Security News

Red Canary intelligence analysts have discovered a new Windows malware with worm capabilities that spreads using external USB drives. This malware is linked to a cluster of malicious activity dubbed Raspberry Robin and was first observed in September 2021.

Newly discovered malware was deployed in destructive attacks against Ukrainian organizations and governmental networks before and after Russia invaded the country on February 24. While analyzing these attacks, ESET Research Labs analysts discovered a new data wiper they dubbed IsaacWiper.

"Our reports of the last 48 hours prove that both criminal-hacking groups and nation state actors are engaged in the exploration of this vulnerability, and we should all assume more such actors' operations are to be revealed in the coming days," Check Point added. Log4J based on what I've seen, there is evidence that a worm will be developed for this in the next 24 to 48 hours.

A freshly discovered variant of the Golang crypto-worm was recently spotted dropping Monero-mining malware on victim machines; in a switch-up of tactics, the payload binaries are capable of speeding up the mining process by 15 percent, researchers said. According to research from Uptycs, the worm scans for and exploits various known vulnerabilities in popular Unix and Linux-based web servers, including CVE-2020-14882 in the Oracle WebLogic Server, and CVE-2017-11610, a remote code-execution bug which affects XML-RPC servers.

Koo, India's homegrown Twitter clone, recently patched a serious security vulnerability that could have been exploited to execute arbitrary JavaScript code against hundreds of thousands of its users, spreading the attack across the platform. The vulnerability involves a stored cross-site scripting flaw in Koo's web application that allows malicious scripts to be embedded directly into the affected web application.

That's because July 2001 is when the infamous Code Red computer worm showed up, spread fast, and all but consumed the internet for several days. Back in 2001, Windows didn't support DEP, short for Data Execution Prevention, so that any code shoved onto the stack could blindly be executed, even though the stack is intended to store data, not code.

The Indexsinas SMB worm is on the hunt for vulnerable environments to self-propagate into, researchers warned - with a particular focus on the healthcare, hospitality, education and telecommunications sectors. Since 2019, Indexsinas has used a large infrastructure made up of more than 1,300 devices acting as attack sources, with each device responsible for only a few attack incidents each.

A multi-platform Python-based malware targeting Windows and Linux devices has now been upgraded to worm its way into Internet-exposed VMware vCenter servers unpatched against a remote code execution vulnerability. FreakOut spreads itself by exploiting a wide range of OS and apps vulnerabilities and brute-forcing passwords over SSH, adding the infected devices to an IRC botnet controlled by its masters.

The MountLocker ransomware operation now uses enterprise Windows Active Directory APIs to worm through networks. In March 2021, a new group ransomware group emerged called 'Astro Locker' that began using a customized version of the MountLocker ransomware with ransom notes pointing to their own payment and data leak sites.

A malware that has historically targeted exposed Windows machines through phishing and exploit kits has been retooled to add new "Worm" capabilities. Purple Fox, which first appeared in 2018, is an active malware campaign that until recently required user interaction or some kind of third-party tool to infect Windows machines.