Top Security News

Beware of Michael Jackson One Year Death Anniversary Spam Email To celebrate the life and legacy of one of the greatest entertainers of our time, fans around the world will once again be searching for their favorite Michael Jackson song and paying tribute to the King of Pop as we approach his one-year death anniversary. After the death of Michael Jackson on...
Warning: Menacing BlackHole Exploit Kit Targeting Windows PCs Now Available to Hackers for Free Christmas has come early for novice hackers and criminals looking to get their share of the scam operatives flooding the Internet after someone publicly set free not one but two dangerous malware tools in just under 30 days. Once available as a password protected archive, the Zeus malware kit and...
Hackers Attack Citibank Pilfering over 200,000 Credit Card Customers' Personal Data While more news on Rep. Anthony Weiner's (D-N.Y.) online sex scandal continues to appear, another hacking incident occurs, this time hackers broke into Citibank's computers stealing account numbers, names and contact information. Citibank, one of the biggest 4 banks in the USA, discovered a data...

Top Articles

GandCrab Ransomware

GandCrab ransomware is a malware threat that encrypts data on affected computers and demands the payment of ransom in exchange for a decryption tool. That cryptovirus appeared for the first time at the end of January this year, and since then researchers have identified several different versions of GandCrab, among which GDCB, GandCrab v2, GandCrab v3, GandCrab v4, and GandCrab v5. The latest version was identified just about a month ago in September 2018. The features and encryption mechanisms of this ransomware have evolved since its first appearance - while the initial three versions have used RSA and AES encryption algorithms to lock up data on the infected device, version 4 and above employ additional and more sophisticated cipher like Salsa20. Malware researchers believe that this is done mostly for speed reasons as the Salsa20...

Posted on January 29, 2018 in Ransomware

RobinHood Ransomware

The RobinHood Ransomware (RobbinHood Ransomware or RobbinHood File Extension Ransomware) is a ransomware Trojan that is used to harass computer users under the pretext of raising awareness and funds for the people of Yemen. In fact, there is no evidence to support the theory that the creators of the RobinHood Ransomware have altruistic motives. It is likelier that the con artists are using the RobinHood Ransomware to profit in the same way that the creators of most encryption ransomware Trojans act today. However, the ransom demand in the case of the RobinHood Ransomware is extremely elevated, making it very unlikely that any individual PC users will pay the RobinHood Ransomware ransom in case of an attack. Take preventive measures against ransomware Trojans like the RobinHood Ransomware, which are becoming common increasingly. Yemen...

Posted on August 4, 2017 in Ransomware

WannaCryptor or WanaCrypt0r Ransomware

WannaCryptor or WanaCrypt0r Ransomware screenshot

The WanaCrypt0r Ransomware is an encryption Trojan that features a worm-like attack tactic. The WanaCrypt0r Ransomware is recognized as one of the most threatening and widespread encryption Trojans up until May 12th, 2017. The WanaCrypt0r Ransomware managed to compromise more than hundreds of thousand systems across one hundred and forty countries on its first release to the real world. The brunt of the attack was taken by PC users in Russia and the National Healthcare System in Great Britain. The Trojan managed to block access to most of the computers connected to the National Healthcare System and nearly 70% of the cases that involve the WanaCrypt0r Ransomware are recorded in Russia....

Posted on March 29, 2017 in Ransomware

More Articles

Misleading:Win32/Lodi!MSR

The Windows Defender Antivirus uses the Mislead-ing:Win32/Lod!MSR detection name to signal a potential threat that may be present on the user's system. It is of key importance that the detection of the threat is not based upon a key piece of software or file per se but is instead applying heuristic methods to identify a potential unsafe activity. Every legitimate anti-malware application utilizes such techniques when looking for and identifying potential malware that may be present on the user's computer. However, even if the said anti-virus tool pre-sents you with the Misleading:Win32/Lod!MSR detection alert that does not mean that there is an unsafe activity taking place on your system necessarily. Sometimes, harmless files downloaded from trustworthy sources may trigger a false positive and spawn the Mislead-ing:Win32/Lod!MSR alert....

Posted on December 10, 2019 in Misleading Programs

AppleJeus

Cyber crooks take an increasing interest in creating threats targeting devices running OSX. One of the newest threats of this type that cybersecurity experts have spot-ted is called AppleJeus. The AppleJeus threat is a Trojan backdoor with several intriguing features. The authors of the AppleJeus Trojan are propagating it using a bogus digital asset currency exchanges. Any user that would like to use the service is urged to download a digital asset trading platform. However, as soon as the users down-load and install the file, the AppleJeus Trojan backdoor will be planted on their systems silently. Apart from the variant of this threat that targets Mac computers, the au-thors also have developed a copy that goes after Win-dows systems too. The Windows variant of this threat does not possess any qualities that are too impressive, but...

