Malware

Pierluigi Paganini June 20, 2024
New Rust infostealer Fickle Stealer spreads through various attack methods

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration A new Rust malware called Fickle Stealer spreads through various attack methods and steals sensitive information. Fortinet FortiGuard Labs researchers detected a new Rust-based information stealer called Fickle Stealer which spread through multiple attack vectors. The malware has an intricate code and relies on multiple […]

Pierluigi Paganini June 19, 2024
Cryptojacking campaign targets exposed Docker APIs

A malware campaign targets publicly exposed Docker API endpoints to deliver cryptocurrency miners and other payloads. Researchers at Datadog uncovered a new cryptojacking campaign linked to the attackers behind Spinning YARN campaign. The threat actors target publicly exposed and unsecured Docker API endpoints for initial access. The attack begins with the threat actor scanning the internet […]

Pierluigi Paganini June 18, 2024
The Financial Dynamics Behind Ransomware Attacks

Over the last few years, ransomware attacks have become one of the most prevalent and expensive forms of cybercrime. Initially, these attacks involved malicious software that encrypts a victim’s data, rendering it inaccessible until a ransom is paid to the attackers. Today, this tactic has evolved, where ransomware operators in nearly every case first exfiltrate […]

Pierluigi Paganini June 17, 2024
China-linked Velvet Ant uses F5 BIG-IP malware in cyber espionage campaign

Chinese cyberespionage group Velvet Ant was spotted using custom malware to target F5 BIG-IP appliances to breach target networks. In late 2023, Sygnia researchers responded to an incident suffered by a large organization that they attributed to a China-linked threat actor tracked as ‘Velvet Ant.’ The cyberspies deployed custom malware on F5 BIG-IP appliances to […]

Pierluigi Paganini June 12, 2024
Ukraine Police arrested a hacker who developed a crypter used by Conti and LockBit ransomware operation

The Ukraine cyber police arrested a Russian man for having developed the crypter component employed in Conti and LockBit ransomware operations. The Ukraine cyber police arrested a Russian man (28) for his role in developing a crypter used in Conti and LockBit ransomware operations. The man was arrested in Kyiv on April 18, 2024, as part of […]

Pierluigi Paganini June 10, 2024
UK NHS call for O-type blood donations following ransomware attack on London hospitals

The UK NHS issued an urgent call for O-type blood donations following the recent ransomware attack that hit several London hospitals. The UK National Health Service (NHS) issued an urgent call for O-type blood donations due to the recent ransomware attack on Synnovis that disrupted operations at several healthcare organizations in London. In early June, […]

Pierluigi Paganini June 06, 2024
A new Linux version of TargetCompany ransomware targets VMware ESXi environments

A new Linux variant of the TargetCompany ransomware family targets VMware ESXi environments using a custom shell script. A new variant of the TargetCompany ransomware group uses a custom shell script as a means of payload delivery and execution, this is the first time the technique was observed in the wild. The script was also used […]

Pierluigi Paganini June 06, 2024
FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

The FBI is informing victims of LockBit ransomware it has obtained over 7,000 LockBit decryption keys that could allow some of them to decrypt their data. The FBI is inviting victims of LockBit ransomware to come forward because it has obtained over 7,000 LockBit decryption keys that could allow them to recover their encrypted data […]

Pierluigi Paganini June 06, 2024
RansomHub operation is a rebranded version of the Knight RaaS

Researchers believe the RansomHub ransomware-as-a-service is a rebranded version of the Knight ransomware operation. Cybersecurity experts who analyzed the recently emerged ransomware operation RansomHub speculate that is is a rebranded version of Knight ransomware. Knight, also known as Cyclops 2.0, appeared in the threat landscape in May 2023. The malware targets multiple platforms, including Windows, […]

Pierluigi Paganini June 04, 2024
A ransomware attack on Synnovis impacted several London hospitals

A ransomware attack that hit the provider of pathology and diagnostic services Synnovis severely impacted the operations of several London hospitals. A ransomware attack on pathology and diagnostic services provider Synnovis has severely impacted the operations at several major NHS hospitals in London. The attack forced the impacted hospitals to cancel some healthcare procedures, in […]