Authentication and Malware - Cyber Security Informer

CISA warns of RESURGE malware exploiting Ivanti flaw

Security Affairs

MARCH 30, 2025

Cybersecurity and Infrastructure Security Agency (CISA) warns of RESURGE malware, targeting a vulnerability in Ivanti Connect Secure (ICS) appliances. Cybersecurity and Infrastructure Security Agency (CISA) published a Malware Analysis Report (MAR) on a new malware called RESURGE. reads the advisory. continues the advisory.

Malware

Malware Authentication Cybersecurity Encryption

PIN-Stealing Android Malware

Schneier on Security

JANUARY 9, 2024

The malware captures any PINs and passwords the victim enters to unlock their device and can later use them to unlock the device at will to perform malicious activities hidden from view.

Malware

Malware Banking Passwords Authentication

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware.

DNS

DNS Malware Firmware Authentication

Warning over free online file converters that actually install malware

Malwarebytes

MARCH 17, 2025

Instead of converting files, the tools actually load malware onto victims computers. The FBI warned specifically about that malware leading to ransomware attacks, but we’ve also seen similar sites that install browser hijackers, adware, and potentially unwanted programs (PUPs). This is the actual malware. Email addresses.

Malware

Malware Adware Education Phishing

Microsoft Patch Tuesday, November 2024 Edition

Krebs on Security

NOVEMBER 12, 2024

The second bug fixed this month that is already seeing in-the-wild exploitation is CVE-2024-43451 , a spoofing flaw that could reveal Net-NTLMv2 hashes , which are used for authentication in Windows environments. Narang notes that CVE-2024-43451 is the third NTLM zero-day so far this year. This bug has earned a CVSS severity rating of 9.8 (10

Authentication

Authentication Engineering Malware Passwords

Deceptive Google Meet Invites Lures Users Into Malware Scams

eSecurity Planet

OCTOBER 22, 2024

These malware scams lure individuals with fake conference invitations designed to mimic legitimate meeting requests and exploit users’ trust. You are then guided to execute PowerShell code designed to “fix” the supposed problem, unwittingly allowing malware to infiltrate their systems.

Scams

Scams Malware Phishing Social Engineering

Leaked Signing Keys Are Being Used to Sign Malware

Schneier on Security

DECEMBER 8, 2022

A bunch of Android OEM signing keys have been leaked or stolen, and they are actively being used to sign malware. The whole system of authentication rests on the assumption that signing keys are kept secret by the legitimate signers. This is a huge problem.

Malware

Malware Authentication Accountability

NEW TECH: Silverfort helps companies carry out smarter human and machine authentications

The Last Watchdog

MAY 26, 2020

Doing authentication well is vital for any company in the throes of digital transformation. Related: Locking down ‘machine identities’ At the moment, companies are being confronted with a two-pronged friction challenge, when it comes to authentication. We spoke at RSA 2020. And that’s not an easy task.

Authentication

Authentication Cloud Migration Accountability Digital transformation

Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI

Troy Hunt

AUGUST 29, 2023

Today, the US Justice Department announced a multinational operation involving actions in the United States, France, Germany, the Netherlands, and the United Kingdom to disrupt the botnet and malware known as Qakbot and take down its infrastructure.

Malware

Malware Passwords Password Management Antivirus

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

Security Affairs

NOVEMBER 19, 2024

Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. BrazenBamboo is known to be the author of other malware families, including LIGHTSPY , DEEPDATA, and DEEPPOST.

VPN

VPN Malware Spyware Passwords

DeepSeek and AI-Generated Malware Pose New Danger for Cybersecurity

SecureWorld News

MARCH 13, 2025

A recent report from Tenable highlights how DeepSeek R1, an open-source AI model, can generate rudimentary malware, including keyloggers and ransomware. While the AI-generated malware required manual debugging to function properly, its mere existence signals an urgent need for security teams to adapt their defenses.

