The malware uses cmd.exe to read and execute a file stored on the infected external drive, it leverages msiexec.exe for external network communication to a rogue domain used as C2 to download and install a DLL library file.
Central to the changes is a “simplified and unified management experience that’s the same in Chrome and Android settings,” Ali Sarraf, Google Chrome product manager, said in a blog post.
A new Revive banking trojan was found targeting users of BBVA, a Spanish financial services company. Revive follows a more focused approach – the bank and not customers as its prime targets. While the malware is in its early developmental stages, it is designed for persistent campaigns. Training employees and using the right cybersecurity tools […]
Russian hackers carried out a “cyberattack” on Ukraine’s biggest private energy conglomerate, the DTEK Group, in retaliation for its owner’s opposition to Russia’s war in Ukraine.
Reversing Labs reports that the latest version of AstraLocker ransomware is engaged in a so-called “smash and grab” ransomware operation that is all about maxing out profits in the fastest time.
CloudSEK identified a post on a cybercrime forum mentioning open source automation server platform Jenkins as one of the TTP (tactics, techniques, and procedures) used by a threat actor (TA) in attacks against IBM and Stanford University.
CISA has re-added a security bug affecting Windows devices to its list of bugs exploited in the wild after removing it in May due to Active Directory (AD) certificate authentication issues caused by Microsoft’s May 2022 updates.
Security researchers from CloudSEK have spotted a new exploit from hacktivist group DragonForce Malaysia capable of performing Windows servers’ local privilege escalation (LPE) and local distribution router (LDR) actions on Indian servers.
Before deploying the ransomware, operators infiltrate and move laterally across the entire network, performing a full-fledged RansomOps attack. Similar to other groups, Black Basta employs the double extortion tactic.
Bumblebee has been linked to ransomware operations by Conti, Quantum, and Mountlocker, which signifies that the malware is now at the forefront of the ransomware ecosystem.