Krebs on Security

NOVEMBER 8, 2022

Let’s face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. November’s patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.

Internet 249

Internet Internet Cyber threats Engineering 249

Krebs on Security

JUNE 15, 2022

Three of the bugs tackled this month earned Microsoft’s most dire “critical” label, meaning they can be exploited remotely by malware or miscreants to seize complete control over a vulnerable system. that earned a CVSS score of 9.8 (10 10 being the worst).

Architecture 291

Architecture Internet Internet Software 291

Schneier on Security

MARCH 8, 2023

Researchers have discovered malware that “can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows.” ” Dubbed BlackLotus, the malware is what’s known as a UEFI bootkit.

Malware 282

Malware Firmware Software Hacking 282

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims.

Malware 339

Malware Identity Theft Cybercrime Accountability 339

Webroot

OCTOBER 31, 2024

In our annual “Nastiest Malware” report, now in its sixth year, we’ve observed a steady increase in both the number and sophistication of malware attacks. Now let’s take a look at this year’s Nastiest Malware. It is the most successful and lucrative avenue for monetizing a breach of a victim.

Malware 104

Malware Ransomware Passwords Healthcare 104

Krebs on Security

DECEMBER 14, 2022

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The bug already seeing exploitation is CVE-2022-44698 , which allows attackers to bypass the Windows SmartScreen security feature.

Social Engineering 237

Social Engineering Ransomware Software Engineering 237

Krebs on Security

AUGUST 2, 2022

Compounding the problem, several remaining malware-based proxy services have chosen to block new registrations to avoid swamping their networks with a sudden influx of customers. com , a malware-based proxy network that has been in existence since at least 2010. July 28, 2022: Breach Exposes Users of Microleaves Proxy Service.

Malware 315

Malware Cybercrime Internet Internet 315

Tech Republic Security

OCTOBER 27, 2022

SonicWall’s mid-year report update has been released with new information on malware, ransomware, cryptojacking and more. The post 2022 cyber threat report details growing trends appeared first on TechRepublic.

Threat Reports 207

Threat Reports Cyber threats Ransomware Malware 207

Krebs on Security

NOVEMBER 16, 2022

The Disneyland Team’s Web interface, which allows them to interact with malware victims in real time to phish their login credentials using phony bank websites. For example, one domain the gang has used since March 2022 is ushank[.]com The Disneyland Team uses common misspellings for top bank brands in its domains.

Malware 329

Malware Banking Phishing DDOS 329

Krebs on Security

DECEMBER 4, 2024

In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “ Wazawaka ,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies.

Cybercrime 230

Cybercrime Ransomware Cryptocurrency Government 230

Krebs on Security

FEBRUARY 8, 2022

But it does fix four dozen flaws, including several that Microsoft says will likely soon be exploited by malware or malcontents. Among those is CVE-2022-22005 , a weakness in Microsoft’s Sharepoint Server versions 2013-2019 that could be exploited by any authenticated user.

Authentication 230

Authentication Internet Internet System Administration 230

Krebs on Security

SEPTEMBER 14, 2022

Worst in terms of outright scariness is CVE-2022-37969 , which is a “privilege escalation” weakness in the Windows Common Log File System Driver that allows attackers to gain SYSTEM-level privileges on a vulnerable host. .” CVE-2022-32984 is a problem in the deepest recesses of the operating system (the kernel).

Spyware 219

Spyware Cyber threats Security Defenses Cyber Attacks 219

Tech Republic Security

JANUARY 18, 2023

The volume of cloud-based malware tripled in 2022 over the prior year, says Netskope, with 30% of the malicious downloads coming from Microsoft OneDrive. The post Rise of cloud-delivered malware poses key security challenges appeared first on TechRepublic.

Malware 209

Malware Cybersecurity 209

Security Affairs

DECEMBER 27, 2024

North Korea-linked threat actors were spotted using new malware called OtterCookie as part of the Contagious Interview campaign that targets software developer community with fake job offers. Since November 2024, threat actors employed the malware OtterCookie, alongside BeaverTail and InvisibleFerret, in the campaign.

Malware 87

Malware Cryptocurrency Software Hacking 87

Security Affairs

FEBRUARY 17, 2025

Microsoft Threat Intelligence discovered a new variant of the macOS malware XCSSET in attacks in the wild. XCSSET is a sophisticated modular macOS malware that targets users by infecting Xcode projects, it has been active since at least 2022. Microsoft observed that the malware was employed in limited attacks.

Malware 68

Malware Hacking Software 68

Krebs on Security

NOVEMBER 14, 2024

Shefel asserts he and his team were responsible for developing the card-stealing malware that Golubov’s hackers installed on Target and Home Depot payment terminals, and that at the time he was technical director of a long-running Russian cybercrime community called Lampeduza. “I’m also godfather of his second son.”

Retail 254

Retail Advertising Cryptocurrency Marketing 254

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware 301

Malware Cybercrime Software Accountability 301

Schneier on Security

APRIL 13, 2022

Key points: ESET researchers collaborated with CERT-UA to analyze the attack against the Ukrainian energy company The destructive actions were scheduled for 2022-04-08 but artifacts suggest that the attack had been planned for at least two weeks The attack used ICS-capable malware and regular disk wipers for Windows, Linux and Solaris operating systems (..)

