Security analysts at DCSO CyTec have recently identified that the Outlook and Thunderbird clients have been targeted by a new information-stealing malware called StrelaStealer (“Стрела” == arrow) specifically it steals account credentials. The demeanor of this information-stealer differs from that of the majority stealers, which target different sources of information, such as:- Web browsers Cryptocurrency […]
For virtual environments built on VMware vSphere, Nutanix AHV, and Microsoft Hyper-V hypervisors, Veeam Backup & Replication is a proprietary backup application. For systems like Exchange and SharePoint, it can safeguard and restore specific data and programs in addition to backing up and restoring virtual machines. The team at CloudSEK has examined a number of […]
Cybercriminals are continuing to prey on users searching for cracked software by directing them to fraudulent websites hosting weaponized installers that deploy malware called NullMixer on compromised systems. “When a user extracts and executes NullMixer, it drops a number of malware files to the compromised machine,” cybersecurity firm Kaspersky said in a Monday report. “It […]
In recent months, hackers utilizing the Noberus (also known as BlackCat, ALPHV) ransomware have been using new techniques, tools, and procedures (TTPs), making the situation even more serious. The usage of a new version of the Exmatter data exfiltration program and the use of Eamfo, information-stealing malware made to steal passwords saved by Veeam backup […]
The malware called OriginLogger has recently been dissected in detail by security experts from Palo Alto Networks Unit 42. It is believed that OriginLogger is destined to replace Agent Tesla, and this is a widely used info-stealer and RAT. Tesla is a keylogger and remote access tool that is based on .NET. This malware allows […]
Microsoft has shut down more than 1,400 malicious email accounts used by cybercriminals to collect stolen customer passwords via ransomware in the past year. The technology company has presented the second edition of ‘Cyber Signals’, a report that it produces periodically on cyber threats and that shows trends in security and cybercrime. In this issue, […]
Zimbra CVE-2022-27824 has been added to the CISA’s “Known Exploited Vulnerabilities” catalog as a new vulnerability. Hackers are actively exploiting it in attack activities, which indicates it is active in the hacking community. Unauthenticated threat actors are able to steal email account credentials in clear-text by exploiting this high-severity vulnerability. Using Zimbra Collaboration, a threat […]
Software development and testing platform Travis CI confirmed the second incident of exposing its users’ data in less than a year. On this occasion, the compromised records include authentication tokens that would allow access to platforms such as AWS, GitHub, and Docker Hub. According to a report prepared by the firm Aqua Security, tens of […]
There has been an increasing amount of interest in targeting the Windows Subsystem for Linux (WSL), due to the fact that they continue to develop new malware, as hackers continue to analyze WSL for potential exploits. Having such a sample available for espionage purposes and for the downloading of extra malicious components would be acceptable. […]
The U.S. Department of Justice (DOJ) announced that Marcos Ponce, 37, has been sentenced to five years in prison for his participation in a fraudulent scheme based on the purchase of stolen PayPal account credentials, defrauding affected users of more than $1 million USD. The Austin, Texas, resident pleaded guilty to conspiracy to commit electronic […]
More_eggs is malware that is specially designed to steal valuable credentials like usernames and passwords for corporate bank accounts, email accounts, and IT admin accounts. In April 2021, Threat actors conducted a spearphishing campaign with more_eggs malware that targeted job hunting professionals on LinkedIn. They sent malicious .zip files that are named under the current […]
A campaign that began late last year targeting eight different Malaysian banks is still targeting its customers with three malicious Android applications. Under the guise of seemingly harmless shopping apps, the threat actors in this campaign have misled users into installing malicious applications. As a way to get people to download the applications, some of […]
Cybersecurity specialists reported the detection of multiple vulnerabilities affecting Lenovo Networking Switches. According to the report, successful exploitation of these flaws would allow malicious actors to deploy dangerous hacking activities. Below are brief descriptions of the reported flaws, in addition to their tracking keys and scores according to the Common Vulnerability Scoring System (CVSS). CVE-2021-27796: […]
Several spyware campaigns have been discovered recently by the security researchers at Kaspersky Labs in which the industrial enterprises were targeted by the threat actors to steal corporate credentials and resell them. To evade detection, the threat actors use different types of spyware tools and deploy them for a very restricted time interval, as doing […]
Last Friday, the highly anticipated film Spider-Man: No Way Home was released, and fans are desperate to find tickets, sold out since the pre-sale in various countries. This phenomenon has not gone unnoticed by cybercriminals, who quickly implemented a malicious campaign to deceive unsuspecting users. A report by security firm Kaspersky warns that a cybercriminal […]
Kaspersky security lab has recently identified a digital threat that installs malicious webserver IIS modules that work with Microsoft Exchange Outlook Web Access. These malicious IIS modules are capable of stealing credentials and data from devices as well as executing commands remotely. Owowa This threat is dubbed “Owowa,” the first sample of this threat was […]
Malicious actors are deploying a previously undiscovered binary, an Internet Information Services (IIS) webserver module dubbed “Owowa,” on Microsoft Exchange Outlook Web Access servers with the goal of stealing credentials and enabling remote command execution. “Owowa is a C#-developed .NET v4.0 assembly that is intended to be loaded as a module within an IIS web […]
Although some users still ignore it, it is a known fact that Windows systems store information about user logins locally for cases where the logon server is unavailable. According to network security specialists, this function is known as domain cache credential (also known as MSCACHE or MSCASH). To generate hashes the MSCACHE algorithm is used, […]
A new malware known as Snake has been detected recently by Cybereason security firm, this Snake malware is being used by the threat actors to steal sensitive data from Android devices. This malware has been found in over 50 well-renowned apps and they can steal a user’s:- Credentials Take screenshots of their screen While the […]
The Lyceum threat group (aka Hexane) again initiated an attack, but this time they have a weird variant of a remote-access trojan (RAT). This time they are using the PowerShell scripts and .NET RAT to deploy keylogger on the targeted Windows system and steal credentials. Since this trojan doesn’t have any specific method to communicate […]
TangleBot Android malware is delivered through smishing and is currently targeting users in Canada and the US disguised as information about COVID-19 vaccination. It is a fact that SMS messages have become a preferred attack vector to spread malicious software and infect mobile devices. Recently, Hackread reported the notorious FluBot SMS Android malware that targeted […]