Tag: infection
-
XCSSET macOS malware reappears with new attack strategies, Microsoft sounds alarm
Xcode developers targeted through infected projects: Microsoft reported that XCSSET continues to spread via compromised Xcode projects, a technique that has been in use since the malware’s discovery in 2020. Once an infected project is cloned or downloaded, the malware can embed itself within the developer’s system and further propagate when the infected code is…
-
Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics
Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild.”Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies,” the Microsoft Threat Intelligence team said in a post shared on…
-
Ransomware Gangs Encrypt Systems 17 Hours After Initial Infection
Ransomware gangs are accelerating their operations, with the average time-to-ransom (TTR), the period between initial system compromise and the deployment of encryption, now standing at just 17 hours, according to recent cybersecurity analyses. This marks a significant shift from earlier tactics, where attackers often lurked in networks for days or weeks to maximize reconnaissance and…
-
New XCSSET Malware Targets macOS Users Through Infected Xcode Projects
Microsoft Threat Intelligence has identified a new variant of the XCSSET macOS malware, marking its first update since 2022. This sophisticated malware continues to target macOS users by infecting Xcode projects, a critical tool for Apple developers. The latest variant introduces advanced obfuscation techniques, updated persistence mechanisms, and novel infection strategies, making it more challenging…
-
Unusual attack linked to Chinese APT group combines espionage and ransomware
Tags: apt, attack, breach, china, cloud, country, credentials, crime, crimes, crypto, cyber, cybercrime, cyberespionage, data, encryption, espionage, exploit, finance, firewall, government, group, hacker, infection, insurance, intelligence, korea, microsoft, network, north-korea, ransom, ransomware, russia, software, tactics, technology, threat, veeam, vulnerabilityThe attacker demanded a $2-million ransom: The attack that resulted in the deployment of the RA World ransomware program, as well as data exfiltration, had the same chain: the toshdpdb.exe loading toshdpapi.dll then decrypting toshdp.dat which resulted in the PlugX variant being deployed. The difference is the attacker then chose to deploy the RA World…
-
Lazarus Group tricks job seekers on LinkedIn with crypto-stealer
North Korea-linked Lazarus Group is duping job seekers and professionals in an ongoing campaign that runs a LinkedIn recruiting scam to capture browser credentials, steal crypto wallet data, and launch persistence.According to a discovery made by BitDefender Labs, threat actors reach out with fake LinkedIn job offers to lure the victims into downloading and executing…
-
New ValleyRAT Malware Variant Spreading via Fake Chrome Downloads
Morphisec uncovers a new ValleyRAT malware variant with advanced evasion tactics, multi-stage infection chains, and novel delivery methods… First seen on hackread.com Jump to article: hackread.com/valleyrat-malware-variant-fake-chrome-downloads/
-
Musk’s DOGE effort could spread malware, expose US systems to threat actors
Tags: access, ai, api, attack, authentication, ceo, cio, computer, computing, control, cyber, cybercrime, cybersecurity, data, defense, email, exploit, governance, government, hacking, infection, infosec, international, jobs, malicious, malware, network, office, privacy, ransomware, risk, service, technology, threat, toolOver the past 10 days, an astonishing series of actions by Elon Musk via his Department of Government Efficiency (DOGE) project has elevated the cybersecurity risk of some of the most sensitive computing systems in the US government. Musk and his team of young, inexperienced engineers, at least one of whom is not a US…
-
New phishing campaign targets users in Poland and Germany
An ongoing phishing campaign, presumably by an advanced persistent threat (APT) actor, is seen dropping a new backdoor on victim systems enabling stealthy C2 operations.The backdoor, which Cisco’s Talos Intelligence Unit is tracking as TorNet, was found connecting victim machines to the decentralized and anonymizing TOR network for C2 communications.”Cisco Talos discovered an ongoing malicious…
-
From Dream Jobs to Dangerous Passwords: Lazarus Group’s LinkedIn Attacks
Cybersecurity researcher Shusei Tomonaga from JPCERT/CC has issued a warning about LinkedIn being exploited as an initial infection First seen on securityonline.info Jump to article: securityonline.info/from-dream-jobs-to-dangerous-passwords-lazarus-groups-linkedin-attacks/
-
PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers
Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT.The attacks leverage a multi-stage loader dubbed PNGPlug to deliver the ValleyRAT payload, Intezer said in a technical report published last week.The infection chain commences with a…
-
APT28’s New Espionage Campaign Uses Double-Tap Infection Chain
In a recent revelation, security researchers Amaury G., Maxime A., Erwan Chevalier, Felix Aimé, and Sekoia TDR have First seen on securityonline.info Jump to article: securityonline.info/apt28s-new-espionage-campaign-uses-double-tap-infection-chain/
-
Infostealer Infections Lead to Telefonica Ticketing System Breach
