Ooda Loop

JUNE 19, 2024

Attackers are tricking people into cutting and pasting malware, infecting their own machines. These actors are using fake browser updates and software fixes to trick users into copying and pasting PowerShell scripts containing malware strains. There […]

Malware 59

Malware Software 59

Ooda Loop

JULY 24, 2024

The group takes advantage of vulnerabilities to deliver the MgBot malware. A Chinese state-sponsored hacking group known as Daggerfly has been targeting organizations in Taiwan. Daggerfly has additionally targeted a U.S. non-governmental organization (NGO) in China. Recent attacks have used a newer version of MgBot called MACMA.

Malware 59

Malware Groups Organization 59

Palo Alto Networks

MAY 15, 2024

In a thought-provoking interview on the Threat Vector podcast , Palo Alto Networks researchers Bar Matalon and Rem Dudas shed light on their groundbreaking research into AI-generated malware and shared their predictions for the future of AI in cybersecurity. And there is a bit of a longer version for that answer.

Malware 87

Malware Artificial Inteligence Software Review Technical Advisors 87

Ooda Loop

JUNE 4, 2024

European authorities have revealed the identities of eight individuals linked to several disrupted malware loader families. The suspects were involved in the distribution and administration of several campaigns that are known to steal user data and distribute malware, including Bumblebee, IcedID, Pikabot, Smokeloader, and Trickbot.

Malware 59

Malware Data 59

Aqua Security

DECEMBER 1, 2022

Aqua Nautilus discovered new Go based malware that targets Redis servers. Our investigation revealed new undetected malware written in Golang designed to target Redis servers to allow the attacking server to dominate the compromised machine. Therefore, the malware received the name Redigo.

Malware 141

Malware 141

Tenable

MAY 1, 2024

Tenable Cloud Security is enhancing its capabilities with malware detection. Even though cloud adoption has become mainstream, many threats and attack tactics still rely on malware payloads. Tenable Cloud Security can now find malware in many different cloud workloads. The addition of malware detection enhances this approach.

Malware 73

Malware Cloud Linux Analysis 73

Ooda Loop

JUNE 18, 2024

Threat actors have been observed utilizing malware called NiceRAT as a means of co-opting infected devices into a botnet. The attacks have targeted South Korean users and are designed to deploy the malware using the cover of cracked software. Cracked software can include Microsoft Windows and other tools that license […]

Malware 59

Malware Software Windows Tools 59

Ooda Loop

JUNE 7, 2024

An espionage campaign named “SickSync” is using cyber attacks to target defense forces in Ukraine using a malware called SPECTR. The Computer Emergency Response Team of Ukraine (CERT-UA) has determined the actor behind these attacks to be a group called Vermin which is associated with security agencies of the Luhansk […]

Malware 59

Malware Groups 59

Aqua Security

AUGUST 11, 2022

In a fileless attack, the malware is directly loaded into memory and executed, evading common defenses and static scanning. A fileless attack is a technique that takes incremental steps toward gaining control of your environment while remaining undetected.

Malware 118

Malware 118

Ooda Loop

APRIL 15, 2024

The US Cybersecurity and Infrastructure Security Agency (CISA) has given organizations a new resource for analyzing suspicious and potentially malicious files, URLs, and IP addresses by making its Malware Next-Gen Analysis platform available to everyone earlier this week.

Malware 59

Malware Analysis Infrastructure Resources 59

Ooda Loop

APRIL 1, 2024

The average malware detections rose 80% in Q4 2023. Most of the increased malware instances affected the Americas and Asia-Pacific.

Malware 59

Malware Research Software System 59

Aqua Security

SEPTEMBER 15, 2022

The scripts and malware that were used bear a striking resemblance to none other than the threat actor TeamTNT. Over the past week we observed three different attacks on our honeypots. Eleven months ago they posted a farewell note on Twitter. Since then, we have only seen legacy attacks which automatically run on past infrastructure.

