“The malware binaries appear to have been named by the malware author after a character from the popular anime series, Naruto, with file name structures such as ‘Hinata-–,’” Akamai said in a technical report.
By analyzing Trigona ransomware binaries and ransom notes from VirusTotal, as well as information from incident response, Unit 42 determined that Trigona was very active during December 2022, with at least 15 potential victims being compromised.
ESET researchers found that the Tick cyberespionage group compromised an East Asian Data-Loss Prevention (DLP) company in 2021 and used a wide range of tools in similar attacks. In one of its campaigns, it used a tampered version of a legitimate app called Q-Dir to drop an open-source VBScript backdoor named ReVBShell.
As of late November 2022, Microsoft and other security firms identified a new form of ransomware, called “Sullivan”, deployed against Ukrainian targets, in addition to the “Prestige” ransomware Russia deployed in Ukraine and Poland in October 2022.
After news broke late last week about Silicon Valley Bank’s bank run and collapse, security researchers started warning SVB account holders about incoming SVB-related scams and phishing attempts.
This PowerShell script (KB5025175) simplifies the process of securing WinRE images against attempts to exploit the CVE-2022-41099 flaw that enables attackers to bypass the BitLocker Device Encryption feature system storage devices.
The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems, according to Cado Security.
On Tuesday, NorthStar Emergency Paramedic Services took to its website to report the problem and mailed physical letters to patients who may have been impacted by the breach. The company said they became aware of the potential intrusion in September.
The Meta approach starts from the assumption that despite the asynchronous nature of attacks, there are still meaningful commonalities, especially where those commonalities can be abstracted from the platform or hardware being attacked.
Threat actors are going after victims’ cryptocurrency funds using trojanized Telegram and WhatsApp applications for Android and Windows. The malware can switch cryptocurrency wallet addresses sent in chat messages with attackers’ wallet addresses.