TrickBot, the infamous Windows crimeware-as-a-service (CaaS) solution that’s used by a variety of threat actors to deliver next-stage payloads like ransomware, appears to be undergoing a transition of sorts, with no new activity recorded since the start of the year.
Category: Cybersecurity
Warning — Deadbolt Ransomware Targeting ASUSTOR NAS Devices
ASUSTOR network-attached storage (NAS) devices have become the latest victim of Deadbolt ransomware, less than a month after similar attacks singled out QNAP NAS appliances. In response to the infections, the company has released firmware updates (ADM 4.0.4.RQO2) to “fix
Justice Department Appoints First Director of National Cryptocurrency Enforcement Team
The U.S. Department of Justice (DoJ) earlier this week appointed Eun Young Choi to serve as the first Director of the National Cryptocurrency Enforcement Team (NCET) it established last year. The NCET was created to tackle the criminal misuse of
PseudoManuscrypt Malware Spreading the Same Way as CryptBot Targets Koreans
Numerous Windows machines located in South Korea have been targeted by a botnet tracked as PseudoManuscrypt since at least May 2021 by employing the same delivery tactics of another malware called CryptBot. “PseudoManuscrypt is disguised as an installer that is
New Wiper Malware Targeting Ukraine Amid Russia's Military Operation
Cybersecurity firms ESET and Broadcom’s Symantec said they discovered a new data wiper malware used in fresh attacks against hundreds of machines in Ukraine, as Russian forces formally launched a full-scale military operation against the country. The Slovak company dubbed
A Free Solution to Protect Your Business from 6 Biggest Cyber Threats in 2022
For the last few years, the cybersecurity threat landscape has gotten progressively more complex and dangerous. The online world is now rife with data thieves, extortionists, and even state actors looking to exploit vulnerabilities in businesses’ digital defenses. And unfortunately
Master Key for Hive Ransomware Retrieved Using a Flaw in its Encryption Algorithm
Researchers have detailed what they call the “first successful attempt” at decrypting data infected with Hive ransomware without relying on the private key used to lock access to the content. “We were able to recover the master key for generating
New Android Banking Trojan Spreading via Google Play Store Targets Europeans
A new Android banking trojan with over 50,000 installations has been observed distributed via the official Google Play Store with the goal of targeting 56 European banks and carrying out harvesting sensitive information from compromised devices. Dubbed Xenomorph by Dutch
Hackers Exploiting Infected Android Devices to Register Disposable Accounts
An analysis of SMS phone-verified account (PVA) services has led to the discovery of a rogue platform built atop a botnet involving thousands of infected Android phones, once again underscoring the flaws with relying on SMS for account validation. SMS
Hackers Backdoor Unpatched Microsoft SQL Database Servers with Cobalt Strike
Vulnerable internet-facing Microsoft SQL (MS SQL) Servers are being targeted by threat actors as part of a new campaign to deploy the Cobalt Strike adversary simulation tool on compromised hosts. “Attacks that target MS SQL servers include attacks to the
Chinese Hackers Target Taiwan's Financial Trading Sector with Supply Chain Attack
An advanced persistent threat (APT) group operating with objectives aligned with the Chinese government has been linked to an organized supply chain attack on Taiwan’s financial sector. The attacks are said to have first commenced at the end of November
Iranian State Broadcaster IRIB Hit by Destructive Wiper Malware
An investigation into the cyberattack targeting Iranian national media corporation, Islamic Republic of Iran Broadcasting (IRIB), in late January 2022 revealed the deployment of a wiper malware and other custom implants, as the country’s national infrastructure continues to face a
Dridex Malware Deploying Entropy Ransomware on Hacked Computers
Similarities have been unearthed between the Dridex general-purpose malware and a little-known ransomware strain called Entropy, suggesting that the operators are continuing to rebrand their extortion operations under a different name. “The similarities are in the software packer used to
Hackers Stole $1.7 Million Worth of NFTs from Users of OpenSea Marketplace
Malicious actors took advantage of a smart contract upgrade process in the OpenSea NFT marketplace to carry out a phishing attack against 17 of its users that resulted in the theft of virtual assets worth about $1.7 million. NFTs, short
25 Malicious JavaScript Libraries Distributed via Official NPM Package Repository
Another batch of 25 malicious JavaScript libraries have made their way to the official NPM package registry with the goal of stealing Discord tokens and environment variables from compromised systems, more than two months after 17 similar packages were taken