malware

Pierluigi Paganini January 19, 2020
Hackers patch Citrix servers to deploy their own backdoor

Attacks on Citrix servers are intensifying, one of the threat actors behind them is patching them and installing its own backdoor to lock out other attackers. Security experts are monitoring a spike in the number of attacks against Citrix servers after that researchers announced the availability online of proof-of-concept exploits for the CVE-2019-19781 flaw in Citrix NetScaler […]

Pierluigi Paganini January 14, 2020
China-linked APT40 group hides behind 13 front companies

A group of anonymous security researchers that calls itself Intrusion Truth have tracked the activity of a China-linked cyber–espionage group dubbed APT40. A group of anonymous security researchers that calls itself Intrusion Truth has discovered that a China-linked cyberespionage group, tracked as APT40, uses 13 front companies operating in the island of Hainan to recruit […]

Pierluigi Paganini January 09, 2020
TrickBot gangs developed the PowerTrick backdoor for high-value targets

Researchers at SentinelLabs reported that TrickBot operators used a new PowerShell backdoor in recent attacks aimed at high-value targets. SentinelLabs experts discovered a new PowerShell backdoor used by TrickBot operators in recent attacks aimed at Powershell high-value targets, such as financial institutions. TrickBot is a popular banking Trojan that has been around since October 2016, its […]

Pierluigi Paganini January 08, 2020
MITRE presents ATT&CK for ICS, a knowledge base for ICS

MITRE announced the initial release of a version of its MITRE ATT&CK knowledge base that focuses on industrial control systems (ICS). MITRE’s ATT&CK framework is becoming a standard in cybersecurity community for the classification of attacker behavior. Now the organization is going to propose a knowledge base that focused on ICS systems for its MITRE’s ATT&CK. […]

Pierluigi Paganini January 08, 2020
SNAKE Ransomware is targeting business networks

A new piece of ransomware called SNAKE appeared in threat landscape, the malware is now targeting company networks. The SNAKE is a new ransomware that is threatening enterprises worldwide along with most popular ransomware families such as Ryuk, Maze, Sodinokibi, LockerGoga, BitPaymer, DoppelPaymer, MegaCortex, LockerGoga. The scary trend sees criminal organizations targeting enterprises, instead of […]

Pierluigi Paganini January 05, 2020
California IT service provider Synoptek pays ransom after Sodinokibi attack

Synoptek, A California-based IT service provider decided to pay the ransom to decrypt its files after being infected with the Sodinokibi ransomware. Synoptek, a California-based provider of IT management and cloud hosting services paid the ransom to decrypt its files following a Sodinokibi ransomware attack. The gang behind the Sodinokibi ransomware has been very active […]

Pierluigi Paganini January 05, 2020
DeathRansom ransomware evolves encrypting files, but experts identified its author

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. Researchers at Fortinet published an analysis that shows the threat evolving, […]

Pierluigi Paganini January 02, 2020
US restaurant chain Landry’s discloses payment card breach

The popular US restaurant chain Landry’s announced that it was the victim of a cyber-attack, malware has infected its point of sale (POS) systems. The popular US restaurant chain Landry’s disclosed a security incident, its point of sale (POS) systems have been infected with malware specifically developed to steal customers’ payment card information (i.e. credit […]

Pierluigi Paganini December 29, 2019
A new trojan Lampion targets Portugal

New trojan called ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax during the last days of 2019. Last days of 2019 were the perfect time to spread phishing campaigns using email templates based on the Portuguese Government Finance & Tax. SI-LAB noted that Portuguese users were targeted with malscam messages […]

Pierluigi Paganini December 29, 2019
Security Affairs newsletter Round 246

A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Experts warn of Greta Thunberg-themed Emotet malware campaign Former contractor sentenced to 10 months in prison for hacking airline Jet2 UK authorities sentenced hacker who blackmailed Apple for $100,000 Champagne Bakery Cafe and Islands burger chain disclose payment […]