VPN Archives - Page 44 of 45 - Cybersecurity News Everyday

Threat Research

Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control | CISA

April 18, 2022 Securonix

Summary

Update June 2, 2022:

This Cybersecurity Advisory (CSA) has been updated with additional indicators of compromise (IOCs) and detection signatures, as well as tactics, techniques, and procedures (TTPs) from trusted third parties.

Update End

The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this CSA to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination.…

Threat Research

RedLine Stealer Campaign Using Binance Mystery Box Videos to Spread GitHub-Hosted Payload

April 8, 2022 Securonix

Summary

RedLine Stealer is a malware that emerged in 2020, discovered in underground forums being sold in different plans, starting from $100 per month. The malware offers many capabilities for device reconnaissance, remote control, and information stealing, including:

Data from browsers (e.g. login, passwords, credit cards, cookies, etc.);…

Threat Research

FFDroider Stealer Targeting Social Media Platform Users

March 29, 2022 Securonix

Introduction

Credential stealing malware is commonly observed in the landscape of cyber attacks today. Zscaler ThreatLabz team has discovered many new types of stealer malwares across different attack campaigns. Stealers are malicious programs that threat actors use to collect sensitive information with various techniques including keylogging, cookie stealing, and sending stolen information to the Command and Control Server. …

Threat Research

AcidRain | A Modem Wiper Rains Down on Europe

March 22, 2022 Securonix

By Juan Andres Guerrero-Saade (@juanandres_gs) and Max van Amerongen (@maxpl0it)

Executive SummaryOn Thursday, February 24th, 2022, a cyber attack rendered Viasat KA-SAT modems inoperable in Ukraine. Spillover from this attack rendered 5,800 Enercon wind turbines in Germany unable to communicate for remote monitoring or control.…

Threat Research

Analysis of BlackGuard – A New Info Stealer Malware Being Sold In A Russian Hacking Forum

March 22, 2022 Securonix

Introduction:

Hacking forums often double up as underground marketplaces where cybercriminals buy, rent, and sell all kinds of malicious illegal products, including software, trojans, stealers, exploits, and leaked credentials. Malware-as-a-service has contributed substantially to the growth of ransomware and phishing attacks (among other attack types) in the past year, as they lower the technical barrier to entry for criminals to carry out attacks.…

Threat Research

Transparent Tribe campaign uses new bespoke malware to target Indian government officials

March 21, 2022 Securonix

By Asheer Malhotra and Justin Thattil with contributions from Kendall McKay.

Cisco Talos has observed a new Transparent Tribe campaign targeting Indian government and military entities. While the actors are infecting victims with CrimsonRAT, their well-known malware of choice, they are also using new stagers and implants.…

Threat Research

Conti Affiliate Exposed: New Domain Names, IP Addresses and Email…

March 15, 2022 Securonix

A Cobalt Strike Cybercrime Syndicate and the Ransomware Hackers’ Favorite Weapon

On March 9, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Secret Service issued an updated alert about the Conti ransomware group, encouraging organizations to review their advisory and apply the recommended mitigations.…

Threat Research

Password stealer disguised as private Fortnite server spreading via Discord

March 14, 2022 Securonix

Since the beginning of this year, Avast has protected more than 2,000 customers from this password stealer.

Avast researchers have found password stealer malware, disguised as a private Fortnite server, where users can meet for a private match, and use skins for free. The malware is being heavily propagated on communications platform Discord.…

Threat Research

Mēris and TrickBot standing on the shoulders of giants – Avast Threat Labs

March 14, 2022 Securonix

This is the story of piecing together information and research leading to the discovery of one of the largest botnet-as-a-service cybercrime operations we’ve seen in a while. This research reveals that a cryptomining malware campaign we reported in 2018, Glupteba malware, significant DDoS attacks targeting several companies in Russia, including Yandex, as well as in New Zealand, and the United States, and presumably also the TrickBot malware were all distributed by the same C2 server.…

Threat Research

Suspected DarkHotel APT Activity Update

March 11, 2022 Securonix

One Hotel to rule them all, One Hotel to find them, One Hotel to bring them all and in the darkness bind them.

