Internet threat news

Windows SmartScreen Vulnerability Used To Drop DarkGate

Security researchers at Trend Micro have discovered a DarkGate malware campaign using a vulnerability already patched in Windows Defender’s Smart Screen utility.

   
The Great BlackCat Ransomware Heist

Several news outlets, including Reuters, have been covering a fair amount of exciting news regarding the BlackCat ransomware gang, also tracked as ALPHV by this publication.

When this publication last covered BlackCat operations, they were seen exploiting both the Impacket and RemCom frameworks to facilitate infections better.

Now, the ransomware developers are looking to bow out of the operation, not by retiring gracefully but via an exit scam that may be intended to prevent affiliates from being paid out.

   
Ransomware Gangs Seen Exploiting ScreenConnect Vulnerability

Following the announcement and subsequent patching of CVE-2024-1709, several security researchers have noted ransomware gangs have been seen trying to exploit the flaw.

If the flaw is exploited, it allows an attacker to create admin accounts on Internet-exposed servers, delete all other users, and take over any vulnerable instance associated with a machine.

   
Commercial Surveillance Companies Drive Zero-Day Development And Exploitation

According to the latest report published by Google's Threat Analysis Group (TAG), the rise of commercial surveillance vendors is driving zero-day vulnerability discovery, development, and exploitation. This poses significant risks to free speech, the free press, and the open internet.

   
The Emergence Of Blackwood

According to a recently published report by security firm ESET, a new sophisticated Advanced Persistent Threat (APT) group called Blackwood has emerged from the shadows.

Researchers discovered that the APT group was conducting cyberespionage campaigns against businesses and individuals. Based on what was found, the group has been active since 2018.

   
Ransomware Decryptor Made Available Online For The Less Tech Savvy

Security firm CyberArk has developed an online version of its White Phoenix decryptor, designed to help make it easier for victims to decrypt encrypted files. This can help victims of specific ransomware attacks recover files without downloading a GitHub repository.

   
Threat Actors Using Cracked Software To Push Malware To macOS

In the space of little over a month, security firm Kaspersky discovered not one but two trojan malware that target macOS machines being spread via cracked software packages. This again shows the danger of downloading and installing pirated and cracked software to save a few dollars.

   
FBI Warns Of Androxgh0st Malware

In a joint advisory issued by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), both agencies warned that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads.

   
Black Hunt Ransomware Claiming Victims

Recently, local media in Paraguay reported that Tigo, the largest mobile carrier in Paraguay, with its Tigo Business division offering digital solutions to the enterprise.

The list of provided services includes cybersecurity consulting, cloud and data center hosting, and wide area network (WAN) solutions, suffered a cyberattack directly impacting cloud and hosting services in the company's business division.

   
War Sees SysJoker Evolution

According to new research published by Check Point, the ongoing Israel-Hamas war has seen a new version of the SysJoker being actively deployed against targets.

The newly discovered version of SysJoker has been written in the Rust programming language, suggesting that it has been completely rewritten.

Researchers also noted that the new version was utilized in targeted attacks in 2023, similar in tactics and approach to known threat actors, such as the Gaza Cybergang.

   
Security Researchers And Law Enforcement Lift Lid On Rhysida Infections

The Rhysida ransomware strain was first brought to wider public attention when it was used in an attack on the Chilean Army in May 2023. Since then, Rhysida operators have claimed they have at least 50 victims worldwide on its data leak website.

Now, law enforcement agencies and security firm Fortinet have released reports to help inform network defenders about the ransomware's attack chain and to help prevent further infections.

   
ICBC Hack Raises Questions As To US Treasury Cyber Readiness

On November 10, 2023, news emerged that the Industrial and Commercial Bank of China (ICBC) had suffered a cyber incident. One of the results of the hack was that the bank was on the line for 9 billion USD in unsettled trades.

The immediate ramifications of the attack meant that BNY Mellon was owed 9 billion USD just so that normal business could resume. It was later discovered that the cyber incident was a ransomware attack.

   
Threat Intelligence Work Reveals Threat Actor Farnetwork Operations

Recently published research by Group IB’s threat intelligence team uncovered a threat actor related to five ransomware strains. It gave researchers insider knowledge of ransomware-as-a-service (RaaS) operations.

Security researchers looked to infiltrate the RaaS network by applying to be an affiliate. This required the researchers to be interviewed as one would be for a job.

   
Ragnar Locker's Extortion Website Seized

On October 20, 2023, Europol announced that authorities had seized Ragnar Locker's extortion and data leak website as part of an international law enforcement operation.

A day earlier, Bleeping Computer broke the news and confirmed the law enforcement operation did indeed occur, according to a Europol spokesperson. It was only the following day that Europol released an official statement.

   

Page 1 of 52

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal