Information, Information Security, Malware and Security Intelligence

IT giants warn of ongoing Chromeloader malware campaigns

Security Affairs

SEPTEMBER 20, 2022

VMware and Microsoft are warning of a widespread Chromeloader malware campaign that distributes several malware families. The malware is able to redirect the user’s traffic and hijacking user search queries to popular search engines, including Google, Yahoo, and Bing. SecurityAffairs – hacking, malware).

Malware

Malware Adware Ransomware Security Intelligence

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security Affairs

FEBRUARY 2, 2020

In contrast, past Dudear email campaigns carried the malware as attachment or used malicious URLs. pic.twitter.com/mcRyEBUmQH — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. pic.twitter.com/1qnx3NmwiB — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020.

Malware

Malware Security Intelligence Banking Phishing

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

Security Affairs

MAY 4, 2020

Microsoft warns of threat actors targeting organizations with malware-laced ISO and IMG files aimed at delivering a remote access trojan. Microsoft advanced machine learning threat detection models detected multiple malspam campaigns distributing malware-laced ISO. Pierluigi Paganini. SecurityAffairs – COVID-19, malspam).

Small Business

Small Business Malware Manufacturing Security Intelligence

Emotet operators are running Halloween-themed campaigns

Security Affairs

OCTOBER 31, 2020

Crooks behind Emotet malware attempt to take advantage of the Halloween festivity, a new campaign could invite you to a Halloween party. Threat actors are attempting to take advantage of the Halloween festivities, a recent Emotet malware campaign spotted by BleepingComputer employed spam emails that invite recipients to a Halloween party.

Banking

Banking Malware Security Intelligence Advertising

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Security Affairs

DECEMBER 17, 2023

On December 6, The Akamai Security Intelligence Response Team (SIRT) published the first update to the InfectedSlurs advisory series. The security firm revealed that threat actors were exploiting a vulnerability, tracked as CVE-2023-49897 (CVSS score 8.0) and earlier. and earlier. ” concludes the report.

Firmware

Firmware Wireless DDOS IoT

STRRAT RAT spreads masquerading as ransomware

Security Affairs

MAY 20, 2021

Microsoft warns of a malware campaign that is spreading a RAT dubbed named STRRAT masquerading as ransomware. Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. The latest version of the Java-based STRRAT malware (1.5)

Ransomware

Ransomware Malware Encryption Security Intelligence

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

New Zealand’s Computer Emergency Response Team (CERT) also published a security alert warning of spam campaigns spreading the Emotet threat. jp) email addresses that have been infected with the infamous malware and that can be employed in further spam campaigns. Today was only about a dozen replychain and nothing else.

Malware

Malware Passwords Advertising Cybercrime

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

In the middle-August, the malware was employed in fresh COVID19-themed spam campaign. Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents.

Government

Government Banking Advertising Malware

Russia-linked Nobelium APT targets orgs in the global IT supply chain

Security Affairs

OCTOBER 25, 2021

The NOBELIUM APT ( APT29 , Cozy Bear , and The Dukes) is the threat actor that conducted supply chain attack against SolarWinds, which involved multiple families of implants, including the SUNBURST backdoor , TEARDROP malware , GoldMax malware , Sibot , and GoldFinder backdoors. ” states Microsoft.

Telecommunications

Telecommunications Technology Hacking Malware

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Security Affairs

MAY 15, 2022

Microsoft Security Intelligence team Microsoft reported that a new variant of the Sysrv botnet, tracked as Sysrv-K, now includes exploits for vulnerabilities in the Spring Framework and WordPress. — Microsoft Security Intelligence (@MsftSecIntel) May 13, 2022.

Security Intelligence

Security Intelligence Malware Architecture Backups

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

The group is suspected to have been running successful malware campaigns for more than five years. The attackers have used off-the-shelf malware since the beginning of their operations and have never developed their own malware. — Microsoft Security Intelligence (@MsftSecIntel) May 11, 2021.

Malware

Malware Phishing DNS Cybercrime

A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers

Security Affairs

JULY 1, 2022

Microsoft Security Intelligence experts are warning of a long-running campaign conducted by a cloud threat actor group, tracked as 8220, that is now targeting Linux servers to install crypto miners. “We observed notable updates to the long-running malware campaign targeting Linux systems by a group known as the 8220 gang.”

Security Intelligence

Security Intelligence Malware Hacking Information Security

Microsoft warns of attacks targeting MSSQL servers using the tool sqlps

Security Affairs

MAY 18, 2022

pic.twitter.com/Tro0NfMD0j — Microsoft Security Intelligence (@MsftSecIntel) May 17, 2022. pic.twitter.com/stXJMDMevc — Microsoft Security Intelligence (@MsftSecIntel) May 17, 2022. Then the attackers are able to perform other malicious actions, such as deploying malware.

