malware

Malware & Threats

Issued by: Security Week

Likely active since 2015, DarkTortilla was designed to keep malicious payloads hidden from detection software, and was previously seen delivering remote access trojans (RATs) and information stealers – AgentTesla, AsyncRat, NanoCore, and RedLine – as well as targeted payloads such as Cobalt Strike and Metasploit. Highly configurable and complex, the crypter can also be used…

Malware & Threats

Issued by: Security Week

Believed to be backed by the North Korean government, Lazarus has been active since at least 2009, orchestrating various high-profile attacks, including numerous assaults on cryptocurrency entities. Also referred to as Hidden Cobra, Lazarus is believed to comprise multiple subgroups, the activities of which often overlap, the same as their tools. Over the past couple…

Malware & Threats

Issued by: Security Week

Also referred to as APT27, Bronze Union, Emissary Panda, Lucky Mouse, and TG-3390 (Threat Group 3390), Iron Tiger has been active since at least 2010, targeting hundreds of organizations worldwide for cyberespionage purposes. As part of recent attacks, the advanced persistent threat (APT) group abused the compromised servers of MiMi – an instant messaging application…

Malware & Threats

Issued by: Security Week

Initially announced in February, the macro-blocking feature is meant to prevent phishing attacks by making it more difficult for users to enable macros in documents received from the internet. Small snippets of code embedded in Office documents, macros have long been abused by threat actors in phishing attacks and for malware delivery. In 2016, Microsoft…

Vulnerabilities

Issued by: Security Week

According to fresh data from Redmond’s threat intelligence team, a ransomware-as-a-service gang it tracks as DEV-0206 has been caught rigging online ads to trick targets into installing a loader for additional malware previously attributed to EvilCorp. Even more ominously, Microsoft said its research teams discovered EvilCorp malware distribution tactics and observed behavior all over the…

Malware & Threats

Issued by: Dark Reading

Threat actors are targeting systems in industrial control environments with backdoor malware hidden in fake password-cracking tools. The tools, being touted for sale on a variety of social media websites, offer to recover passwords for hardware systems used in industrial environments. Researchers from Dragos recently analyzed one such password-cracking product and found it to contain…

Malware & Threats

Issued by: Dark Reading

Microsoft has revealed a now-fixed flaw in Apple’s macOS that allowed specific kinds of code to bypass the operating system’s App Sandbox restrictions on third-party applications, potentially allowing attackers to escalate device privileges and install additional malicious payloads. Microsoft shares credit for the find (CVE-2022-26706) with researcher Arsenii Kostromin, the company said in its announcement,…

Malware & Threats

Issued by: Help Net Security

The notorious cybercriminal syndicate competes with Conti and Lockbit 3.0. They introduced an advanced search by stolen victim’s passwords, and confidential documents leaked in the TOR network. Resecurity (USA), a Los Angeles-based cybersecurity company protecting Fortune 500 companies, has detected a significant increase in the value of ransom demand requests by the notorious Blackcat ransomware…