mac spyware spreads via Xcode Projects. A new round of the weekly SecurityAffairs newsletter arrived!

Hacking 87

Hacking Spyware Advertising Passwords 87

Security Affairs

AUGUST 27, 2021

Government experts state that the group uses multiple mechanisms to compromise networks of the victims, including phishing emails with malicious attachments to gain access and Remote Desktop Protocol (RDP) to move laterally once on the network. The Hive ransomware adds the.hive extension to the filename of encrypted files.

Ransomware 100

Ransomware Encryption Spyware Backups 100

eSecurity Planet

AUGUST 11, 2021

McAfee recently published a report stating that mobile malware infections in the fourth quarter of 2020 surpassed 40 million after steadily climbing earlier in the year. Check Point published mobile security research showing that 46% of respondents experienced employees downloading at least one malicious app during 2020.

Mobile 104

Mobile Malware Adware Banking 104

Security Affairs

JANUARY 10, 2021

To best understand the scale of the problem, let’s look into some recently notified, large organisation security breaches, reported over a four-week period between 20 th November and 17 th December 2020. 20 th Nov 2020 – Manchester United Football Club ( www.manutd.com ). 30 th November 2020 – Embrear ( www.embrear.com ).

Cyber Attacks 125

Cyber Attacks Government Software Surveillance 125

SecureWorld News

AUGUST 8, 2022

Cybercriminals often use malware to gain access to a computer or mobile device to deploy viruses, worms, Trojans, ransomware, spyware, and rootkits. A 2020 LokiBot variant was disguised as a launcher for the Fortnite multiplayer video game. Remcos installs a backdoor onto a target system.

Malware 98

Malware Banking Penetration Testing Healthcare 98

eSecurity Planet

SEPTEMBER 29, 2021

Recent research by Positive Technologies looked at the cyber threat landscape during Q2 2021 and found that ransomware attacks reached “stratospheric” levels, accounting for 69% of all malware attacks, a huge jump from 39% in Q2 2020. Integrated one-on-one Spyware HelpDesk support. Anti-phishing, spam and fraud prevention.

Ransomware 109

Ransomware VPN Backups Malware 109

Security Affairs

MAY 23, 2023

In the latest campaign uncovered by Kaspersky, the APT group, used a modular framework dubbed CloudWizard that supports spyware capabilities, including taking screenshots, microphone recording, harvesting Gmail inboxes, and keylogging. The archive contained two files, a decoy document (i.e. ” reads the new report published by Kaspersky.

Malware 98

Malware Spyware Encryption Hacking 98

Hot for Security

JUNE 18, 2021

A recent phishing campaign targeting Windows machines is attempting to infect users with one of the most recent versions of the Agent Tesla remote access Trojan (RAT). Active for over seven years, Agent Tesla has been used frequently in phishing campaigns seeking to steal user credentials, passwords and sensitive information.

Malware 52

Malware Phishing Spyware Software 52

SecureList

NOVEMBER 1, 2022

The victims are targeted with spear-phishing emails that trick them into mounting a malicious ISO file and double-clicking an LNK, which starts the infection chain. In June, we identified a previously unknown Android spyware app that targets Persian-speaking individuals. í religion that are banned in Iran.

Malware 145

Malware Ransomware Spyware Encryption 145

SecureList

NOVEMBER 18, 2022

In late August 2020, we published an overview of DeathStalker and its activities, including the Janicab, Evilnum and PowerSing campaigns. Meanwhile, in August 2020, we also released a private report on VileRAT for our threat intelligence customers. Later that year, we documented the PowerPepper campaign.

Malware 123

Malware Computers and Electronics Adware Cryptocurrency 123

SecureList

AUGUST 30, 2023

A DLL with this name was used in recent deployments of a backdoor that we dubbed Gopuram , which we had been tracking since 2020. In April 2020, we uncovered a significant shift in targeting and infection vector. Using a number of vulnerabilities in iOS, the attachment is executed and installs spyware.

Malware 98

Malware Spyware Government Cryptocurrency 98

eSecurity Planet

MAY 2, 2024

Compromised Credentials Compromised identities from phishing, info stealers, keyloggers, and bad password habits provide the entry point for most ransomware attacks and data breaches. Sophos: Noted that 43% of all 2023 malware signature updates are for stealers, spyware, and keyloggers often used to steal credentials from devices.