Security Intelligence

Security Intelligence Hacking Accountability Malware

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices. The malware was employed in cryptocurrency mining campaigns and to launch denial-of-service (DDoS) attacks.

IoT

IoT DDOS Architecture Internet

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

— Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. — Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. Attacks showing up in commodity malware like those used by the threat actor CHIMBORAZO indicate broader exploitation in the near term.” states Microsoft.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

New InfectedSlurs Mirai-based botnet exploits two zero-days

Security Affairs

NOVEMBER 22, 2023

In October, Akamai’s Security Intelligence Response Team (SIRT) noticed an anomalous activity to the company’s honeypots targeting a rarely used TCP port. The InfectedSlurs is based on the JenX Mirai malware variant that in 2018 leveraged the Grand Theft Auto videogame community to infect devices.

DDOS

DDOS Wireless Security Intelligence Authentication

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Security Affairs

JUNE 14, 2021

— Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. The sites appear as a clone of Google Drive web pages used to serve the SolarMaker malware. pic.twitter.com/cBeTfteyGl — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. ” state Microsoft. Pierluigi Paganini.

Antivirus

Antivirus Security Intelligence Malware Insurance

Microsoft warns about ongoing PonyFinal ransomware attacks

Security Affairs

MAY 27, 2020

pic.twitter.com/Q3BMs7fSvx — Microsoft Security Intelligence (@MsftSecIntel) May 27, 2020. Learn how to build organizational security hygiene to prevent human-operated attacks: [link] — Microsoft Security Intelligence (@MsftSecIntel) May 27, 2020.

Ransomware

Ransomware Security Intelligence Encryption Advertising

A new Magecart campaign hides the malicious code in 404 error page

Security Affairs

OCTOBER 12, 2023

Researchers from the Akamai Security Intelligence Group uncovered a Magecart web skimming campaign that is manipulating the website’s default 404 error page to hide malicious code. The loader retrieves this string from the comment, decodes it, and initiates the attack, stealing the personal information provided by users.

Retail

Retail Security Intelligence Hacking Software

Microsoft partnered with other security firms to takedown TrickBot botnet

Security Affairs

OCTOBER 12, 2020

The security firms have collected more than 125,000 TrickBot malware samples and mapped the command and control infrastructure. The TrickBot botnet was considered by security experts one of the biggest botnets. Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations.

Banking

Banking Malware Advertising Financial Services

A new Astaroth Trojan Campaign uncovered by Microsoft

Security Affairs

JULY 9, 2019

Microsoft Defender ATP Research Team discovered a fileless malware campaign that was spreading the information stealing Astaroth Trojan. Experts at the Microsoft Defender ATP Research Team discovered a fileless malware campaign that is delivering the information stealing Astaroth Trojan.

Antivirus

Antivirus Malware Advertising Security Intelligence

HTML Smuggling technique used in phishing and malspam campaigns

Security Affairs

NOVEMBER 12, 2021

— Microsoft Security Intelligence (@MsftSecIntel) July 23, 2021. HTML smuggling is a highly evasive technique for malware delivery that leverages legitimate HTML5 and JavaScript features. The malicious payloads are delivered via encoded strings in an HTML attachment or webpage.

Phishing

Phishing Banking Passwords Firewall

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Security Affairs

MAY 20, 2023

Researchers at Microsoft Security Intelligence team published a series of tweets to warn of a new wave of attacks aimed at distributing the Clop ransomware and linked it to the financially motivated cybercriminal group Sangria Tempest (ELBRUS, FIN7 ).

Cybercrime

Cybercrime Ransomware Security Intelligence Hacking

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

Security Affairs

JUNE 24, 2019

pic.twitter.com/PQ2g7rvDQm — Microsoft Security Intelligence (@MsftSecIntel) June 21, 2019. — Microsoft Security Intelligence (@MsftSecIntel) June 21, 2019. The final payload is the remote access Trojan FlawedAmmyy,” reads a Tweet published by Microsoft Security Intelligence. Pierluigi Paganini.

Security Intelligence

Security Intelligence Advertising Malware Banking

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs

SEPTEMBER 24, 2020

— Microsoft Security Intelligence (@MsftSecIntel) September 24, 2020. We strongly recommend customers to immediately apply security updates for CVE-2020-1472. We strongly recommend customers to immediately apply security updates for CVE-2020-1472.

