Security News

Attackers are exploiting a recently fixed vulnerability in Apache ActiveMQ to install Kinsing malware and cryptocurrency miners on targeted Linux systems. Apache ActiveMQ is a popular Java-based open source message broker that allows communication between applications and services by translating messages exchanged via different protocols.

A recently discovered worm that researchers call LittleDrifter has been spreading over USB drives infecting systems in multiple countries as part of a campaign from the Gamaredon state-sponsored espionage group. Malware researchers saw indications of compromise in the United States, Ukraine, Germany, Vietnam, Poland, Chile, and Hong Kong, which suggests that the threat group lost control of LittleDrifter, which reached unintended targets.

A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor. [...]

The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems. Kinsing malware targets Linux systems and its operator is notorious for leveraging known flaws that are often overlooked by system administrators.

Phishing campaigns delivering malware families such as DarkGate and PikaBot are following the same tactics previously used in attacks leveraging the now-defunct QakBot trojan. “These include...

The Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox. Lumma is a malware-as-a-service information stealer rented to cybercriminals for a subscription between $250 and $1,000.

The stealer malware known as LummaC2 (aka Lumma Stealer) now features a new anti-sandbox technique that leverages the mathematical principle of trigonometry to evade detection and exfiltrate...

Threat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate software such as WinSCP into installing malware instead....

Government entities in the Middle East are the target of new phishing campaigns that are designed to deliver a new initial access downloader dubbed IronWind. Coinciding with the use of IronWind are consistent updates to its malware delivery mechanisms, using Dropbox links, XLL file attachments, and RAR archives to distribute IronWind.

The Vietnamese threat actors behind the Ducktail stealer malware have been linked to a new campaign that ran between March and early October 2023, targeting marketing professionals in India with an aim to hijack Facebook business accounts. Ducktail, alongside Duckport and NodeStealer, is part of a cybercrime ecosystem operating out of Vietnam, with the attackers primarily using sponsored ads on Facebook to propagate malicious ads and deploy malware capable of plundering victims' login cookies and ultimately taking control of their accounts.