BlackByte ransomware operators are exploiting a recently patched VMware ESXi hypervisors vulnerability in recent attacks. Cisco Talos observed the BlackByte ransomware group exploiting the recently patched security flaw CVE-2024-37085 in VMware ESXi hypervisors in recent attacks. The flaw CVE-2024-37085Â (CVSS score of 6.8) is an authentication bypass vulnerability in VMware ESXi. At the end of July, […]
The US Department of State offers a $2.5 million reward for information leading to the arrest of a Belarusian cybercriminal involved in the mass malware distribution. The US Department of State announced a $2.5 million reward for information leading to the arrest of Volodymyr Kadariya (38), a Belarusian national allegedly involved in a significant malware […]
Researchers spotted a new stealthy Linux malware named sedexp that uses Linux udev rules to achieve persistence and evade detection. Aonâs Cyber Solutions spotted a new malware family, called sedexp, that relies on a lesser-known Linux persistence technique. The malware has been active since at least 2022 but remained largely undetected for years. The experts […]
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Meet UULoader: An Emerging and Evasive Malicious Installer BlindEagle flying high in Latin America Finding Malware: Unveiling NUMOZYLOD with Google Security Operations New Backdoor Targeting Taiwan Employs Stealthy Communications Unmasking Styx Stealer: How a Hackerâs […]
Sophos researchers investigated a Qilin ransomware breach attack that led to the theft of credentials stored in Google Chrome browsers. Sophos researchers investigated a Qilin ransomware attack where operators stole credentials stored in Google Chrome browsers of a limited number of compromised endpoints. The experts pointed out that the credential harvesting activity is usually not […]
Cybercriminals use progressive web applications (PWA) to impersonate banking apps and steal credentials from mobile users. ESET researchers detailed a phishing campaign against mobile users that uses Progressive Web Applications (PWAs). The threat actors used fake apps almost indistinguishable from real banking apps on both iOS and Android. The technique was first disclosed in Poland in […]
Cato Security found a new info stealer, called Cthulhu Stealer, that targets Apple macOS and steals a wide range of information. Cado Security researchers have discovered a malware-as-a-service (MaaS) targeting macOS users dubbed Cthulhu Stealer. Cthulhu Stealer targets macOS users via an Apple disk image (DMG) that disguises itself as legitimate software. The researchers spotted […]
China-linked APT group Velvet Ant exploited a recently disclosed zero-day in Cisco switches to take over the network appliance. Researchers at cybersecurity firm Sygnia reported that the China-linked APT group Velvet Ant has exploited the recently disclosed zero-day CVE-2024-20399 in Cisco switches to take over the network devices. In July 2024, Cisco addressed the NX-OS zero-day CVE-2024-20399 […]
North Korea-linked APT Kimsuky is likely behind a new remote access trojan called MoonPeak used in a recent campaign spotted by Cisco Talos. Cisco Talos researchers uncovered the infrastructure used by the North Korea-linked APT group tracked as UAT-5394, which experts suspect is linked to the Kimsuky APT group. The infrastructure includes staging, C2 servers, […]
The Computer Emergency Response Team of Ukraine (CERT-UA) warned of new phishing attacks, carried out by the Vermin group, distributing a malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign conducted by the Vermin group that distributed malware. Vermin is a pro-Russian hacker group, also tracked as UAC-0020, that operates under […]