Malware and Security Intelligence - Cyber Security Informer

Anubis, a new info-stealing malware spreads in the wild

Security Affairs

AUGUST 27, 2020

Microsoft warned of a recently uncovered piece of malware, tracked as Anubis that was designed to steal information from infected systems. This week, Microsoft warned of a recently uncovered piece of malware, tracked as Anubis, that was distributed in the wild to steal information from infected systems. Pierluigi Paganini.

Malware

Malware Advertising Cryptocurrency Cybercrime

Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years

The Hacker News

SEPTEMBER 17, 2021

Cisco Talos dubbed the malware attacks "Operation Layover," building on previous research from the Microsoft Security Intelligence

Malware

Malware Security Intelligence Phishing

Crooks spread malware via pirated movies during COVID-19 outbreak

Security Affairs

APRIL 30, 2020

Microsoft warns of a spike in malware spreading via pirate streaming services and movie piracy sites during the COVID-19 pandemic. Crooks are attempting to take advantage of COVID-19 pandemic spreading malware via pirate streaming services and movie piracy sites during the COVID-19 outbreak, Microsoft warns. Pierluigi Paganini.

Malware

Malware Security Intelligence Adware Social Engineering

Hackers Exploit Google Ads to Spread Malware Disguised as Popular Software

Penetration Testing

MARCH 31, 2024

A new report released by AhnLab Security Intelligence Center (ASEC) uncovers a disturbing tactic hackers are using to spread malware: they’re leveraging Google Ads tracking features to redirect unsuspecting users to malicious websites.

Penetration Testing

Penetration Testing Software Malware Security Intelligence

Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

The Hacker News

MAY 21, 2021

Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection.

Ransomware

Ransomware Malware Security Intelligence Encryption

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Security Affairs

JULY 11, 2024

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. The botnet shell script downloads an ELF file named “pty3” from a different IP address, likely a sample of Muhstik malware. ” reported Akamai.

Malware

Malware DDOS Internet Internet

Trickbot is the most prolific malware operation using COVID-19 themed lures

Security Affairs

APRIL 18, 2020

TrickBot is the malware that most of all is involved in COVID-19-themed attacks, Microsoft’s Office 365 Advanced Threat Protection (ATP) data reveals. Based on Office 365 ATP data, Trickbot is the most prolific malware operation using COVID-19 themed lures. This means we’re seeing a changing of lures, not a surge in attacks.”

Malware

Malware Advertising Security Intelligence Phishing

Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

Security Affairs

MAY 4, 2020

Microsoft warns of threat actors targeting organizations with malware-laced ISO and IMG files aimed at delivering a remote access trojan. Microsoft advanced machine learning threat detection models detected multiple malspam campaigns distributing malware-laced ISO. Pierluigi Paganini. SecurityAffairs – COVID-19, malspam).

Small Business

Small Business Malware Manufacturing Security Intelligence

South Korean ERP Vendor's Server Hacked to Spread Xctdoor Malware

The Hacker News

JULY 2, 2024

The AhnLab Security Intelligence Center (ASEC), which identified the attack in May 2024, did not attribute it to a known threat actor or group, but noted that the tactics overlap with that of Andariel, a sub-cluster within the

Hacking

Hacking Malware Security Intelligence

More Than 90 Percent of Malware in Q2 Came Via Encrypted Traffic: WatchGuard

eSecurity Planet

OCTOBER 4, 2021

percent of all malware detected on networks of WatchGuard Technologies customers in the second quarter came over encrypted connections, raising the security risk for the 80 percent of such organizations that lack processes for decrypting and scanning HTTPS traffic for threats. Malware in Encrypted Traffic. A surprising 91.5

Encryption

Encryption Malware Ransomware Firewall

Attackers Exploit Construction Site Trust, Deliver TrollAgent Malware

Penetration Testing

FEBRUARY 22, 2024

Security experts at the AhnLab Security Intelligence Center (ASEC) have recently uncovered a malware distribution campaign targeting a Korean construction-related association website.

Malware

Malware Penetration Testing Security Intelligence Software

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security Affairs

FEBRUARY 2, 2020

In contrast, past Dudear email campaigns carried the malware as attachment or used malicious URLs. pic.twitter.com/mcRyEBUmQH — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. pic.twitter.com/1qnx3NmwiB — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020.