Posted on December 10, 2019 in Backdoors

Lazarus Ransomware

The Lazarus Ransomware is a new file-locking Trojan that has been spotted in the wild by experts. Just like most malware of this type, the Lazarus Ransomware will com-promise your computer, lock your files sneakily, and then demand money in exchange for a decryption key that is meant to inverse the damage that was done to your data. Propagation and Encryption It is not clear what infection vectors have been used in the propagation of the Lazarus Ransomware or if certain re-gions or demographics are being targeted by the authors of this threat. The creators of the Lazarus Ransomware are likely using fake emails to distribute this data-locking Trojan. Such spam email campaigns would often include a misleading, fraudulent message and a seemingly harm-less attached file, which is actually macro-laced. Opening the macro-laced attachment may...

Posted on December 10, 2019 in Ransomware

Microsoft-one.com

One of the most favored tricks in the book of cybercrime is imitating a legitimate service or product to trick unsus-pecting users. The authors of the Microsoft-one.com have done this exactly - they have tailored their Web page to resemble a genuine Microsoft website so that users will not question its legitimacy and trust it blindly. Spawns Fake Alerts If you have come across the Microsoft-one.com website, you have likely been browsing low-quality content. Usual-ly, dodgy Web pages work with shady advertising net-works that push all dubious content, and it is likely that they also are involved in the promoting of the Microsoft-one.com website. Upon launching the main page of the Microsoft-one.com site, users will be redirected to the of-ficial Web page of Microsoft. This trick is likely meant to convince users of the legitimacy of the...

Posted on December 10, 2019 in Browser Hijackers

Rex-news1.club

Many shady online actors create websites for the sole purpose of spamming users with unwanted advertise-ments via the browser’s notifications feature. One of the websites that partake in this behavior is the Rex-news1.club page. Spams Users with Unwanted Dodgy Advertisements The main goal of the administrators of the Rex-news1.club site is to trick the user into giving them per-mission to display Web browser notifications. The crea-tors of shady sites like the Rex-news1.club Web page are often utilizing various social engineering tricks to achieve their goal. The visitors of the Rex-news1.club website are misled into believing that the site hosts interesting con-tent, and if they want to view it, they have to click on the 'Allow' button that is supposed to enable a media player. However, the media player is fake, and clicking on the...

Posted on December 10, 2019 in Browser Hijackers

IconDown

Many cyber crooks around the world rely on Trojan downloaders to infiltrate a targeted system and inject additional malware in it. To make the job of malware researchers more difficult, con actors who propagate Trojan downloaders would often obfuscate their code heavily and make their creation seem harmless. This way, the Trojan downloader may avoid detection by anti-malware tools and security checks successfully. Recently, cybersecurity experts have spotted a new Trojan downloader claiming victims online – IconDown. The IconDown downloader is believed to be the creation of a hacking group called BlackTech. Targets Businesses in Japan The BlackTech hacking group is believed to originate from Asia, as most of their targets are located in this area. Malware experts have been keeping an eye on the BlackTech group, and it became evident...

Posted on December 9, 2019 in Trojan Downloader

Afrodita Ransomware

Most authors of ransomware tend to propagate their creations as far and as wide as they possibly can. However, this is not always the case. Some con actors that propagate ransomware threats prefer to concentrate their efforts on fewer targets, but of higher quality. It would appear that this is the case with the recently spotted file-locking Trojan called the Afrodita Ransomware. Propagation and Encryption The authors of the Afrodita Ransomware have opted to target companies operating in Croatia exclusively. The Afrodita Ransomware is being propagated via phishing emails that contain a fraudulent message containing various social engineering tricks and a corrupted attachment, which at first glance appears to be nothing more than a regular spreadsheet. However, the spreadsheet is macro-laced, which means that if the intended target...

Posted on December 9, 2019 in Ransomware

Gesd Ransomware

Ransomware threats have been among the most malware plaguing the Internet in 2019. The STOP family, in particular, is responsible for countless attacks since cyber crooks have managed to create and distribute over 200 copies of this file-locking Trojan. One of the newest variants of the STOP Ransomware that has been spotted by experts is called the Gesd Ransomware. Propagation and Encryption Ransomware threats are often propagated via mass spam email campaigns, torrent trackers, fake application downloads and updates, bogus pirated software and media, etc. However, in the case of the Gesd Ransomware, there are no particular infection vectors that have been confirmed yet. The attackers may be using one of the methods listed above or a combination of various techniques. The Gesd Ransomware will make sure to locate all the files of...

