Malware

Pierluigi Paganini February 02, 2021
Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs

Ransomware operators are exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992, to encrypt virtual hard disks. Security experts are warning of ransomware attacks exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992, to encrypt virtual hard disks. According to ZDNet, threat actors are using VMWare ESXi exploits to encrypt the disks of virtual machines deployed in […]

Pierluigi Paganini February 01, 2021
Experts discovered a new Trickbot module used for lateral movement

Experts spotted a new Trickbot module that is used to scan local networks and make lateral movement inside the target organization. Cybersecurity researchers discovered a new module of the Trickbot malware, dubbed ‘masrv’, that is used to scan a local network and make lateral movement inside the target organization. The masrv module leverage the Masscan open-source utility […]

Pierluigi Paganini January 31, 2021
New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

The Rocke group is using a new piece of cryptojacking malware dubbed Pro-Ocean to target Apache ActiveMQ, Oracle WebLogic, and Redis installs. The cybercrime group Rocke is using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable Apache ActiveMQ, Oracle WebLogic, and Redis intalls. The malware is an evolution of a Monero cryptocurrency […]

Pierluigi Paganini January 30, 2021
Victims of FonixCrypter ransomware could decrypt their files for free

FonixCrypter ransomware operators shut down their operations, released the master decryption key for free, and deleted malware’s source code. Good news for the victims of the FonixCrypter ransomware, the operators behind the threat shut down their operations and released the master decryption key. The FonixCrypter gang also closed its Telegram channel that was used to […]

Pierluigi Paganini January 29, 2021
Microsoft: North Korea-linked Zinc APT targets security experts

Microsoft, like Google TAG, observed a cyber espionage campaign aimed at vulnerability researchers that attributed to North Korea-linked Zinc APT group. Researchers from Microsoft monitored a cyber espionage campaign aimed at vulnerability researchers and attributed the attacks to North Korea-linked Zinc APT group. “In recent months, Microsoft has detected cyberattacks targeting security researchers by an […]

Pierluigi Paganini January 29, 2021
Oscorp, a new Android malware targets Italian users

Researchers at the Italian CERT warns of new Android malware dubbed Oscorp that abuses accessibility services for malicious purposes. Researchers from security firm AddressIntel spotted a new Android malware dubbed Oscorp, its name comes from the title of the login page of its command-and-control server. Like other Android malware, the Oscorp malware trick users into granting […]

Pierluigi Paganini January 28, 2021
TeamTNT group adds new detection evasion tool to its Linux miner

The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion capabilities, AT&T Alien Labs researchers warn. Early this year, researchers from Trend Micro discovered that the TeamTNT botnet was improved with the ability to steal Docker […]

Pierluigi Paganini January 27, 2021
Law enforcement announced global action against NetWalker Ransomware

A joint operation of U.S. and EU law enforcement authorities allowed the seizure of the leak sites used by NetWalker ransomware operators. Law enforcement authorities in the U.S. and Europe have seized the dark web sites used by NetWalker ransomware operators. The authorities also charged a Canadian national involved in the NetWalker ransomware operations. “The […]

Pierluigi Paganini January 27, 2021
Emotet Botnet dismantled in a joint international operation

A global operation of law enforcement has dismantled the infrastructure of the infamous Emotet botnet. A global operation of law enforcement, lead by Europol, has dismantled the infrastructure of the infamous Emotet botnet. The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. In the middle-August, the malware was […]

Pierluigi Paganini January 26, 2021
North Korea-linked campaign targets security experts via social media

Google TAG is warning that North Korea-linked hackers targeting security researchers through social media. Google Threat Analysis Group (TAG) is warning that North Korea-linked hackers targeting security researchers through social media. According to the Google team that focuses on nation-state attacks, a North Korea-linked APT group has targeted experts that are working on the research […]