variants
-
Executive Summary Unit 42 has tracked activity from threat actors associated with the Democratic People’s Republic of Korea (DPRK), where they pose as recruiters to install malware on tech industry job seekers’ devices. We call this activity the CL-STA-240 Contagious Interview campaign, and we first published about it in November 2023. Since that publication, we’ve…
-
The cybersecurity landscape is marked by sophisticated malware strains designed to harvest sensitive data, get a foothold on company networks, and generally wreak havoc.
-
MalBot August 15, 2024, 11:36am 1 Article Link: 5 Malware Variants You Should Know – ReliaQuest
-
Ransomware operators often acquire malware through purchases on the dark web, group affiliations, and leaked source codes rather than developing themselves.
-
Ritam Bhaumik, Wonseok Choi, Avijit Dutta, Cuauhtemoc Mancillas López, Hrithik Nandi, Yaobin Shen ePrint Report At EUROCRYPT’20, Bao et al. have shown that three-round cascading of $\textsf{LRW1}$ construction, which they dubbed as $\textsf{TNT}$, is a strong tweakable pseudorandom permutation that provably achieves $2n/3$-bit security bound. Jha et al. showed a birthday bound distinguishing attack on…
-
What Is Wiper Malware? Wipers are malware that delete data on a device or make it inaccessible. They can be used for sabotage, to destroy evidence of an attack or simply to make a device unusable. IoT wipers often rewrite important parts of the firmware of an IoT device, rendering that device useless, so they…
-
A new report from Imperva Threat Research reveals a concerning resurgence of the Mirai botnet, a notorious malware known for its history of large-scale distributed denial-of-service (DDoS) attacks. The research indicates that Mirai has evolved, incorporating artificial intelligence (AI) and machine learning to generate more sophisticated and evasive attacks, targeting over 1,200 websites in recent…
-
Attacks with the GootLoader malware used to distribute IcedID, REvil, Gootkit, and other payloads have intensified with the appearance of new variants of the loader, which has been associated with the Hive0127 threat operation, also known as UNC2565, reports The Hacker News.
-
Copyright © 2024 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
-
The Medusa banking trojan for Android has re-emerged after almost a year of keeping a lower profile in campaigns targeting France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey.
-
A new deep-dive investigation into the known UNC3886 gives insight into how the China-linked threat actor has exploited zero days in various Fortinet and VMware products, deployed various malware and novel backdoor variants and collected credentials from victim organizations over the years.
-
From: malvuln <malvuln13 () gmail com>Date: Wed, 5 Jun 2024 20:57:20 -0400 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/afe012ed0d96abfe869b9e26ea375824.txt Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: Trojan.Win32.DarkGateLoader (multi variants) Vulnerability: Arbitrary Code Execution Description: Multiple variants of this malware look for and execute x32-bit “urlmon.dll” PE file in…
-
Trojan.Win32.DarkGateLoader (multi variants) / Arbitrary Code Execution – CXSecurity.com
-
Malware Posted on May 2nd, 2024 by Joshua Long In May 2023 and September 2023, and again in February 2024, we wrote about earlier variants of the Atomic Stealer Mac malware family. This malware—also known as Atomic macOS Stealer or AMOS for short—is designed to exfiltrate sensitive data from infected Macs. It is distributed in…
-
BYOVD (Bring Your Own Vulnerable Driver) is a class of attack in which threat actors drop known vulnerable drivers on a compromised machine and then exploit the bug(s) to gain kernel-level privileges. At this level of access, attackers can accomplish a lot: hide malware, dump credentials, and, crucially, attempt to disable EDR solutions.
-
I ran across an interesting LinkedIn post recently, “interesting” in the sense that it addressed something I hadn’t seen a great deal of reporting on; that is, ransomware threat actors dropping multiple RaaS variants within a single compromised organization.
-
“A 20-year-old Trojan resurfaced recently,” reports Dark Reading, “with new variants that target Linux and impersonate a trusted hosted domain to evade detection.” Researchers from Palo Alto Networks spotted a new Linux variant of the Bifrost (aka Bifrose) malware that uses a deceptive practice known as typosquatting to mimic a legitimate VMware domain, which allows…
-
Honor Magic 6 Pro and Magic V2 RSR Porsche Design made their global premiere at the Mobile World Congress (MWC) 2024 event in Barcelona. The latest Magic 6 Pro sports MagicOS 8.0 skin based on Android 14 and is equipped with Qualcomm’s Snapdragon 8 Gen 3 SoC.
-
North Korean state-sponsored threat actor ScarCruft, also known as APT37, Ruby Sleet, Ricochet Chollima, InkySquid, and RedEyes, has targeted media outfits and individuals knowledgeable in North Korean affairs in a new attack campaign deploying the RokRAT backdoor, The Hacker News reports.