DarkWatchman RAT uses Windows Registry fileless storage mechanism
DarkWatchman is a new lightweight javascript-based Remote Access Trojan (RAT) that uses novel methods for fileless persistence. Recently Prevailion experts...
News
2022 Cybersecurity Trends for DevSecOps
Trying to adopt DevSecOps culture? Or already in the thick of it? Trend Research explores the cybersecurity trends for 2022...
Nation-state actors are exploiting Zoho zero-day CVE-2021-44515 since October, FBI warns
The FBI warns that zero-day flaw in Zoho’s ManageEngine Desktop Central has been under active exploitation by nation-state actors since October. The Federal...
Everything you always wanted to know about NFTs (but were too afraid to ask): Lock and Code S02E24
In August, the NFT for a cartoon rock sold for $1.3 million, and ever since then, much of the world...
Belgian defense ministry hit by cyberattack exploiting Log4Shell bug
The Belgian defense ministry was hit by a cyber attack, it seems that threat actors exploited the Log4Shell vulnerability. The...
Alleged APT implanted a backdoor in the network of a US federal agency
An alleged APT group planted a backdoor in the network of a U.S. federal government commission associated with international rights....
When a deepfake “empire” continues to grow
I’ve been quite vocal on the impact of deepfakes, in terms of where the most harm takes place. Back in...
A week in security (Dec 13 – 19)
Last week on Malwarebytes Labs: Spear phish, whale phish, regular phish: What’s the difference?Kronos crippled by ransomware, service may be...
A new attack vector exploits the Log4Shell vulnerability on servers locally
Security researchers devised a new attack vector exploiting the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection....
Clop ransomware gang is leaking confidential data from the UK police
Clop ransomware gang stolen confidential data from the UK police and leaked it in the dark web because the victim...
Security Affairs newsletter Round 345
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
TellYouThePass ransomware resurges and exploits Log4Shell in recent attacks
The TellYouThePass ransomware resurged and exploits the Apache Log4j flaw (Log4Shell) to target both Linux and Windows systems. Researchers from...
Are Endpoints at Risk for Log4Shell Attacks?
We created a free assessment tool for scanning devices to know whether it is at risk for Log4Shell attacks. If...
Western Digital customers have to update their My Cloud devices to latest firmware version
My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud...
Apache releases the third patch to address a new Log4j flaw
Multiple flaws in the Log4J library are scaring organizations worldwide while threat actors are already exploiting them. 2.17 is the...
1.8 Million customers of four sports gear sites impacted by credit cards breach
A cyber attack hit four affiliated online sports gear sites and resulted in the theft of credit cards for 1,813,224...
Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager
We analyzed a fileless QAKBOT stager possibly connected to the recently reported Squirrelwaffle campaign. If you like the site, please...
Oracle WebLogic Detection and Mitigation
We review 2020 and 2021 Oracle WebLogic vulnerabilities and how using a unified SaaS platform can help you detect and...
This Week in Security News – December 17, 2021
This week, read on Purple Fox’s infection chain observed by Trend Micro’s Managed XDR. Also, learn about the Log4j vulnerability...
Conti ransomware gang exploits Log4Shell bug in its operations
The Conti ransomware gang is the first ransomware operation exploiting the Log4Shell vulnerability to target VMware vCenter Servers. Conti ransomware gang is...
VMware fixes critical SSRF flaw in Workspace ONE UEM Console
VMware released security patches for a critical server-side request forgery (SSRF) vulnerability in Workspace ONE UEM console. VMware has addressed...
Phorpiex botnet is back, in 2021 it $500K worth of crypto assets
Experts reported the resurgence of the Phorpiex botnet, in one year it allowed to steal crypto assets worth of half...
PseudoManuscrypt, a mysterious massive cyber espionage campaign
Tens of thousands of devices worldwide, including many industrial control systems (ICS), have been hit by the PseudoManuscrypt spyware. Kaspersky...
PseudoManuscrypt: a mass-scale spyware attack campaign
In June 2021, Kaspersky ICS CERT experts identified malware whose loader has some similarities to the Manuscrypt malware, which is...
