malware

Pierluigi Paganini September 12, 2024
Singapore Police arrest six men allegedly involved in a cybercrime syndicate

The Singapore Police Force (SPF) has arrested six individuals for their role in the operations of a cybercrime ring in the country. The Singapore Police Force (SPF) arrested five Chinese nationals, aged 32 to 42, and a 34-year-old Singaporean man for the alleged involvement in illegal cyber activities in the country. On 9 September 2024, […]

Pierluigi Paganini September 11, 2024
RansomHub ransomware gang relies on Kaspersky TDSKiller tool to disable EDR

Researchers observed the RansomHub ransomware group using the TDSSKiller tool to disable endpoint detection and response (EDR) systems. The RansomHub ransomware gang is using the TDSSKiller tool to disable endpoint detection and response (EDR) systems, Malwarebytes ThreatDown Managed Detection and Response (MDR) team observed. TDSSKiller a legitimate tool developed by the cybersecurity firm Kaspersky to […]

Pierluigi Paganini September 10, 2024
Quad7 botnet evolves to more stealthy tactics to evade detection

The Quad7 botnet evolves and targets new  SOHO devices, including Axentra media servers, Ruckus wireless routers and Zyxel VPN appliances. The Sekoia TDR team identified additional implants associated with the Quad7 botnet operation. The botnet operators are targeting multiple SOHO devices and VPN appliances, including TP-LINK, Zyxel, Asus, D-Link, and Netgear, exploiting both known and […]

Pierluigi Paganini September 09, 2024
Predator spyware operation is back with a new infrastructure

Researchers warn of a fresh cluster of activity associated with the Predator spyware using a new infrastructure, following the U.S. sanctions against the Intellexa Consortium. Recorded Future researchers warn that the Predator spyware has resurfaced with fresh infrastructure after a decline caused by US sanctions against Intellexa Consortium. In March 2024, the Department of the […]

Pierluigi Paganini September 09, 2024
TIDRONE APT targets drone manufacturers in Taiwan

A previously undocumented threat actor tracked TIDRONE targets organizations in military and satellite industries in Taiwan. Trend Micro spotted an allegedly China-linked threat actor, tracked TIDRONE, targeting drone manufacturers in Taiwan. The group, which was previously undocumented, uses enterprise resource planning (ERP) software and remote desktops to deploy advanced malware, including CXCLNT and CLNTEND. CXCLNT […]

Pierluigi Paganini September 09, 2024
Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. Researchers at Fortinet FortiGuard Labs reported that threat actors exploited the recently disclosed OSGeo GeoServer GeoTools flaw (CVE-2024-36401) to deliver various malware families, including cryptocurrency miners, bots, and the SideWalk backdoor. GeoServer is an open-source server that allows users […]

Pierluigi Paganini September 08, 2024
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 10

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. BlackSuit Ransomware Dissecting the Cicada       Year-Long Campaign of Malicious npm Packages Targeting Roblox Users   Rocinante: The trojan horse that wanted to fly    Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads Earth […]

Pierluigi Paganini September 08, 2024
Security Affairs newsletter Round 488 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog A flaw […]

Pierluigi Paganini September 05, 2024
Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

The Chinese-speaking threat actor Earth Lusca used the new backdoor KTLVdoor in an attack against a trading company in China. Trend Micro Researchers spotted the Chinese-speaking threat actor Earth Lusca using a new multiplatform backdoor called KTLVdoor. The Earth Lusca group has been active since at least the first half of 2023, it primarily targeted […]

Pierluigi Paganini September 02, 2024
Lockbit gang claims the attack on the Toronto District School Board (TDSB)

The Toronto District School Board (TDSB) confirmed that student information was compromised in the June Lockbit ransomware attack. The Toronto District School Board (TDSB) confirmed that students’ information was compromised following a ransomware attack that was discovered in June.  The TDSB is the largest school board in Canada with 582 schools and about 235,000 students. In […]