Security News

How to protect your organization from the top malware strains
2022-08-08 16:23

How to protect your organization from the top malware strains. A new government advisory looks at the top malware strains of 2021 and offers advice on how to thwart them.

Chinese hackers use new Windows malware to backdoor govt, defense orgs
2022-08-08 13:36

An extensive series of attacks detected in January used new Windows malware to backdoor government entities and organizations in the defense industry from several countries in Eastern Europe. Kaspersky linked the campaign with a Chinese APT group tracked as TA428, known for its information theft and espionage focus and attacking organizations in Asia and Eastern Europe [1, 2, 3, 4]. The threat actors successfully compromised the networks of dozens of targets, sometimes even taking control of their entire IT infrastructure by hijacking systems used to manage security solutions.

New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack
2022-08-07 04:29

"This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai," Fortinet FortiGuard Labs said in a report. The malware, which gets its name from an embedded URL to a YouTube rap music video in an earlier version, is said to have amassed a growing collection of compromised SSH servers, with over 3,500 unique IP addresses used to scan and brute-force their way into the servers.

Facebook finds new Android malware used by APT hackers
2022-08-05 14:40

Meta has released its Q2 2022 adversarial threat report, and among the highlights is the discovery of two cyber-espionage clusters connected to hacker groups known as 'Bitter APT' and APT36 using new Android malware. These cyberspying operatives use social media platforms like Facebook to collect intelligence or to befriend victims using fake personas and then drag them to external platforms to download malware.

A Growing Number of Malware Attacks Leveraging Dark Utilities 'C2-as-a-Service'
2022-08-05 10:06

A nascent service called Dark Utilities has already attracted 3,000 users for its ability to provide command-and-control services with the goal of commandeering compromised systems. Users are provided an administrative panel to run commands on the machines under their control upon establishing an active C2 channel, effectively granting the attacker full access to the systems.

New Woody RAT Malware Being Used to Target Russian Organizations
2022-08-05 05:42

An unknown threat actor has been targeting Russian entities with a newly discovered remote access trojan called Woody RAT for at least a year as part of a spear-phishing campaign. The advanced custom backdoor is said to be delivered via either of two methods: archive files and Microsoft Office documents leveraging the now-patched "Follina" support diagnostic tool vulnerability in Windows.

New Linux malware brute-forces SSH servers to breach networks
2022-08-04 16:22

A new botnet called 'RapperBot' is being used in attacks since mid-June 2022, focusing on brute-forcing its way into Linux SSH servers to establish a foothold on the device. Over the past 1.5 months since its discovery, the new botnet used over 3,500 unique IPs worldwide to scan and attempt brute-forcing Linux SSH servers.

Cybersecurity agencies reveal last year’s top malware strains
2022-08-04 15:55

The U.S. Cybersecurity and Infrastructure Security Agency released a list of the topmost detected malware strains last year in a joint advisory with the Australian Cyber Security Centre. "Most of the top malware strains have been in use for more than five years with their respective code bases evolving into multiple variations," the cybersecurity agencies said.

VirusTotal Reveals Most Impersonated Software in Malware Attacks
2022-08-04 04:34

Other most impersonated legitimate apps by icon include 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp, an analysis from VirusTotal has revealed. "One of the simplest social engineering tricks we've seen involves making a malware sample seem a legitimate program," VirusTotal said in a Tuesday report.

Russian organizations attacked with new Woody RAT malware
2022-08-03 22:35

Unknown attackers target Russian entities with newly discovered malware that allows them to control and steal information from compromised devices remotely. According to Malwarebytes, one of the Russian organizations that were attacked using this malware is a government-controlled defense corporation.