Malware

Malware Security Intelligence Banking Phishing

Andariel Hackers Target South Korean Institutes with New Dora RAT Malware

The Hacker News

JUNE 3, 2024

Keylogger, Infostealer, and proxy tools on top of the backdoor were utilized for the attacks," the AhnLab Security Intelligence Center (ASEC) said in a report

Manufacturing

Manufacturing Education Security Intelligence Malware

New STRRAT RAT Malware Convinces Believe They’ve Fallen Victim to Ransomware, Researchers Find

Hot for Security

MAY 21, 2021

Security researchers have discovered a new massive spam email campaign designed to push the latest version of STRRAT malware, according to data shared by Microsoft. It turns out that some malware only impersonates a ransomware attack, leaving the files untouched but scaring people with the possibility of a ransomware infection.

Ransomware

Ransomware Malware Security Intelligence Encryption

WogRAT Backdoor: The Stealthy Malware Lurking in Online Notepads

Penetration Testing

MARCH 4, 2024

A newly discovered backdoor malware dubbed ‘WogRAT’ is raising alarms for both Windows and Linux users.

Penetration Testing

Penetration Testing Malware Security Intelligence

New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks

The Hacker News

NOVEMBER 13, 2022

A newly discovered evasive malware leverages the Secure Shell (SSH) cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service (DDoS) attacks.

DDOS

DDOS Malware Cryptocurrency Security Intelligence

Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers

The Hacker News

JUNE 30, 2022

A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign. The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence said in a series of tweets on Thursday.

Malware

Malware Security Intelligence

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

French Firms Rocked by Kasbah Hacker?

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. ‘FATAL’ ERROR.

DNS

DNS Penetration Testing Malware Hacking

IT giants warn of ongoing Chromeloader malware campaigns

Security Affairs

SEPTEMBER 20, 2022

VMware and Microsoft are warning of a widespread Chromeloader malware campaign that distributes several malware families. The malware is able to redirect the user’s traffic and hijacking user search queries to popular search engines, including Google, Yahoo, and Bing. SecurityAffairs – hacking, malware).

Malware

Malware Adware Ransomware Security Intelligence

Russian hackers use PowerShell USB malware to drop backdoors

Bleeping Computer

JUNE 15, 2023

The Russian state-sponsored hacking group Gamaredon (aka Armageddon, or Shuckworm) continues to target critical organizations in Ukraine's military and security intelligence sectors, employing a refreshed toolset and new infection tactics. [.]

Malware

Malware Security Intelligence Hacking

InnoLoader Malware Evades Detection Posing as Cracked Software

Penetration Testing

JUNE 29, 2024

The AhnLab Security Intelligence Center (ASEC) has issued a warning about a new breed of malware that disguises itself as cracked software and legitimate tools. This malware, dubbed “InnoLoader,” is far from ordinary.

Software

Software Malware Security Intelligence Cybersecurity

STRRAT RAT spreads masquerading as ransomware

Security Affairs

MAY 20, 2021

Microsoft warns of a malware campaign that is spreading a RAT dubbed named STRRAT masquerading as ransomware. Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. The latest version of the Java-based STRRAT malware (1.5)

Ransomware

Ransomware Malware Encryption Security Intelligence

Malware authors join forces and target organisations with Domino Backdoor

Malwarebytes

APRIL 18, 2023

There’s a new ransomware gang in town, stitched together from members of well known threat creators to push a new kind of malware focused on punishing unwary organisations. The malware family, called “Domino”, is the brainchild of FIN7 and ex-Conti ransomware members.

Malware

Malware Banking Ransomware Passwords

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

Microsoft linked a private-sector offensive actor (PSOA) to attacks using multiple zero-day exploits for its Subzero malware. Microsoft states that multiple news reports have linked the company to the Subzero malware toolset used to hack a broad range of devices, phones, computers, and network and internet-connected devices.

Surveillance

Surveillance Malware Authentication Accountability

Online Ed is the New Corporate Threat Vector

Security Boulevard

APRIL 19, 2021

In the last 30 days, education was the most targeted sector, receiving more than 60% of all malware encounters, or more than 5 million incidents, according to Microsoft Security Intelligence. The post Online Ed is the New Corporate Threat Vector appeared first on Security Boulevard. Department of.

