November 20, 2023 at 11:01AM Threat actors are using a remote access trojan called NetSupport RAT to target the education, government, and business services sectors. The trojan is delivered through fraudulent updates, drive-by downloads, malware loaders, and phishing campaigns. The cybersecurity firm VMware Carbon Black has detected 15 new infections related to NetSupport RAT in … Read more
November 20, 2023 at 10:12AM Phishing campaigns using DarkGate and PikaBot malware are utilizing tactics previously seen with QakBot trojan attacks. The malware families have similarities in distribution methods and behaviors to QakBot. DarkGate has advanced evasion techniques and remote control capabilities, while PikaBot can deliver additional payloads. The attacks target various sectors, spreading through … Read more
November 20, 2023 at 07:45AM A USB worm called LitterDrifter, attributed to the Russia-linked Gamaredon group, has spread beyond Ukraine, its primary target, according to cybersecurity firm Check Point. The worm, also known as Armageddon and Aqua Blizzard, is designed to automatically spread to other USB drives and communicate with command-and-control servers. While Gamaredon primarily … Read more
November 20, 2023 at 06:42AM The LummaC2 malware has added a new anti-sandbox technique that uses trigonometry to evade detection and steal valuable information from infected hosts. The malware also incorporates control flow flattening and can deliver additional payloads. It requires the use of a crypter to conceal itself and relies on trigonometry to detect … Read more
November 17, 2023 at 08:48AM Threat actors are using manipulated search results and bogus Google ads to trick users into downloading malware instead of legitimate software, such as WinSCP. The attack involves redirecting users to a compromised WordPress website, then an attacker-controlled phishing site, and finally to a fake WinSCP website where they unknowingly download … Read more
November 17, 2023 at 08:40AM A report from Fastly reveals that organizations see generative AI as a significant cybersecurity threat. Data breaches, identity-based threats, and generative AI are viewed as the top cybersecurity threats in the next year. Although generative AI is seen as both positive and negative, concerns exist about new attack opportunities and … Read more
November 17, 2023 at 06:00AM An unidentified threat actor has been uploading malware-laden fake Python libraries to the PyPI repository for the past six months. Disguised as legitimate packages, these 27 libraries have attracted thousands of downloads from various countries. The attacker used steganography to hide malicious payloads within innocent-looking image files. The packages included … Read more
November 16, 2023 at 03:16PM Researchers at AhnLab Security Emergency Response Center (ASEC) have discovered a new campaign targeting MySQL servers with the ‘Ddostf’ malware botnet. The attackers exploit vulnerabilities or weak credentials to gain access to the servers and use user-defined functions (UDFs) to execute commands. The primary payload is the Ddostf bot client, … Read more
November 15, 2023 at 10:48AM The U.S. government has taken down the IPStorm botnet proxy network, as the developer behind it, Sergei Makinin, pleaded guilty. The botnet infected Windows, Mac, Linux, and Android devices globally. Makinin could face up to 30 years in prison and has made at least $550,000 from the scheme. The botnet … Read more
November 14, 2023 at 06:31PM Russian and Moldovan national Sergei Makinin has been arrested in Florida for operating a botnet called IPStorm. Makinin admitted to violating US law by intentionally causing damage to protected systems. The botnet used the InterPlanetary File System (IPFS) to hide its activities and allow infected machines to be used as … Read more