Pierluigi Paganini
November 25, 2021
An Iranian threat actor is stealing Google and Instagram credentials of Farsi-speaking targets by exploiting a Microsoft MSHTML bug. Researchers from SafeBreach Labs spotted a new Iranian threat actor that is using an exploit for a Microsoft MSHTML Remote Code Execution (RCE) flaw in attacks aimed at Farsi-speaking victims. The exploit is used to install a PowerShell […]
Pierluigi Paganini
November 24, 2021
Apple has filed suit to ban the Israeli surveillance firm NSO Group and parent company Q Cyber Technologies from using its product and services. Apple has sued NSO Group and its parent company Q Cyber Technologies in a U.S. federal court for illegally targeting its customers with the surveillance spyware Pegasus. According to the lawsuit, NSO […]
Pierluigi Paganini
November 23, 2021
Vxers are already attempting to use the proof-of-concept exploit code targeting a new Microsoft Windows Installer zero-day publicly disclosed on Sunday. Malware authors are already attempting to use the proof-of-concept exploit code targeting a new Microsoft Windows Installer zero-day publicly disclosed on Sunday. The security researcher Abdelhamid Naceri has publicly disclosed the exploit for a […]
Pierluigi Paganini
November 23, 2021
Researchers spotted dozens of games on Huawei’s AppGallery catalog containing the Android.Cynos.7.origin trojan. Researchers from Dr. Web AV discovered 190 games on Huawei’s AppGallery catalog (i.e. simulators, platformers, arcades, strategies, and shooters) that were containing the Android.Cynos.7.origin trojan. They estimated that the malicious apps were installed on at least 9.300.00 Android devices. Experts state that some of these games […]
Pierluigi Paganini
November 23, 2021
US CISA and the FBI issued a joint alert to warn critical infrastructure partners and public/private organizations of ransomware attacks during holidays. The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warn critical infrastructure partners of ransomware attacks during the holiday season. During this period offices are often closed and employees are at home, […]
Pierluigi Paganini
November 22, 2021
Memento ransomware group locks files inside WinRAR password-protected archives after having observed that its encryption process is blocked by security firms. In October, Sophos researchers have spotted the Memento ransomware that adopts a curious approach to block access to victims’ files. The ransomware copies files into password-protected WinRAR archives, it uses a renamed freeware version […]
Pierluigi Paganini
November 21, 2021
The Conti ransomware group has suffered a data breach that exposed its attack infrastructure and allowed researcher to access it. Researchers at security firm Prodaft were able to identify the real IP address of one of the servers used by the Conti ransomware group and access the console for more than a month. The exposed […]
Pierluigi Paganini
November 21, 2021
A malware campaign aimed at Microsoft Exchange servers exploits ProxyShell and ProxyLogon issues and uses stolen internal reply-chain emails. A malware campaign aimed at Microsoft Exchange servers exploits ProxyShell and ProxyLogon issues and uses stolen internal reply-chain emails to avoid detection. The campaign was uncovered by TrendMicro researchers that detailed the technique used to trick […]
Pierluigi Paganini
November 20, 2021
Advanced Intelligence researchers argue that the restarting of the Emotet botnet was driven by Conti ransomware gang. Early this year, law enforcement and judicial authorities worldwide conducted a joint operation, named Operation Ladybird, which disrupted the EMOTET botnet. At the time the investigators have taken control of its infrastructure in an international coordinated action. This operation was […]
Pierluigi Paganini
November 19, 2021
North Korea-linked TA406 APT group has intensified its attacks in 2021, particularly credential harvesting campaigns. A report published by Proofpoint revealed that the North Korea-linked TA406 APT group (Kimsuky, Thallium, and Konni, Black Banshee, Velvet Chollima) has intensified its operations in 2021. The TA406 cyber espionage group was first spotted by Kaspersky researchers in 2013. At the end of October […]