Malware 139

Malware Cloud Infrastructure 139

Ooda Loop

MAY 15, 2024

A novel cyber campaign by Russian speaking actors abused legitimate internet services, such as GitHub and FileZilla, to deploy multiple malware variants, Recorded Future has reported. This includes the deployment of Atomic macOS Stealer (AMOS), the current version of which is capable of infecting both Intel-based and ARM-based Macs.

Malware 59

Malware Internet Report 59

Ooda Loop

MARCH 22, 2024

Sucuri, a website security firm, has issued a warning about a new malware family called Sign1 that has infected more than 39,000 websites. The malware, found in WordPress custom HTML widgets or the Simple Custom CSS and JS WordPress plugin, redirects visitors to scam domains and displays unwanted ads. Unlike […]

Malware 59

Malware 59

Ooda Loop

MAY 21, 2024

An in-depth multi-stage campaign has been uncovered wherein cyber criminals abuse legitimate services to deliver malware. Legitimate services such as GitHub and FileZilla have been utilized to deliver different stealer malware and banking Trojans.

Malware 59

Malware Banking Software 59

Aqua Security

AUGUST 29, 2023

Aqua Nautilus discovered a new campaign that exploits the Openfire vulnerability (CVE-2023-32315), that was disclosed in May of this year, to deploy Kinsing malware and a cryptominer. This vulnerability leads to a path traversal attack, which grants an unauthenticated user access to the Openfire setup environment.

Malware 91

Malware Examples 91

CIO

AUGUST 24, 2022

The “sting” of a ransomware or malware attack is removed quickly, efficiently, and comprehensively. Who would have thought that the latest answer to cyberattacks was actually found in guaranteed cyber recovery on primary storage?

Malware 246

Malware Enterprise Disaster Recovery Storage 246

Aqua Security

JULY 19, 2023

Lately, we have seen a rise in the number of eBPF based tools used for malicious goals such as rootkits ( ebpfkit, TripleCross ) and malwares ( pamspy ). It is widely used by many security tools for monitoring kernel activity to detect and protect organizations.

Malware 72

Malware Linux Tools Organization 72

Aqua Security

JANUARY 29, 2024

At the beginning of 2023, Aqua Nautilus researchers uncovered HeadCrab - an advanced threat actor utilizing a state-of-the-art, custom-made malware that compromised 1,200 Redis servers. Recently, our researchers detected a new version of the HeadCrab malware targeting our honeypots.

Malware 67

Malware Research 67

Ooda Loop

MAY 28, 2024

Transparent Tribe utilized cross-platform malware written in Rust, Golang, and Python to execute the attacks lasting from late 2023 to April 2024. Transparent Tribe, a Pakistan-nexus actor is considered responsible for a new slew of attacks against the Indian government, aerospace, and defense sectors.

Malware 59

Malware Government Report 59

Aqua Security

FEBRUARY 1, 2023

Known as HeadCrab , this advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers. The HeadCrab botnet has taken control of at least 1,200 servers.

Malware 136

Malware Research Cloud 136

SecureWorks

APRIL 20, 2023

Type: Blogs Bumblebee Malware Distributed Via Trojanized Installer Downloads Restricting the download and execution of third-party software is critically important. Learn how CTU™ researchers observed Bumblebee malware distributed via trojanized installers for popular software such as Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace.

Malware 91

Malware ChatGPT Research Software 91

Prisma Clud

JUNE 22, 2023

Using WildFire in 2021 to analyze malicious files, our threat research team discovered a 73% increase in Cobalt Strike malware samples compared to 2020. The speed, volume and sophistication of modern malware attacks has made them more difficult to detect.

Malware 76

Malware Linux Windows Operating System 76

Ooda Loop

APRIL 9, 2024

The threat group behind a complex JavaScript remote access Trojan (RAT) known as JSOutProx has released a new version of the malware to target organizations in the Middle East. Resecurity, a cybersecurity services firm, is analyzing technical details of multiple instances of the malware targeting financial customers.

