Pierluigi Paganini
January 02, 2018
The Necurs botnet made the headlines at year-end sending out tens of millions of spam emails daily as part of massive ransomware campaigns. Necurs was not active for a long period at the beginning of 2017 and resumed it activity in April. The Necurs botnet was used in the past months to push many other malware, including Locky, Jaff, GlobeImposter, Dridex , […]
Pierluigi Paganini
December 30, 2017
A hacker belonging to the Lurk cybercrime gang admits the creation of WannaCry ransomware and DNC hack on request of intelligence agencies. In an interview to Dozhd TV channel, one of the members of the Lurk crime group arrested in the Russian city of Ekaterinburg, Konstantin Kozlovsky, told that he was one of the authors of the dreaded WannaCry ransomware and that […]
Pierluigi Paganini
December 29, 2017
The Italia cyber security expert Marco Ramilli, founder of Yoroi, published an interesting analysis of a quite new InfoStealer Malware delivered by eMail to many International Companies. Attack attribution is always a very hard work. False Flags, Code Reuse and Spaghetti Code makes impossible to assert “This attack belongs to X”. Indeed nowadays makes more sense talking about Attribution […]
Pierluigi Paganini
December 28, 2017
The cybersecurity expert Willem de Groot reported cyber attacks against Magento websites running the popular helpdesk extension ‘Mirasvit Helpdesk.’ de Groot observed attackers sending a message like this to Magento merchants: Hey, I strongly recommend you to make a redesign! Please contact me if you need a good designer! – [email protected] The message contains a specially crafted sender that […]
Pierluigi Paganini
December 24, 2017
Security experts spotted a new variant of the CryptoMix ransomware that uses a different extension (.FILE) and a new set of contact emails. Security experts from BleepingComputer discovered a new variant of the CryptoMix ransomware that uses a different extension (.FILE) to append to the file names of the encrypted files and uses new contact emails. For example, a file encrypted by […]
Pierluigi Paganini
December 23, 2017
Experts observed cybercriminals are conducting a new malspam campaign to distribute a new variant of the GlobeImposter ransomware According to Lawrence Abrams from BleepingComputer, crooks are conducting a new malspam campaign to distribute a new variant of the GlobeImposter ransomware that appends the “..doc” extension to encrypted files. The malicious messages pretend to have attached photos being sent to the […]
Pierluigi Paganini
December 23, 2017
Fancy Bear APT group refactored its backdoor and improved encryption to make it stealthier and harder to stop. The operations conducted by Russian Fancy Bear APT group (aka Sednit, APT28, and Sofacy, Pawn Storm, and Strontium) are even more sophisticated and hard to detect due to. According to a new report published by experts from security firm ESET, the […]
Pierluigi Paganini
December 22, 2017
Researchers from security firm Trend Micro observed crooks spreading a new cryptocurrency mining bot dubbed Digmine via Facebook Messenger. Watch out for video file (packed in zip archive) sent by your friends via Facebook messenger, according to the researchers from security firm Trend Micro crooks are using this technique to spread a new cryptocurrency mining bot dubbed Digmine. The bot […]
Pierluigi Paganini
December 21, 2017
Security researchers discovered multiple hacking campaigns conducted by a Chinese criminal gang targeting database servers. The researchers from the security firm GuardiCore Labs Security have discovered multiple hacking campaigns conducted by a Chinese criminal gang targeting database servers. The attackers targeted systems worldwide for mining cryptocurrencies, exfiltrating sensitive data and building a DDoS botnet. The experts […]
Pierluigi Paganini
December 21, 2017
The CSE CybSec Z-Lab Malware Lab analyzed a couple of new malware samples, belonging to the Bladabindi family, that were discovered on a looking-good website. ZLab team detected two new threats hosted on a looking-good website www[.]6th-sense[.]eu. Both malware looks like a legitimate app that users have to install in order to access the media file hosted on the […]
