Malware

Pierluigi Paganini October 07, 2019
PoS malware infections impacted four restaurant chains in the U.S.

Four restaurant chains in the U.S. disclosed payment card theft via PoS malware that took place over the summer. Four restaurant chains in the United States disclosed security breaches that impacted their payment systems over the summers, crooks used PoS malware to steal payment card data of the customers. The restaurant chains are McAlister’s Deli, […]

Pierluigi Paganini October 05, 2019
Magecart hackers are expanding their operations

Cybercrime gangs under the Magecart umbrella continue to compromise e-commerce platforms to steal payment card data from users worldwide. Hacker groups under the Magecart umbrella continue to target to steal payment card data with so-called software skimmers. Security firms have monitored the activities of a dozen groups at least since 2010.  According to a joint report […]

Pierluigi Paganini October 04, 2019
The sLoad Threat: Ten Months Later

Since September 2018, SLoad (tracked as TH-163) is the protagonist of an increasing and persistent wave of attacks against Italian organizations. Introduction SLoad (TH-163) is the protagonist of increasing and persistent attack waves against the Italian panorama since Q3 2018 and then in 2019 (e.g N020419, N040619, N010819), but also against the UK and Canada as reported by Proofpoint. Ten months […]

Pierluigi Paganini October 04, 2019
Egypt regularly spies on opponents and activists with mobile apps

Researchers at Check Point discovered that Egypt ‘ government has been spying citizens in a sophisticated surveillance program Researchers at Check Point discovered that the Egyptian government has been spying on activists and opponents as part of a sophisticated surveillance program. The list of victims is long and includes journalists, politicians, activists and lawyers. The […]

Pierluigi Paganini October 03, 2019
6 cyber-espionage campaigns since 2013 attributed to PKPLUG China-linked group

Security experts linked a number of cyber-espionage campaigns observed over the years to the same Chinese threat actor, tracked as PKPLUG. Security experts linked a number of cyber-espionage campaigns observed over the years to the same Chinese threat actor, tracked as PKPLUG. The name comes from the threat actor using PlugX inside ZIP archives containing […]

Pierluigi Paganini October 03, 2019
FBI warns about high-impact Ransomware attacks on U.S. Organizations

The U.S. Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) warns organizations about high-impact ransomware attacks. In a wake of the recent string of attacks against cities, school districts and hospitals, the U.S. Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) issued organizations about high-impact ransomware attacks. “Ransomware attacks are becoming more targeted, […]

Pierluigi Paganini October 03, 2019
Dutch police shut down bulletproof service hosting tens of DDoS botnets

Dutch police seized a bulletproof hosting service in a major takedown, the infrastructure was used by tens of IoT botnets involved in DDoS attacks. A joint operation conducted by the Netherlands’ National Criminal Investigation Department and National Cyber Security Center allowed to track down and seize five servers that were composing a cybercrime underground bulletproof […]

Pierluigi Paganini October 02, 2019
Ten hospitals in Alabama and Australia have been hit with ransomware attacks

A new wave of ransomware attacks hit US and Australian hospitals and health service providers causing the paralysis of their systems. Several hospitals and health service providers from the U.S. and Australia were hit by ransomware attacks that forced the administrators to shut part of their IT infrastructure. “Ten hospitals—three in Alabama and seven in […]

Pierluigi Paganini October 01, 2019
A new Adwind variant involved in attacks on US petroleum industry

Adwind is back, a new variant of the popular RAT is targeting US petroleum industry entities with new advanced features. A new variant of the popular Adwind RAT (aka jRAT, AlienSpy, and JSocket) is targeting entities in the US petroleum industry. The new variant implements advanced features such as multi-layer obfuscation. The malware is distributed via a […]

Pierluigi Paganini October 01, 2019
Frequent VBA Macros used in Office Malware

The malware expert Marco Ramilli collected a small set of VBA Macros widely re-used to “weaponize” Maldoc (Malware Document) in cyber attacks. Nowadays one of the most frequent cybersecurity threat comes from Malicious (office) document shipped over eMail or Instant Messaging. Some analyzed threats examples include: Step By Step Office Dropper Dissection, Spreading CVS Malware over Google, Microsoft […]