Apr 09, 2024NewsroomMalware / Cryptojacking Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked, […]
Cybersecurity researchers at Netenrich have uncovered a new ransomware group called Red Ransomware Group (Red CryptoApp). This group operates differently from typical ransomware outfits, adding a twist to their extortion tactics. Unlike most ransomware groups that keep their operations under wraps, Red CryptoApp appears to be taking an aggressive approach. According to Netenrich, the group […]
While similar to IcedID, Proofpoint researchers confirmed it is an entirely new malware, likely created by the IcedID developers. Latrodectus shares infrastructure overlap with historic IcedID operations.
Mar 28, 2024NewsroomHardware Security / Vulnerability Cybersecurity researchers from ETH Zurich have developed a new variant of the RowHammer DRAM (dynamic random-access memory) attack that, for the first time, successfully works against AMD Zen 2 and Zen 3 systems despite mitigations such as Target Row Refresh (TRR). “This result proves that AMD systems are equally […]
Cybersecurity researchers are warning that threat actors are actively exploiting a “disputed” and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining. “This vulnerability allows attackers to take over the companies’ computing power and leak sensitive data,” Oligo Security researchers Avi Lumelsky, Guy Kaplan, […]
Security researchers have uncovered critical security flaws within ChatGPT plugins. By exploiting these flaws, attackers could seize control of an organization’s account on third-party platforms and access sensitive user data, including Personal Identifiable Information (PII). “The vulnerabilities found in these ChatGPT plugins are raising alarms due to the heightened risk of proprietary information being stolen […]
ESET researchers discovered a cyberespionage campaign that, since at least September 2023, has been victimizing Tibetans through a targeted watering hole (also known as a strategic web compromise), and a supply-chain compromise to deliver trojanized installers of Tibetan language translation software. The attackers aimed to deploy malicious downloaders for Windows and macOS to compromise website […]
Researchers from the Georgia Institute of Technology presented a novel approach to developing programmable logic controller (PLC) malware that proves to be more flexible, resilient, and impactful than current strategies. The scheme allows the malware to stealthily attack the underlying real-world machinery using the legitimate web application program interfaces (APIs) exposed by the admin portal […]
Researchers from the Georgia Institute of Technology presented a novel approach to developing programmable logic controller (PLC) malware that proves to be more flexible, resilient, and impactful than current strategies. The scheme allows the malware to stealthily attack the underlying real-world machinery using the legitimate web application program interfaces (APIs) exposed by the admin portal […]