Pierluigi Paganini
August 10, 2022
10 packages have been removed from the Python Package Index (PyPI) because they were found harvesting data. Check Point researchers have discovered ten malicious packages on the Python Package Index (PyPI). The packages install info-stealers that allow threat actors to steal the private data and personal credentials of the developers. The researchers provide details about […]
Pierluigi Paganini
August 09, 2022
Cybersecurity researchers from Kaspersky linked the Maui ransomware to the North Korea-backed Andariel APT group. Kaspersky linked with medium confidence the Maui ransomware operation to the North Korea-backed APT group Andariel, which is considered a division of the Lazarus APT Group, North Korean nation-state actors used Maui ransomware to encrypt servers providing healthcare services, including electronic […]
Pierluigi Paganini
August 09, 2022
Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022. My objective with this series of articles is to show examples of malicious file analysis that I presented during my lecture on BSides-Vitória 2022. For this first one, I’ll briefly introduce some crucial topics to […]
Pierluigi Paganini
August 08, 2022
Experts spotted a new botnet named Orchard using Bitcoin creator Satoshi Nakamoto’s account information to generate malicious domains. 360 Netlab researchers recently discovered a new botnet named Orchard that uses Satoshi Nakamoto’s Bitcoin account (1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa) transaction information to generate DGA domain name. “Another change relates to the use of the DGA algorithm employed in the […]
Pierluigi Paganini
August 08, 2022
LogoKit – Threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters in phishing campaigns. Resecurity, Inc. (USA), a Los Angeles-based cybersecurity company providing managed threat detection and response for Fortune 500’s, identified threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters […]
Pierluigi Paganini
August 07, 2022
Researchers spotted a new family of ransomware, named GwisinLocker, that encrypts Windows and Linux ESXi servers. Researchers warn of a new ransomware called GwisinLocker which is able to encrypt Windows and Linux ESXi servers. The ransomware targets South Korean healthcare, industrial, and pharmaceutical companies, its name comes from the name of the author ‘Gwisin’ (ghost […]
Pierluigi Paganini
August 06, 2022
Greek intelligence admitted it had spied on a journalist, while citizens ask the government to reveal the use of surveillance malware. The head of the Greek intelligence told a parliamentary committee that they had spied on a journalist with surveillance malware, Reuters reported citing two sources present. The revelation comes while media and journalists are […]
Pierluigi Paganini
August 05, 2022
Dark Utilities “C2-as-a-Service” is attracting a growing number of customers searching for a command-and-control for their campaigns. The popularity of the Dark Utilities “C2-as-a-Service” is rapidly increasing, over 3,000 users are already using it as command-and-control for their campaigns. Dark Utilities was launched in early 2022, the platform that provides full-featured C2 capabilities to its users. Dark […]
Pierluigi Paganini
August 05, 2022
A threat actor, tracked as TAC-040, exploited Atlassian Confluence flaw CVE-2022-26134 to deploy previously undetected Ljl Backdoor. Cybersecurity firm Deepwatch reported that a threat actor, tracked as TAC-040, has likely exploited the CVE-2022-26134 flaw in Atlassian Confluence servers to deploy a previously undetected backdoor dubbed Ljl Backdoor. The attackers exploited the flaw in an attack […]
Pierluigi Paganini
August 05, 2022
RapperBot is a new botnet employed in attacks since mid-June 2022 that targets Linux SSH servers with brute-force attacks. Researchers from FortiGuard Labs have discovered a new IoT botnet tracked as RapperBot which is active since mid-June 2022. The bot borrows a large portion of its code from the original Mirai botnet, but unlike other […]
