Pierluigi Paganini
July 27, 2022
Threat actors are increasingly abusing Internet Information Services (IIS) extensions to maintain persistence on target servers. Microsoft warns of threat actors that are increasingly abusing Internet Information Services (IIS) extensions to establish covert backdoors into servers and maintain persistence in the target networks. IIS backdoors are also hard to detect because they follow the same […]
Pierluigi Paganini
July 27, 2022
Researchers found similarities between LockBit 3.0 ransomware and BlackMatter, which is a rebranded variant of the DarkSide ransomware. Cybersecurity researchers have found similarities between the latest version of the LockBit ransomware, LockBit 3.0, and the BlackMatter ransomware. The Lockbit 3.0 ransomware was released in June with important novelties such as a bug bounty program, Zcash payment, and new extortion […]
Pierluigi Paganini
July 26, 2022
Qakbot malware operators are using the Windows Calculator to side-load the malicious payload on target systems. Security expert ProxyLife and Cyble researchers recently uncovered a Qakbot campaign that was leveraging the Windows 7 Calculator app for DLL side-loading attacks. Dynamic-link library (DLL) side-loading is an attack method that takes advantage of how Microsoft Windows applications handle DLL […]
Pierluigi Paganini
July 25, 2022
Kaspersky uncovered a new UEFI firmware rootkit, tracked as CosmicStrand, which it attributes to an unknown Chinese-speaking threat actor. Researchers from Kaspersky have spotted a UEFI firmware rootkit, named CosmicStrand, which has been attributed to an unknown Chinese-speaking threat actor. This malware was first spotted by Chinese firm Qihoo360 in 2017. The researchers were not […]
Pierluigi Paganini
July 25, 2022
The ransomware group Lockbit claims to have stolen 78 GB of files from the Italian Revenue Agency (Agenzia delle Entrate). The ransomware gang Lockbit claims to have hacked the Italian Revenue Agency (Agenzia delle Entrate) and added the government agency to the list of victims reported on its dark web leak site. “The Revenue Agency, operational since 1 January […]
Pierluigi Paganini
July 25, 2022
Operators behind the Amadey Bot malware use the SmokeLoader to distribute a new variant via software cracks and keygen sites. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows operators to install additional payloads. The malware is available for sale in illegal forums, in the past, it was used […]
Pierluigi Paganini
July 24, 2022
North Korea-linked APT37 group targets high-value organizations in the Czech Republic, Poland, and other countries. Researchers from the Securonix Threat Research (STR) team have uncovered a new attack campaign, tracked as STIFF#BIZON, targeting high-value organizations in multiple countries, including Czech Republic, and Poland. The researchers attribute this campaign to the North Korea-linked APT37 group, aka […]
Pierluigi Paganini
July 24, 2022
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. FBI seized $500,000 worth of bitcoin obtained from Maui ransomware attacks SonicWall fixed critical SQLi in […]
Pierluigi Paganini
July 23, 2022
The U.S. DoJ seized $500,000 worth of Bitcoin from North Korea-linked threat actors who are behind the Maui ransomware. The U.S. Department of Justice (DoJ) has seized $500,000 worth of Bitcoin from North Korean threat actors who used the Maui ransomware to target several organizations worldwide. “The Justice Department today announced a complaint filed in […]
Pierluigi Paganini
July 22, 2022
Threat actors hacked the Ukrainian radio station TAVR Media and broadcasted fake news on the critical health condition of President Volodymyr Zelensky Threat actors breached the Ukrainian radio station TAVR Media this week, the attackers spread a fake message on the health status of the Zelensky. The Kyiv Independent reported that a music program on […]
