malware

Pierluigi Paganini January 13, 2022
SysJoker, a previously undetected cross-platform backdoor made the headlines

Security researchers found a new cross-platform backdoor, dubbed SysJoker, the is suspected to be the work of an APT group. Security experts from Intezer discovered a new backdoor, dubbed SysJoker, that is able to infect Windows, macOS, and Linux systems. The experts spotted a Linux variant of the backdoor in December while investigating an attack against […]

Pierluigi Paganini January 12, 2022
Russia-linked threat actors targets critical infrastructure, US authorities warn

US authorities warn critical infrastructure operators of the threat of cyberattacks orchestrated by Russia-linked threat actors. US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint alert to warn critical infrastructure operators about threats from Russian state-sponsored hackers. “This joint Cybersecurity Advisory (CSA)—authored […]

Pierluigi Paganini January 12, 2022
New RedLine malware version distributed as fake Omicron stat counter

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. Fortinet researchers have spotted a new version of the RedLine info-stealer that is spreading via emails using a fake COVID-19 Omicron stat counter app as a lure. The RedLine malware […]

Pierluigi Paganini January 12, 2022
Iran-linked APT35 group exploits Log4Shell flaw to deploy a new PowerShell backdoor

Iran-linked APT35 group has been observed leveraging the Log4Shell flaw to drop a new PowerShell backdoor. Iran-linked APT35 cyberespionege group (aka ‘Charming Kitten‘ or ‘Phosphorus‘) has been observed leveraging the Log4Shell flaw to drop a new PowerShell backdoor, Check Point researchers states. The experts also details the use of a modular PowerShell-based framework dubbed CharmPower, that allows […]

Pierluigi Paganini January 11, 2022
Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems. The ransomware gang started its operations on December 27, 2021, and […]

Pierluigi Paganini January 11, 2022
AvosLocker ransomware now targets Linux systems, including ESXi servers

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers, Bleeping computed reported. “While we couldn’t find what targets were attacked using this AvosLocker ransomware Linux variant, BleepingComputer knows of at least one […]

Pierluigi Paganini January 11, 2022
WordPress 5.8.3 Security Release fixes four vulnerabilities

WordPress maintainers have released WordPress 5.8.3 that addresses four vulnerabilities and recommend admins to update their sites immediately The WordPress 5.8.3 security release addresses four vulnerabilities affecting versions between 3.7 and 5.8, it is labeled as a short-cycle security release. The organization announced that the next major release will be version 5.9, which is already in […]

Pierluigi Paganini January 10, 2022
Abcbot and Xanthe botnets have the same origin, experts discovered

Experts linked the C2 infrastructure behind an the Abcbot botnet to a cryptocurrency-mining botnet attack that was uncovered in December 2020. Experts linked the infrastructure used by the Abcbot DDoS botnet to the operations of a cryptocurrency-mining botnet that was uncovered in December 2020. In November Researchers from Qihoo 360’s Netlab security team have spotted […]

Pierluigi Paganini January 10, 2022
Indian-linked Patchwork APT infected its own system revealing its ops

The India-linked threat actor Patchwork infected one of their own computers with its RAT revealing its operations to researchers. An India-linked threat actor, tracked as Patchwork (aka Dropping Elephant), employed a new variant of the BADNEWS backdoor, dubbed Ragnatela (“spider web” in Italian), in a recent campaign. However, the group made the headlines after infecting […]

Pierluigi Paganini January 09, 2022
US NCSC and DoS share best practices against surveillance tools

The US NCSC and the Department of State published joint guidance on defending against attacks using commercial surveillance tools. The US National Counterintelligence and Security Center (NCSC) and the Department of State have published joint guidance that provides best practices on defending against attacks carried out by threat actors using commercial surveillance tools. In the last years, […]