Cybersecurity 121

Cybersecurity DDOS Penetration Testing Passwords 121

Google Security

JULY 27, 2023

Maddie Stone, Security Researcher, Threat Analysis Group (TAG) This is Google’s fourth annual year-in-review of 0-days exploited in-the-wild [ 2021 , 2020 , 2019 ] and builds off of the mid-year 2022 review. More than 20% are variants of previous in-the-wild 0-days from 2021 and 2020. Bug collisions are high.

Spyware 94

Spyware Manufacturing Internet Internet 94

SecureList

NOVEMBER 22, 2022

Despite these uncovered campaigns, attackers were still more likely to hunt for cryptocurrency using phishing, offering dubious cryptocurrency exchange platforms, and launching cryptojacking to illicitly mint cryptocurrency. Mobile banking Trojans on the rise.

Cryptocurrency 106

Cryptocurrency Mobile Ransomware Banking 106

SecureList

JULY 27, 2023

Following this, we released the first of a series of additional reports describing the final payload in the infection chain: a highly sophisticated spyware implant that we dubbed “TriangleDB” Operating in memory, this implant periodically communicates with the C2 (command and control) infrastructure to receive commands.

Malware 98

Malware Government Phishing Social Engineering 98

SecureList

NOVEMBER 14, 2023

The threat actor used news about the Russo-Ukrainian conflict to trick targets into opening harmful emails that exploited the vulnerabilities (CVE-2020-35730, CVE-2020-12641 and CVE-2021-44026). This politician became the target of a previously undiscovered “zero-day” attack aimed at infecting his phone with spyware.

Hacking 141

Hacking Energy and Utilities Media Malware 141

Security Boulevard

AUGUST 6, 2024

Dynamic DNS Services Used by Threat Actors Dynamic DNS services have many benign users but they can also be used by threat actors in phishing attacks and within malware to communicate with command and control (C2) infrastructure. It’s also been used in numerous high-profile incidents, such as the 2012 attack on Miss Teen USA.

DNS 69

DNS Malware Social Engineering Engineering 69

SecureList

DECEMBER 1, 2023

However, they included an additional module that constantly monitored the messenger and sent data to the spyware creator’s C2 server. The version of Free Download Manager installed by the infected package was released on January 24, 2020. They mention the dates 20200126 (January 26, 2020) and 20200127 (January 27, 2020).

Malware 139

Malware Ransomware Encryption Energy and Utilities 139

Herjavec Group

AUGUST 26, 2021

Justice Department announces more than 70 indictments and 125 convictions or arrests for phishing, hacking, spamming and other Internet fraud as part of Operation CyberSweep. . 2008 — Heartland Payment Systems — 134 million credit cards are exposed through SQL injection to install spyware on Heartland’s data systems.

Cybercrime 135

Cybercrime Computers and Electronics Hacking Banking 135

SecureList

SEPTEMBER 26, 2022

NullMixer is a dropper that includes more than just specific malware families; it drops a wide variety of malicious binaries to infect the machine with, such as backdoors, bankers, downloaders, spyware and many others. RedLine Stealer has been known since early 2020 and developed through 2021. NullMixer execution chain. SmokeLoader.

Malware 145

Malware Cryptocurrency Passwords Software 145

SecureList

FEBRUARY 15, 2021

In 2020: The share of spam in email traffic amounted to 50.37%, down by 6.14 The Kaspersky Anti-Phishing component blocked 434,898,635 attempts at accessing scam sites. The most frequent targets of phishing attacks were online stores (18.12 The contact phone trick was heavily used both in email messages and on phishing pages.

Phishing 145

Phishing Malware Accountability Scams 145

SecureList

AUGUST 5, 2021

A fake notification about a Microsoft Teams meeting or a request to view an important document traditionally takes the victim to a phishing login page asking for corporate account credentials. Sixth and eighth places were occupied by Noon spyware Trojans, which infect any (2.66%) or only 32-bit (2.47%) versions of Windows.

Phishing 135

Phishing Banking Scams Computers and Electronics 135