Tag: malicious
-
FBI warns: beware of free online document converter tools
Don’t ‘just trust the logo’: Luke Connolly, a threat analyst with cybersecurity software and consulting firm Emsisoft, said the fact that the FBI has issued a warning is a good indication that this issue is fairly widespread, and should be taken seriously.Defenses, he said, include only using services from trusted vendors, using endpoint protection to…
-
Semrush Impersonation Scam Targets Google Ads
Cybercriminals are increasingly targeting online marketing and advertising tools to leverage them in their malicious campaigns. A recent First seen on securityonline.info Jump to article: securityonline.info/semrush-impersonation-scam-targets-google-ads/
-
Medusa ransomware deployed via malicious Windows driver
First seen on scworld.com Jump to article: www.scworld.com/news/medusa-ransomware-deployed-via-malicious-windows-driver
-
Malicious driver tapped by Medusa ransomware to evade EDRs
First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-driver-tapped-by-medusa-ransomware-to-evade-edrs
-
5 Unexpected Devices You Didn’t Know Could Spread Malware
When you think of malware, your mind probably jumps to malicious downloads or email attachments. But it turns… First seen on hackread.com Jump to article: hackread.com/unexpected-devices-you-didnt-know-spread-malware/
-
Medusa Ransomware Brings Its Own Vulnerable Driver
Tags: breach, crowdstrike, detection, endpoint, group, hacker, malicious, ransomware, russia, software, vulnerability, windowsHackers Use Stolen Certificates to Bypass Endpoint Detection and Response. A Russian-speaking ransomware group has been deploying a malicious Windows PE driver that imitates a legitimate CrowdStrike Falcon driver to bypass endpoint security, warn researchers. The driver disables endpoint detection and response software by stripping process protections. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/medusa-ransomware-brings-its-own-vulnerable-driver-a-27813
-
Hackers Deploy Fake Semrush Ads to Steal Google Account Credentials
In a recent cybersecurity threat, hackers have been using fake Semrush ads to target Google account credentials. This campaign involves creating malicious ads that impersonate Semrush, a popular SEO and advertising platform used by many businesses, including 40% of Fortune 500 companies. The attackers aim to exploit the trust associated with Semrush to gain access…
-
New Rust-Based Linux Kernel Module Unveiled to Detect Rootkits
A recent development in Linux kernel security has led to the creation of a Rust-based kernel module designed to detect rootkits, a type of malware that can hide itself and other malicious activities from system administrators. This project, part of an internship at Thalium, focuses on enhancing malware detection capabilities within Linux systems, which are…
-
Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks
Acronis Threat Research found 2M+ malicious URLs & 5,000+ malware instances in Microsoft 365 backup data”, demonstrating how built-in security isn’t always enough. Don’t let threats persist in your cloud data. Strengthen your defenses. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hidden-threats-how-microsoft-365-backups-store-risks-for-future-attacks/
-
Medusa ransomware uses malicious Windows driver ABYSSWORKER to disable security tools
Medusa ransomware uses a malicious Windows driver ABYSSWORKER to disable security tools, making detection and mitigation more difficult. Elastic Security Labs tracked a financially driven MEDUSA ransomware campaign using a HEARTCRYPT-packed loader and a revoked certificate-signed driver, ABYSSWORKER, to disable EDR tools. The attackers used a 64-bit Windows PE driver named smuol.sys, disguised as a…
-
Medusa Ransomware Uses Malicious Driver to Disable Security Tools
The Medusa ransomware relies on a malicious Windows driver to disable the security tools running on the infected systems. The post Medusa Ransomware Uses Malicious Driver to Disable Security Tools appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/medusa-ransomware-uses-malicious-driver-to-disable-security-tools/
-
VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware
Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that’s under development to its users.The extensions, named “ahban.shiba” and “ahban.cychelloworld,” have since been taken down by the marketplace maintainers.Both the extensions, per ReversingLabs, incorporate code that’s designed to invoke a First seen on thehackernews.com…
-
FBI warns of malicious free online document converters spreading malware
The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users’ sensitive information and infect their systems with malware. >>The FBI Denver Field Office is warning that agents are increasingly seeing a scam…
-
SvcStealer Malware Strikes, Harvesting Sensitive Data from Browsers and Applications
Tags: attack, cyber, cybersecurity, data, email, malicious, malware, phishing, spear-phishing, threatA new strain of malware, known as SvcStealer, has emerged as a significant threat in the cybersecurity landscape. This malware is primarily delivered through spear phishing attacks, where malicious attachments are sent via email to unsuspecting victims. The SvcStealer campaign was first observed in late January 2025 and has been designed to harvest a wide…
-
UK Cybersecurity Weekly News Roundup 23 March 2025