Malware

Malware Cybersecurity Cyber threats Threat Detection

Nastiest Malware 2024

Webroot

OCTOBER 31, 2024

In our annual “Nastiest Malware” report, now in its sixth year, we’ve observed a steady increase in both the number and sophistication of malware attacks. Now let’s take a look at this year’s Nastiest Malware. It is the most successful and lucrative avenue for monetizing a breach of a victim.

Malware

Malware Ransomware Passwords Healthcare

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

Booking.com said it now requires 2FA , which forces partners to provide a one-time passcode from a mobile authentication app (Pulse) in addition to a username and password. In November 2023, the security firm SecureWorks detailed how scammers targeted booking.com hospitality partners with data-stealing malware.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

The Disneyland Team’s Web interface, which allows them to interact with malware victims in real time to phish their login credentials using phony bank websites. The Disneyland Team uses common misspellings for top bank brands in its domains. For example, one domain the gang has used since March 2022 is ushank[.]com

Malware

Malware Banking Phishing DDOS

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Troy Hunt

APRIL 26, 2021

Earlier this year, the FBI in partnership with the Dutch National High Technical Crimes Unit (NHTCU), German Federal Criminal Police Office (BKA) and other international law enforcement agencies brought down what Europol rereferred to as the world's most dangerous malware: Emotet. Turn on 2 factor authentication wherever available.

Malware

Malware Passwords Banking Password Management

Phishing Campaign Impersonates Booking.com, Plants Malware

eSecurity Planet

MARCH 14, 2025

A recent phishing campaign has raised alarms among cybersecurity professionals after it impersonated Booking.com to deliver a suite of credential-stealing malware. This command, executed via mshta.exe, downloads and launches various malware families, such as XWorm, Lumma Stealer, VenomRAT, AsyncRAT, Danabot, and NetSupport RAT.

Phishing

Phishing Malware Social Engineering Authentication

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Malwarebytes

MARCH 26, 2025

Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor.

Phishing

Phishing Malware Passwords Password Management

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname “ The Manipulaters ,” have been the subject of three stories published here since 2015.

Phishing

Phishing Cybercrime Advertising Malware

Not All MFA is Equal, and the Differences Matter a Lot

Daniel Miessler

MARCH 10, 2022

People are starting to get the fact that texts (SMS) are a weak form of multi-factor authentication (MFA). A growing percentage of malware packages now include prompts for not only a username and password, but also an MFA code. So that raises the question: is there a type of authentication that protects against this?

Authentication

Authentication Phishing Passwords Accountability

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware.

Malware

Malware Cybercrime Software Accountability

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

Malwarebytes

NOVEMBER 5, 2024

The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are taking over email accounts via stolen session cookies, allowing them to bypass the multi-factor authentication (MFA) a user has set up. However, session cookies are usually stolen by malware on the your device. Here’s how it works.

Accountability

Accountability Authentication Malware Banking

ToxicPanda Android banking trojan targets Europe and LATAM, with a focus on Italy

Security Affairs

NOVEMBER 5, 2024

The ToxicPanda Android malware has infected over 1,500 devices, enabling attackers to perform fraudulent banking transactions. Cleafy researchers spotted a new Android banking malware, dubbed ToxicPanda, which already infected over 1,500 Android devices. ” reads the report published by Cleafy. ” continues the report.

Banking

Banking Malware Accountability Authentication

A large botnet targets M365 accounts with password spraying attacks

Security Affairs

FEBRUARY 24, 2025

A botnet of 130,000+ devices is attacking Microsoft 365 accounts via password-spraying, bypassing MFA by exploiting basic authentication. The attackers targeted accounts protected with basic authentication bypassing multi-factor authentication. The attackers used basic authentication methods. ” continues the report.

Passwords

Passwords Accountability Authentication Malware

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound encryption and steal browser cookies. The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.

