malware

Pierluigi Paganini April 25, 2017
Linux Shishiga malware, a threat in dangerous evolution

Malware researchers from security firm ESET have discovered a new Linux threat dubbed Shishiga malware targeting systems in the wild. Malware researchers from ESET have discovered a new Linux malware dubbed Linux/Shishiga targeting systems in the wild. The Linux/Shishiga malware uses four different protocols (SSH, Telnet, HTTP and BitTorrent) implements a modular architecture by using Lua scripts. […]

Pierluigi Paganini April 24, 2017
Europol, European police agencies and private actors dismantled cybercrime ring

The Europol coordinated an international operation that dismantled a cybercrime ring that was offering services and tools to conceal malware. The Europol dismantled a cybercrime ring as the result of a joint investigation conducted by Spanish and British law enforcement authorities (The Spanish National Police, the UK’s Regional Cyber Crime Unit for Tackling North West […]

Pierluigi Paganini April 24, 2017
Ops, hackers can exfiltrate data from air-gapped networks through a malware controlled via a scanner

A group of Israeli researchers has devised a new technique to exfiltrate data from a PC in an air-gapped network through malware controlled via scanners. The team was composed of Ben Nassi, a graduate student at the Cyber Security Research Center at Ben-Gurion University, and his advisor Yuval Elovici, based on an idea of the prominent cryptographer Adi Shamir. […]

Pierluigi Paganini April 21, 2017
The Stuxnet vulnerability is still one of the most exploited flaws in the wild by hackers

A new report published by Kaspersky confirms that Stuxnet exploits targeting a Windows Shell Vulnerability is still widely adopted by threat actors. The case that I’m going to present to you demonstrates the importance of patch management and shows the effects of the militarization of cyberspace. Unpatched software is an easy target for hackers that can exploit […]

Pierluigi Paganini April 21, 2017
The RawPOS PoS Malware also scans for driver’s license data

According to Trend Micro, the RawPOS PoS malware was recently used to steal driver’s license information from victims. Security experts at Trend Micro have spotted a new variant of the RawPOS PoS malware stealing driver’s license information from victims. The RawPOS PoS malware is an old threat that has been active since 2008. RAWPOS is a memory scraper that has infected […]

Pierluigi Paganini April 20, 2017
Symantec is monitoring the Hajime IoT malware, is it the work of vigilante hacker?

Symantec observed the Hajime IoT malware leaving a message on the devices it infects, is it the work of a cyber vigilante? The Mirai botnet is the most popular thingbot, it is targeting poorly configured and flawed ‘Internet of Things’ devices since August 2016, when the threat was first discovered by the researcher MalwareMustDie. Many other bots threaten […]

Pierluigi Paganini April 19, 2017
InterContinental Hotels Group, the international hotel chain confirmed a second credit card breach

The InterContinental Hotels Group announced that last week payment card systems at more than 1,000 of its hotels had been compromised by crooks. The multinational hotel chain owns prestigious brands like Holiday Inn and Crowne Plaza. This is the second time that the InterContinental Hotels Group suffers a credit card breach, early this year the hotel chain […]

Pierluigi Paganini April 18, 2017
Karmen Ransomware, a cheap RaaS service that implements anti-analysis features

Experts at Recorded Future have discovered a cheap RaaS, the Karmen Ransomware that deletes decryptor if detects a sandbox. Security experts from threat intelligence firm Recorded Future have spotted a new ransomware as a service (RaaS) called Karmen. The service allows customers to easy create their ransomware campaign in a few steps and without specific skills. Wannabe-crooks […]

Pierluigi Paganini April 18, 2017
The alleged link between the Shadow Brokers data leak and the Stuxnet cyber weapon

Security researchers who analyzed the documents and hacking tools included in the last Shadow Brokers dump found a link to the Stuxnet virus. On Friday, the Shadow Brokers leaked a new bunch of files belonging to the alleged NSA arsenal. Security researchers who analyzed the documents and hacking tools included in the last dump have […]

Pierluigi Paganini April 18, 2017
Who is offering the CradleCore Ransomware as source code?

CradleCore ransomware is a malware offered in the underground as a source code, instead of the classic ransomware-as-a-service (RaaS) model. According to the experts at Forcepoint, the author is offering the malware in many Tor-based crime forums as source code allowing crooks to request a customized version of the code. The CradleCore ransomware is offered by the author as a […]