May 21, 2024 at 04:57PM Researchers at Avast report that YouTube has become a target for malicious activities, including phishing, malware distribution, and fake investment schemes. They highlight the rise of deepfake videos and various exploitation methods. Avast’s scanning capabilities have protected millions of users, and security experts emphasize the importance of educating and preparing … Read more
May 17, 2024 at 12:09PM The Ebury botnet, operating for 15 years, has compromised numerous servers, targeting universities, enterprises, and cryptocurrency traders. It employs tactics to steal credentials, intercept SSH traffic, and pivot towards credit card and cryptocurrency theft. Despite the imprisonment of a key perpetrator, Ebury’s operators remain active and pose ongoing challenges for … Read more
May 8, 2024 at 04:28AM A high-severity vulnerability (CVE-2023-40000, CVSS score: 8.3) in the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts. The flaw, which allows for stored cross-site scripting, was disclosed in February 2024 and fixed in version 5.7.0.1. Users are urged to update and … Read more
April 17, 2024 at 04:54PM Two newly discovered malware tools, Kapeka and Fuxnet, have targeted industrial control systems and operating technology in Europe, marking the cyber repercussions of the ongoing conflict between Russia and Ukraine. Kapeka, connected to the Sandworm group, functions as a persistent backdoor, while Fuxnet, used by the Blackjack group, aims to … Read more
April 15, 2024 at 10:41AM A Russian threat actor is targeting game developers with fraudulent Web3 gaming projects, spreading infostealers on MacOS and Windows. The goal is to defraud and steal cryptocurrency wallets. The campaign uses fake social media accounts and impersonates legitimate projects. The report recommends maintaining vigilance, providing training to recognize social engineering … Read more
April 4, 2024 at 02:44PM The latest campaign demonstrates the extensive capabilities and long-lasting presence of a decade-old information-stealing malware. Based on the meeting notes, it seems that the latest campaign highlights the extensive functionality and longevity of a piece of information-stealing malware that is a decade old. Full Article
April 1, 2024 at 12:30PM The Android banking malware Vultur has been updated, providing operators with greater control over infected devices. New capabilities include remote interaction, file modification, and the ability to bypass lock-screen protections. The malware continues to rely on AlphaVNC and ngrok for remote access, while employing anti-analysis techniques and evading detection. (Words: … Read more
March 30, 2024 at 03:45AM Malicious ads and bogus websites are enabling the delivery of two different stealer malware targeting Apple macOS users. These attacks aim to steal sensitive data, with one attack leveraging counterfeit websites and the other exploiting a phony software offer. The development indicates an increasing threat to macOS environments from stealer … Read more
March 26, 2024 at 11:05AM A new variant of “TheMoon” malware botnet has infected thousands of outdated SOHO routers and IoT devices in 88 countries. Linked to the “Faceless” proxy service, it’s utilized by cybercriminals to anonymize their activities. Black Lotus Labs observed it targeting over 6,000 ASUS routers in less than 72 hours. Common … Read more
March 22, 2024 at 12:33AM New findings from SentinelOne show that the data wiping malware AcidPour may have been used in attacks targeting four Ukrainian telecom providers, linked to Russian military intelligence. It has expanded capabilities to disable various devices and overlaps with the AcidRain wiper, demonstrating a refined and calculated approach by threat actors … Read more