malware Archives - Page 4 of 57 - Cyber Security Minute

Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar

Issued by: The Hacker News

Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an “evolved version” of another loader malware known as DoubleFinger. “The idea behind this type of malware is to load the final payload without the loading process or the payload itself being detected by AV/EDR, etc.,” Kaspersky said in…

Malware & Threats

Breach Roundup: Johnson Controls Suffers Ransomware Attack

Issued by: DataBreach Today

Johnson Controls Suffers Ransomware Attack Global smart building and security systems maker Johnson Controls faces a major cybersecurity incident, it disclosed in a regulatory filing. “The incident has caused, and is expected to continue to cause, disruption to parts of the Company’s business operations,” it told the U.S. Securities and Exchange Commission. Bleeping Computer reports…

Malware & Threats

A phishing campaign targets Ukrainian military entities with drone manual lures

Issued by: Security Affairs

Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed Merlin. The campaign, codenamed STARK#VORTEX by Securonix, targets Ukrainian military entities and CERT-UA attributed it to a threat actor tracked as UAC-0154. The MerlinAgent is an open-source C2 toolkit written in Go, it…

Malware & Threats

Fake WinRAR PoC Exploit Conceals VenomRAT Malware

Issued by: Dark Reading

In a new twist on the cybercrime penchant for trojanizing things, a threat actor recently pounced upon a “hot” vulnerability disclosure to create a fake proof of concept (PoC) exploit that concealed the VenomRAT malware. According to research from Palo Alto Networks, the cyberattacker, who goes by “whalersplonk,” took advantage of a very real remote…

Malware & Threats

Zero Day Summer: Microsoft Warns of Fresh New Software Exploits

Issued by: SecurityWeek

As part of its scheduled batch of Patch Tuesday security fixes, Redmond’s security response team flagged the two zero-days — CVE-2023-36761 and CVE-2023-36802 — in the “exploitation detected” category and urged Windows sysadmins to urgently apply available fixes. The most serious of the two bugs is described as a privilege escalation flaw in Microsoft Streaming…

Malware & Threats

Ransomware: It Takes A Village, Says NCSC

Issued by: DataBreach Today

Stopping the ransomware epidemic is less about tackling individual crypto-locking malware variants and more about combating the entire ecosystem of bad actors underpinning digital extortion, the British government said Monday. Behind any infection from name-brand ransomware such as LockBit or BlackCat lies a loose network of affiliates, initial access brokers and other actors, warned the…

Malware & Threats

Chinese-backed APT ‘Flax Typhoon’ Hacks Taiwan with Minimal Malware Footprint

Issued by: SecurityWeek

The cyberespionage operation, tagged with the moniker Flax Typhoon, hacks into organizations by exploiting known vulnerabilities in public-facing servers and then using legitimate tools built into the Windows operating system and otherwise benign software to quietly remain in these networks. “Because this activity relies on valid accounts and living-off-the-land binaries (LOLBins), detecting and mitigating this…

Malware & Threats

Researchers Uncover Real Identity of CypherRAT and CraxsRAT Malware Developer

Issued by: SecurityWeek

Using the online handle of ‘EVLF DEV’ and operating out of Syria for the past eight years, the individual is believed to have made over $75,000 from selling the two RATs to various threat actors. The same person is also a malware-as-a-service (MaaS) operator, according to Cyfirma. For the past three years, EVLF has been…

Malware & Threats

Thousands of Systems Turned Into Proxy Exit Nodes via Malware

Issued by: SecurityWeek

To date, AT&T Alien Labs researchers have identified over 400,000 systems that act as proxy exit nodes in this network. However, it is unclear how many of these were infected, and the company that offers the proxy service claims that all devices pertain to users who are aware of the proxy application’s functionality. Last week,…

Vulnerabilities

Hackers exploit Windows driver signature enforcement loophole for malware persistence

Issued by: CSO Online

Attackers have used the loophole to forge signatures on maliciously modified drivers, enabling them to deploy persistent malware and defeat game defenses. A loophole in a core Windows security mechanism that requires all kernel drivers to be digitally signed by Microsoft allows attackers to forge signatures on maliciously modified drivers. This technique has been automated…