malware Archives - Page 4 of 57 - Cyber Security Minute

Zero Day Summer: Microsoft Warns of Fresh New Software Exploits

Issued by: SecurityWeek

As part of its scheduled batch of Patch Tuesday security fixes, Redmond’s security response team flagged the two zero-days — CVE-2023-36761 and CVE-2023-36802 — in the “exploitation detected” category and urged Windows sysadmins to urgently apply available fixes. The most serious of the two bugs is described as a privilege escalation flaw in Microsoft Streaming…

Malware & Threats

Ransomware: It Takes A Village, Says NCSC

Issued by: DataBreach Today

Stopping the ransomware epidemic is less about tackling individual crypto-locking malware variants and more about combating the entire ecosystem of bad actors underpinning digital extortion, the British government said Monday. Behind any infection from name-brand ransomware such as LockBit or BlackCat lies a loose network of affiliates, initial access brokers and other actors, warned the…

Malware & Threats

Chinese-backed APT ‘Flax Typhoon’ Hacks Taiwan with Minimal Malware Footprint

Issued by: SecurityWeek

The cyberespionage operation, tagged with the moniker Flax Typhoon, hacks into organizations by exploiting known vulnerabilities in public-facing servers and then using legitimate tools built into the Windows operating system and otherwise benign software to quietly remain in these networks. “Because this activity relies on valid accounts and living-off-the-land binaries (LOLBins), detecting and mitigating this…

Malware & Threats

Researchers Uncover Real Identity of CypherRAT and CraxsRAT Malware Developer

Issued by: SecurityWeek

Using the online handle of ‘EVLF DEV’ and operating out of Syria for the past eight years, the individual is believed to have made over $75,000 from selling the two RATs to various threat actors. The same person is also a malware-as-a-service (MaaS) operator, according to Cyfirma. For the past three years, EVLF has been…

Malware & Threats

Thousands of Systems Turned Into Proxy Exit Nodes via Malware

Issued by: SecurityWeek

To date, AT&T Alien Labs researchers have identified over 400,000 systems that act as proxy exit nodes in this network. However, it is unclear how many of these were infected, and the company that offers the proxy service claims that all devices pertain to users who are aware of the proxy application’s functionality. Last week,…

Vulnerabilities

Hackers exploit Windows driver signature enforcement loophole for malware persistence

Issued by: CSO Online

Attackers have used the loophole to forge signatures on maliciously modified drivers, enabling them to deploy persistent malware and defeat game defenses. A loophole in a core Windows security mechanism that requires all kernel drivers to be digitally signed by Microsoft allows attackers to forge signatures on maliciously modified drivers. This technique has been automated…

News

Gozi banking malware “IT chief” finally jailed after more than 10 years

Issued by: Naked Security

Yesterday, we wrote about cybercrime charges that were finally unsealed for a massive cryptocurrency heist that was allegedly conducted over a three-year period starting back in 2011. Today’s long-term cybercrime justice story concerns the last member of the so-called Gozi Troika, three men who were originally charged in January 2013 for malware-related crimes that apparently…

Malware & Threats

Researchers published PoC exploit code for actively exploited Windows elevation of privilege issue

Issued by: Security Affairs

The Microsoft Windows vulnerability CVE-2023-29336 (CVSS score 7.8) is an elevation of privilege issue that resides in the Win32k component. Win32k.sys is a system driver file in the Windows operating system. The driver is responsible for providing the interface between user-mode applications and the Windows graphical subsystem. The vulnerability is actively exploited in attacks. The…

Malware & Threats

New PowerDrop Malware Targeting U.S. Aerospace Industry

Issued by: The Hacker News

An unknown threat actor has been observed targeting the U.S. aerospace industry with a new PowerShell-based malware called PowerDrop. “PowerDrop uses advanced techniques to evade detection such as deception, encoding, and encryption,” according to Adlumin, which found the malware implanted in an unnamed domestic aerospace defense contractor in May 2023. “The name is derived from…

Malware & Threats

ChatGPT creates mutating malware that evades detection by EDR

Issued by: CSO Online

A global sensation since its initial release at the end of last year, ChatGPT’s popularity among consumers and IT professionals alike has stirred up cybersecurity nightmares about how it can be used to exploit system vulnerabilities. A key problem, cybersecurity experts have demonstrated, is the ability of ChatGPT and other large language models (LLMs) to…