Pierluigi Paganini
January 16, 2025
Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware. In late November, the experts spotted a malspam campaign impersonating DHL which used emails about […]
Pierluigi Paganini
January 15, 2025
The ransomware group Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C, Halcyon researchers warn. The ransomware group Codefinger has been spotted using compromised AWS keys to encrypt data in S3 buckets. The threat actor used AWS’s Server-Side Encryption with Customer Provided Keys (SSE-C) for encryption, then demanded the payment of […]
Pierluigi Paganini
January 14, 2025
The FBI has removed Chinese PlugX malware from over 4,200 computers in networks across the United States, the U.S. Department of Justice reported. The Justice Department and FBI, along with international partners, announced they deleted PlugX malware from thousands of infected computers worldwide as part of a multi-month law enforcement operation. The malware was operated […]
Pierluigi Paganini
January 14, 2025
Russia-linked threat actor UAC-0063 targets Kazakhstan to gather economic and political intelligence in Central Asia. Russia-linked threat actors UAC-0063 is targeting Kazakhstan as part of a cyber espionage campaign to gather economic and political intelligence in Central Asia. The Computer Emergency Response Team of Ukraine (CERT-UA) first detailed the activity of UAC-0063 in early 2023. […]
Pierluigi Paganini
January 14, 2025
A critical vulnerability in Aviatrix Controller is actively exploited to deploy backdoors and cryptocurrency miners in the wild. A security researcher Jakub Korepta discovered a critical vulnerability, tracked as CVE-2024-50603 (CVSS score: 10.0), in the Aviatrix Controller. The flaw impacts Aviatrix Controller pre-7.1.4191 and 7.2.x pre-7.2.4996, it allows unauthenticated attackers to execute arbitrary code via improper command […]
Pierluigi Paganini
January 13, 2025
FunkSec, a new ransomware group that attacked more than 80 victims in December 2024, was developed using AI tools. The FunkSec ransomware-as-a-service (RaaS) group has been active since late 2024, the gang published over 85 victims in December 2024. The group likely used AI-based systems to quickly develop advanced tools, blending hacktivism and cybercrime. However, […]
Pierluigi Paganini
January 13, 2025
Stealthy credit card skimmer targets WordPress e-commerce sites, injecting malicious JavaScript into CMS database tables to evade detection. Sucuri researchers warn of a stealthy credit card skimmer campaign targeting WordPress e-commerce sites by injecting malicious JavaScript into CMS database tables. The attackers hide the malicious code in the WordPress wp_options table, injecting obfuscated JavaScript into […]
Pierluigi Paganini
January 12, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Finding Malware: Unveiling PLAYFULGHOST with Google Security Operations Scam Sniffer 2024: Web3 Phishing Attacks – Wallet Drainers Drain $494 Million EAGERBEE, with updated and novel components, targets the Middle East Gayfemboy: A Botnet Deliver Through a […]
Pierluigi Paganini
January 10, 2025
Experts found a new version of the Banshee macOS information stealer which was enhanced with new evasion mechanisms. Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software. In August 2024, Russian crooks advertised a macOS malware called […]
Pierluigi Paganini
January 10, 2025
CrowdStrike warns of a phishing campaign that uses its recruitment branding to trick recipients into downloading a fake application, which finally installs the XMRig cryptominer. CrowdStrike discovered a phishing campaign using its recruitment branding to trick recipients into downloading a fake application, which acts as a downloader for the XMRig cryptominer. The cybersecurity firm discovered […]
