Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads

December 3, 2024 at 12:51AM A new malware campaign named Horns&Hooves targets users and businesses in Russia, infecting over 1,000 victims since March 2023. It delivers NetSupport RAT and BurnsRAT, utilizing deceptive email attachments to install additional malware. The threat is linked to group TA569, known for facilitating ransomware attacks and data theft. ### Meeting … Read more

New ShrinkLocker ransomware decryptor recovers BitLocker password

November 13, 2024 at 09:24AM Bitdefender has released a decryptor for the ShrinkLocker ransomware, which exploits Windows BitLocker to encrypt files. Despite its low sophistication, it has caused significant damage in attacks on organizations, including healthcare. The decryptor allows victims to recover files when used promptly, targeting specific configurations of BitLocker protection. ### Meeting Takeaways … Read more

‘SteelFox’ Malware Blitz Infects 11K Victims With Bundle of Pain

November 7, 2024 at 02:48PM Thousands of users, particularly of applications like AutoCAD and Foxit PDF editor, have fallen victim to the “SteelFox” malware campaign, active since February 2023. This sophisticated malware, distributed through illegal torrents, uses advanced encryption for stealthy data theft and cryptomining, affecting over 11,000 individuals across multiple countries. ### Meeting Notes … Read more

New SteelFox malware hijacks Windows PCs using vulnerable driver

November 6, 2024 at 01:00PM SteelFox is a newly discovered malware that mines cryptocurrency and steals credit card data by exploiting vulnerable drivers for SYSTEM privileges on Windows. Distributed as a crack tool via forums and torrents, it affects users of specific software like AutoCAD. Kaspersky reports significant detections, indicating its widespread impact since early … Read more

Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices

October 24, 2024 at 06:06AM The Lazarus Group exploited a now-patched zero-day vulnerability in Google Chrome to control devices by targeting cryptocurrency sector individuals via a fake game website. Disguised as a decentralized finance game, the attack, discovered by Kaspersky, began in February 2024 and involved advanced social engineering tactics. ### Meeting Takeaways on Lazarus … Read more

Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day

October 23, 2024 at 02:08PM The North Korean Lazarus hacking group exploited a Google Chrome zero-day (CVE-2024-4947) through a fake DeFi game, targeting cryptocurrency users. Discovered by Kaspersky on May 13, 2024, the exploit gained access to sensitive data. Google issued a fix by May 25, 2024, addressing the vulnerability. ### Meeting Takeaways: **Incident Overview:** … Read more

Hackers breach European air-gapped govt systems with custom malware

October 8, 2024 at 11:56AM The APT hacking group GoldenJackal breached air-gapped government systems in Europe using custom toolsets to steal sensitive data, including emails, encryption keys, and documents. The attacks occurred at least twice, targeting government and diplomatic entities for espionage. GoldenJackal also developed a new modular toolset to optimize covert operations. Multiple tools … Read more

Cyberattack Group ‘Awaken Likho’ Targets Russian Government with Advanced Tools

October 8, 2024 at 07:28AM Russian government agencies and industrial entities are under ongoing cyber attacks by a group named Awaken Likho. Kaspersky reports a new campaign using the MeshCentral platform to gain remote system access since June 2024. The attacks primarily target Russian government agencies, contractors, and industrial enterprises, with spear-phishing tactics distributing malicious … Read more

Google removes Kaspersky’s antivirus software from Play Store

October 4, 2024 at 12:11PM Google removed Kaspersky’s Android security apps from Google Play and disabled the developer accounts, without providing a reason. While investigating the issue, Kaspersky advised users to install the apps from alternative stores or the company’s website. This comes after Kaspersky announced shutting down its U.S. operations due to government sanctions … Read more

Kaspersky, Pango Respond to User Backlash as Transition to UltraAV Nearly Complete

September 27, 2024 at 06:21AM Kaspersky’s US users are dissatisfied with the forced switch to UltraAV, following an agreement with Pango Group. Some users were unaware of the transition, leading to complaints about communication and lack of consent. Kaspersky and Pango assert that notifications were provided, and users can cancel subscriptions. The transition is expected … Read more