Encryption

Encryption Password Management Cryptocurrency Social Engineering

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

RedLine and META targeted millions of victims worldwide, according to Eurojust it was one of the largest malware platforms globally. Authorities discovered that over 1 200 servers in dozens of countries were running the malware. ESET released a free online scanner for Redline and META that can help users detect and remove malware.

Identity Theft

Identity Theft Passwords Malware Banking

FBI Hacker Dropped Stolen Airbus Data on 9/11

Krebs on Security

SEPTEMBER 13, 2023

Info-stealers like RedLine typically are deployed via opportunistic email malware campaigns, and by secretly bundling the trojans with cracked versions of popular software titles made available online. In June 2023, the FBI seized the BreachForums domain name , but the forum has since migrated to a new domain.

Cybercrime

Cybercrime Passwords Authentication Malware

Video: How Hackers Steal Your Cookies & How to Stop Them

eSecurity Planet

NOVEMBER 6, 2024

Attackers can steal your cookies through phishing, malware, and MITM attacks, leading to data theft, financial loss, and identity theft. They can also exploit vulnerabilities in websites you visit to install malware that extracts cookies from your browser. Let’s take a closer look at the process.

Identity Theft

Identity Theft Passwords Phishing Accountability

U.S. CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 23, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the Fortinet FortiManager missing authentication vulnerability CVE-2024-47575 (CVSS v4 score: 9.8) A missing authentication flaw in FortiManager and FortiManager Cloud versions allows attackers to execute arbitrary code or commands through specially crafted requests.

Authentication

Authentication Malware Risk Cybersecurity

GUEST ESSAY: How cybercriminals are using ‘infostealers’ to sidestep passwordless authentication

The Last Watchdog

JULY 11, 2024

Related: Passwordless workpace long way off However, as users engage with more applications across multiple devices, the digital security landscape is shifting from passwords and password managers towards including passwordless authentication, such as multi-factor authentication (MFA), biometrics, and, as of late, passkeys.

Authentication

Authentication Passwords Malware Accountability

Turn on MFA Before Crooks Do It For You

Krebs on Security

JUNE 19, 2020

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. When the two of them sat down to reset his password, the screen displayed a notice saying there was a new Gmail address tied to his Xbox account.

Authentication

Authentication Accountability Passwords Mobile

Why we’re no longer doing April Fools’ Day

Malwarebytes

MARCH 31, 2025

Theres the fake CAPTCHA that hijacks clipboards and tricks users into installing malware. Theres the many, many, many scams that use Google ads to trick people into granting remote access to their machine , handing over money, or installing malware. Set up multi-factor authentication on every account you can.

Scams

Scams Passwords Accountability Password Management

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 19, 2024

This week, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. concludes Sophos.

Backups

Backups VPN Ransomware Authentication

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware

The Hacker News

JULY 1, 2024

A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware.

Malware

Malware Authentication Software

Crime Shop Sells Hacked Logins to Other Crime Shops

Krebs on Security

JANUARY 21, 2022

One example is Genesis Market , where customers can search for stolen credentials and authentication cookies from a broad range of popular online destinations. Genesis mostly gets its inventory of botted computers and stolen logins from resellers who specialize in deploying infostealer malware via email and booby-trapped websites.

Hacking

Hacking Cybercrime Passwords Authentication

More SolarWinds News

Schneier on Security

FEBRUARY 3, 2021

Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot , was deployed in September 2019, at the time hackers breached SolarWinds’ internal network.

Computers and Electronics

Computers and Electronics Malware Software Government

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. Image: Proofpoint.

Accountability

Accountability Advertising Passwords Phishing

New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram

The Hacker News

SEPTEMBER 12, 2024

Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at least November 2024 with the goal of harvesting financial information and intercepting two-factor authentication (2FA) messages.