By John Fokker · March 17, 2022

This story was also written by Thibault Seret

Introduction:

Our advanced threat research team has discovered a first-stage malicious campaign targeting luxury hotels in Macao, China since the latter half of November 2021.…

Threat Research

Cyclops Blink Sets Sights on Asus Routers

March 9, 2022 Securonix

This report discusses the technical capabilities of this Cyclops Blink malware variant that targets ASUS routers and includes a list of more than 150 current and historical command-and-control (C&C) servers of the Cyclops Blink botnet.

With additional insights from Philippe Z Lin

Note: This article has been updated on March 17, 2022, 2:00 a.m.…

Threat Research

DirtyMoe: Worming Modules – Avast Threat Labs

March 9, 2022 Securonix

The DirtyMoe malware is deployed using various kits like PurpleFox or injected installers of Telegram Messenger that require user interaction. Complementary to this deployment, one of the DirtyMoe modules expands the malware using worm-like techniques that require no user interaction.

This research analyzes this worming module’s kill chain and the procedures used to launch/control the module through the DirtyMoe service.…

Threat Research

Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability | CISA

March 8, 2022 Securonix

Summary

Multifactor Authentication (MFA): A Cybersecurity Essential• MFA is one of the most important cybersecurity practices to reduce the risk of intrusions—according to industry research, users who enable MFA are up to 99 percent less likely to have an account compromised.• Every organization should enforce MFA for all employees and customers, and every user should sign up for MFA when available.•…

Threat Research

Infostealer Being Distributed via YouTube – ASEC BLOG

March 2, 2022 Securonix

The ASEC analysis team has recently discovered an infostealer that is being distributed via YouTube. The attacker disguised the malware as a game hack for Valorant, and uploaded the following video with the download link for the malware, then guided the user to turn off the anti-malware program.…

Threat Research

PseudoManuscrypt Being Distributed in the Same Method as Cryptbot – ASEC BLOG

February 9, 2022 Securonix

The ASEC analysis team has discovered that PseudoManuscrypt malware was being distributed in Korea since May 2021. Introduced in the previous ASEC blog, PseudoManuscrypt is disguised as an installer that is similar to a form of Cryptbot, and is being distributed. Not only is its file form similar to Cryptbot, but it is also distributed via malicious sites exposed on the top search page when users search commercial software-related illegal programs such as Crack and Keygen.…

Threat Research

SolarMarker campaign used novel registry changes to establish persistence

January 31, 2022November 2, 2024 Securonix

Over the past seven months, SophosLabs has monitored a series of new efforts to distribute SolarMarker, an information stealer and backdoor (also known as Jupyter or Polazert). First detected in 2020, the .NET malware usually delivered by a PowerShell installer has information harvesting and backdoor capabilities.…

Threat Research

Sugar Ransomware, a new RaaS

January 24, 2022November 2, 2024 Securonix

By: Joshua Platt, Jonathan Mccay and Jason Reaves

An actor recently has been starting up a RaaS solution that appears to primarily focus on individual computers instead of entire enterprises but is also reusing objects from other ransomware families. Not a lot has been discussed about this ransomware but we did find a tweet mentioning one of the samples[3] during our research.…

Threat Research

StellarParticle Campaign: Novel Tactics and Techniques | CrowdStrike

January 21, 2022November 2, 2024 Securonix

StellarParticle is a campaign tracked by CrowdStrike as related to the SUNSPOT implant from the SolarWinds intrusion in December 2020 and associated with COZY BEAR (aka APT29, “The Dukes”). The StellarParticle campaign has continued against multiple organizations, with COZY BEAR using novel tools and techniques to complete their objectives, as identified by CrowdStrike incident responders and the CrowdStrike Intelligence team.…

Threat Research

Campaigns abusing corporate trusted infrastructure hunt for corporate credentials on ICS networks | Kaspersky ICS CERT

January 12, 2022November 2, 2024 Securonix

In 2021, Kaspersky ICS CERT experts noticed a growing number of anomalous spyware attacks infecting ICS computers across the globe.

Although the malware used in these attacks belongs to well-known commodity spyware families, these attacks stand out from the mainstream due to a very limited number of targets in each attack and a very short lifetime of each malicious sample.…

Threat Research

New Ryuk Ransomware Sample Targets Webservers | McAfee Blog

July 7, 2021November 2, 2024 McAfee

Executive Summary

Ryuk is a ransomware that encrypts a victim’s files and requests payment in Bitcoin cryptocurrency to release the keys used for encryption. Ryuk is used exclusively in targeted ransomware attacks.

Ryuk was first observed in August 2018 during a campaign that targeted several enterprises.…