Security News

Emotet takedown – Europol attacks “world’s most dangerous malware”
2021-02-01 02:07

If you've followed the history of malware in recent years, you will definitely have heard of Emotet, and you'll have a very good idea of what happens next to Emotet victims if the malware breaches their defences. The macros used by Emotet documents are the opening gambit in the malware attack, and they initiate the next stage of the infection, typically launching a heavily disguised PowerShell command to download and implant the Emotet malware program itself.

Week in review: Sudo vulnerability, Emotet takedown, execs targeted with Office 365 phishing
2021-01-31 08:55

"Serious" vulnerability found in Libgcrypt, GnuPG's cryptographic libraryLibgcrypt 1.9.0, the newest version of a cryptographic library integrated in the GNU Privacy Guard free encryption software, has a "Severe" security vulnerability and should not be used, warned Werner Koch. Sudo vulnerability allows attackers to gain root privileges on Linux systemsA vulnerability in sudo, a powerful and near-ubiquitous open-source utility used on major Linux and Unix-like operating systems, could allow any unprivileged local user to gain root privileges on a vulnerable host.

Law Enforcement Planning Emotet Cleanup Operation Following Botnet Takedown
2021-01-28 13:36

Following a takedown operation earlier this month, authorities are taking steps towards cleaning up systems infected with the Emotet malware. Serving as a malware loader, Emotet has been associated with the distribution of well-known malware families, including TrickBot and Ryuk ransomware, among others.

Emotet Takedown Disrupts Vast Criminal Infrastructure; NetWalker Site Offline
2021-01-27 18:04

UPDATE. The virulent malware known as Emotet - one of the most prolific malware strains globally - has been dealt a blow thanks to a takedown by an international law-enforcement consortium. "One of the things that makes Emotet so dangerous is that Emotet opens the door to other types of malware, as it were. Large criminal groups were given access to some of those systems for payment to install their own malware. Concrete examples of this are the financial malware Trickbot and the ransomware Ryuk.".

Emotet botnet disrupted after global takedown operation
2021-01-27 12:57

The infrastructure of today's most dangerous botnet built by cybercriminals using the Emotet malware was taken down following an international coordinated action coordinated by Europol and Eurojust. The Emotet malware was first spotted as a banking Trojan in 2014 and it has evolved into a botnet used by the TA542 threat group to deploy second-stage malware payloads.

International law enforcement effort pulls off Emotet botnet takedown
2021-01-27 12:50

Law enforcement and judicial authorities worldwide have effected a global takedown of the Emotet botnet, Europol announced today. "The Emotet infrastructure essentially acted as a primary door opener for computer systems on a global scale. Once this unauthorised access was established, these were sold to other top-level criminal groups to deploy further illicit activities such data theft and extortion through ransomware. Investigators have now taken control of its infrastructure in an international coordinated action," they explained.

TrickBot Gets Updated to Survive Takedown Attempts
2020-11-24 11:52

Following a takedown attempt in October, the TrickBot malware has received various improvements that are designed to make it more resilient. On October 12, Microsoft announced that, together with several partners, it managed to legally disable existing TrickBot infrastructure and prevent operators from registering additional command and control domains.

GitHub threatens to ban users who bypass YouTube-dl takedown
2020-11-02 11:27

GitHub has issued a warning that accounts could be banned if they continue to upload content that was removed due to DMCA takedown notices. On October 23rd, 2020, GitHub removed the source code repositories for the popular video download tool called YouTube-dl after the Recording Industry Association of America, Inc. filed a DMCA infringement notice.

TrickBot Linux Variants Active in the Wild Despite Recent Takedown
2020-10-28 22:07

Efforts to disrupt TrickBot may have shut down most of its critical infrastructure, but the operators behind the notorious malware aren't sitting idle. According to new findings shared by cybersecurity firm Netscout, TrickBot's authors have moved portions of their code to Linux in an attempt to widen the scope of victims that could be targeted.

Angry YouTube-dl users flood GitHub with new repos after takedown
2020-10-26 19:21

Users of the extremely popular YouTube-dl YouTube media downloader have flooded GitHub with new repositories containing the tool's source code after GitHub took down the project's repositories on Friday. On October 23, 2020, GitHub took down YouTube-dl's repositories due to a DMCA infringement notice filed by Recording Industry Association of America, an organization that represents the recording industry in the U.S. Before being removed, YouTube-dl's repo was in the top 40 most starred GitHub repositories with more than 72,000 stars, between Node.js and Kubernetes.