Malware

Malware Banking Authentication

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

.” Echoing the FBI’s warning, Donahue said far too many police departments in the United States and other countries have poor account security hygiene, and often do not enforce basic account security precautions — such as requiring phishing-resistant multifactor authentication. dot-gov emails get hacked. ”

Hacking

Hacking Accountability Government Social Engineering

RSAC insights: Malware is now spreading via weaponized files circulating in data lakes, file shares

The Last Watchdog

JUNE 3, 2022

Lots of innovation has come down the pike with respect to imbuing zero trust into two pillars of security operations: connectivity and authentication. Much has been done with connectivity and authentication. Zero trust, put simply, means eliminating implicit trust. But that needs to change, he says. “Bad

Unstructured Data

Unstructured Data Malware Digital transformation Authentication

North Korea-linked APT Moonstone used Qilin ransomware in limited attacks

Security Affairs

MARCH 10, 2025

Moonstone Sleet threat actors target financial and cyberespionage victims using trojanized software, custom malware, malicious games, and fake companies like StarGlow Ventures and C.C. The APT group has also spread malware via a fraudulent tank game (DeTankWar) and engaged in ransomware attacks using FakePenny.

Ransomware

Ransomware VPN Healthcare Malware

News alert: SpyCloud operationalizes darknet data, pioneers shift to holistic identity threat protection

The Last Watchdog

FEBRUARY 4, 2025

This innovative approach empowers security teams to proactively protect against previously unseen risks, including the darknet exposures of identity and authentication data stolen about employees, consumers, and suppliers that have been beyond their visibility to date.

Cybercrime

Cybercrime Phishing Accountability Malware

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

Malwarebytes

FEBRUARY 25, 2025

Sometimes malware creators manage to get their apps listed in the official app store. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. The app known as Finance Simplifiedbelongs to the SpyLoan family which specializes in predatory lending.

Passwords

Passwords Password Management Phishing Authentication

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. Of those malicious apps, 5,200 could subvert one of the strongest security practices available today, called multifactor authentication, by prying into basic text messages sent to a device.

Phishing

Phishing Passwords Mobile Authentication

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking

Hacking Social Engineering Phishing Scams

CISA warns of RESURGE malware exploiting Ivanti flaw

PIN-Stealing Android Malware

Trending Sources

MikroTik botnet relies on DNS misconfiguration to spread malware

Warning over free online file converters that actually install malware

Microsoft Patch Tuesday, November 2024 Edition

Deceptive Google Meet Invites Lures Users Into Malware Scams

Leaked Signing Keys Are Being Used to Sign Malware

NEW TECH: Silverfort helps companies carry out smarter human and machine authentications

Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

DeepSeek and AI-Generated Malware Pose New Danger for Cybersecurity

Nastiest Malware 2024

Booking.com Phishers May Leave You With Reservations

Disneyland Malware Team: It’s a Puny World After All

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Phishing Campaign Impersonates Booking.com, Plants Malware

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Not All MFA is Equal, and the Differences Matter a Lot

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

ToxicPanda Android banking trojan targets Europe and LATAM, with a focus on Italy

A large botnet targets M365 accounts with password spraying attacks

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

International law enforcement operation dismantled RedLine and Meta infostealers

FBI Hacker Dropped Stolen Airbus Data on 9/11

Video: How Hackers Steal Your Cookies & How to Stop Them

U.S. CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalog

GUEST ESSAY: How cybercriminals are using ‘infostealers’ to sidestep passwordless authentication

Turn on MFA Before Crooks Do It For You

Why we’re no longer doing April Fools’ Day

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware

Crime Shop Sells Hacked Logins to Other Crime Shops

More SolarWinds News

Malicious Office 365 Apps Are the Ultimate Insiders

New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram

FBI: Spike in Hacked Police Emails, Fake Subpoenas

RSAC insights: Malware is now spreading via weaponized files circulating in data lakes, file shares

North Korea-linked APT Moonstone used Qilin ransomware in limited attacks

News alert: SpyCloud operationalizes darknet data, pioneers shift to holistic identity threat protection

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

Phishing evolves beyond email to become latest Android app threat

When Low-Tech Hacks Cause High-Impact Breaches

Stay Connected