SecureList

OCTOBER 29, 2024

Attackers are increasingly distributing malware through a rather unusual method: a fake CAPTCHA as the initial infection vector. As with the previous stage, the victim doesn’t always encounter malware. Researchers from various companies reported this campaign in August and September.

Adware 127

Adware Malware Cryptocurrency Password Management 127

Security Affairs

DECEMBER 12, 2023

Cisco Talos researchers tracked the campaign as Operation Blacksmith, the nation-state actors are employing at least three new DLang -based malware families. Two of these malware strains are remote access trojans (RATs), respectively tracked as NineRAT and “DLRAT” The former relies on Telegram bots and channels for C2 communications.

Malware 130

Malware Data collection Manufacturing Healthcare 130

The Hacker News

APRIL 24, 2024

A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments.

Data collection 143

Data collection Malware 143

Security Boulevard

JANUARY 20, 2025

How cars became the worst product category for privacy Session Covers the extensive data collection (and subsequent sharing with car manufacturers and their affiliates) enabled by modern vehicles; they can collect way beyond location data. Malware campaigns covered generally target/affect the end user.

Surveillance 97

Surveillance Malware Data breaches Scams 97

Security Affairs

DECEMBER 10, 2020

Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware. ” concludes the report.

Malware 122

Malware Phishing Government Data collection 122

Cisco Security

JULY 5, 2021

Cisco Secure Endpoint (AMP for Endpoints) with Malware Analytics (ThreatGrid) offers Prevention, Detection, Threat Hunting and Response capabilities in a single solution. Orbital in Secure Endpoint with Malware Analytics can be used to search for computers that show indications of compromise from a sample analysis. 2 and ID.RA-3]

Malware 145

Malware Risk Mobile Technology 145

Krebs on Security

MARCH 11, 2022

As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians. that are easier for computers to manage. .”

DNS 331

DNS Internet Internet Phishing 331

Security Affairs

DECEMBER 19, 2022

” The analysis of the changes between the versions of the malicious module revealed that threat actors modified it to improve the data collection algorithm and make it work on multiple platforms. The post Malicious PyPI package posed as SentinelOne SDK to serve info-stealing malware appeared first on Security Affairs.

Malware 126

Malware Data collection Software Hacking 126

Security Affairs

AUGUST 14, 2020

The Threat Report Portugal: Q2 2020 compiles data collected on the malicious campaigns that occurred from April to Jun, Q2, of 2020. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports 145

Threat Reports Phishing Banking Malware 145

Security Boulevard

MARCH 24, 2025

Android Apps Use Bluetooth and WiFi Scanning to Track Users Without GPS Cyber Insider Researchers found that 86% of apps they analyzed collect sensitive data, including location data stemming from scanning Wi-Fi network details, and collecting device identifiers. They also have appeared to partner with Proton.

Surveillance 75

Surveillance Telecommunications Malware Data breaches 75

Malwarebytes

MARCH 4, 2022

Disk wipers are one particular type of malware often used against Ukraine. The day before the invasion of Ukraine by Russian forces on February 24, a new data wiper was unleashed against a number of Ukrainian entities. We obtained samples and in this post we will take apart this new malware. Behavioral analysis. Used components.

Malware 107

Malware Data collection Backups Ransomware 107

Security Affairs

MAY 27, 2020

The updated Grandoreiro Malware equipped with latenbot-C2 features in Q2 2020 now extended to Portuguese banks. This piece of malware includes improvements in the way it is operating. The Grandoreiro malware has been distributed via malscan campaigns around the globe during Q2 2020. Technical Analysis. 100:51224/$rdgate?

Malware 106

Malware Banking Advertising Data collection 106

Malwarebytes

JANUARY 16, 2024

The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. Together, CWRU and the FBI were able to identify that an IP address with which the malware was communicating had also been used to access the alumni email account of a man called Phillip Durachinsky.

