Malware | SC Media

Malware

Malware attack rains on Weather Channel’s parade, disrupts live broadcast

By

The Weather Channel is blaming a “malicious software” attack for knocking its live morning broadcast off the air for approximately one hour and 39 minutes today. “We experienced issued with this morning’s live broadcast following a malicious software attack on the network,” reads a tweet issued by the network earlier today. “We were able to…

Ukraine-Map

Five-year cyber espionage campaign targeting Ukraine potentially linked to Luhansk People’s Republic

By

Researchers believe hackers from the breakaway Luhansk People’s Republic (LPR) may be behind a spear phishing-based malware campaign that’s been actively targeting the Ukrainian government. The researchers, from FireEye, disclosed their assessment following their investigation into a malware-laced email that they were able to tie back to a 2018 phishing campaign designed to to deliver…

Apache Tomcat vulnerability results in remote code exectuion

By

Security researchers identified a remote code execution on windows vulnerability in Apache Tomcat. The vulnerability is rated “Important” and was identified by an external security researcher and reported to the Apache Tomcat security team via the bug bounty program, according to an April 10 blog post. The vulnerability leaves the CGI Servlet at risk due…

Threat actors gaining admin rights before ransomware infections

By

Threat actors are using accounts with admin privileges to install BitPaymer ransomware via PsExec suggesting threat actors are taking a more targeted approach to their distribution of malware. Similar to the Arizona Beverage ransomware attack earlier this month, a manufacturing company also appears to have been targeted in an attack in which the company’s name…

Two Romanians convicted for roles in Bayrob malware operation

By

Two Romanian nationals were convicted in an Ohio federal court on Thursday for their roles in the Bayrob group, an organization that launched a multi-million-dollar cybercriminal operation fueled by its own proprietary malware. Bogdan Nicolescu, 36, and Radu Miclaus, 37, were found guilty on separate 21 counts for developing and spreading the Bayrob trojan, which…

pokemon

CryptoPokemon ransomware decryptor developed

By

A new ransomware dubbed CryptoPokemon encrypts user files and demands approximately $104 worth of Bitcoin to decrypt the files. CryptoPokemon encrypts files using SHA256 + AES128 and comes with a note containing an email address and website to contact the threat actors  who describe themselves as “valiant support [who] will help you solve this problem.”…

Researchers uncover new ‘TajMahal’ APT framework, plus a new Gaza Cybergang malware campaign

By

Researchers at Kaspersky Lab today issued a pair of reports, one revealing a newly discovered sophisticated APT framework and the other detailing the recent operations of the threat actor known as Gaza Cybergang Group1. Dubbed TajMahal, the APT framework is a fully loaded malicious toolset, replete with backdoors, loaders, orchestrators, C2 communicators, audio recorders, keyloggers,…

Grab-and-go Baldr stealer malware proves popular among thieves

By

A new stealer malware dubbed Baldr has been taking the cybercrime market by storm with its capabilities including user profiling, sensitive data exfiltration, shotgun file grabbing, screencapping, and  network exfiltration. Malwarebytes researchers have been monitoring the malware for the past few months and said it is the work of three threat actors: Agressor handled distribution,…

Flame

Stuxnet research reveals possible 4th accomplice, newly discovered versions of Flame and Duqu malware

By

Recent research into old malware threats associated with the Stuxnet attacks against Iran’s nuclear program roughly one decade ago turned up several new discoveries, including a possible fourth collaborator in the clandestine operation, as well as previously unknown versions of Flame and Duqu malware. Today, Alphabet’s cybersecurity subsidiary Chronicle revealed the findings of its researchers…

FIN6 cybercrime actor adds ransomware to its repertoire

By

Traditionally associated with payment card theft, the cybercriminal group FIN6 has expanded its operations to apparently include ransomware attacks using the malicious encryption programs Ryuk and LockerGoga, according to researchers. Investigations by the FireEye Intelligence research team and the company’s Mandiant division have revealed that FIN6’s ransomware activity dates back to July 2018, and has…

Next post in Security News