Nov 29, 2023NewsroomMobile Security / Malware An Android malware campaign targeting Iranian banks has expanded its capabilities and incorporated additional evasion tactics to fly under the radar. That’s according to a new report from Zimperium, which discovered more than 200 malicious apps associated with the malicious operation, with the threat actor also observed carrying out […]
Nov 20, 2023NewsroomMalware / Network Security Threat actors are targeting the education, government and business services sectors with a remote access trojan called NetSupport RAT. “The delivery mechanisms for the NetSupport RAT encompass fraudulent updates, drive-by downloads, utilization of malware loaders (such as GHOSTPULSE), and various forms of phishing campaigns,” VMware Carbon Black researchers said […]
The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). “Observed as a ransomware-as-a-service (RaaS) model, Rhysida actors have compromised […]
The IPStorm botnet evolved since 2019, targeting Windows, Linux, Mac, and Android devices, using the InterPlanetary File System (IPFS) network to hide its activities and offering access to thousands of compromised systems for a high price.
Attackers are targeting MySQL servers and Docker hosts to plant malware capable of launching distributed denial-of-service (DDoS) attacks, according to a warning from researchers at the AhnLab Security Emergency Response Center. According to AhnLab, attacks targeting MySQL on Windows have increased in frequency with vulnerable MySQL servers infected with ‘Ddostf’, a DDoS-capable botnet of Chinese […]
Security researchers have identified a new cyber-threat targeting publicly exposed instances of the Docker Engine API. In this campaign, attackers exploit misconfigurations to deploy a malicious Docker container with Python malware compiled as an ELF executable. The malicious tool, functioning as a Distributed Denial of Service (DDoS) bot agent, exhibits various attack methods for conducting […]
The attackers are targeting healthcare organizations in the U.S. using local ScreenConnect instances used by Transaction Data Systems (TDS), a pharmacy supply chain and management systems solution provider.
Since January 2023, an Iranian advanced persistent threat (APT) actor has been targeting higher education and technology organizations in Israel with wipers, cybersecurity firm Palo Alto Networks reports. Tracked as Agrius, but also known as Agonizing Serpens, BlackShadow, Pink Sandstorm, and DEV-0022, the APT has been active since at least 2020 and is believed to […]
Oct 20, 2023NewsroomMalware / Cyber Attack Attacks leveraging the DarkGate commodity malware targeting entities in the U.K., the U.S., and India have been linked to Vietnamese actors associated with the use of the infamous Ducktail stealer. “The overlap of tools and campaigns is very likely due to the effects of a cybercrime marketplace,” WithSecure said […]