Security News

GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks
2024-02-29 11:33

Threat hunters have discovered a new Linux malware called GTPDOOR that’s designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges (GRX) The malware is novel in the...

Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems
2024-02-29 08:17

The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware. The...

Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware
2024-02-29 05:49

At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN...

Chinese PC-maker Acemagic customized its own machines to get infected with malware
2024-02-29 04:46

Chinese PC maker Acemagic has admitted some of its products shipped with pre-installed malware. YouTuber The Net Guy found malware on Acemagic mini PCs when he tested them in early February.

TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users
2024-02-28 07:43

Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows malware called TimbreStealer. Cisco Talos,...

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708)
2024-02-26 11:19

The recently patched vulnerabilities in ConnectWise ScreenConnect software are being exploited by numerous attackers to deliver a variety of malicious payloads. After PoC exploits for CVE-2024-1709 have been made public, various attackers began targeting vulnerable public-facing ScreenConnect servers, hoping to use them as a way into enterprise networks.

Dormant PyPI Package Compromised to Spread Nova Sentinel Malware
2024-02-23 17:08

A dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealer malware called Nova Sentinel. The package,...

Russian Government Software Backdoored to Deploy Konni RAT Malware
2024-02-22 10:43

An installer for a tool likely used by the Russian Consular Department of the Ministry of Foreign Affairs (MID) has been backdoored to deliver a remote access trojan called Konni RAT (aka UpDog)....

New SSH-Snake malware steals SSH keys to spread across the network
2024-02-21 19:03

A threat actor is using an open-source network mapping tool named SSH-Snake to look for private keys undetected and move laterally on the victim infrastructure. The worm searches for private keys in various locations, including shell history files, and uses them to stealthily spread to new systems after mapping the network.

LockBit leaks expose nearly 200 affiliates and bespoke data-stealing malware
2024-02-21 14:07

The latest revelation from law enforcement authorities in relation to this week's LockBit leaks is that the ransomware group had registered nearly 200 "Affiliates" over the past two years. List of LockBit 3.0 affiliates published by the NCA. The FBI first started investigating LockBit in 2020, and the group has since developed new variants of its ransomware, the latest of which was released in mid-2022, so the data shared today likely shows all the affiliates that have ever deployed the most recent version of LockBit.