Infostealer malware allowed threat actors to compromise Telefonica employees’ credentials and access the company’s internal ticketing system. The post Infostealer Infections Lead to Telefonica Ticketing System Breach appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/infostealer-infections-lead-to-telefonica-internal-ticketing-system-breach/
-
Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware
In-the-wild attacks tamper with built-in security tool to suppress infection warnings. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/01/ivanti-vpn-users-are-getting-hacked-by-actors-exploiting-a-critical-vulnerability/
-
Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks
A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks.The botnet maintains approximately 15,000 daily active IP addresses, with the infections primarily scattered across China, Iran, Russia, Turkey, and the United States. First seen on…
-
EagerBee Backdoor Takes Flight Against Mideast ISPs, Government Targets
The malware, operated by China-backed cyberattackers, has been significantly fortified with new evasive and post-infection capabilities. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/eagerbee-backdoor-middle-east-isps-government-targets
-
Best of 2024: An Accidental Discovery of a Backdoor Likely Prevented Thousands of Infections
… Read more » First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2024/12/an-accidental-discovery-of-a-backdoor-likely-prevented-thousands-of-infections-2/
-
7 biggest cybersecurity stories of 2024
Tags: access, ai, alphv, at&t, attack, authentication, breach, business, china, cio, ciso, citrix, cloud, credentials, crowdstrike, crypto, cyber, cybercrime, cybersecurity, data, data-breach, deep-fake, detection, email, espionage, exploit, extortion, finance, google, government, group, hacking, healthcare, incident response, infection, insurance, intelligence, international, jobs, lockbit, malicious, malware, mandiant, mfa, microsoft, network, nis-2, north-korea, office, phishing, phone, privacy, ransomware, regulation, risk, risk-management, scam, service, software, strategy, tactics, technology, threat, ukraine, update, vulnerability, windowsCybersecurity headlines were plenty this year, with several breaches, attacks, and mishaps drawing worldwide attention.But a few incidents in particular had far-reaching consequences, with the potential to reshape industry protections, shake up how vendors secure customers’ systems, or drive security leaders to reassess their strategies.Longer-term trends such as increased cybersecurity regulations and the impact of…
-
North Korean hackers spotted using new tools on employees of ‘nuclear-related’ org
Researchers at Kaspersky said they found the Lazarus Group using “a complex infection chain that included multiple types of malware, such as a downloader, loader, and backdoor, demonstrating the group’s evolved delivery and improved persistence methods.”]]> First seen on therecord.media Jump to article: therecord.media/lazarus-group-new-tools-kaspersky
-
Lazarus Group’s Evolving Arsenal: New Malware and Infection Chains Unveiled
In a recent analysis by Kaspersky Labs, the infamous Lazarus Group continues to refine its strategies, blending old tactics with new malware to create advanced and stealthy attack chains. Dubbed... First seen on securityonline.info Jump to article: securityonline.info/lazarus-groups-evolving-arsenal-new-malware-and-infection-chains-unveiled/
-
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
The Lazarus Group, an infamous threat actor linked to the Democratic People’s Republic of Korea (DPRK), has been observed leveraging a “complex infection chain” targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024.The attacks, which culminated in the deployment of a new modular backdoor…
-
Routers with default passwords are attracting Mirai infections, Juniper says
Beginning December 11, customers started reporting “suspicious behavior” on their Session Smart Routers, Juniper says, and they had one thing in common: They were still using the factory-set passwords on the devices.]]> First seen on therecord.media Jump to article: therecord.media/routers-with-default-passwords-mirai-malware-juniper
-
New I2PRAT Malware Using encrypted peerpeer communication to Evade Detections
Cybersecurity experts are sounding the alarm over a new strain of malware dubbed >>I2PRAT,
-
Technical Analysis of RiseLoader
IntroductionIn October 2024, Zscaler ThreatLabz came across malware samples that use a network communication protocol that is similar to RisePro. However, unlike RisePro which has primarily been used for information stealing, this new malware specializes in downloading and executing second-stage payloads. Due its distinctive focus and similarities with RisePro’s communication protocol, we named this new…
-
NoviSpy Spyware Installed on Journalist’s Phone After Unlocking It With Cellebrite Tool
A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International.”NoviSpy allows for capturing sensitive personal data from a target’s phone after infection and provides the ability to turn on the phone’s microphone or camera…
-
PUMA creeps through Linux with a stealthy rootkit attack
A new loadable kernel module (LKM) rootkit has been spotted in the wild compromising Linux systems with advanced stealth and privilege escalation features.PUMAKIT, as called by the Elastic Security researchers who discovered it during routine threat hunting on VirusTotal, was deployed as part of a multi-stage malware architecture that consists of a dropper, two memory-resident…