November 13, 2024 at 09:24AM Bitdefender has released a decryptor for the ShrinkLocker ransomware, which exploits Windows BitLocker to encrypt files. Despite its low sophistication, it has caused significant damage in attacks on organizations, including healthcare. The decryptor allows victims to recover files when used promptly, targeting specific configurations of BitLocker protection. ### Meeting Takeaways … Read more
November 7, 2024 at 02:48PM Thousands of users, particularly of applications like AutoCAD and Foxit PDF editor, have fallen victim to the “SteelFox” malware campaign, active since February 2023. This sophisticated malware, distributed through illegal torrents, uses advanced encryption for stealthy data theft and cryptomining, affecting over 11,000 individuals across multiple countries. ### Meeting Notes … Read more
November 6, 2024 at 01:00PM SteelFox is a newly discovered malware that mines cryptocurrency and steals credit card data by exploiting vulnerable drivers for SYSTEM privileges on Windows. Distributed as a crack tool via forums and torrents, it affects users of specific software like AutoCAD. Kaspersky reports significant detections, indicating its widespread impact since early … Read more
October 24, 2024 at 06:06AM The Lazarus Group exploited a now-patched zero-day vulnerability in Google Chrome to control devices by targeting cryptocurrency sector individuals via a fake game website. Disguised as a decentralized finance game, the attack, discovered by Kaspersky, began in February 2024 and involved advanced social engineering tactics. ### Meeting Takeaways on Lazarus … Read more
October 23, 2024 at 02:08PM The North Korean Lazarus hacking group exploited a Google Chrome zero-day (CVE-2024-4947) through a fake DeFi game, targeting cryptocurrency users. Discovered by Kaspersky on May 13, 2024, the exploit gained access to sensitive data. Google issued a fix by May 25, 2024, addressing the vulnerability. ### Meeting Takeaways: **Incident Overview:** … Read more
October 8, 2024 at 11:56AM The APT hacking group GoldenJackal breached air-gapped government systems in Europe using custom toolsets to steal sensitive data, including emails, encryption keys, and documents. The attacks occurred at least twice, targeting government and diplomatic entities for espionage. GoldenJackal also developed a new modular toolset to optimize covert operations. Multiple tools … Read more
October 8, 2024 at 07:28AM Russian government agencies and industrial entities are under ongoing cyber attacks by a group named Awaken Likho. Kaspersky reports a new campaign using the MeshCentral platform to gain remote system access since June 2024. The attacks primarily target Russian government agencies, contractors, and industrial enterprises, with spear-phishing tactics distributing malicious … Read more
October 4, 2024 at 12:11PM Google removed Kaspersky’s Android security apps from Google Play and disabled the developer accounts, without providing a reason. While investigating the issue, Kaspersky advised users to install the apps from alternative stores or the company’s website. This comes after Kaspersky announced shutting down its U.S. operations due to government sanctions … Read more
September 27, 2024 at 06:21AM Kaspersky’s US users are dissatisfied with the forced switch to UltraAV, following an agreement with Pango Group. Some users were unaware of the transition, leading to complaints about communication and lack of consent. Kaspersky and Pango assert that notifications were provided, and users can cancel subscriptions. The transition is expected … Read more
September 24, 2024 at 12:42PM Altered versions of popular Android apps linked to Spotify, WhatsApp, and Minecraft have been distributing a new iteration of Necro, a known malware loader, with some of these apps even present on the Google Play Store. This sophisticated malware is designed to carry out various malicious activities on infected devices, … Read more