Tag: infection

APT28’s New Espionage Campaign Uses Double-Tap Infection Chain

Jan 14, 2025 8:46 AM

Tags: espionage, infection

In a recent revelation, security researchers Amaury G., Maxime A., Erwan Chevalier, Felix AimÃ©, and Sekoia TDR have First seen on securityonline.info Jump to article: securityonline.info/apt28s-new-espionage-campaign-uses-double-tap-infection-chain/
Infostealer Infections Lead to Telefonica Ticketing System Breach

Jan 14, 2025 8:46 AM

Tags: access, breach, credentials, infection, malware, threat

Infostealer malware allowed threat actors to compromise Telefonica employees’ credentials and access the company’s internal ticketing system. The post Infostealer Infections Lead to Telefonica Ticketing System Breach appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/infostealer-infections-lead-to-telefonica-internal-ticketing-system-breach/
Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware

Jan 10, 2025 12:20 AM

Tags: attack, infection, ivanti, malware, tool, vpn

In-the-wild attacks tamper with built-in security tool to suppress infection warnings. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/01/ivanti-vpn-users-are-getting-hacked-by-actors-exploiting-a-critical-vulnerability/
Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks

Jan 8, 2025 12:18 PM

Tags: attack, botnet, china, ddos, exploit, flaw, infection, iran, router, russia, service, vulnerability

A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks.The botnet maintains approximately 15,000 daily active IP addresses, with the infections primarily scattered across China, Iran, Russia, Turkey, and the United States. First seen on…
EagerBee Backdoor Takes Flight Against Mideast ISPs, Government Targets

Jan 6, 2025 11:17 PM

Tags: backdoor, china, government, infection, malware

The malware, operated by China-backed cyberattackers, has been significantly fortified with new evasive and post-infection capabilities. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/eagerbee-backdoor-middle-east-isps-government-targets
Top 12 ways hackers broke into your systems in 2024

Dec 31, 2024 8:27 AM

Tags: access, adobe, ai, api, apt, attack, authentication, backdoor, breach, business, china, cloud, control, corporate, credentials, cve, cvss, cyber, cybercrime, cybersecurity, data, data-breach, defense, detection, email, endpoint, exploit, finance, flaw, fortinet, government, group, hacker, healthcare, identity, infection, injection, Internet, iran, ivanti, jobs, malicious, malware, mfa, microsoft, mitigation, mobile, moveIT, north-korea, okta, open-source, phishing, pypi, ransomware, rce, remote-code-execution, risk, russia, scam, software, sql, strategy, supply-chain, tactics, theft, tool, unauthorized, update, vpn, vulnerability, zero-day

In 2024, hackers had a field day finding sneaky ways into systems, from convincing phishing scams that played on human curiosity to brutal software flaws that exposed gaps in tech upkeep. It was a year of clever breaches, showing just how wide the gap is between user habits and security practices.”While every year brings new…
Best of 2024: An Accidental Discovery of a Backdoor Likely Prevented Thousands of Infections

Dec 24, 2024 4:45 PM

Tags: backdoor, infection

… Read more » First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2024/12/an-accidental-discovery-of-a-backdoor-likely-prevented-thousands-of-infections-2/
7 biggest cybersecurity stories of 2024

Dec 24, 2024 10:44 AM

Tags: access, ai, alphv, at&t, attack, authentication, breach, business, china, cio, ciso, citrix, cloud, credentials, crowdstrike, crypto, cyber, cybercrime, cybersecurity, data, data-breach, deep-fake, detection, email, espionage, exploit, extortion, finance, google, government, group, hacking, healthcare, incident response, infection, insurance, intelligence, international, jobs, lockbit, malicious, malware, mandiant, mfa, microsoft, network, nis-2, north-korea, office, phishing, phone, privacy, ransomware, regulation, risk, risk-management, scam, service, software, strategy, tactics, technology, threat, ukraine, update, vulnerability, windows

Cybersecurity headlines were plenty this year, with several breaches, attacks, and mishaps drawing worldwide attention.But a few incidents in particular had far-reaching consequences, with the potential to reshape industry protections, shake up how vendors secure customers’ systems, or drive security leaders to reassess their strategies.Longer-term trends such as increased cybersecurity regulations and the impact of…
North Korean hackers spotted using new tools on employees of ‘nuclear-related’ org

Dec 23, 2024 9:42 PM

Tags: backdoor, group, hacker, infection, kaspersky, lazarus, malware, north-korea, tool

Researchers at Kaspersky said they found the Lazarus Group using “a complex infection chain that included multiple types of malware, such as a downloader, loader, and backdoor, demonstrating the group’s evolved delivery and improved persistence methods.”]]> First seen on therecord.media Jump to article: therecord.media/lazarus-group-new-tools-kaspersky
Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide

