Internet threat news

Black Basta: Ransomware’s Newest Gang

In what can only be described as a meteoric rise to prominence, the Black Basta ransomware gang is believed to be behind 12 separate attacks in only a matter of weeks. The first known Black Basta attacks seemed to have occurred in the second week of April 2022. Further, it appears as if the gang is not focussing its efforts on one single region as victims are reporting instances worldwide.

Qakbot Deploys New Distribution Method

Qakbot, also tracked as QBot, is well known for its botnet distributing the credential-stealing trojan component of the malware via malicious Microsoft Office documents. In many instances, Office documents, especially Word documents, would abuse the application’s macros feature to run malicious code.

SpringShell: The Latest Java Vulnerability

The last set of vulnerabilities that had everyone talking was the reveal of the Log4j2 flaw that impacted a Java framework for collecting logs in Apache webservers. As is now the case the vulnerability draw comparison to the Spectre and Meltdown flaws  seen a few years prior.

AcidRain Wiper Joins the List of Modern Wipers

This publication has covered how malicious malware called wipers have seen an uptick in use following the start of the Ukrainian war. Several new wipers have been discovered since the outbreak of war. Following these discoveries, the FBI warned that satellite communication infrastructure was coming under increased attack. The warning was not without incident as Viasat routers were rendered practically useless following a cyber incident.

Mars Stealer Emerges as Racoon Stealer Ceases Operations

Mars Stealer appears to be rising in popularity among hackers looking to steal information without spending extended periods developing their malware. Mars Stealer first announced its presence on the malware scene in 2021 on underground hacker forums marketed as a malware-as-a-service (MaaS). A quick look at the malware’s past shows its development has taken advantage of the rise and fall of other malware strains.

Mustang Panda Hacking Campaign Targets Diplomats

Eset researchers have discovered an ongoing campaign using a previously undiscovered version of the Korplug malware. Korplug was previously seen in a campaign targeting Australian government departments and businesses in the middle of 2020. Korplug, also going by PlugX, Thor, and the latest variant by Hodur is a remote access trojan (RAT) capable of granting remote access to infected machines and executing commands. Ultimately the functionality of the RAT is dependent on the requirements of the threat actor has changed from Korplug variant to variant.

Conti Ransomware Source Code Leaked

When this publication last covered Conti, the ransomware used by a highly skilled gang infamous for targeting large corporations, it covered how the gang had brought some of TrickBot’s experienced malware developers into the fold to work on making BazarBackdoor more efficient at distributing the ransomware. At the time it was speculated this would propel Conti into the ransomware hall of fame. The recent upheaval Europe seems to have placed a dedicated number of security researchers against the ransomware gang.

FBI Warns that Satellite Communications are coming Under Increased Attack

In a joint alert issued by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) the private and public spheres have been warned about increased instances of threat actors targeting satellite communications (SATCOM) companies. Along with the warning the alert has listed several mitigations that can be applied to help protect both the SATCOM provider and their customers.

Android Banking Trojan Escobar Steals Google MFA Codes

What was once called AbereBot, an Android banking trojan, has returned with a new version going by the name Escobar. The new variant is capable of stealing Google AUthenticator Multi-Factor Authentication (MFA) codes meaning the attacker could bypass this layer of security when looking to steal credentials that could aid in the committing of bank fraud.

Major Processor Manufacturers Warn of Speculative Vulnerabilities

Even those with the shortest memory spans will remember the saga of the Spectre and Meltdown vulnerabilities discovered in 2018 that impacted the majority of Central Processing Units (CPU) been used at the time. The saga proved a difficult one to fix, especially at the start, when companies were more focused on pointing the finger at each other for who was at fault and what seemed arbitrary requirements were set by companies that hampered anti-virus detection. Now, new vulnerabilities have been discovered and the IT community will look to see if anything was learned when Spectre and Meltdown were news.

The Ukrainian Cyberwar

The Ukrainian invasion by Russian forces is dominating the headlines and for good reason. For many, particularly those in Europe, the sense of order has been shattered. From the war itself, the plight of Ukrainian refugees, Russians against the war taking great risks in voicing their opinion, to wealthy oligarchs losing billions of dollars in a few hours. Many stories are needing to be told competing for airtime, including the cyberwar that is currently playing out in real-time.

Nvidia Hit by Cyberattack

On February 25, Graphics Processing Unit (GPU) giant Nvidia announced  that it had possibly suffered a cyber incident. The announcement followed an article published by The Telegraph which stated that the company was suffering several outages across multiple departments.

New Data Wiper Found on the Heels of Ukrainian Invasion

The single event that much of the world feared would happen as soon as Russian military forces were assembled on the borders of Ukraine and within Belarus happened during the early hours of Thursday morning. The result of the invasion has unleashed a raft of sanctions on the Russian financial system meant to hurt wealthy oligarchs who support President Vladimir Putin’s government. War, geopolitics, and related topics are not covered by this publication, however, just as the invasion began reports started emerging of Distributed Denial of Service (DDoS) attacks targeting Ukrainian banks and the country's critical infrastructure emerged.

Conti Ransomware Gang Incorporates TrickBot

For the past four years, the name TrickBot has been featured in numerous conversations and articles, including this publication. We have covered how the malware has survived several takedowns only to return improved and ready to pave the way for ransomware gangs to encrypt high-value targets networks. We have also covered how the Conti ransomware gang partnered with TrickBot developers to improve the ransomware’s distribution and successfully targeting victims with TrickBot achieving initial compromise only for Conti to be dropped on the network to perform the knock out punch.


Page 6 of 51

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
About PCrisk

PCrisk logo

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal