Internet threat news

Is Sodinokibi Back?

Security researchers have recently discovered possible links between the relatively new Ransom Cartel and an old foe of many a researcher, Sodinokibi. The latter is also tracked as REvil, a pioneer in how ransomware gangs changed tactics to target large corporations and demand millions in ransom payments.

   
IceID Malware Developers Diversify Delivery Methods

Based on research conducted by Team Cymru, threat actors distributing the IceID malware are experimenting with different delivery methods to find out which works best against different targets. Since Microsoft blocked Macros by default threat actors and malware developers have been forced to find new delivery methods for their malware and it seems IceID is no exception.

   
Lazarus Adopts Bring Your Own Vulnerable Driver Attack Methodology

Lazarus Group, North Korea’s elite state-sponsored hacking group, has never been shy from adopting new techniques and tactics. In the past, the group has dabbled with ransomware blurring the lines between what was considered the realm of financially motivated hackers rather than their state-sponsored cousins. Now, according to a new report published by ESET, the group has adopted the Bring Your Own Vulnerable Driver (BYOVD) attack tactic to install Window’s based rootkits.

   
New Threat Group Metador Targets ISPs and Universities

Security firm, Sentinel Labs, has discovered a new threat group that is intent on targeting telecommunications, internet service providers (ISP), and universities, primarily in Africa and the Middle East. Based on a report published the advanced threat group has been active for two years and focuses on long-term persistence for cyber espionage.

   
2K Games has Game Support Infrastructure Hacked

In an article published by Bleeping Computer, the cyber security news platform repealed that video games publisher 2K had their gaming support system hacked to spread malware to gamers. This follows news that Steam users were being targeted by unique Browser-in-the-Browser attacks looking to phish online credentials. Gamers across the globe need to be aware that they are now favored targets for specific financially motivated hackers and known threat actor groups.

   
Steam Accounts Stolen Using Browser-in-the-Browser Attack

Steam and its vast array of gaming enthusiasts who use the platform have long been a target for cybercriminals, either to frustrate users or make significant amounts of money hijacking accounts and selling them off. Now attacks are using a newly discovered phishing method, known as a Browser-in-Browser attack to go after the Steam accounts of well-known professional gamers. This is according to a new report by Group-IB.

   
Beware of Bumblebee’s New Features

Initially discovered in April 2022, Bumblebee activity rose as BazarLoader activity dropped off. This hinted at the Conti ransomware gang, and TrickBot had switched malware to grant backdoor access for the ransomware on targeted networks. Since Bumble Bee’s discovery, the developers behind the malware have continued to boost the feature set of the malware, with the latest feature being the capability to add a DLL payload into memory. This allows for more stealthy operations and infections.

   
BlackCat Ransomware Successfully Targets Italian Energy Sector

Towards the end of August, an attack hit the systems of Italy's energy agency the Gestore dei Servizi Energetici SpA (GSE). The company is publicly owned and specializes in generating electricity from renewable resources across Italy. In a statement to Bloomberg, a spokesperson for the company at the time of the attack stated,

   
Sliver and Brute Ratel Replace Cobalt Strike

For some time now the penetration testing tool Cobalt Strike has long had its somewhat legitimate functions abused by hackers to compromise targeted machines. The creation of Cobalt Strike beacons was also a favored malware and ransomware delivery method for several threat actors, generally following an infection from TrickBot amongst others to signal a machine is compromised.

   
WordPress Sites Seen Spreading Malware via Fake DDoS Pages

Distributed denial of service (DDoS) attacks is a common frustration for internet users when looking to access their favorite online resources. Upon visiting such a resource the visitor may see a page stating that the page they want to visit is currently unavailable due to DDoS attempts flooding the web server with garbage traffic. For example, such a page is generated by DDoS protection services like Cloudflare. Now, hackers have weaponized these pages to spread malware.

   
Beware the Malicious Browser Extensions Targeting Millions

Browser extensions can be amazingly convenient applications in your browser. To-do lists, discount code auto-fill extensions, and numerous others add a high level of functionality to how we use our favorite browser, be it Chrome, Safari, Edge, or Firefox.

   
Lazarus Still Determined to Steal Your Crypto

The North Korean state-sponsored threat actor Lazarus has long brought the definitions used by security researchers into doubt. Typically, state-sponsored groups are not financially motivated but motivated by the policies and aims of their state overlords.

   
Microsoft finally Block Macros but Hackers Find New Attack Vectors

A favored attack vector exploited by hackers has long been Microsoft Office’s Macros functionality. Microsoft initially introduced macros to help users automate procedures making use of Excel or Word a much more convenient prospect, but that convenience came with price hackers were far too keen to claim.

   
Israeli Spyware Firm Seen Exploiting Chrome Zero-Day

Israeli-made spyware is again in the headlines. The last fallout resulted from the NSO group’s use of Pegasus which was used to track politicians, journalists, political dissidents, and political rivals, as long as the customer could pay for the service. As to the vetting of customers, it could be argued that little was done in this regard and the only requirement was whether the customer be they a dictator or unscrupulous politician could afford the spyware services offered by NSO. Now another Israeli firm has been caught using spyware to spy on journalists.

   

Page 2 of 48

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
About PCrisk

PCrisk logo

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal