Top Security News

Beware of Michael Jackson One Year Death Anniversary Spam Email To celebrate the life and legacy of one of the greatest entertainers of our time, fans around the world will once again be searching for their favorite Michael Jackson song and paying tribute to the King of Pop as we approach his one-year death anniversary. After the death of Michael Jackson on...
Warning: Menacing BlackHole Exploit Kit Targeting Windows PCs Now Available to Hackers for Free Christmas has come early for novice hackers and criminals looking to get their share of the scam operatives flooding the Internet after someone publicly set free not one but two dangerous malware tools in just under 30 days. Once available as a password protected archive, the Zeus malware kit and...
Hackers Attack Citibank Pilfering over 200,000 Credit Card Customers' Personal Data While more news on Rep. Anthony Weiner's (D-N.Y.) online sex scandal continues to appear, another hacking incident occurs, this time hackers broke into Citibank's computers stealing account numbers, names and contact information. Citibank, one of the biggest 4 banks in the USA, discovered a data...

Top Articles

GandCrab Ransomware

GandCrab ransomware is a malware threat that encrypts data on affected computers and demands the payment of ransom in exchange for a decryption tool. That cryptovirus appeared for the first time at the end of January this year, and since then researchers have identified several different versions of GandCrab, among which GDCB, GandCrab v2, GandCrab v3, GandCrab v4, and GandCrab v5. The latest version was identified just about a month ago in September 2018. The features and encryption mechanisms of this ransomware have evolved since its first appearance - while the initial three versions have used RSA and AES encryption algorithms to lock up data on the infected device, version 4 and above employ additional and more sophisticated cipher like Salsa20. Malware researchers believe that this is done mostly for speed reasons as the Salsa20...

Posted on January 29, 2018 in Ransomware

RobinHood Ransomware

The RobinHood Ransomware (RobbinHood Ransomware or RobbinHood File Extension Ransomware) is a ransomware Trojan that is used to harass computer users under the pretext of raising awareness and funds for the people of Yemen. In fact, there is no evidence to support the theory that the creators of the RobinHood Ransomware have altruistic motives. It is likelier that the con artists are using the RobinHood Ransomware to profit in the same way that the creators of most encryption ransomware Trojans act today. However, the ransom demand in the case of the RobinHood Ransomware is extremely elevated, making it very unlikely that any individual PC users will pay the RobinHood Ransomware ransom in case of an attack. Take preventive measures against ransomware Trojans like the RobinHood Ransomware, which are becoming common increasingly. Yemen...

Posted on August 4, 2017 in Ransomware

WannaCryptor or WanaCrypt0r Ransomware

WannaCryptor or WanaCrypt0r Ransomware screenshot

The WanaCrypt0r Ransomware is an encryption Trojan that features a worm-like attack tactic. The WanaCrypt0r Ransomware is recognized as one of the most threatening and widespread encryption Trojans up until May 12th, 2017. The WanaCrypt0r Ransomware managed to compromise more than hundreds of thousand systems across one hundred and forty countries on its first release to the real world. The brunt of the attack was taken by PC users in Russia and the National Healthcare System in Great Britain. The Trojan managed to block access to most of the computers connected to the National Healthcare System and nearly 70% of the cases that involve the WanaCrypt0r Ransomware are recorded in Russia....

Posted on March 29, 2017 in Ransomware

More Articles

Buer

The Buer Trojan loader is what is often referred to as a Malware-as-a-Service. This means that the creators of the Buer Trojan are selling it as a commodity on underground online markets, and anyone who is willing to pay can take advantage of this hacking tool. This is threatening particularly, not only because there is no limit on how many con actors can distribute the threat but also because the Buer Trojan loader is a very well-developed tool. According to researchers, the Buer loader is a threat that has been built by Russian malware developers. Experts have spotted advertisements for the Buer Trojan written in Russian claiming that users who purchase the threat also will be provided with free customer support and regular updates. The full price for the Buer loader is $400, which is not a very high price for what its authors are...

Posted on December 6, 2019 in Trojans

Sihost

The protests in Hong Kong have been lasting for quite a while now, and the Chinese government appears to be losing its patience and resorting to some innovative techniques. Recently, it was uncovered that Beijing had employed a threat actor to target the protesters in Hong Kong. The targeted protesters would receive an email that is masked as a message from a law student from the West. In the message, the attackers pretend to be interested in the protests and ask the recipient for 'recommendations to end the Hong Kong protests.' The attackers would attach three files to the fraudulent email - two genuine ones and one that appears as an '. RTF' document but is a '. LNK' file. Masking this corrupted file as a harmless document is done by using a double extension, a rather old but effective trick. Uses a ‘.PNG’ File Masked as an Image The...

Posted on December 6, 2019 in Malware

POSHC2

Cybersecurity experts have been using a tool called POSHC2 to make sure that the networks they are administrating are safe from cyber-attacks. POSHC2 is an exploitation framework that helps penetration testers in particular. However, the POSHC2 framework is a free tool, and all of its source code is available to anyone who is interested freely. Naturally, this has attracted the attention of cyber crooks who have altered the code of the framework slightly and managed to turn it into a fully weaponized hacking tool. These threatening variants of the POSHC2 framework can be used to target companies and individuals alike. Operations Targeting Major Industries Among the con actors who are taking advantage of the weaponized POSHC2 framework is the APT33 (Advanced Persistent Threat) group. They also are known under the alias Elfin Team. This...

Posted on December 6, 2019 in Trojan Downloader

Redrum Ransomware

Ransomware threats are one of the wors cyber-threats a regular user may come across. These nasty pests would sneak into one's system, sniff out all their data, encrypt it, and then demand money. The entry barrier is pretty low because not only do most con actors distributing it borrowing the code of already existing threats (and slightly reworking it), but there also are ransomware threats available as a commodity that anyone can buy. Propagation and Encryption One of the most recently uncovered ransomware threats is called Redrum Ransomware. This threat belongs to the second most active ransomware family in 2019, the Dharma Ransomware. Unfortunately, the variants of the Dharma Ransomware are not decryptable for free. The Redrum Ransomware is likely being propagated via fraudulent application downloads and updates, torrent trackers,...

Posted on December 6, 2019 in Ransomware

Medical Institutions Hit by Ryuk Ransomware, $14M Ransom Demanded

Medical Institutions Hit by Ryuk Ransomware, $14M Ransom Demanded screenshot

A computer infrastructure service provider working with acute care centers and nursing homes in the US became the latest victim of the Ryuk ransomware in late November 2019. The company in question is named Virtual Care Provider Inc. (VCP) and is based in Milwaukee. VCP released a statement, informing that the bad actors were asking for ransom in the amount of $14 million. The company's CEO further said that this will not only be destructive to the business but could also lead to fatalities among the patients, as the staff is unable to access the patients' medical records. The crooks are using Ryuk - one of the most popular ransomware threats used by cybercriminals worldwide. Ryuk has...

Posted on December 6, 2019 in Computer Security

ZeroCleare

ZeroCleare screenshot

Cybersecurity researchers tend to label the most advanced hacking groups as APTs (Advanced Persistent Threats). APTs are often hired by governments to carry out shady operations. However, not all APTs are government-sponsored, and many operate on their own, pursuing their own agendas. Most APT groups would either carry out attacks with the goal of collecting information on their target or launch purely financially-motivated operations. However, there are certain APTs whose aim is to wreak as much havoc as possible and cause as much damage as they can. Disk wipers are the most commonly malware used in such threatening campaigns. Disk wipers’ aim is to destroy the data stored in the...

Posted on December 5, 2019 in Malware

Uiojx.xyz

The Uiojx.xyz website is a shady page that does not host any valuable content. Upon opening the Uiojx.xyz site, you will notice that the homepage is empty. However, this is not just a blip as the sub-directories of the website also will disappoint you. They do not appear to have any meaningful content on them, and their names have been generated randomly. According to reports, the Uiojx.xyz site is being advertised with the help of dubious pop-up advertisements. Such advertisements tend to be hosted on dodgy websites that we would advise you to avoid. Presents Users with a Fake ‘Flash Player’ Update The Uiojx.xyz site appears to have the ability to determine what Web browser the visitor is using and, based on this, display different sub-directories. The Uiojx.xyz Web page supports the most popular browsers, including Mozilla Firefox,...

Posted on December 5, 2019 in Browser Hijackers

CILLA Ransomware

Most ransomware threats that get spotted in the wild are copies of already existing data-locking Trojans that are well-established in the world of cybercrime. One of the most recently spotted ransomware threats is called CILLA Ransomware, and it belongs to the Globe Imposter Ransomware family. Propagation and Encryption Authors of ransomware threats use various propagation techniques to spread their threatening spawns. It is fair to say that the most popular infection vector when it comes to the distribution of file-encrypting Trojans is spam emails. Usually, the attackers will send spam emails en masse with the goal of infecting as many computers as possible. The spam email would often contain a fraudulent message that aims at convincing the user to execute the attached file. Authors of ransomware tend to attach a macro-laced document...

Posted on December 5, 2019 in Ransomware

Righ Ransomware

Cybersecurity experts are struggling to keep up with all the ransomware threats that cybercriminals are pumping out. Creating and distributing a data-locking Trojan is not as difficult as it may sound initially. Most cyber crooks opt to borrow the code of existing ransomware threats and alter it slightly to fit their needs. This is a far easier approach than building a file-encrypting Trojan from scratch. This is what the creators of the Righ Ransomware have done exactly. This newly uncovered ransomware threat is a copy of the infamous STOP Ransomware – the most active ransomware family in 2019, with over 200 copies built and distributed. Propagation and Encryption The creators of the Righ Ransomware may be using spam emails to propagate their creation, as this appears to be the most commonly used distribution method when it comes to...

