Cybercriminals were found distributing virtualized .NET malware loaders, dubbed MalVirt, in a Google Ads-based malvertising campaign to install the Formbook stealer and XLoader. The hackers used KoiVM virtualization technology to obfuscate their implementation and execution in their campaigns. The ...Read More
Medical institutions in the U.S. and Europe are under attack from a new botnet network called Passion launching DDoS attacks. It operates as a DDoS-as-a-Service (DDoSaaS) platform and has distinctive ties with Russian hacking groups, such as Anonymous Russia, Killnet, MIRAI, and Venom. It ran sever ...Read More
Cyble observed the InTheBox threat actor selling over 1,800 web injects in its dark web shop, which can target users from Australia, Japan, Indonesia, the U.S., India, and other countries. The overlays support several Android banking trojans and impersonate apps operated by organizations across the ...Read More
A new ransomware family called Nevada Ransomware has emerged on underground forums. The actors behind this variant, as experts with Resecurity confirmed, have an affiliate platform first introduced in the RAMP underground community. The group recently distributed an updated locker—written in Rust— ...Read More
Online gaming and gambling firms are once again under attack by a never-before-seen backdoor known as IceBreaker. According to security analysts at SecurityJoes, the malware’s compromise method relies on tricking customer service agents into opening malicious screenshots that the threat actor sent ...Read More
Aqua Security researchers found a new malware, dubbed HeadCrab, that has infected over a thousand Redis servers since September 2021. Researchers found approximately 1,200 actively infected servers that it has been abusing to mine Monero cryptocurrency. HeadCrab uses state-of-the-art infrastructure ...Read More
Operators of the LockBit ransomware rolled out a new version of their malware, dubbed LockBit Green. It is the modified version of the ESXI ransomware variant and is created to launch attacks against cloud-based services. Moreover, researchers highlighted that the new LockBit variant has a signific ...Read More
A New Prilex PoS malware variant has been observed blocking NFC-enabled contactless credit card transactions and forcing users to insert credit cards for transactions. In fact, an attacker can configure the malware to capture card data only if it is a Black/Infinite or Corporate card. Retailers are ...Read More
Experts at Check Point Research laid bare the secrets of a shellcode-based packer, dubbed TrickGate, assisting threat actors in deploying a range of malware such as TrickBot, Emotet, FormBook, Cerber, AZORult, Agent Tesla, Maze, and REvil. The malware stayed under the hood for six years owing to it ...Read More
A new exploit, dubbed SH1MMER, has been devised to unenroll enterprise- or school-managed Chromebooks from administrative control, letting a user bypass admin restrictions. The exploit uses publicly leaked Return Merchandise Authorization (RMA) shims to modify the management of enrollment of device ...Read More
Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.