Security Intelligence

Security Intelligence Authentication Advertising Passwords

Microsoft Defender can now protect servers against ProxyLogon attacks

Security Affairs

MARCH 21, 2021

. “Today, we have taken an additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. ” reads the announcement published by Microsoft.

Antivirus

Antivirus Small Business Security Intelligence Hacking

RevengeRAT and AysncRAT target aerospace and travel sectors

SC Magazine

MAY 14, 2021

Microsoft Security Intelligence earlier this week tweeted out that it has been tracking a campaign of remote access trojans (RATs) targeting the aerospace and travel industries with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AysncRAT. Photo by Joe Raedle/Getty Images).

Phishing

Phishing Scams Security Awareness Security Intelligence

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

Learn how the group tried to stay under the radar using threats perceived to be less alarming: [link] — Microsoft Security Intelligence (@MsftSecIntel) November 30, 2020. New blog: The threat actor BISMUTH, which has been running increasingly complex targeted attacks, deployed coin miners in campaigns from July to August 2020.

Cryptocurrency

Cryptocurrency Antivirus Manufacturing Government

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Security Affairs

NOVEMBER 11, 2022

Get TTPs and protection info: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 14, 2022. In April, Sandworm targeted energy facilities in Ukraine with a new strain of the Industroyer ICS malware (INDUSTROYER2) and a new version of the CaddyWiper wiper.

Ransomware

Ransomware Telecommunications DNS Hacking

New Echobot Botnet targets Oracle, VMware Apps and includes 26 Exploits

Security Affairs

JUNE 16, 2019

The popular expert Larry Cashdollar, from Akamai’s Security Intelligence Response Team (SIRT), spotted a new version of the Echobot botnet that counts 26 different exploits. The first binary I found was compiled for ARM and still had the debugging information intact, which made it a little easier to analyze.

IoT

IoT Wireless Advertising Malware

Microsoft warns of more disruptive BlueKeep attacks and urges patch installation

Security Affairs

NOVEMBER 8, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. ” A new wave of attacks could exploit the vulnerability to spread more dangerous and destructive malware, like ransomware or spyware. . SecurityAffairs – Bluekeep, malware). Pierluigi Paganini.

Penetration Testing

Penetration Testing Malware Advertising Spyware

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Security Affairs

JANUARY 11, 2022

link] — Microsoft Security Intelligence (@MsftSecIntel) January 11, 2022. — Microsoft Security Intelligence (@MsftSecIntel) January 11, 2022. According to Microsoft the ransomware operators compromised the exposed systems to deploy the NightSky ransomware. trendmrcio[.]com, rogerscorp[.]org, sophosantivirus[.]ga,

Ransomware

Ransomware Hacking Internet Internet

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

Security Affairs

JUNE 10, 2019

Spam messages are carrying weaponized RTF documents that could infect users with malware without any user interaction, just opening the RTF documents. pic.twitter.com/Ac6dYG9vvw — Microsoft Security Intelligence (@MsftSecIntel) June 7, 2019. — Microsoft Security Intelligence (@MsftSecIntel) June 7, 2019.

Security Intelligence

Security Intelligence Advertising Malware Information Security

Mysterious Prestige ransomware targets organizations in Ukraine and Poland

Security Affairs

OCTOBER 16, 2022

Get TTPs and protection info: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 14, 2022. Microsoft has identified a new ransomware strain "Prestige" in limited targeted attacks in Ukraine and Poland. Several notable features differentiate this ransomware from other campaigns and payloads tracked by MSTIC.

Ransomware

Ransomware Encryption Backups Security Intelligence

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Security Affairs

MARCH 12, 2021

Microsoft researchers also spotted a ransomware gangs that is exploiting ProxyLogon flaws to spread a piece of malware tracked as DearCry. — Microsoft Security Intelligence (@MsftSecIntel) March 12, 2021. Microsoft protects against this threat known as Ransom:Win32/DoejoCrypt.A, and also as DearCry.

Cyber Attacks

Cyber Attacks Cybercrime Authentication Hacking

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Security Affairs

OCTOBER 30, 2020

Even so, organizations’ work to secure their Kubernetes architecture doesn’t end there. For information on how to secure that part of a Kubernetes cluster, click here. About the Author: David Bisson is an information security writer and security junkie. There are also the Node components.

Advertising

Advertising Internet Internet VPN

Australian Govt agency ACSC warns of Emotet and BlueKeep attacks

Security Affairs

NOVEMBER 11, 2019

“The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), with its state and territory partners, is continuing to respond to the widespread malware campaign known as Emotet while responding to reports that hackers are exploiting the BlueKeep vulnerability to mine cryptocurrency.” ” Noble added.

