malware

Security researchers uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries.  Researchers from cybersecurity firm Cyjax uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries.  The phishing campaign has been ongoing since spring 2020 when the domains were first transferred to their current host. At […]

The post Large phishing campaign targets EMEA and APAC governments appeared first on Security Affairs.

Read More Large phishing campaign targets EMEA and APAC governments

A Pakistani national has been sentenced to 12 years of prison in the US for his role in a hacking scheme against the telecom giant AT&T. The Pakistani national Muhammad Fahd (35) was sentenced to 12 years of prison in the United States for his primary role in a seven-year scheme to illegally unlock nearly […]

The post Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme appeared first on Security Affairs.

Read More Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

Numando, a new banking Trojan that abuses YouTube, Pastebin, and other public platforms as C2 infrastructure and to spread. ESET researchers spotted a new LATAM banking trojan, tracked as Numando, that abuses YouTube, Pastebin, and other public platforms as C2 infrastructure and to spread. The threat actor behind this banking Trojan has been active since […]

The post Numando, a new banking Trojan that abuses YouTube for remote configuration appeared first on Security Affairs.

Read More Numando, a new banking Trojan that abuses YouTube for remote configuration

The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. Last week the Israeli cybersecurity firm Kape Technologies has acquired the industry’s leading virtual private networks ExpressVPN, as part of a $936 million deal. Kape announced that the acquisition will more than double its overall customer base, from almost 3 million customers to more than […]

The post Why Edward Snowden is urging users to stop using ExpressVPN? appeared first on Security Affairs.

Read More Why Edward Snowden is urging users to stop using ExpressVPN?

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. The Biden administration plans to target exchanges supporting ransomware operations with sanctions Threat actor has been targeting the aviation industry since at least 2018 Expert discloses details and PoC […]

The post Security Affairs newsletter Round 332 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 332

US Government is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware operations to cash out ransom payments. The Biden administration is putting in place all the strategies to disrupt the operations of the ransomware gangs, and according to the Wall Street Journal, it is now planning to target the digital […]

The post The Biden administration plans to target exchanges supporting ransomware operations with sanctions appeared first on Security Affairs.

Read More The Biden administration plans to target exchanges supporting ransomware operations with sanctions

Security researchers from the Cisco Talos team uncovered a spear-phishing campaign targeting the aviation industry for two years avoiding detection. Security researchers from Cisco Talos uncovered a spear-phishing campaign targeting, dubbed Operation Layover, that targeted the aviation industry for two years without being detected. The experts believe that the threat actor behind this campaign is […]

The post Threat actor has been targeting the aviation industry since at least 2018 appeared first on Security Affairs.

Read More Threat actor has been targeting the aviation industry since at least 2018

The Mirai botnet starts exploiting the recently disclosed OMIGOD vulnerability to compromise vulnerable systems exposed online. Threat actors behind a Mirai botnet starts exploiting a critical Azure OMIGOD vulnerability, tracked as CVE-2021-38647, a few days after Microsoft disclosed them. Recently released September 2021 Patch Tuesday security updates have addressed four severe vulnerabilities, collectively tracked as OMIGOD, in the Open Management […]

The post Experts warn that Mirai Botnet starts exploiting OMIGOD flaw appeared first on Security Affairs.

Read More Experts warn that Mirai Botnet starts exploiting OMIGOD flaw

A new malware written in Golang programming language, tracked as Capoae, is targeting WordPress installs and Linux systems. Akamai researchers spotted a new strain of malware written in Golang programming language, dubbed Capoae, that was involved in attacks aimed at WordPress installs and Linux systems.  The malware spread through attacks exploiting known vulnerabilities (i.e. CVE-2020-14882 […]

The post New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems appeared first on Security Affairs.

Read More New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

Security researchers spotted a new malware that uses Windows Subsystem for Linux (WSL) to evade detection in attacks against Windows machines. Security researchers from Lumen’s Black Lotus Labs have discovered several malicious Linux binaries developed to target the Windows Subsystem for Linux (WSL). Windows Subsystem for Linux (WSL) is a compatibility layer for running Linux […]

The post A new Win malware uses Windows Subsystem for Linux (WSL) to evade detection appeared first on Security Affairs.

Read More A new Win malware uses Windows Subsystem for Linux (WSL) to evade detection

Microsoft revealed that multiple threat actors are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444). Microsoft warns of multiple threat actors, including ransomware operators, that are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444) in attacks against organizations. The IT giant says that threat actors started targeting […]

The post Microsoft warns of attacks exploiting recently patched Windows MSHTML CVE-2021-40444 bug appeared first on Security Affairs.

Read More Microsoft warns of attacks exploiting recently patched Windows MSHTML CVE-2021-40444 bug

Researchers from Bitdefender released a free master decryptor for the REvil ransomware operation that allows past victims to recover their files for free. Good news for the victims of REvil ransomware gangs that were infected before the operations were temporarily halted on July 13th, Bitdefender released a free master decryptor that allows them to recover […]

The post Bitdefender released free REvil ransomware decryptor that works for past victims appeared first on Security Affairs.

