Chinese ‘Stayin’ Alive’ Attacks Dance onto Targets With Dumb Malware

October 11, 2023 at 05:23PM Chinese APT group “ToddyCat” is using simple but constantly evolving custom backdoors and loaders to target telecommunications organizations in Central and Southeast Asia. The group, previously linked to Chinese espionage operations, uses spear phishing emails with archive files to exploit a DLL sideloading vulnerability. While the malware used by ToddyCat … Read more

Curl Bug Hype Fizzles After Patching Reveal

October 11, 2023 at 04:24PM The cybersecurity community anxiously awaited the disclosure of two security flaws in the open source proxy resolution tool, Curl. However, after patches and bug details were unveiled, neither vulnerability lived up to the hype. The first flaw could allow data corruption or remote code execution, but it only affects a … Read more

Data Thieves Test-Drive Unique Certificate Abuse Tactic

October 11, 2023 at 11:41AM Attackers are using a new method of certificate abuse to spread info-stealing malware, including stealing cryptocurrency from Windows systems. The campaign involves search engine optimization poisoning to deliver malicious pages promoting illegal software downloads. The malware uses special certificates with long strings of non-English characters, making them difficult to detect. … Read more

Over 17,000 WordPress Sites Compromised by Balada Injector in September 2023

October 11, 2023 at 08:54AM Over 17,000 WordPress websites were hacked in September 2023, double the number from the previous month. Around 9,000 of these websites were infiltrated using a security flaw in the tagDiv Composer plugin, allowing for cross-site scripting attacks. The Balada Injector malware is responsible for these attacks, which aim to redirect … Read more

October 10, 2023 at 12:46PM – Microsoft to kill off VBScript in Windows to block malware delivery

October 10, 2023 at 12:46PM Microsoft plans to phase out VBScript in future Windows releases, after 30 years of use. VBScript will be available as an on-demand feature before being removed from the operating system. This move is likely due to the discontinuation of Internet Explorer and is part of Microsoft’s strategy to mitigate malware … Read more

Badbox Operation Targets Android Devices in Fraud Schemes

October 10, 2023 at 04:40PM Human Security has revealed the details of a large-scale fraud scheme called “Bandbox,” which involves Android TV streaming devices infected with malware. A consultant, Daniel Milisic, has provided a script and instructions to help users mitigate the threat. Around 74,000 Android devices globally are potentially impacted by the Badbox infection, … Read more

October 10, 2023 at 12:38PM – Microsoft announces plans to kill VBScript malware delivery

October 10, 2023 at 12:38PM Microsoft plans to phase out VBScript in future Windows releases, after 30 years of use. VBScript will become an on-demand feature until it is completely removed from the operating system. This decision is likely related to the discontinuation of Internet Explorer, which eliminates a major infection vector for malware. Microsoft … Read more

Mirai DDoS malware variant expands targets with 13 router exploits

October 10, 2023 at 04:36PM The Mirai-based DDoS malware botnet known as IZ1H9 has expanded its targets to include Linux-based routers and routers from brands like D-Link, Zyxel, TP-Link, and TOTOLINK. Fortinet researchers have observed high exploitation rates in September, with tens of thousands of attempts on vulnerable devices. IZ1H9 compromises devices, enlists them in … Read more

October 10, 2023 at 07:00AM – Researchers Uncover Grayling APT’s Ongoing Attack Campaign Across Industries

October 10, 2023 at 07:00AM A previously unknown threat actor named Grayling has been identified as the culprit behind a series of cyberattacks on organizations in Taiwan, including manufacturing, IT, and biomedical sectors. Symantec’s Threat Hunter Team discovered the attacks, which began in February and utilized a distinct DLL side-loading technique to deploy payloads. The … Read more