Internet threat news
![Beware of Bumblebee’s New Features](/images/thumbnails/th-24801-beware-of-bumblebees-new-features.jpg)
Initially discovered in April 2022, Bumblebee activity rose as BazarLoader activity dropped off. This hinted at the Conti ransomware gang, and TrickBot had switched malware to grant backdoor access for the ransomware on targeted networks. Since Bumble Bee’s discovery, the developers behind the malware have continued to boost the feature set of the malware, with the latest feature being the capability to add a DLL payload into memory. This allows for more stealthy operations and infections.
![BlackCat Ransomware Successfully Targets Italian Energy Sector](/images/thumbnails/th-24743-blackcat-ransomware-successfully-targets-italian-energy-sector.jpg)
Towards the end of August, an attack hit the systems of Italy's energy agency the Gestore dei Servizi Energetici SpA (GSE). The company is publicly owned and specializes in generating electricity from renewable resources across Italy. In a statement to Bloomberg, a spokesperson for the company at the time of the attack stated,
![Sliver and Brute Ratel Replace Cobalt Strike](/images/thumbnails/th-24710-sliver-and-brute-ratel-replace-cobalt-strike.jpg)
For some time now the penetration testing tool Cobalt Strike has long had its somewhat legitimate functions abused by hackers to compromise targeted machines. The creation of Cobalt Strike beacons was also a favored malware and ransomware delivery method for several threat actors, generally following an infection from TrickBot amongst others to signal a machine is compromised.
![WordPress Sites Seen Spreading Malware via Fake DDoS Pages](/images/thumbnails/th-24674-wordpress-sites-seen-spreading-malware-via-fake-ddos-pages.jpg)
Distributed denial of service (DDoS) attacks is a common frustration for internet users when looking to access their favorite online resources. Upon visiting such a resource the visitor may see a page stating that the page they want to visit is currently unavailable due to DDoS attempts flooding the web server with garbage traffic. For example, such a page is generated by DDoS protection services like Cloudflare. Now, hackers have weaponized these pages to spread malware.
![Lazarus Still Determined to Steal Your Crypto](/images/thumbnails/th-24553-lazarus-still-determined-to-steal-your-crypto.jpg)
The North Korean state-sponsored threat actor Lazarus has long brought the definitions used by security researchers into doubt. Typically, state-sponsored groups are not financially motivated but motivated by the policies and aims of their state overlords.
![Microsoft finally Block Macros but Hackers Find New Attack Vectors](/images/thumbnails/th-24488-microsoft-finally-block-macros-but-hackers-find-new-attack-vectors.jpg)
A favored attack vector exploited by hackers has long been Microsoft Office’s Macros functionality. Microsoft initially introduced macros to help users automate procedures making use of Excel or Word a much more convenient prospect, but that convenience came with price hackers were far too keen to claim.
![Israeli Spyware Firm Seen Exploiting Chrome Zero-Day](/images/thumbnails/th-24414-israeli-spyware-firm-seen-exploiting-chrome-zero-day.jpg)
Israeli-made spyware is again in the headlines. The last fallout resulted from the NSO group’s use of Pegasus which was used to track politicians, journalists, political dissidents, and political rivals, as long as the customer could pay for the service. As to the vetting of customers, it could be argued that little was done in this regard and the only requirement was whether the customer be they a dictator or unscrupulous politician could afford the spyware services offered by NSO. Now another Israeli firm has been caught using spyware to spy on journalists.
![New Cryptomining Botnet Enslaves 30,000 Cloud Hosts](/images/thumbnails/th-24386-new-cryptomining-botnet-enslaves-30000-cloud-hosts.jpg)
Crypto miners, namely malware that is designed to mine cryptocurrency using a victim's machine and resources without their knowledge, often fly under the radar in terms of press coverage. They lack the fear ransomware can induce when you and all your work colleagues are locked out of a network or machine and need to pay millions of dollars just to get access back.
![Racoon Stealer 2.0 Emerges](/images/thumbnails/th-24241-racoon-stealer-20-emerges.jpg)
The last time Racoon Stealer made headlines was when its developers announced that they were ceasing operations following the war in Ukraine, more on this below. The last time this publication covered the malware was when its developers added features to target cryptocurrency wallets. Now, Racoon Stealer has emerged again with a completely new version built from the ground up in written in C/C++. Racoon Stealer 2.0 has officially emerged from dark web forums to steal your passwords.
![Bug Bounties are not just for Legitimate Operations](/images/thumbnails/th-24204-bug-bounties-are-not-just-for-legitimate-operations.jpg)
For some time now major tech companies have offered monetary rewards to those who find flaws that lead to zero-day vulnerabilities within the company's product code. Often referred to as bug bounties they can net the finder thousands of dollars, more if the vulnerability is determined to be severe or critical to future security. Now the developers of the LockBit ransomware have instituted a similar program for their latest ransomware iteration LockBit 3.0.
![Matanbuchus Malware Now Dropping Cobalt Strike Beacons](/images/thumbnails/th-24166-matanbuchus-malware-now-dropping-cobalt-strike-beacons.jpg)
Researchers have discovered a new spam email campaign dropping the Matabuchus malware which then drops Cobalt Strike beacons. This is by far not the first time we have seen other malware strains dropping Cobalt Strike beacons, previously we have seen Emotet doing almost the same thing.
![Unpatched Confluence Servers Targeted by Ransomware Gangs](/images/thumbnails/th-24115-unpatched-confluence-servers-targeted-by-ransomware-gangs.jpg)
Ransomware gangs are now targeting unpatched Confluence servers. This active targeting is due to a recently disclosed vulnerability that allows the attacker to execute code remotely if properly exploited. Following several proof-of-concept exploits of the vulnerability that were leaked to the public threat actors have jumped at the chance to target unpatched servers.
![New Linux Malware is a Nightmare to Detect](/images/thumbnails/th-24080-new-linux-malware-is-a-nightmare-to-detect.jpg)
Malware targeting the Linux operating system often goes under-reported as the perception still prevails that Linux is one of the smaller players in the Operating System (OS) landscape behind Microsoft’s Windows and Apple's macOS. Such perceptions tend to ignore the fact that Linux makes up large portions of the Internet, power web servers, and proves to be the most popular choice in that regard, and the Internet of Things.
More Articles...
Page 7 of 53
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>