Tags: ai, best-practice, compliance, cyber, cyberattack, cybersecurity, data, disinformation, election, email, espionage, exploit, group, incident, malicious, network, phishing, qr, ransomware, service, threat, update, vulnerabilityWelcome to this week’s edition of our cybersecurity news roundup, bringing you the latest developments and insights from the UK and beyond. NHS Scotland Confirms Cyberattack Disruption On 20 March 2025, NHS Scotland reported a major cyber incident that caused network outages across multiple health boards. The cyberattack disrupted clinical systems and led to delayed…
-
CVE-2025-24813: Apache Tomcat Vulnerable to RCE Attacks
IntroductionCVE-2025-24813 was originally published on March 10 with a medium severity score of 5.5, and Apache Tomcat released an update to fix it. On March 12, the first attack was detected in Poland by Wallarm researchers, even before a Proof-of-Concept (PoC) was made public. After the PoC was released on March 13 on GitHub and…
-
Attackers Leverage Weaponized CAPTCHAs to Execute PowerShell and Deploy Malware
In a recent surge of sophisticated cyberattacks, threat actors have been utilizing fake CAPTCHA challenges to trick users into executing malicious PowerShell commands, leading to malware infections. This tactic, highlighted in the HP Wolf Security Threat Insights Report for March 2025, involves directing potential victims to malicious websites where they are prompted to complete verification…
-
Medusa ransomware using malicious driver as EDR killer
ABYSSWORKER imitates a CrowdStrike Falcon driver. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/medusa-ransomware-malicious-driver-edr-killer/743181/
-
Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates
The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver (BYOVD) attack designed to disable anti-malware tools.Elastic Security Labs said it observed a Medusa ransomware attack that delivered the encryptor by means of a loader packed using a…
-
Malicious ads target Semrush users to steal Google account credentials
Cyber crooks are exploiting users’ interest in Semrush, a popular SEO, advertising, and market research SaaS platform, to steal their Google account credentials. The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/21/malicious-ads-target-semrush-users-to-steal-google-account-credentials/
-
Cybercriminals Exploit CheckPoint Antivirus Driver in Malicious Campaign
A security researcher has observed threat actors exploiting vulnerabilities in a driver used by CheckPoint’s ZoneAlarm antivirus to bypass Windows security measures First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cybercriminals-exploit-checkpoint/
-
MEDUSA Ransomware Deploys Malicious ABYSSWORKER Driver to Disable EDR
In a recent analysis by Elastic Security Labs, a malicious driver known as ABYSSWORKER has been identified as a key component in the MEDUSA ransomware attack chain. This driver is specifically designed to disable endpoint detection and response (EDR) systems, allowing the malware to evade detection and execute its payload more effectively. The ABYSSWORKER driver…
-
Attackers Use Fake CAPTCHAs to Deploy Lumma Stealer RAT
Attackers are exploiting user familiarity with CAPTCHAs to distribute the Lumma Stealer RAT via malicious PowerShell commands, according to HP First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/attackers-fake-captchas-lumma/
-
11 hottest IT security certs for higher pay today
Tags: access, attack, automation, business, cloud, container, control, corporate, credentials, cyber, cybersecurity, data, defense, encryption, exploit, finance, fortinet, google, governance, incident response, infosec, intelligence, Internet, jobs, linux, malicious, malware, monitoring, network, penetration-testing, remote-code-execution, resilience, reverse-engineering, risk, risk-assessment, risk-management, skills, software, technology, threat, tool, training, vulnerability, windowsOffensive Security Certified Expert (OSCE): OffSec’s Offensive Security Certified Expert consists of three courses: Advanced Web Attacks and Exploitation, Advanced Evasion Techniques and Breaching Defenses, and Windows User Mode Exploit Development. The format for each course exam is the same: Candidates have 48 hours to compromise a given target using various techniques. No formal prerequisites exist for any of the…
-
Tomcat RCE Vulnerability Exploited in the Wild Mitigation Steps Outlined
Tags: apache, cve, cyber, cybersecurity, exploit, malicious, mitigation, rce, remote-code-execution, update, vulnerabilityA recent vulnerability in Apache Tomcat, identified as CVE-2025-24813, has sparked concerns among cybersecurity professionals due to its potential for exploitation in unauthenticated remote code execution (RCE), severe information leakage, and malicious content injection. This vulnerability was publicly disclosed on March 10, 2025, along with a patch, and has already seen initial exploit attempts by…
-
Why It’s So Hard to Stop Rising Malicious TDS Traffic
Cybersecurity vendors say threat actors’ abuse of traffic distribution systems (TDS) is becoming more complex and sophisticated, and much harder to detect and block. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/why-hard-stop-rising-malicious-tds-traffic
-
VSCode extensions found downloading early-stage ransomware
Two malicious VSCode Marketplace extensions were found deploying in-development ransomware from a remote server, exposing critical gaps in Microsoft’s review process. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/vscode-extensions-found-downloading-early-stage-ransomware/