Posted on December 5, 2019 in Ransomware

CallerSpy

Nowadays, everyone has a smartphone, and the largest share of the market certainly belongs to Android. This explains why a growing number of cybercriminals are building threats that target Android devices exclusively. One of the most recently spotted malware strains designed for Android devices is called CallerSpy. The CallerSpy threat serves as a spying tool that gathers data on the targeted user. To propagate it freely, the creators of the CallerSpy malware have masked it as a messaging application. The CallerSpy threat poses as either ‘Apex App’ or ‘Chatrious.’ These fake applications were hosted on a website tailored to look like a genuine Google site specifically. The Web page in question had the ‘Gooogle(dot)press.’ domain name. Imitating a Google-related website is a very old trick used by countless cyber crooks through the...

Posted on December 4, 2019 in Malware

OSX/NukeSped

North Korea’s most prolific hacking group is the Lazarus APT (Advanced Persistent Threat) undoubtedly. Security experts believe that this hacking group is sponsored by the North Korean governmen directly and is likely paid to do Kim Jong-un’s bidding. Among their vast arsenal of hacking tools is the NukeSped RAT (Remote Access Trojan). So far, the NukeSped RAT was designed to target devices running Window only. However, it would appear that the Lazarus hacking group has decided to expand its reach and have redesigned the NukeSped RAT allowing the threat to now target Mac systems too. The name of the new NukeSped RAT variant is OSX/NukeSped. Propagation Methods Malware researchers have spotted two propagation methods employed by the Lazarus hacking group: A bogus Adobe Flash file that carries a genuine copy of the application alongside...

Posted on December 4, 2019 in Backdoors

CStealer

The CStealer threat is yet another strain of malware that aims at collecting information about its targets. The CStealer malware is designed to target systems running Windows exclusively. Infostealers like the CStealer threat tend to gather data from the host and then transfer it to the remote server of its operators. Exfiltration Technique Normally, the authors of threats of this class tend to use FTP or HTTP connection to siphon the gathered data. Another method that is gaining popularity is employing a Telegram bot to exfiltrate the information. However, in the case of the CStealer malware, the attackers have opted to use a rather interesting technique. The collected information is transferred to a MongoDB database set up by the threat’s authors. However, there are some issues with this method certainly. The attackers have hardcoded...

Posted on December 4, 2019 in Trojans

SwiftEngine

A growing number of shady individuals are developing all malware types and PUPs (Potentially Unwanted Programs) that are targeting OSX exclusively. It is important to note that PUPs are not threatening applications and would not harm your system. However, they will not bring any value to you either; quite the opposite, PUPs tend to reduce one’s browsing quality and cause annoyance. Spams Users with Advertisements The SwiftEngine application is a PUP that is designed to target systems running OSX. This application poses as software that is meant to enhance your search engine and help it deliver more relevant results. It also claims to improve the efficiency of your Web browsing sessions. However, none of this is true, and the SwiftEngine application is not going to improve your experience in any way. Instead of introducing improvements...

Posted on December 4, 2019 in Potentially Unwanted Programs

LockBit Ransomware

Ransomware threats are running rampant on the Web. Countless users have reported that their data has been encrypted by a data-locking Trojan. Unfortunately, it is not likely that we will see the end of the epidemic any time soon. One of the newest threats of this type has been dubbed the LockBit Ransomware. This nasty Trojan is capable of locking all the data present on a compromised system very quickly. Propagation and Encryption It does not seem that the LockBit Ransomware is a copy of any of the popular ransomware threats active currently. The infection methods used in the propagation of the LockBit Ransomware have not yet been determined. However, authors of ransomware tend to rely on spam email campaigns to spread their creations mainly. The emails tend to consist of a fraudulent message that aims at convincing the target to...

Posted on December 4, 2019 in Ransomware

iWorm

Malware that targets Mac computers is becoming more and more common by the day. One of the threats that target machines running OSX exclusively is called iWorm. Cybersecurity researchers have firs spotted this threat back in 2014. It has been reported that the iWorm malware has managed to compromise around 18,000 devices worldwide. This threat is capable of taking control of the infected host and using it for various purposes. It appears that the operators of the iWorm malware are using it to build a botnet. Experts are not fully certain what the botnet will be used for, but it is likely that it may be employed in DDoS (Distributed-Denial-of-Service) attacks, mass spam email campaigns, cryptocurrency mining operations, etc. Capabilities Apart from being able to gain control over the compromised system, the iWorm malware also enables...

Posted on December 3, 2019 in Botnets
1 2 3 4 5 6 7 8 9 10 11 1,377