September 3, 2024 at 06:48AM A new Android banking trojan named Rocinante targets mobile users in Brazil, capable of keylogging and stealing personal information from victims. The malware can masquerade as various banking apps and is linked to a threat actor known as DukeEugene. Symantec also highlighted a banking trojan campaign targeting Spanish and Portuguese-speaking … Read more
September 2, 2024 at 12:24AM Developers of Roblox are being targeted by a persistent campaign that uses fake npm packages to compromise systems, mimicking the popular ‘noblox.js’ library. Attackers employ brandjacking and starjacking to give a facade of legitimacy. Malicious packages steal data and deploy malware, with the end goal being to deploy Quasar RAT … Read more
August 30, 2024 at 02:11PM A campaign launched on August 5, 2024, is disseminating a new malware called “Voldemort” to global organizations by posing as tax agencies from the U.S., Europe, and Asia. Based on the meeting notes, it appears that a campaign was launched on August 5, 2024, spreading a new malware called “Voldemort” … Read more
August 29, 2024 at 02:30PM Middle Eastern organizations are being targeted by threat actors using malware disguised as the legitimate Palo Alto GlobalProtect Tool. This malware can steal data and execute remote PowerShell commands to infiltrate internal networks. Based on the meeting notes, the main takeaway is that threat actors are targeting Middle Eastern organizations … Read more
August 29, 2024 at 05:07AM Summary: Threat actors are targeting users in the Middle East with sophisticated malware, posing as the Palo Alto GlobalProtect Tool. The malware utilizes a two-stage infection process and advanced evasion techniques, including masquerading as a legitimate VPN portal. Its capabilities include remote PowerShell commands, file exfiltration, and sandbox evasion. Recommendations … Read more
August 23, 2024 at 12:18PM Cybersecurity researchers revealed a new dropper facilitating the distribution of information stealers and loaders on Windows systems. The dropper decrypts and executes a PowerShell-based downloader, known as PEAKLIGHT, which then fetches additional malware payloads. The attack chain begins with the distribution of Windows shortcut (LNK) files within ZIP archives disguised … Read more
August 21, 2024 at 03:32PM A new backdoor named Msupedge is found attacking victims in Taiwan, employing a unique communication method. Symantec researchers uncovered this malware while investigating an attack on a Taiwan university. The backdoor communicates with its command-and-control server via DNS traffic, a less common technique. It is believed to have exploited a … Read more
August 21, 2024 at 02:27AM The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new phishing attacks with the objective to infect devices with malware, attributed to the threat cluster UAC-0020 (Vermin). The attacks involve phishing messages with photos of prisoners of war, leading to the installation of spyware SPECTR and new malware … Read more
August 12, 2024 at 02:39PM Ukraine’s CERT-UA discovered malicious software being distributed through emails impersonating the country’s Security Service. The emails contain a link to download a file triggering the ANONVNC malware, allowing attackers to access victims’ devices. More than 100 government devices have been affected, and users are advised to contact CERT-UA if suspicious. … Read more
August 8, 2024 at 03:46PM The U.S. Cybersecurity & Infrastructure Security Agency has warned of two vulnerabilities affecting Apache OFBiz, an open-source ERP system used across various industries. The flaws, CVE-2024-32113 and CVE-2024-36971, could lead to remote code execution and were added to CISA’s Known Exploited Vulnerability Catalog. Security updates or product discontinuation are required … Read more