Security News

A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023. "While 400,000 is a massive number, it's important to mention that this is the number of compromises over the course of almost 15 years. Not all of those machines were compromised at the same time," explains ESET. "There is a constant churn of new servers being compromised while others are being cleaned up or decommissioned. The data at our disposal doesn't indicate when the attackers lost access to the systems, so it's difficult to know the size of the botnet at any specific point in time."

The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at South...

Polish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked nation-state actor called APT28. "The campaign sent emails with content...

A newer version of a malware loader called Hijack Loader has been observed incorporating an updated set of anti-analysis techniques to fly under the radar. "These enhancements aim to increase the...

Finland's Transport and Communications Agency is warning about an ongoing Android malware campaign attempting to breach online bank accounts. The McAfee app is malware that will allow threat actors to breach victim's bank accounts.

The Iranian state-backed threat actor tracked as APT42 is employing social engineering attacks, including posing as journalists, to breach corporate networks and cloud environments of Western and Middle Eastern targets. Google threat analysts following APT42's operations report that the hackers use malicious emails to infect their targets with two custom backdoors, namely "Nicecurl" and "Tamecat," which provide command execution and data exfiltration capabilities.

Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control...

Cuttlefish, a new malware family that targets enterprise-grade small office/home office routers, is used by criminals to steal account credentials / secrets for AWS, CloudFlare, Docker, BitBucket, Alibaba Cloud and other cloud-based services. "With the stolen key material, the actor not only retrieves cloud resources associated with the targeted entity but gains a foothold into that cloud ecosystem," Black Lotus Labs researchers noted.

A new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily monitoring all traffic through the devices and gather authentication data from...

Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses compromised WordPress sites as relays for its actual command-and-control (C2)...