Security News
The peer-to-peer (P2) worm known as P2PInfect has witnessed a surge in activity since late August 2023, witnessing a 600x jump between September 12 and 19, 2023. "This increase in P2PInfect...
An unknown threat actor has released a fake proof of concept exploit for CVE-2023-4047, a recently fixed remote code execution vulnerability in WinRAR, to spread the VenomRAT malware. The fake WinRAR PoC. On August 17, 2023, Trend Micro's Zero Day Initiative reported the RCE vulnerability that allowed threat actors to execute arbitrary code on an affected WinRAR installation.
The maintainers of Free Download Manager (FDM) have acknowledged a security incident dating back to 2020 that led to its website being used to distribute malicious Linux software. "It appears that...
The P2PInfect botnet worm is going through a period of highly elevated activity volumes starting in late August and then picking up again in September 2023. Cado says the latest P2PInfect samples feature additions and improvements that make it more capable of spreading to targets and showcase the continuous development of the malware.
The developers of Free Download Manager have published a script to check if a Linux device was infected through a recently reported supply chain attack. Free Download Manager is a popular cross-platform download manager that offers torrenting, proxying, and online video downloads through a user-friendly interface.
A hacker is spreading a fake proof-of-concept exploit for a recently fixed WinRAR vulnerability on GitHub, attempting to infect downloaders with the VenomRAT malware. The fake PoC exploit was spotted by Palo Alto Networks' Unit 42 team of researchers, who reported that the attacker uploaded the malicious code to GitHub on August 21, 2023.
New malware named HTTPSnoop and PipeSnoop are used in cyberattacks on telecommunication service providers in the Middle East, allowing threat actors to remotely execute commands on infected devices. The HTTPSnoop malware interfaces with Windows HTTP kernel drivers and devices to execute content on the infected endpoint based on specific HTTP(S) URLs, and the PipeSnoop accepts and executes arbitrary shellcode from a named pipe.
Targets located in Azerbaijan have been singled out as part of a new campaign that's designed to deploy Rust-based malware on compromised systems. Cybersecurity firm Deep Instinct is tracking the operation under the name Operation Rusty Flag.
XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe. The analyst team at ANY.RUN came across the newest version of the malware and could not refuse the opportunity of taking it apart to examine XWorm mechanics configurations.
The suspected Pakistan-linked threat actor known as Transparent Tribe is using malicious Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan, demonstrating the continued evolution of the activity. Transparent Tribe, also known as APT36, is known to target Indian entities for intelligence-gathering purposes, relying on an arsenal of tools capable of infiltrating Windows, Linux, and Android systems.