Education

Education Security Intelligence Government Malware

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

— Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. — Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. Attacks showing up in commodity malware like those used by the threat actor CHIMBORAZO indicate broader exploitation in the near term.” states Microsoft.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Organizations in aerospace and travel sectors under attack, Microsoft warns

Security Affairs

MAY 13, 2021

Microsoft warns of a malware-based campaign that targeted organizations in the aerospace and travel sectors in the past months. Microsoft researchers revealed that organizations in the aerospace and travel sectors have been targeted in the past months in a malware-based campaign. com or similar sites.

Security Intelligence

Security Intelligence Phishing Malware Hacking

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Security Affairs

JUNE 14, 2021

— Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. The sites appear as a clone of Google Drive web pages used to serve the SolarMaker malware. pic.twitter.com/cBeTfteyGl — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. ” state Microsoft. Pierluigi Paganini.

Antivirus

Antivirus Security Intelligence Malware Insurance

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

New Zealand’s Computer Emergency Response Team (CERT) also published a security alert warning of spam campaigns spreading the Emotet threat. jp) email addresses that have been infected with the infamous malware and that can be employed in further spam campaigns. Today was only about a dozen replychain and nothing else.

Malware

Malware Passwords Advertising Cybercrime

Crafty Infostealer Campaign Leverages Fake Adobe Reader Installer, Advanced Tricks to Evade Detection

Penetration Testing

MARCH 11, 2024

Security experts from AhnLab SEcurity intelligence Center (ASEC) have uncovered a sophisticated malware campaign where attackers are tricking users into downloading a dangerous infostealer disguised as a legitimate Adobe Reader installation file.

Penetration Testing

Penetration Testing Security Intelligence Malware

Microsoft warns of “massive campaign” using COVID-19 themed emails

Security Affairs

MAY 22, 2020

Experts from the Microsoft Security Intelligence team provided some details on a new “massive campaign” using COVID-19 themed emails. Researchers from the Microsoft Security Intelligence team provided some details on a new massive phishing campaign using COVID-19 themed emails. macros in malware campaigns.

Security Intelligence

Security Intelligence Advertising Phishing Malware

TargetCompany Ransomware Group Escalates Attacks: New Tools and Persistent Targeting of MS-SQL Servers

Penetration Testing

MAY 1, 2024

The world of cybersecurity is witnessing an alarming trend as ransomware groups intensify their attacks on Microsoft SQL (MS-SQL) servers, exploiting weak management practices to deploy devastating malware.

Penetration Testing

Penetration Testing Ransomware Security Intelligence Malware

Corona Mirai botnet spreads via AVTECH CCTV zero-day

Security Affairs

AUGUST 29, 2024

Akamai’s Security Intelligence and Response Team (SIRT) has detected a botnet campaign exploiting multiple previously known vulnerabilities and a newly discovered zero-day, tracked as CVE-2024-7029 (CVSS score: 8.7), in AVTECH CCTV cameras. ” continues the report.

Firmware

Firmware Malware Security Intelligence Authentication

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

The group is suspected to have been running successful malware campaigns for more than five years. The attackers have used off-the-shelf malware since the beginning of their operations and have never developed their own malware. — Microsoft Security Intelligence (@MsftSecIntel) May 11, 2021.

Malware

Malware Phishing DNS Cybercrime

Hackers Weaponize Popular Software Framework for Stealthy Data Theft

Penetration Testing

APRIL 23, 2024

In a disturbing new development, cybersecurity experts at AhnLab Security Intelligence Center (ASEC) have revealed a growing trend of infostealer malware abusing the Electron framework.

Software

Software Penetration Testing Security Intelligence Malware

Microsoft warns about ongoing PonyFinal ransomware attacks

Security Affairs

MAY 27, 2020

pic.twitter.com/Q3BMs7fSvx — Microsoft Security Intelligence (@MsftSecIntel) May 27, 2020. Learn how to build organizational security hygiene to prevent human-operated attacks: [link] — Microsoft Security Intelligence (@MsftSecIntel) May 27, 2020.

Ransomware

Ransomware Security Intelligence Encryption Advertising

Cybercriminals Exploit Ebooks to Spread AsyncRAT Malware

Penetration Testing

JULY 11, 2024

A recent report from AhnLab Security Intelligence Center (ASEC) reveals new cyberattacks utilizing a novel method to distribute the AsyncRAT remote access trojan (RAT).

Malware

Malware Security Intelligence Cybersecurity

DBatLoader: A Malware Distribution via CMD Files

Penetration Testing

JUNE 27, 2024

AhnLab Security Intelligence Center (ASEC) has issued a warning regarding the re-emergence of the DBatLoader malware, a notorious downloader known for its historical involvement in phishing campaigns.

