Pierluigi Paganini
May 30, 2022
Researchers discovered a new ransomware family called GoodWill that asks victims to donate the ransom for social causes. CloudSEK’s Threat Intelligence Research team has disclosed a new ransomware strain called GoodWill, that demands victims the payment of a ransom through donations for social causes and financially helping people in need. “The ransomware group propagates very unusual demands in […]
Pierluigi Paganini
May 30, 2022
The operators of the EnemyBot botnet added exploits for recently disclosed flaws in VMware, F5 BIG-IP, and Android systems. Operators behind the EnemyBot botnet are expanding the list of potential targets adding exploits for recently disclosed critical vulnerabilities in from VMware, F5 BIG-IP, and Android. The botnet was first discovered by Fortinet in March, the […]
Pierluigi Paganini
May 28, 2022
360 Qihoo reported DDoS attacks launched by APT-C-53 (aka Gamaredon) conducted through the open-source DDoS Trojan program LOIC. Researchers at 360 Qihoo observed a wave of DDoS attacks launched by Russia-linked APT-C-53 (aka Gamaredon) and reported that the threat actors also released as open-source the code of a DDoS Trojan called LOIC. The instances of the malware spotted by the experts […]
Pierluigi Paganini
May 28, 2022
The recently launched Industrial Spy data extortion marketplace has now started its ransomware operation. In April, Malware HunterTeam and Bleeping Computer reported the launch of a new dark web marketplace called Industrial Spy that sells stolen data and offers free stolen data to its members. MalwareHunterTeam researchers spotted malware samples [1, 2] that drop the following wallpaper that promotes […]
Pierluigi Paganini
May 27, 2022
A new version of the ERMAC Android banking trojan is able to target an increased number of apps. The ERMAC Android banking trojan version 2.0 can target an increasing number of applications, passing from 378 to 467 target applications to steal account credentials and crypto-wallets. ERMAC was first spotted by researchers from Threatfabric in July […]
Pierluigi Paganini
May 26, 2022
Researchers warn of a new malvertising campaign spreading the ChromeLoader malware that hijacks the victims’ browsers. Researchers from Red Canary observed a new malvertising campaign spreading the ChromeLoader malware that hijacks the victims’ browsers. ChromeLoader is a malicious Chrome browser extension, it is classified as a pervasive browser hijacker that modifies browser settings to redirect […]
Pierluigi Paganini
May 25, 2022
An unknown APT group is targeting Russian government entities since the beginning of the Russian invasion of Ukraine. Researchers from Malwarebytes observed an unknown Advanced Persistent Threat (APT) group targeting Russian government entities with at least four separate spear-phishing campaigns since the beginning of the Russian invasion of Ukraine. The threat actors behind the attacks […]
Pierluigi Paganini
May 23, 2022
Researchers warn that the Fronton botnet was used by Russia-linked threat actors for coordinated disinformation campaigns. Fronton is a distributed denial-of-service (DDoS) botnet that was used by Russia-linked threat actors for coordinated disinformation campaigns. In March 2020, the collective of hacktivists called “Digital Revolution” claimed to have hacked a subcontractor to the Russian FSB. The […]
Pierluigi Paganini
May 23, 2022
Google’s Threat Analysis Group (TAG) uncovered campaigns targeting Android users with five zero-day vulnerabilities. Google’s Threat Analysis Group (TAG) researchers discovered three campaigns, between August and October 2021, targeting Android users with five zero-day vulnerabilities. The attacks aimed at installing the surveillance spyware Predator, developed by the North Macedonian firm Cytrox. The five 0-day vulnerabilities […]
Pierluigi Paganini
May 22, 2022
North Korea-linked Lazarus APT is exploiting the Log4J remote code execution (RCE) in attacks aimed at VMware Horizon servers. North Korea-linked group Lazarus is exploiting the Log4J RCE vulnerability (CVE-2021-44228) to compromise VMware Horizon servers. Multiple threat actors are exploiting this flaw since January, in January VMware urged customers to patch critical Log4j security vulnerabilities impacting Internet-exposed […]