Read More Bitdefender released free REvil ransomware decryptor that works for past victims

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has appointed Kiersten Todt as its new chief of staff. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced to have appointed Kiersten Todt as its new chief of staff, she will replace Acting Chief of Staff Kate Nichols. “The Cybersecurity and Infrastructure Security Agency (CISA) announced today Kiersten […]

The post US CISA appointed Kiersten Todt as new chief of staff appeared first on Security Affairs.

Read More US CISA appointed Kiersten Todt as new chief of staff

Latvian vendor MikroTik revealed that recently discovered Mēris botnet is targeting devices that were compromised three years ago. Last week, the Russian Internet giant Yandex has been targeting by the largest DDoS attack in the history of Runet, the Russian Internet designed to be independent of the world wide web and ensure the resilience of the country to an […]

The post Mēris Bot infects MikroTik routers compromised in 2018 appeared first on Security Affairs.

Read More Mēris Bot infects MikroTik routers compromised in 2018

Google Chrome 93.0.4577.82 for Windows, Mac, and Linux that addressed eleven security issues, including two zero-days actively exploited. Google released Chrome 93.0.4577.82 for Windows, Mac, and Linux that fixed eleven security issues, including two zero-days vulnerabilities actively exploited in the wild. This is the tenth zero-day vulnerability in Chrome fixed by Google that was exploited […]

The post Google addresses a new Chrome zero-day flaw actively exploited in the wild appeared first on Security Affairs.

Read More Google addresses a new Chrome zero-day flaw actively exploited in the wild

Researchers discovered Linux and Windows implementations of the Cobalt Strike Beacon developed by attackers that were actively used in attacks in the wild. Threat actors re-implemented from scratch unofficial Linux and Windows versions of the Cobalt Strike Beacon and are actively using them in attacks aimed at organizations worldwide.Cobalt Strike is a legitimate penetration testing tool designed as an attack […]

The post Vermilion Strike, a Linux implementation of Cobalt Strike Beacon used in attacks appeared first on Security Affairs.

Read More Vermilion Strike, a Linux implementation of Cobalt Strike Beacon used in attacks

Technology giant Olympus announced it was the victim of a ransomware attack and is currently investigating the extent of the incident. Olympus issued a statement to announce that its European, Middle East and Africa computer network was hit by a ransomware attack. “Upon detection of suspicious activity, we immediately mobilized a specialized response team including […]

The post BlackMatter ransomware gang hit Technology giant Olympus appeared first on Security Affairs.

Read More BlackMatter ransomware gang hit Technology giant Olympus

A new banking trojan dubbed maxtrilha (due to its encryption key) has been discovered in the last few days and targeting customers of European and South American banks. The new maxtrilha trojan is being disseminated and targeting several banks around the world. Criminals are constantly creating variants of popular banking trojans, keeping in mind the same modus operandi but […]

The post The new maxtrilha trojan is being disseminated and targeting several banks appeared first on Security Affairs.

Read More The new maxtrilha trojan is being disseminated and targeting several banks

The Department of Justice and Constitutional Development of South Africa was hit by a ransomware attack that crippled bail services. A ransomware attack hit the Department of Justice and Constitutional Development of South Africa, multiple services, including email and bail services have been impacted. The incident did not affect child maintenance payments for the month […]

The post Department of Justice and Constitutional Development of South Africa hit by a ransomware attack appeared first on Security Affairs.

Read More Department of Justice and Constitutional Development of South Africa hit by a ransomware attack

Recently we observed that part of the REvil ransomware infrastructure was up and running again, now we can confirm that they hit new victims. On September 7, the servers of the REvil ransomware gang were back online after around two months since their shutdown. The circumstance was immediately noted by many researchers, me too. The […]

The post Revil ransomware operators are targeting new victims appeared first on Security Affairs.

Read More Revil ransomware operators are targeting new victims

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Cisco released security patches for High-Severity flaws in IOS XR software New SOVA Android Banking trojan is […]

The post Security Affairs newsletter Round 331 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 331

Cisco fixed multiple high-severity flaws in the IOS XR software that can allow attackers to trigger a DoS condition, elevate privileges, overwrite/read arbitrary files. Cisco released security updates to address multiple high-severity vulnerabilities in the IOS XR software that can be exploited to conduct multiple malicious activities, such as rebooting devices and elevate privileges. The […]

The post Cisco released security patches for High-Severity flaws in IOS XR software appeared first on Security Affairs.

Read More Cisco released security patches for High-Severity flaws in IOS XR software

SOVA is a new Android banking trojan that targets banking applications, cryptocurrency wallets, and shopping apps from the U.S. and Spain. Researchers from cybersecurity firm ThreatFabric have spotted in the beginning of August a new Android banking trojan, dubbed SOVA, that targets banking applications, cryptocurrency wallets, and shopping apps from the U.S. and Spain. The […]

The post New SOVA Android Banking trojan is rapidly growing appeared first on Security Affairs.