Small Business

Small Business Malware Cryptocurrency Advertising

Coronavirus-themed attacks May 17 ? May 23, 2020

Security Affairs

MAY 24, 2020

Experts from the Microsoft Security Intelligence team provided some details on a new “massive campaign” using COVID-19 themed emails. Recent research shows that the oil industry — already experiencing difficulties due to COVID-19 — must remain abreast of threats to stay safe from hackers.

Advertising

Advertising Security Intelligence Hacking Information Security

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

Microsoft linked a private-sector offensive actor (PSOA) to attacks using multiple zero-day exploits for its Subzero malware. Microsoft states that multiple news reports have linked the company to the Subzero malware toolset used to hack a broad range of devices, phones, computers, and network and internet-connected devices.

Surveillance

Surveillance Malware Authentication DNS

The number of exploits in the Echobot botnet reached 59

Security Affairs

AUGUST 7, 2019

At the time of its discovery, operators added 8 new exploits, but a few weeks later the popular expert Larry Cashdollar from Akamai’s Security Intelligence Response Team (SIRT) discovered a variant that included a total of 26 exploits. SecurityAffairs – Echobot variant, malware). Nothing interesting so far. Pierluigi Paganini.

Wireless

Wireless IoT Advertising Surveillance

Cyber Security Awareness and Risk Management

Spinone

DECEMBER 26, 2018

Cyber threat management , being an advanced discipline, craves analytical attention and a commander’s strategic skills of information security executives to confront and overcome the multi-dimensional cyber threats. You will create cyber awareness among your staff, as well as users, partners, customers.

Security Awareness

Security Awareness Risk Cyber threats Cyber Risk

Cybercrime Forum Data Set for 2019 and 2021 – Free Direct Download Technical Collection Copy Available! Grab a Copy Today!

Security Boulevard

MAY 25, 2021

I've decided to make my Cybercrime Forum Data Set for 2019 and 2021 exclusively available online for free in order for me to speed the dissemination process and to possibly empower security researchers and vendors with the necessary information to help them stay on the top of their game in terms of current and emerging cyber threats including U.S

Cybercrime

Cybercrime Cyber threats Hacking Software

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Cisco Security

MAY 27, 2022

Malware Threat Intelligence made easy and available, with Cisco Secure Malware Analytics and SecureX by Ben Greenbaum . SecureX: Bringing Threat Intelligence Together by Ian Redden . Secure Endpoint for iOS/Security Connector . Secure Malware Analytics (formerly Threat Grid) .

Malware

Malware Accountability DNS Technology

IT giants warn of ongoing Chromeloader malware campaigns

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Trending Sources

Purple Lambert, a new malware of CIA-linked Lambert APT group

Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

Emotet operators are running Halloween-themed campaigns

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

STRRAT RAT spreads masquerading as ransomware

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

CISA alert warns of Emotet attacks on US govt entities

Russia-linked Nobelium APT targets orgs in the global IT supply chain

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Threat actor has been targeting the aviation industry since at least 2018

A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers

Microsoft warns of attacks targeting MSSQL servers using the tool sqlps

Updated Kmsdx botnet targets IoT devices

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

New InfectedSlurs Mirai-based botnet exploits two zero-days

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Microsoft warns about ongoing PonyFinal ransomware attacks

A new Magecart campaign hides the malicious code in 404 error page

Microsoft partnered with other security firms to takedown TrickBot botnet

A new Astaroth Trojan Campaign uncovered by Microsoft

HTML Smuggling technique used in phishing and malspam campaigns

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

Hackers are using Zerologon exploits in attacks in the wild

Microsoft Defender can now protect servers against ProxyLogon attacks

RevengeRAT and AysncRAT target aerospace and travel sectors

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

New Echobot Botnet targets Oracle, VMware Apps and includes 26 Exploits

Microsoft warns of more disruptive BlueKeep attacks and urges patch installation

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

Mysterious Prestige ransomware targets organizations in Ukraine and Poland

Researchers warn of a surge in cyber attacks against Microsoft Exchange

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Australian Govt agency ACSC warns of Emotet and BlueKeep attacks

Coronavirus-themed attacks May 17 ? May 23, 2020

European firm DSIRF behind the attacks with Subzero surveillance malware

The number of exploits in the Echobot botnet reached 59

Cyber Security Awareness and Risk Management

Cybercrime Forum Data Set for 2019 and 2021 – Free Direct Download Technical Collection Copy Available! Grab a Copy Today!

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Stay Connected