Malware 101

Malware Passwords Identity Theft Data collection 101

SecureList

JULY 8, 2024

It’s a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud infrastructure. The malware leverages cloud resources as its command and control (C2) servers, accessing them through APIs using authentication tokens.

Government 143

Government Malware Data collection DNS 143

Security Affairs

AUGUST 7, 2024

The malware has been active since July 2021, it is designed to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malware employs various evasion techniques, including using the Russian cloud service Yandex Disk for C2 communications, avoiding dedicated infrastructure to remain undetected.

Spyware 142

Spyware Malware Encryption Data collection 142

Security Affairs

JULY 22, 2021

The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from April to June, Q2, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports 125

Threat Reports Phishing Malware Banking 125

Security Affairs

APRIL 20, 2020

Threat Report Portugal Q1 2020: Phishing and malware by numbers. The Portuguese Abuse Open Feed 0xSI_f33d is a novel open sharing database with the ability to collect indicators from multiple sources, developed by Segurança-Informática. The campaigns were classified as either phishing or malware. Phishing and Malware Q1 2020.

Threat Reports 137

Threat Reports Phishing Malware Banking 137

Security Affairs

JANUARY 26, 2021

Threat Report Portugal Q4 2020: Data related to Phishing and malware attacks based on the Portuguese Abuse Open Feed 0xSI_f33d. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. Malware by Numbers.

Threat Reports 137

Threat Reports Phishing Malware Banking 137

Security Affairs

SEPTEMBER 1, 2023

SapphireStealer is an open-source information stealer written in.NET, which is available in multiple public malware repositories since its public release in December 2022. SapphireStealer allows operators to gather system data (i.e. The malware is also able to siphon files stored with specific extensions and take screenshots.

Malware 128

Malware Data collection Architecture Hacking 128

The Hacker News

AUGUST 15, 2023

A "staggering" 120,000 computers infected by stealer malware have credentials associated with cybercrime forums, many of them belonging to malicious actors. The findings come from Hudson Rock, which analyzed data collected from computers compromised between 2018 to 2023.

Cybercrime 97

Cybercrime Data collection Malware Software 97

Security Affairs

MAY 2, 2021

The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from January to March, Q1, of 2021. Threat Report Portugal Q1 2021: Phishing and malware by numbers. The submissions were classified as either phishing or malware. Phishing and Malware Q1 2021. Malware by Numbers.

Threat Reports 107

Threat Reports Phishing Malware Data collection 107

The Hacker News

NOVEMBER 13, 2022

A recently discovered cyber espionage group dubbed Worok has been found hiding malware in seemingly innocuous image files, corroborating a crucial link in the threat actor's infection chain. What is noteworthy is data collection from victims' machines using

Data collection 97

Data collection Malware Cybersecurity 97

Security Affairs

JANUARY 16, 2025

The security breach occurred on December 13, 2023, but the company discovered the incident only on April 18, 2024, and has only now disclosed it due to the complexity of the digital forensic investigation. “On December 13, 2023, Wolf Haldenstein detected suspicious activity in its network environment.

Data breaches 95

Data breaches Identity Theft Consumer Protection Data collection 95

Security Affairs

APRIL 14, 2021

FireEye published its M-Trend 2021 report based on the data collected during the investigation, 650 new threat groups were tracked in 2020. FireEye published its annual report, titled M-Trend 2021, which is based on the data collected during the investigation on security incidents it managed. “Just 3.4%

Data collection 97

Data collection Malware Hacking Ransomware 97

CyberSecurity Insiders

NOVEMBER 16, 2021

Bugcrowd’s Inside the Mind of a Hacker report compiled from the data collected in between May 1st, 2020 to August 31st, 2021 states that security vulnerabilities have increased since the start of COVID-19 pandemic, as most companies opted for work from home operations.

Data collection 135

Data collection Scams Hacking Malware 135

The Last Watchdog

MAY 11, 2021

The payload malware: Sunburst, a heavily-obfuscated backdoor. People tend to focus on the Sunburst malware , the actual backdoor that ended up in the affected update package,” Pericin told me. Out of this comes whitelists and blacklists on which malware filters are based. Granular scrutiny.