Dec 23, 2024 12:44 PM

Tags: access, attack, backdoor, cyber, group, hacker, infection, jobs, lazarus, malicious, malware, threat

The Lazarus Group has recently employed a sophisticated attack, dubbed >>Operation DreamJob,
Lazarus Group’s Evolving Arsenal: New Malware and Infection Chains Unveiled

Dec 23, 2024 5:42 AM

Tags: attack, group, infection, kaspersky, lazarus, malware, strategy, tactics

In a recent analysis by Kaspersky Labs, the infamous Lazarus Group continues to refine its strategies, blending old tactics with new malware to create advanced and stealthy attack chains. Dubbed... First seen on securityonline.info Jump to article: securityonline.info/lazarus-groups-evolving-arsenal-new-malware-and-infection-chains-unveiled/
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware

Dec 20, 2024 12:42 PM

Tags: attack, backdoor, group, infection, korea, lazarus, malware, threat

The Lazarus Group, an infamous threat actor linked to the Democratic People’s Republic of Korea (DPRK), has been observed leveraging a “complex infection chain” targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024.The attacks, which culminated in the deployment of a new modular backdoor…
Routers with default passwords are attracting Mirai infections, Juniper says

Dec 19, 2024 9:46 PM

Tags: infection, password, router

Beginning December 11, customers started reporting “suspicious behavior” on their Session Smart Routers, Juniper says, and they had one thing in common: They were still using the factory-set passwords on the devices.]]> First seen on therecord.media Jump to article: therecord.media/routers-with-default-passwords-mirai-malware-juniper
New I2PRAT Malware Using encrypted peerpeer communication to Evade Detections

Dec 18, 2024 12:42 PM

Tags: cyber, cybersecurity, detection, infection, Internet, malware, network

Cybersecurity experts are sounding the alarm over a new strain of malware dubbed >>I2PRAT,
Technical Analysis of RiseLoader

Dec 16, 2024 11:42 PM

Tags: cloud, crypto, data, detection, encryption, group, infection, malware, network, software, threat, windows

IntroductionIn October 2024, Zscaler ThreatLabz came across malware samples that use a network communication protocol that is similar to RisePro. However, unlike RisePro which has primarily been used for information stealing, this new malware specializes in downloading and executing second-stage payloads. Due its distinctive focus and similarities with RisePro’s communication protocol, we named this new…
NoviSpy Spyware Installed on Journalist’s Phone After Unlocking It With Cellebrite Tool

Dec 16, 2024 2:42 PM

Tags: cctv, data, infection, phone, spyware, tool

A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International.”NoviSpy allows for capturing sensitive personal data from a target’s phone after infection and provides the ability to turn on the phone’s microphone or camera…
PUMA creeps through Linux with a stealthy rootkit attack

Dec 13, 2024 2:05 PM

Tags: access, attack, control, credentials, data, detection, group, infection, linux, malicious, malware, network, threat, tool

A new loadable kernel module (LKM) rootkit has been spotted in the wild compromising Linux systems with advanced stealth and privilege escalation features.PUMAKIT, as called by the Elastic Security researchers who discovered it during routine threat hunting on VirusTotal, was deployed as part of a multi-stage malware architecture that consists of a dropper, two memory-resident…
A security ‘hole’ in Krispy Kreme Doughnuts helped hackers take a bite

Dec 12, 2024 1:05 PM

Tags: authentication, business, cybersecurity, finance, group, hacker, infection, insurance, law, service, threat, tool, unauthorized

Global Doughnut and coffee chain owner Krispy Kreme, famous for its “original glazed doughnuts,” has a “portion of their IT systems” disrupted by a cyberattack.In an SEC filing on Wednesday, the global doughnut business said it suffered a cybersecurity incident that has hampered part of its online business in the US.”Krispy Kreme shops globally are…
US sanctions Chinese cybersecurity firm over global malware campaign

Dec 11, 2024 5:36 AM

Tags: attack, breach, china, computer, control, corporate, credentials, cve, cyber, cyberattack, cybersecurity, email, encryption, exploit, finance, firewall, fraud, government, group, healthcare, identity, infection, infrastructure, intelligence, international, malicious, malware, monitoring, network, office, password, ransomware, risk, service, software, sophos, technology, terrorism, threat, tool, vulnerability, zero-day

The US government has imposed sanctions on Chinese cybersecurity firm Sichuan Silence Information Technology and one of its employees, Guan Tianfeng, for their alleged involvement in a 2020 global cyberattack that exploited zero day vulnerabilities in firewalls.The actions were announced by the US Department of the Treasury and the Department of Justice (DOJ), which also…
Black Basta Ransomware Uses MS Teams, Email Bombing to Spread Malware