Malware 59

Malware Groups Organization 59

Ooda Loop

MARCH 28, 2024

Indian energy companies and government entities have been targeted with malware as a means of exfiltrating sensitive information. The malware is a type of updated open-source information stealer malware with the name HackBrowserData. This malware is able to exfiltrate sensitive information by […]

Malware 59

Malware Energy Open Source Government 59

CIO

JULY 25, 2024

Malware, phishing, and ransomware are fast-growing threats given new potency and effectiveness with AI – for example, improving phishing attacks, creating convincing fake identities or impersonating real ones.

Security 297

Security Malware Artificial Inteligence ChatGPT 297

Ooda Loop

JULY 24, 2024

A vulnerability in Telegram for Android allows threat actors to distribute malicious files disguised as videos. ESET discovered the flaw through an advertisement for the exploit on a cybercrime forum. The zero-day is designed specifically for Telegram on Android. It allows actors to distribute videos which are secretly malicious files. […]

Malware 59

Malware Advertising Video 59

The Parallax

JANUARY 30, 2018

During a month that’s seen Android malware new and old plague the world’s most popular mobile operating system, Google says its Play Store is becoming more civilized and less like the Wild West. You have a lower probability of being infected by malware from Play than being hit by lightning,” Ahn says. READ MORE ON ANDROID SECURITY.

Malware 184

Malware Open Source Operating System Mobile 184

DevOps.com

JULY 25, 2024

GitHub and similar open-source code and project repositories have become a common target of cybercriminals looking to lure developers into unknowingly downloading malicious scripts.

Malware 78

Malware Open Source Development Social 78

Lacework

JULY 15, 2022

This ancient technique has found its place in the world of malware, namely hiding malicious code within other files including image formatted files ( T1027.003 ). General indicators and signatures for steg malware are provided in the hunting section. Steg malware is uncommon relative to other malware. Malware Details.

Malware 96

Malware Network Storage Groups 96

Aqua Security

DECEMBER 2, 2020

Our cyber research team detected a new type of attack that executes and runs malware straight from memory in containers, thus evading common defenses and static scanning. We found four container images in Docker Hub designed to execute fileless malware attacks.

Malware 103

Malware Research Resources 103

SecureWorks

MARCH 8, 2022

Type: Blogs Excel Add-ins Deliver JSSLoader Malware The GOLD NIAGARA threat group has expanded its tactics for delivering the JSSLoader RAT, spoofing legitimate Microsoft Excel add-ins to infect systems. Learn how CTU researchers observed multiple malicious Microsoft Excel add-ins delivering JSSLoader malware.

Malware 90

Malware Research Groups System 90

SecureWorks

DECEMBER 9, 2022

Type: Blogs Drokbk Malware Uses GitHub as Dead Drop Resolver A subgroup of the Iranian COBALT MIRAGE threat group leverages Drokbk for persistence. A subgroup of the Iranian COBALT MIRAGE threat group leverages Drokbk for persistence.

Malware 98

Malware Groups Research 98

Ooda Loop

MARCH 6, 2024

Cado Security has issued a warning about a cryptojacking campaign leveraging Linux malware, which targets misconfigured Apache Hadoop, Confluence, Docker, and Redis instances with innovative malicious payloads.

Malware 53

Malware Linux Cloud Innovation 53

Ooda Loop

JANUARY 10, 2024

The Dutch newspaper De Volkskrant’s investigation revealed a Dutch engineer recruited by the Netherlands’ intelligence services, the AIVD, likely played a role in deploying the Stuxnet malware at an Iranian nuclear facility.

Malware 83

Malware Engineering Recruiting Report 83

TechBeacon

AUGUST 27, 2020

Phones branded “ Tecno ” —made by Shenzhen Transsion Holdings—appear to be preinstalled with malware. Smartphone users in emerging markets are being ripped off by suspiciously cheap handsets.

Malware 145

Malware Marketing Mobile 145

Lacework

SEPTEMBER 30, 2021

Key Takeaways IoT malware is becoming more popular for use in cloud attacks Typical usage of TLS in IoT malware is rare, but has been observed in suspected state-sponsored campaigns Lacework Labs recently observed what is believed to be a targeted attack using a TLS enabled version of Mirai dubbed “scsihelper” IoT malware (typically used [.].

Malware 81

Malware IoT Cloud 81