Software 202

Software Hacking Malware Engineering 202

SecureList

OCTOBER 18, 2023

In early September 2022, we discovered several new malware samples belonging to the MATA cluster. As we were collecting and analyzing the relevant telemetry data, we realized the campaign had been launched in mid-August 2022 and targeted over a dozen corporations in Eastern Europe from the oil and gas sector and defense industry.

Malware 142

Malware Phishing Internet Internet 142

Security Affairs

JUNE 9, 2024

New York Times source code compromised via exposed GitHub token SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform Pandabuy was extorted twice by the same threat actor UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces Chinese threat actor exploits old ThinkPHP flaws since October 2023 A new Linux (..)

Data breaches 126

Data breaches Banking Hacking Malware 126

Security Affairs

MAY 23, 2020

Experts found multiple variants in the wild, many of them belonging to the Terdot Zbot/Zloader malware family. Data collected by the malware are then transferred to the operator’s command-and-control (C2) server. The malware is able to infect all operating systems.

Banking 143

Banking Advertising Malware Data collection 143

Security Affairs

NOVEMBER 14, 2021

The Threat Report Portugal: Q3 2021 compiles data collected on the malicious campaigns that occurred from July to September, Q3, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports 109

Threat Reports Phishing Malware Banking 109

Security Affairs

JULY 30, 2020

Threat actors behind this campaign are utilizing compromised infrastructure from multiple European countries to host their C2 infrastructure and distribute the malware to the targets. “Our analysis indicates that one of the purposes of the activity in 2020 was to install data gathering implants on victims’ machines.

Advertising 136

Advertising Data collection Malware Phishing 136

Security Affairs

JANUARY 17, 2021

It is time to re-evaluate Cyber-defence solutions New Zealand central bank hit by a cyber attack TeamTNT botnet now steals Docker API and AWS credentials Connecting the dots between SolarWinds and Russia-linked Turla APT Experts found gained access to the Git Repositories of the United Nations Russian hacker Andrei Tyurin sentenced to 12 years in prison (..)

Banking 109

Banking Data collection Malware Data breaches 109

Krebs on Security

JULY 18, 2022

re network uses at least two free VPN services to lure its users to install a malware-like software that achieves persistence on the user’s computer,” the researchers wrote. The Exe Clean service made malware look like goodware to antivirus products. 2022 closure of LuxSocks , another malware-based proxy network.

VPN 351

VPN Computers and Electronics Antivirus Software 351

Security Affairs

NOVEMBER 5, 2018

USB removable storage devices are the main vector for malware attacks against industrial facilities, states Honeywell report. According to a report published on by Honeywell, malware-based attacks against industrial facilities mostly leverage USB removable storage devices. ” states the report. ” continues the report.

Malware 111

Malware IoT Advertising Data collection 111

eSecurity Planet

OCTOBER 10, 2024

With malware increasingly targeting macOS, many users wonder how to protect their devices best. The answer is simple: invest in the right anti-malware and anti-virus software designed specifically for Mac users in 2025. This guide will explore the essential tools to help you secure your Mac against malware threats.

Software 63

Software Malware Antivirus Spyware 63

Krebs on Security

APRIL 16, 2020

Security experts are poring over thousands of new Coronavirus-themed domain names registered each day, but this often manual effort struggles to keep pace with the flood of domains invoking the virus to promote malware and phishing sites, as well as non-existent healthcare products and charities.

Cyber threats 324

Cyber threats Phishing Data collection Government 324

Security Affairs

JUNE 16, 2020

On Friday, the Norwegian Data Protection Authority (Norwegian: Datatilsynet) issued a warning that it would stop the Norwegian Institute of Public Health from handling data collected via Smittestopp contact tracing app. “The pandemic is not over,” she said.

Data collection 138

Data collection Advertising Government Technology 138