Enlarge (credit: Getty Images) Microsoft has once again been caught allowing its legitimate digital certificates to sign malware in the wild, a lapse that allows the malicious files to pass strict security checks designed to prevent them from running on the Windows operating system. Multiple threat actors were involved …
A bunch of Android OEM signing keys have been leaked or stolen, and they are actively being used to sign malware. Łukasz Siewierski, a member of Google’s Android Security Team, has a post on the Android Partner Vulnerability Initiative (AVPI) issue tracker detailing leaked platform certificate keys that …
Kaspersky is reporting on a data wiper masquerading as ransomware that is targeting local Russian government networks. The Trojan corrupts any data that’s not vital for the functioning of the operating system. It doesn’t affect files with extensions.exe,.dll,.lnk,.sys or.msi, and ignores several …
Enlarge Mayors' offices and courts in Russia are under attack by never-before-seen malware that poses as ransomware but is actually a wiper that permanently destroys data on an infected system, according to security company Kaspersky and the Izvestia news service. Kaspersky researchers have named the wiper CryWiper, a nod …
European parliament is investigating powerful surveillance tool used by governments around the world Victims of spyware and a group of security experts have privately warned that a European parliament investigatory committee risks being thrown off course by an alleged “disinformation campaign”. The warning, contained in a letter to MEPs …
Enlarge (credit: Getty Images | Charles O'Rear) Federal prosecutors have charged a 26-year-old Ukrainian national with operating a malware service that was responsible for stealing sensitive data from more than 2 million individuals around the world. Prosecutors in Texas said on Tuesday that Mark Sokolovsky, 26, of Ukraine helped operate …
Enlarge (credit: Getty Images ) Researchers have revealed a never-before-seen piece of cross-platform malware that has infected a wide range of Linux and Windows devices, including small office routers, FreeBSD boxes, and large enterprise servers. Black Lotus Labs, the research arm of security firm Lumen, is calling the malware Chaos …
Enlarge (credit: Getty Images ) Researchers believe hackers with connections to the North Korean government have been pushing a Trojanized version of the PuTTY networking utility in an attempt to backdoor the network of organizations they want to spy on. Researchers from security firm Mandiant said on Thursday that at …
It’s pretty nasty : The malware was dubbed “ Shikitega ” for its extensive use of the popular Shikata Ga Nai polymorphic encoder, which allows the malware to “mutate” its code to avoid detection. Shikitega alters its code each time it runs through one of several decoding loops that AT&T …
Enlarge (credit: Getty Images ) Researchers this week unveiled a new strain of Linux malware that's notable for its stealth and sophistication in infecting both traditional servers and smaller Internet-of-things devices. Dubbed Shikitega by the AT&T Alien Labs researchers who discovered it, the malware is delivered through a multistage …
Enlarge (credit: Getty Images / Aurich Lawson) Last year, organizations spent $2 billion on products that provide Endpoint Detection and Response, a relatively new type of security protection for detecting and blocking malware targeting network-connected devices. EDRs, as they're commonly called, represent a newer approach to malware detection. Static analysis …
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. [...]
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. [...]
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. [...]
CEO Shalev Hulio is stepping down as part of NSO reorganisation that will see it focus on sales in Nato member countries Israel’s NSO Group, which makes the globally controversial Pegasus spyware said on Sunday its CEO Shalev Hulio would step down as part of a reorganisation. The …
The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data. [...]
‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings. [...]
The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities. [...]
Enlarge / Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common. (credit: Getty Images) Researchers have discovered yet another set of malicious packages in PyPi, the official and most popular repository for Python programs and code libraries …
Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to deliver malicious phishing payloads. [...]
Kaspersky is reporting on a new UFEI rootkit that survives reinstalling the operating system and replacing the hard drive. From an article : The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a …
Built-in Telegram and Discord services are fertile ground for storing stolen data, hosting malware and using bots for nefarious purposes. [...]
Newly discovered malware linked to Vietnamese threat actors targets users through a LinkedIn phishing campaign to steal data and admin privileges for financial gain. [...]
The Russian hacking group Turla released an Android app that seems to aid Ukrainian hackers in their attacks against Russian networks. It’s actually malware, and provides information back to the Russians: The hackers pretended to be a “community of free people around the world who are fighting russia …
Aamir Lakhani, with FortiGuard Labs, answers the question; Why is the Conti ransomware gang targeting people and businesses in Costa Rica? [...]