Security News
CrowdStrike is the latest lure being used to trick Windows users into downloading and running the notorious Lumma infostealing malware, according to the security shop's threat intel team, which spotted the scam just days after the Falcon sensor update fiasco. Lumma is a relatively popular stealer that has been in high demand among ransomware crews since 2022.
Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware. As the Binarly Research Team found, affected devices use a test Secure Boot "Master key"-also known as Platform Key-generated by American Megatrends International, which was tagged as "DO NOT TRUST" and that upstream vendors should've replaced with their own securely generated keys.
The French police and Europol are pushing out a "Disinfection solution" that automatically removes the PlugX malware from infected devices in France. The operation is conducted by the Center for the Fight Against Digital Crime of the National Gendarmerie with assistance by French cybersecurity firm Sekoia, which sinkholed a command and control server for a widely distributed PlugX variant last April.
Threat actors known as 'Stargazer Goblin' have created a malware Distribution-as-a-Service from over 3,000 fake accounts on GitHub that push information-stealing malware. The malware delivery service is called Stargazers Ghost Network and it utilizes GitHub repositories along with compromised WordPress sites to distribute password-protected archives that contain malware.
Check Point researchers have unearthed an extensive network of GitHub accounts that they believe provides malware and phishing link Distribution-as-a-Service. Set up and operated by a threat group...
A zero-day security flaw in Telegram's mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised as harmless-looking videos. The exploit appeared for sale...
Threat actors are taking advantage of the massive popularity of the Hamster Kombat game, targeting players with fake Android and Windows software that install spyware and information-stealing...
Russian-linked malware was used in a January 2024 cyberattack to cut off the heating of over 600 apartment buildings in Lviv, Ukraine, for two days during sub-zero temperatures. [...]
CrowdStrike is warning that a fake recovery manual to repair Windows devices is installing a new information-stealing malware called Daolpu. [...]
Organizations in Taiwan and a U.S. non-governmental organization based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. Daggerfly, also known by the names Bronze Highland and Evasive Panda, was previously observed using the MgBot modular malware framework in connection with an intelligence-gathering mission aimed at telecom service providers in Africa.