Dec 10, 2024 8:08 PM

Tags: email, group, infection, malware, ransomware, social-engineering, tactics

The Black Basta ransomware group is using advanced social engineering tactics and a multi-stage infection process to target organizations. First seen on hackread.com Jump to article: hackread.com/black-basta-gang-ms-teams-email-bombing-malware/
Black Basta Ransomware Leverages Microsoft Teams To Deliver Malicious Payloads

Dec 10, 2024 9:07 AM

Tags: attack, cyber, infection, malicious, malware, microsoft, ransomware, social-engineering

In a resurgence since May 2024, the Black Basta ransomware campaign has exhibited a troubling escalation in its attack methods, incorporating a multi-stage infection chain that blends social engineering, a custom packer, a mix of malware payloads, and advanced delivery techniques. In order to distribute malicious commands that serve as the initial infection vector, the…
Russian hackers abuse Cloudflare tunneling service to drop GammaDrop malware

Dec 6, 2024 1:48 PM

Tags: access, credentials, cyber, cybersecurity, data, detection, dns, email, exploit, group, hacker, infection, infrastructure, malicious, malware, network, russia, service, theft, threat, unauthorized

In a new campaign, a Russia-backed advanced persistent threat (APT) group is seen abusing Cloudflare tunnels to deliver its proprietary GammaLoad malware.The threat actor, tracked as BlueAlpha, was observed by the cybersecurity research firm Insikt Group to be exploiting this legitimate tunneling service for infections aimed at data exfiltration, credential theft, and persistent access to…
$1 phone scanner finds seven Pegasus spyware infections

Dec 5, 2024 6:50 PM

Tags: detection, infection, phone, spyware, tool

iVerify’s detection tool was launched in May and is turning up victims. First seen on arstechnica.com Jump to article: arstechnica.com/security/2024/12/1-phone-scanner-finds-seven-pegasus-spyware-infections/
Pegasus Spyware Infections Proliferate Across iOS, Android Devices

Dec 4, 2024 10:48 PM

Tags: android, corporate, government, group, infection, mobile, spyware, threat

The notorious spyware from Israel’s NSO Group has been found targeting journalists, government officials, and corporate executives in multiple variants discovered in a threat scan of 3,500 mobile phones. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/pegasus-spyware-infections-ios-android-devices
Study shows potentially higher prevalence of spyware infections than previously thought

Dec 4, 2024 3:48 PM

Tags: infection, spyware

An investigation into the numbers has some caveats, but those behind it say even a drastic reduction from what they found would be big. First seen on cyberscoop.com Jump to article: cyberscoop.com/study-shows-potentially-higher-prevalence-of-spyware-infections-than-previously-thought/
A New Phone Scanner That Detects Spyware Has Already Found 7 Pegasus Infections

Dec 4, 2024 3:48 PM

Tags: infection, mobile, phone, spyware, tool

The mobile device security firm iVerify has been offering a tool since May that makes spyware scanning accessible to anyone”, and it’s already turning up victims. First seen on wired.com Jump to article: www.wired.com/story/iverify-spyware-detection-tool-nso-group-pegasus/
The New Face of Cyber Espionage: Inside the Two-Stage Infection Strategy of China-Linked Threat Actors

Dec 1, 2024 1:19 AM

Tags: china, cyber, espionage, infection, strategy, threat

First seen on thefinalhop.com Jump to article: www.thefinalhop.com/china-linked-hackers-adopt-sophisticated-two-stage-infection-tactic-to-deploy-deuterbear-rat/
Act fast to snuff out employee curiosity over ‘free’ AI apps

Nov 25, 2024 6:51 PM

Tags: access, ai, authentication, awareness, chatgpt, ciso, computer, crypto, cybercrime, cybersecurity, data, email, hacking, infection, intelligence, malware, mfa, monitoring, network, phishing, russia, scam, service, skills, strategy, threat, tool, training, windows

The word “free” has always tempted employees who are looking for an app or template to make their work easier. These days, combine “free” with “AI” and the lure is almost irresistible.Since the release of ChatGPT in late 2022, free AI-themed apps have exploded. Unfortunately, some are created by threat actors. One of the latest…
Warning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign

Nov 21, 2024 6:53 PM

Tags: attack, exploit, flaw, india, infection, network

As many as 2,000 Palo Alto Networks devices are estimated to have been compromised as part of a campaign abusing the newly disclosed security flaws that have come under active exploitation in the wild.According to statistics shared by the Shadowserver Foundation, a majority of the infections have been reported in the U.S. (554) and India…
1,400 Pegasus spyware infections detailed in WhatsApp’s lawsuit filings

Nov 14, 2024 9:55 PM

Tags: infection, spyware

First seen on therecord.media Jump to article: therecord.media/pegasus-spyware-infections-detailed-whatsapp-lawsuit