Malware 327

Malware 327

Tech Republic Security

OCTOBER 7, 2022

The post 2022 State of the Threat: Ransomware is still hitting companies hard appeared first on TechRepublic. SecureWorks found that business email compromise still generates huge revenues for cybercriminals, while cyberespionage activities tend not to change so much.

Ransomware 217

Ransomware Malware Cybersecurity 217

Security Affairs

OCTOBER 27, 2024

They were convicted of illegal payment handling, with Puzyrevsky and Khansvyarov also found guilty of malware use and distribution. They were found guilty of illegal payment handling, while Puzyrevsky and Khansvyarov were also convicted of using and distributing malware. in March 2022. “On Friday, October 25, the St.

Ransomware 142

Ransomware Hacking Malware Cybercrime 142

Tech Republic Security

OCTOBER 26, 2021

Supply chain attacks, misinformation campaigns, mobile malware and larger scale data breaches are just some of the threats to watch for next year, Check Point Software says.

Data breaches 218

Data breaches Mobile Malware Software 218

Krebs on Security

JUNE 8, 2023

But experts say that is exactly what transpired this week with Barracuda Networks , as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes. Campbell, Calif.

Firmware 341

Firmware Malware Software Ransomware 341

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware 236

Malware VPN Internet Internet 236

Krebs on Security

NOVEMBER 28, 2022

But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan , malware designed to surreptitiously intercept and forward text messages from Android mobile devices. ” wherein Shmakov acknowledged writing the malware as a freelance project.

Mobile 286

Mobile Malware Technology Government 286

Security Affairs

MARCH 20, 2025

The archive contains a fake PDF report and DarkTortilla malware, which acts as a launcher for the Dark Crystal RAT ( DCRat ). The modular architecture of the malware allows to extend its functionalities for multiple malicious purposes, including surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution.

Computers and Electronics 107

Computers and Electronics Telecommunications Malware Surveillance 107

Malwarebytes

JANUARY 22, 2025

The MotW is what triggers warnings that opening or running such files could lead to potentially dangerous behavior, including installing malware on their devices. 7-Zip added support for MotW in June 2022. Always be careful when opening archived files that you downloaded from the internet.

Internet 142

Internet Internet Malware Risk 142

The Hacker News

AUGUST 24, 2024

Cybersecurity researchers have uncovered a new stealthy piece of Linux malware that leverages an unconventional technique to achieve persistence on infected systems and hide credit card skimmer code. This advanced threat, active since 2022, hides

Malware 140

Malware Cybersecurity 140

SecureList

FEBRUARY 26, 2024

million malware, adware, and riskware attacks. The year’s trends Malware, adware, and riskware attacks on mobile devices dipped in February, only to rise steadily until the end of the year. The Trojan-SMS-type malware saw its activity decrease significantly, dropping six positions from 2022. of all threats detected.

Mobile 137

Mobile Malware Adware Banking 137

The Hacker News

JULY 31, 2024

A new malicious campaign has been observed making use of malicious Android apps to steal users' SMS messages since at least February 2022 as part of a large-scale campaign. Of those 107,000 malware samples, over 99,000 of

Malware 144

Malware Passwords Accountability 144

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. Qakbot/Qbot was once again the top malware loader observed in the wild in the first six months of 2023. Emerging in 2007 as a banking trojan, QakBot (a.k.a.

Hacking 308

Hacking Malware Ransomware Government 308

Security Affairs

DECEMBER 22, 2024

Panev and other developers were tasked to create and maintain the malware and infrastructure, while affiliates executed attacks and extorted ransoms, splitting the proceeds. Panev received over $230,000 in laundered cryptocurrency from Khoroshev between 2022 and 2024. ” reads the press release published by DoJ.

Ransomware 118

Ransomware Small Business Antivirus Malware 118

Digital Shadows

MARCH 17, 2025

Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. CVE-2022-40684: Admin Control over VPN Infrastructure What is CVE-2022-40684? Rated CVSS 9.8,

VPN 133

VPN Authentication Ransomware Risk 133

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware 328

Malware Software Technology Accountability 328

Security Affairs

MARCH 10, 2025

Moonstone Sleet threat actors target financial and cyberespionage victims using trojanized software, custom malware, malicious games, and fake companies like StarGlow Ventures and C.C. The APT group has also spread malware via a fraudulent tank game (DeTankWar) and engaged in ransomware attacks using FakePenny.

Ransomware 117

Ransomware VPN Healthcare Malware 117

The Last Watchdog

AUGUST 1, 2023

1, 2023 – Guardz , the cybersecurity company securing and insuring SMEs, today disclosed the existence of a Hidden Virtual Network Computing (hVNC) malware targeting macOS devices. While cybercriminals have predominantly designed malware to target Microsoft Windows devices at scale, they are now increasingly developing tools for macOS.

Malware 189

Malware Insurance Cyber Insurance Small Business 189

Security Affairs

AUGUST 25, 2024

Researchers spotted a new stealthy Linux malware named sedexp that uses Linux udev rules to achieve persistence and evade detection. Aon’s Cyber Solutions spotted a new malware family, called sedexp, that relies on a lesser-known Linux persistence technique. Sedexp uses udev rules to maintain persistence. ” concludes the report.

Malware 141

Malware Hacking Ransomware Cybercrime 141

Krebs on Security

MARCH 27, 2025

Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life.

Phishing 189

Phishing Government Engineering Internet 189