Malware & Threats Archives - Page 40 of 107

‘Moobot’ Botnet Targets Hikvision Devices via Recent Vulnerability

Issued by: Security Week

Tracked as CVE-2021-36260 and affecting over 70 cameras and NVRs from Hikvision, the critical-severity bug can be exploited to gain root access and completely take over vulnerable devices, without any form of user interaction. Hikvision released patches for the vulnerability on September 18 and, shortly after, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) alerted…

Malware & Threats

Ransomware Operators Leak Data Stolen From Wind Turbine Giant Vestas

Issued by: Security Week

Vestas became aware of the breach on November 19 and it immediately started shutting down IT systems. The company confirmed in late November that it had been hit by ransomware and that the breach resulted in internal files getting compromised. The firm said the incident did not impact wind turbine operations and nearly all systems…

Malware & Threats

QNAP Warns of New Crypto-Mining Malware Targeting NAS Devices

Issued by: Security Week

The Taiwan-based company, which is well known for its NAS and professional network video recorder (NVR) solutions, on Tuesday urged users to take immediate action to keep their devices protected against the new threat. QNAP says it is currently investigating reports where attackers infect NAS appliances with a Bitcoin miner that can be identified by…

Malware & Threats

Microsoft Seizes Domains Used by China-Linked APT ‘Nickel’

Issued by: Security Week

The tech giant took over the websites after filing pleadings with the U.S. District Court for the Eastern District of Virginia, which quickly granted an order in this regard. While the move will prevent the group’s access to some of its victims, it is unlikely to put an end to Nickel’s activities. However, Microsoft does…

Malware & Threats

Cyberattack Causes Significant Disruption at Colorado Electric Utility

Issued by: Security Week

The Delta-Montrose Electric Association (DMEA) is a member-owned and locally controlled rural electric cooperative that serves more than 34,000 customers in Colorado’s Montrose, Delta, and Gunnison counties. It is part of Touchstone Energy Cooperatives, a cooperative federation that has over 750 members across the United States. DMEA last week revealed that it had discovered a…

Malware & Threats

Hackers Steal $150 Million Worth of Cryptocurrency From BitMart

Issued by: Security Week

The platform claims that only the Ethereum (ETH) and Binance Smart Chain (BSC) hot wallets were impacted, and notes that the two wallets were compromised using stolen private keys. “In response to this incident, BitMart has completed initial security checks and identified affected assets. This security breach was mainly caused by a stolen private key…

Malware & Threats

17 Malware Frameworks Target Air-Gapped Systems for Espionage

Issued by: Security Week

The list was created over the course of 15 years, but the last four of the frameworks emerged last year, proof of an increased interest by threat actors to target isolated systems. Only malware components working together to create an offline, covert communication channel between air-gapped networks and a threat actor were taken into consideration…

Malware & Threats

SideCopy APT: Connecting lures to victims, payloads to infrastructure

Issued by: Blog Malwarebytes

Last week, Facebook announced that back in August it had taken action against a Pakistani APT group known as SideCopy. Facebook describes how the threat actors used romantic lures to compromise targets in Afghanistan. In this blog post we are providing additional details about SideCopy that have not been published before. We were able to…

Malware & Threats

Wind Turbine Giant Vestas Confirms Ransomware Involved in Cyberattack

Issued by: Security Week

Vestas became aware of the breach on November 19 and it immediately started shutting down IT systems. Little information was provided when the attack was disclosed, but the company’s description of the incident suggested that it was a ransomware attack. In an update shared on Monday, Vestas confirmed that ransomware was indeed used and that…

Malware & Threats

‘Sabbath’ Ransomware Operators Target Critical Infrastructure

Issued by: Security Week

According to a warning from Mandiant, the group previously operated under the names of Arcane and Eruption and was observed last year deploying the ROLLCOAST ransomware. In October 2021, the group created the public naming-and-shaming site 54BB47h (Sabbath), one month after a post was discovered where the malware group announced it was looking for partners…