Read More New SOVA Android Banking trojan is rapidly growing

Security researchers from Broadcom’s Symantec linked a previously undocumented backdoor to the Chinese Grayfly operation. Experts from Broadcom’s Symantec linked a previously undocumented backdoor to the Chinese Grayfly operation. In late August, ESET researchers uncovered the SideWalk backdoor that was employed by the Chine cyberespionage group in an attack aimed at a computer retail company […]

The post Grayfly APT uses recently discovered Sidewalk backdoor appeared first on Security Affairs.

Read More Grayfly APT uses recently discovered Sidewalk backdoor

The massive DDoS attack that has been targeting the internet giant Yandex was powered b a completely new botnet tracked as Mēris. The Russian Internet giant Yandex has been targeting by the largest DDoS attack in the history of Runet, the Russian Internet designed to be independent of the world wide web and ensure the […]

The post A new botnet named Mēris is behind massive DDoS attack that hit Yandex appeared first on Security Affairs.

Read More A new botnet named Mēris is behind massive DDoS attack that hit Yandex

The financially motivated TeamTNT hacking group expanded its arsenal with new tools used to target thousands of victims worldwide. Researchers from AT&T Alien Labs uncovered a new campaign, tracked as Chimaera, conducted by the TeamTNT group, aimed at organizations worldwide. Evidence collected by the experts suggests that the campaign began on July 25, 2021, threat actors […]

The post TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide appeared first on Security Affairs.

Read More TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

The leak site of the popular REvil ransomware gang is it is not clear if the group resumed operations or the FBI turned on its servers. Today the servers of the REvil ransomware gang were back online after around two months since their shutdown. The circumstance was immediately noted by many researchers, me too. The […]

The post REvil ransomware gang’s servers are mysteriously online again appeared first on Security Affairs.

Read More REvil ransomware gang’s servers are mysteriously online again

The Ragnar Locker ransomware operators threaten to leak stolen data if the victims attempt to contact law enforcement agencies. The Ragnar Locker ransomware gang is adopting a new technique to force victims to pay the ransom, the operators threaten to leak stolen data if the victims contact law enforcement agencies. The group announced its new […]

The post Ragnar Locker gang threatens to leak data if victim contacts law enforcement appeared first on Security Affairs.

Read More Ragnar Locker gang threatens to leak data if victim contacts law enforcement

A Russian man accused of being a member of the infamous TrickBot gang was arrested while trying to leave South Korea A Russian man accused of being a member of the TrickBot gang was arrested last week at the Seoul international airport. The man has remained stuck in the Asian country since February 2020 due […]

The post TrickBot gang developer arrested at the Seoul international airport appeared first on Security Affairs.

Read More TrickBot gang developer arrested at the Seoul international airport

Security researcher ValdikSS found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores. A Russian security researcher that goes online with the name of ValdikSS has found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores The expert noticed that several push-button telephones contain unwanted […]

The post Malware found pre-installed in cheap push-button mobile phones sold in Russia appeared first on Security Affairs.

Read More Malware found pre-installed in cheap push-button mobile phones sold in Russia

Pacific City Bank was hit by AVOS Locker Ransomware operators, the gang claims to have stolen sensitive file from the company and threatens to leak it. Pacific City Bank is an American community bank that focuses on the Korean-American community based in California and offers commercial banking services The bank was hit by AVOS Locker […]

The post Pacific City Bank hit by AVOS Locker Ransomware appeared first on Security Affairs.

Read More Pacific City Bank hit by AVOS Locker Ransomware

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. SEC warns of investment scams related to Hurricane Ida Apple will delay the rollout of new child […]

The post Security Affairs newsletter Round 330 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 330

FIN7 cybercrime gang used weaponized Windows 11 Alpha-themed Word documents to drop malicious payloads, including a JavaScript backdoor. Anomali Threat Research experts have monitored recent spear-phishing attacks conducted by financially motivated threat actor FIN7. The messages used weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript backdoor, […]

The post FIN7 group leverages Windows 11 Alpha-Themed docs to drop Javascript payloads appeared first on Security Affairs.

Read More FIN7 group leverages Windows 11 Alpha-Themed docs to drop Javascript payloads

The complete source code for the Babuk ransomware is available for sale on a Russian-speaking hacking forum. A threat actor has leaked the source code for the Babuk ransomware on a Russian-speaking hacking forum. The Babuk Locker operators halted their operations at the end of April after the attack against the Washington, DC police department. Experts believe that […]

The post Source code for the Babuk is available on a hacking forum appeared first on Security Affairs.

Read More Source code for the Babuk is available on a hacking forum

The Conti ransomware operators are targeting Microsoft Exchange servers leveraging recently disclosed ProxyShell vulnerability exploits. The Conti ransomware gang is targeting Microsoft Exchange servers leveraging exploits with recently disclosed ProxyShell vulnerabilities. ProxyShell is the name of three vulnerabilities that could be chained by an unauthenticated remote attacker to gain code execution on Microsoft Exchange servers. […]

The post Conti ransomware gang targets Microsoft Exchange servers with ProxyShell exploits appeared first on Security Affairs.

Read More Conti ransomware gang targets Microsoft Exchange servers with ProxyShell exploits