Malware

Malware Security Intelligence Phishing Cybersecurity

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

Security Affairs

JUNE 24, 2019

pic.twitter.com/PQ2g7rvDQm — Microsoft Security Intelligence (@MsftSecIntel) June 21, 2019. — Microsoft Security Intelligence (@MsftSecIntel) June 21, 2019. The final payload is the remote access Trojan FlawedAmmyy,” reads a Tweet published by Microsoft Security Intelligence. Pierluigi Paganini.

Security Intelligence

Security Intelligence Advertising Malware Banking

Emotet operators are running Halloween-themed campaigns

Security Affairs

OCTOBER 31, 2020

Crooks behind Emotet malware attempt to take advantage of the Halloween festivity, a new campaign could invite you to a Halloween party. Threat actors are attempting to take advantage of the Halloween festivities, a recent Emotet malware campaign spotted by BleepingComputer employed spam emails that invite recipients to a Halloween party.

Banking

Banking Malware Security Intelligence Advertising

Chinese Cyber Threat to Indian Defense and Telecom Sector

CyberSecurity Insiders

JUNE 18, 2021

Recorded Future that offers Enterprise Security Intelligence to American companies has revealed that there has been a persistent cyber threat to Indian Defense and Telecom sector from Chinese Military Intelligence since 2014.

Cyber threats

Cyber threats Security Intelligence Media Malware

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

In the middle-August, the malware was employed in fresh COVID19-themed spam campaign. Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. ” According to CISA, the surge in the attacks has rendered this malware one of the most prevalent ongoing threats.

Government

Government Banking Advertising Malware

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Security Affairs

MAY 15, 2022

Microsoft Security Intelligence team Microsoft reported that a new variant of the Sysrv botnet, tracked as Sysrv-K, now includes exploits for vulnerabilities in the Spring Framework and WordPress. — Microsoft Security Intelligence (@MsftSecIntel) May 13, 2022.

Security Intelligence

Security Intelligence Malware Architecture Backups

Anubis, a new info-stealing malware spreads in the wild

Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years

Trending Sources

Crooks spread malware via pirated movies during COVID-19 outbreak

Hackers Exploit Google Ads to Spread Malware Disguised as Popular Software

Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Trickbot is the most prolific malware operation using COVID-19 themed lures

Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

South Korean ERP Vendor's Server Hacked to Spread Xctdoor Malware

More Than 90 Percent of Malware in Q2 Came Via Encrypted Traffic: WatchGuard

Attackers Exploit Construction Site Trust, Deliver TrollAgent Malware

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Andariel Hackers Target South Korean Institutes with New Dora RAT Malware

New STRRAT RAT Malware Convinces Believe They’ve Fallen Victim to Ransomware, Researchers Find

WogRAT Backdoor: The Stealthy Malware Lurking in Online Notepads

New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks

Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers

Purple Lambert, a new malware of CIA-linked Lambert APT group

French Firms Rocked by Kasbah Hacker?

IT giants warn of ongoing Chromeloader malware campaigns

Russian hackers use PowerShell USB malware to drop backdoors

InnoLoader Malware Evades Detection Posing as Cracked Software

STRRAT RAT spreads masquerading as ransomware

Malware authors join forces and target organisations with Domino Backdoor

European firm DSIRF behind the attacks with Subzero surveillance malware

Online Ed is the New Corporate Threat Vector

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Organizations in aerospace and travel sectors under attack, Microsoft warns

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Crafty Infostealer Campaign Leverages Fake Adobe Reader Installer, Advanced Tricks to Evade Detection

Microsoft warns of “massive campaign” using COVID-19 themed emails

TargetCompany Ransomware Group Escalates Attacks: New Tools and Persistent Targeting of MS-SQL Servers

Corona Mirai botnet spreads via AVTECH CCTV zero-day

Threat actor has been targeting the aviation industry since at least 2018

Hackers Weaponize Popular Software Framework for Stealthy Data Theft

Microsoft warns about ongoing PonyFinal ransomware attacks

Cybercriminals Exploit Ebooks to Spread AsyncRAT Malware

DBatLoader: A Malware Distribution via CMD Files

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

Emotet operators are running Halloween-themed campaigns

Chinese Cyber Threat to Indian Defense and Telecom Sector

CISA alert warns of Emotet attacks on US govt entities

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Stay Connected