malware

Pierluigi Paganini June 25, 2019
Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

Researchers at Microsoft uncovered a malicious campaign that delivers the infamous FlawedAmmyy RAT directly in memory. Experts at Microsoft uncovered a malicious campaign that delivers the FlawedAmmyy RAT directly in memory. The FlawedAMMYY backdoor borrows the code of the Ammyy Admin remote access Trojan, it allows attackers to get full access to a victim’s machine. […]

Pierluigi Paganini June 24, 2019
CVE-2019-10149: “Return of the WiZard” Vulnerability: Crooks Start Hitting

Malware researchers at Cybaze-Yoroi ZLAB observed many attack attempts trying to spread malware abusing the CVE-2019-10149 issue. Introduction In the past days, a really important issue has been disclosed to the public: “Return of the WiZard” vulnerability (ref. EW N030619, CVE-2019-10149). Such vulnerability affected a wide range of Exim servers, one of the main email server […]

Pierluigi Paganini June 23, 2019
Security Affairs newsletter Round 219 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! Bella Thorne published her private nude photos before a hacker that was threatening her Linux worm spreading via Exim servers hit Azure customers New Echobot Botnet targets Oracle, VMware […]

Pierluigi Paganini June 22, 2019
Android Botnet leverages ADB ports and SSH to spread

Trend Micro recently discovered an Android crypto-currency mining botnet that can spread via open ADB (Android Debug Bridge) ports and Secure Shell (SSH).  Security researchers at Trend Micro have discovered an new Android crypto-currency mining botnet that spreads via open ADB (Android Debug Bridge) ports and Secure Shell (SSH).  The Android Debug Bridge (adb) is […]

Pierluigi Paganini June 21, 2019
Russia-Linked Turla APT group Hijacked C2 of the Iranian OilRig

Russia-Linked cyberespionage group Turla uses a new toolset and hijacked command and control infrastructure operated by Iran-Linked OilRig APT. Russia-linked Turla cyberspies used a new set of tools in new attacks and hijacked command and control infrastructure operated by Iran-Linked OilRig APT. Recent campaigns demonstrate that Turla continues to evolve its arsenal and adopt news […]

Pierluigi Paganini June 20, 2019
CVE-2019-11707 Firefox Zero-Day exploited to infect employees at cryptocurrency exchanges

Researchers discovered that recently patched Firefox zero-day (CVE-2019-11707) has been exploited to deliver Windows and Mac malware to cryptocurrency exchanges. Experts discovered that recently patched Firefox zero-day vulnerability (CVE-2019-11707) has been exploited by threat actors to deliver Windows and Mac malware to employees of cryptocurrency exchanges. CVE-2019-11707 is a type confusion vulnerability in Array.pop. Mozilla has addressed […]

Pierluigi Paganini June 20, 2019
The Riviera Beach City pays $600,000 in ransom

The Riviera Beach City, Florida, agreed to pay $600,000 in ransom to decrypt its data after a ransomware-based attack hit its computer system. The Riviera Beach City Council voted unanimously to pay $600,000 in ransom to decrypt its records after a ransomware attack hit its systems. The council has previously agreed to spend $941,000 to […]

Pierluigi Paganini June 20, 2019
Bouncing Golf cyberespionage campaign targets Android users in Middle East

According to security researchers at Trend Micro, a cyberespionage campaign is targeting Android users in Middle Eastern countries. Security researchers at Trend Micro have spotted a cyberespionage campaign, dubbed ‘Bouncing Golf, that is targeting Android users in Middle Eastern countries. Threat actors are using a piece of malware detected as GolfSpy, that implements multiple features […]

Pierluigi Paganini June 19, 2019
Modular Plurox backdoor can spread over local network

Kaspersky experts recently discovered a backdoor dubbed Plurox that can spread itself over a local network and can allow installing additional malware.  Kaspersky experts discovered the Plurox backdoor in February, it can spread itself over a local network and could be used by attackers to install additional malware.  The Plurox backdoor is written in C […]

Pierluigi Paganini June 18, 2019
Yana Peel, chief executive of London’s Galleries, resigned after discovery of her links with NSO group

The head of London’s Serpentine Galleries resigned on Tuesday following a Guardian report about her links to the Israeli surveillance firm NSO Group. On Tuesday, the chief executive of London’s Serpentine Galleries, Yana Peel, resigned following the revelation of the Guardian newspaper about her links to the Israeli surveillance firm NSO Group. According to the newspaper, Yana […]