Security News

Hackers push USB malware payloads via news, media hosting sites
2024-01-31 22:31

A financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content. The attackers hide these payloads in plain sight, placing them in forum user profiles on tech news sites or video descriptions on media hosting platforms.

FBI disrupts Chinese botnet by wiping malware from infected routers
2024-01-31 17:43

The FBI has disrupted the KV Botnet used by Chinese Volt Typhoon state hackers to evade detection during attacks targeting U.S. critical infrastructure. Devices compromised and added to this botnet included Netgear ProSAFE, Cisco RV320s, and DrayTek Vigor routers, as well as Axis IP cameras, according to Lumen Technologies' Black Lotus Labs team, who first linked the malware to the Chinese threat group in December.

Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware
2024-01-31 12:21

Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to...

Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware
2024-01-31 11:00

A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in Italy. Google-owned Mandiant said the attacks...

Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware
2024-01-31 07:23

A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that's used...

Microsoft Teams phishing pushes DarkGate malware via group chats
2024-01-30 17:47

New phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims' systems. The attackers used what looks like a compromised Teams user to send over 1,000 malicious Teams group chat invites, according to AT&T Cybersecurity research.

Police disrupt Grandoreiro banking malware operation, make arrests
2024-01-30 15:46

The Federal Police of Brazil and cybersecurity researchers have disrupted the Grandoreiro banking malware operation, which has been targeting Spanish-speaking countries with financial fraud since 2017. The operation was supported by ESET, Interpol, the National Police in Spain, and Caixa Bank, all providing critical data leading to identifying and arresting individuals controlling the malware's infrastructure.

New ZLoader Malware Variant Surfaces with 64-bit Windows Compatibility
2024-01-30 08:43

Threat hunters have identified a new campaign that delivers the ZLoader malware, resurfacing nearly two years after the botnet's infrastructure was dismantled in April 2022. A new variant of the...

Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines
2024-01-29 05:32

Cybersecurity researchers have identified malicious packages on the open-source Python Package Index (PyPI) repository that deliver an information stealing malware called WhiteSnake Stealer on...

AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks
2024-01-27 06:55

Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT. The BlackBerry...