Posted on December 9, 2019 in Ransomware

Zeppelin Ransomware

Most authors of ransomware rely on already existing threats and simply create copies of them with slightly altered characteristics. However, some cyber crooks prefer to build their data-locking Trojans from scratch. Such cybercriminals often are very experienced and highly skilled. This is the case of the Zeppelin Ransomware – a newly spotted file-encrypting Trojan that has been roaming the Web recently. Upon studying the threat, malware experts concluded that this project is completed and highly weaponized. Propagation and Encryption It is not clear what are the exact infections vectors utilized by the authors of the Zeppelin Ransomware. Cybersecurity researchers believe that it is likely that this nasty Trojan is spread via emails containing macro-laced attachments, fake pirated media or software, torrent trackers, bogus application...

Posted on December 9, 2019 in Ransomware

Buer

The Buer Trojan loader is what is often referred to as a Malware-as-a-Service. This means that the creators of the Buer Trojan are selling it as a commodity on underground online markets, and anyone who is willing to pay can take advantage of this hacking tool. This is threatening particularly, not only because there is no limit on how many con actors can distribute the threat but also because the Buer Trojan loader is a very well-developed tool. According to researchers, the Buer loader is a threat that has been built by Russian malware developers. Experts have spotted advertisements for the Buer Trojan written in Russian claiming that users who purchase the threat also will be provided with free customer support and regular updates. The full price for the Buer loader is $400, which is not a very high price for what its authors are...

Posted on December 6, 2019 in Trojans

Sihost

The protests in Hong Kong have been lasting for quite a while now, and the Chinese government appears to be losing its patience and resorting to some innovative techniques. Recently, it was uncovered that Beijing had employed a threat actor to target the protesters in Hong Kong. The targeted protesters would receive an email that is masked as a message from a law student from the West. In the message, the attackers pretend to be interested in the protests and ask the recipient for 'recommendations to end the Hong Kong protests.' The attackers would attach three files to the fraudulent email - two genuine ones and one that appears as an '. RTF' document but is a '. LNK' file. Masking this corrupted file as a harmless document is done by using a double extension, a rather old but effective trick. Uses a ‘.PNG’ File Masked as an Image The...

Posted on December 6, 2019 in Malware

POSHC2

Cybersecurity experts have been using a tool called POSHC2 to make sure that the networks they are administrating are safe from cyber-attacks. POSHC2 is an exploitation framework that helps penetration testers in particular. However, the POSHC2 framework is a free tool, and all of its source code is available to anyone who is interested freely. Naturally, this has attracted the attention of cyber crooks who have altered the code of the framework slightly and managed to turn it into a fully weaponized hacking tool. These threatening variants of the POSHC2 framework can be used to target companies and individuals alike. Operations Targeting Major Industries Among the con actors who are taking advantage of the weaponized POSHC2 framework is the APT33 (Advanced Persistent Threat) group. They also are known under the alias Elfin Team. This...

Posted on December 6, 2019 in Trojan Downloader

Redrum Ransomware

Ransomware threats are one of the wors cyber-threats a regular user may come across. These nasty pests would sneak into one's system, sniff out all their data, encrypt it, and then demand money. The entry barrier is pretty low because not only do most con actors distributing it borrowing the code of already existing threats (and slightly reworking it), but there also are ransomware threats available as a commodity that anyone can buy. Propagation and Encryption One of the most recently uncovered ransomware threats is called Redrum Ransomware. This threat belongs to the second most active ransomware family in 2019, the Dharma Ransomware. Unfortunately, the variants of the Dharma Ransomware are not decryptable for free. The Redrum Ransomware is likely being propagated via fraudulent application downloads and updates, torrent trackers,...

Posted on December 6, 2019 in Ransomware

Medical Institutions Hit by Ryuk Ransomware, $14M Ransom Demanded

Medical Institutions Hit by Ryuk Ransomware, $14M Ransom Demanded screenshot

A computer infrastructure service provider working with acute care centers and nursing homes in the US became the latest victim of the Ryuk ransomware in late November 2019. The company in question is named Virtual Care Provider Inc. (VCP) and is based in Milwaukee. VCP released a statement, informing that the bad actors were asking for ransom in the amount of $14 million. The company's CEO further said that this will not only be destructive to the business but could also lead to fatalities among the patients, as the staff is unable to access the patients' medical records. The crooks are using Ryuk - one of the most popular ransomware threats used by cybercriminals worldwide. Ryuk has...

Posted on December 6, 2019 in Computer Security

ZeroCleare

ZeroCleare screenshot

Cybersecurity researchers tend to label the most advanced hacking groups as APTs (Advanced Persistent Threats). APTs are often hired by governments to carry out shady operations. However, not all APTs are government-sponsored, and many operate on their own, pursuing their own agendas. Most APT groups would either carry out attacks with the goal of collecting information on their target or launch purely financially-motivated operations. However, there are certain APTs whose aim is to wreak as much havoc as possible and cause as much damage as they can. Disk wipers are the most commonly malware used in such threatening campaigns. Disk wipers’ aim is to destroy the data stored in the...

Posted on December 5, 2019 in Malware
1 2 3 4 5 6 7 8 9 10 11 1,378