malware

Pierluigi Paganini May 16, 2019
The stealthy email stealer in the TA505 hacker group’s arsenal

Experts at Yoroi-Cybaze Z-Lab observed a spike in attacks against the banking sector and spotted a new email stealer used by the TA505 hacker group Introduction During the last month, our Threat Intelligence surveillance team spotted increasing evidence of an operation intensification against the Banking sector. In fact, many independent researchers pointed to a particular […]

Pierluigi Paganini May 16, 2019
Magecart hackers inject card Skimmer in Forbes Subscription Site

The Magecart gang made the headlines again, the hackers this time compromised the Forbes magazine subscription website. The Magecart group is back, the hackers this time compromised injected a skimmers script into the Forbes magazine subscription website. The malicious traffic was spotted by the security expert Troy Mursch, Chief Research Officer of Bad Packets, on Wednesday. Magecart hackers […]

Pierluigi Paganini May 14, 2019
Thrangrycat flaw could allow compromising millions of Cisco devices

Security firm Red Balloon discovered a severe vulnerability dubbed Thrangrycat, in Cisco products that could be exploited to an implant persistent backdoor in many devices. Experts at Red Balloon Security disclosed two vulnerabilities in Cisco products. The first issue dubbed Thrangrycat, and tracked as CVE-2019-1649, affects multiple Cisco products that support Trust Anchor module (TAm). The issue […]

Pierluigi Paganini May 14, 2019
North Korea-linked ScarCruft APT adds Bluetooth Harvester to its arsenal

The North Korea-linked APT group ScarCruft (aka APT37 and Group123) continues to expand its arsenal by adding a Bluetooth Harvester. North Korea-linked APT group ScarCruft (aka APT37, Reaper, and Group123) continues to expand its arsenal by adding a Bluetooth Harvester. ScarCruft has been active since at least 2012, it made the headlines in early February […]

Pierluigi Paganini May 14, 2019
Malware Training Sets: FollowUP

The popular expert Marco Ramilli provided a follow up to its Malware classification activity by adding a scripting section which would be useful for several purposes. On 2016 I was working hard to find a way to classify Malware families through artificial intelligence (machine learning). One of the first difficulties I met was on finding […]

Pierluigi Paganini May 13, 2019
Reading the Yoroi Cyber Security Annual Report 2018

Yoroi Cyber Security Annual Report 2018 – In 2018 cyber-security experts observed an increased number of cyber attacks, malware endure to be the most aggressive and pervasive threat. For this reason, analyzing the last year occurred events would help cyber-security professionals to prevent further attacks during the next few months. In many cases the attacks […]

Pierluigi Paganini May 12, 2019
Security Affairs newsletter Round 213 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! A hacker has taken over at least 29 IoT botnets Hackers stole card data from 201 campus online stores in US and Canada, is it the Magecart group? NoScript […]

Pierluigi Paganini May 10, 2019
DHS and FBI published a Malware Analysis Report on North Korea-linked tool ELECTRICFISH

The U.S. Department of Homeland Security (DHS) and the FCI published a new joint report on ELECTRICFISH, a malware used by North Korea. US DHS and the Federal Bureau of Investigation (FBI) conducted a joint analysis of a traffic tunneling tool dubbed ELECTRICFISH used by North Korea-linked APT group tracked as Hidden Cobra (aka Lazarus). It […]

Pierluigi Paganini May 09, 2019
Hackers exploit Jenkins flaw CVE-2018-1000861 to Kerberods malware

Threat actors are exploiting a Jenkins vulnerability (CVE-2018-1000861) disclosed in 2018 to deliver a cryptocurrency miner using the Kerberods dropper. SANS expert Renato Marinho uncovered an ongoing malicious campaign that is targeting vulnerable Apache Jenkins installs to deliver a Monero cryptominer dubbed Kerberods. According to the SANS Institute’s Internet Storm Center, attackers are exploiting the […]

Pierluigi Paganini May 08, 2019
Yomi Hunter Joined the VirusTotal Sandbox Program!

We are pleased to announce that Yomi the Malware Hunter has successfully completed the on-boarding in the VirusTotal MultiSandbox Program! Official VirusTotal Announce: https://blog.virustotal.com/2019/05/virustotal-multisandbox-yoroi-yomi.html Yoroi can now contribute to the fight against malware threats sharing its analysis with Chronicle Security, the Alphabet’s subsidiary author of the notorious VirusTotal Threat Intelligence platform: one of the most widely used community platforms all around the […]