December 3, 2024 at 01:48PM Trend Micro Research reports a shift in Gafgyt malware targeting misconfigured Docker Remote API servers, previously focusing on IoT devices. Attackers deploy malware via Docker containers, enabling DDoS attacks. Recommendations for securing servers include strong access controls, regular monitoring, and educating personnel on best practices. ### Meeting Takeaways **Key Report … Read more
November 27, 2024 at 10:36AM Security researchers have discovered “Bootkitty,” the first UEFI bootkit targeting Linux, specifically some Ubuntu releases. Although currently a proof of concept, its existence indicates a shift in UEFI threat dynamics, dispelling the notion that such threats are exclusive to Windows, and highlights the need for future preparedness. ### Meeting Takeaways … Read more
November 27, 2024 at 08:03AM Researchers have identified Bootkitty, the first UEFI bootkit designed for Linux systems, produced by BlackCat. As a proof-of-concept, it aims to disable kernel signature verification and preload unknown binaries. While not yet used in attacks, it signifies a shift in UEFI threats beyond Windows, highlighting future cybersecurity risks. ### Meeting … Read more
October 17, 2024 at 10:15AM Cybersecurity researchers have investigated Cicada3301, a new ransomware-as-a-service (RaaS), revealing its affiliate program on the dark web. With advanced features and capabilities, it has compromised over 30 organizations, primarily in the U.S. and U.K. Its sophisticated operation poses a significant threat to network security. ### Meeting Takeaways – Oct 17, … Read more
July 31, 2024 at 12:27PM A new Android malware called ‘BingoMod’ can steal money from victims’ bank accounts using on-device fraud techniques, leading to the wiping of their devices. Based on the meeting notes, the key takeaways are that there is a new Android malware called ‘BingoMod’ which is capable of stealing money from victims’ … Read more
July 18, 2024 at 01:54PM Researchers discovered a fake ad blocker in China targeting Internet cafés that conceals sophisticated malware. “HotPage.exe,” approved by Microsoft, appears as adware but can intercept web traffic, introduce more ads, and drop a system-level driver. ESET reported it to Microsoft, who removed it on May 1. The malware is developed … Read more
March 6, 2024 at 11:27AM BlackCat ransomware operators have shut down their darknet website in an apparent exit scam, following a fake law enforcement seizure banner. The group allegedly received a $22 million ransom payment, refused to share proceeds, and may rebrand in the future. Cybersecurity experts speculate the motives, citing possible internal concerns and … Read more
February 20, 2024 at 12:39AM An international law enforcement operation, codenamed Operation Cronos, led to the seizure of darknet domains operated by LockBit ransomware group, involving 11 countries. Exploiting a security flaw, authorities gained control of sites, revealing extensive data on victims and operations. This blow follows the dismantling of BlackCat ransomware, impacting LockBit’s operations. … Read more
January 25, 2024 at 02:30AM CherryLoader, a new Go-based malware loader, has been discovered by threat hunters. It masquerades as the legitimate CherryTree note-taking application to trick victims. The loader delivers privilege escalation tools and can swap out exploits without recompiling code. Its distribution method is unknown, but it is contained in a RAR archive … Read more
December 7, 2023 at 01:57PM A new version of HeadCrab malware targets Redis servers for cryptomining and further attacks, with over 1,100 additional infections reported by Aqua Security. The malware now has enhanced ability to hide its presence, and its sole user, Ice9, has interacted with researchers via a built-in “mini blog.” Security enhancements in … Read more