⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More
It’s Monday again
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
It’s Monday again
Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control (C2) traffic inside Microsoft Teams relay infrastructure
Credential and cryptocurrency theft, live surveillance, ransomware - an attacker's Swiss Army knife A new remote access trojan (RAT) being sold on cybercrime networks enables double extortion attacks on Windows machines by bundling ransomware and data theft, along with credential and cryptocurrency stealers, live surveillance, and a whole host of other illicit capabilities, all controllable from a centralized dashboard.…
A prolific initial access broker tracked as TA584 has been observed using the Tsundere Bot alongside XWorm remote access trojan to gain network access that could lead to ransomware attacks. [...]
A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and a remote access trojan called Amnesia RAT
Cybersecurity researchers have discovered a new malware loader codenamed CountLoader that has been put to use by Russian ransomware gangs to deliver post-exploitation tools like Cobalt Strike and AdaptixC2, and a remote access trojan known as PureHVNC RAT
New features to take over smartphones and monitor user activity demonstrate the continued evolution of the malware, which is now being spread on GitHub.
A new version of the Hook Android banking Trojan features 107 remote commands, including ransomware overlays
Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages
Hackers have adopted the new technique called 'FileFix' in Interlock ransomware attacks to drop a remote access trojan (RAT) on targeted systems. [...]
Threat actors behind the Interlock ransomware group have unleashed a new PHP variant of its bespoke remote access trojan (RAT) as part of a widespread campaign using a variant of ClickFix called FileFix
Also, Spain Arrests Hacker Behind Leaks Targeting Politicians and JournalistsThis week, Chinese sites mimicked brands, Spain arrested data leak hackers, Swiss health nonprofit ransomware attack, ICC probed a cyberattack, UNFI restored systems, a flaw in smart tractors, RomCom RAT. A U.K. man sentenced for locking employer out of network. A WordPress hack installs a Trojan.
The Interlock ransomware gang is deploying a previously undocumented remote access trojan (RAT) named NodeSnake against educational institutes for persistent access to corporate networks. [...]
At least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in SAP NetWeaver, indicating that multiple threat actors are taking advantage of the bug
Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets
The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks. [...]
Multiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan called Spark RAT
Also: Avast Agrees to $16.5 Million Civil Penalty to Settle Privacy InvestigationThis week: more fallout from LockBit, Avast to pay $16.5M, Russia-linked group targeted mail servers, no indication that AT&T was hacked, analysis of a patched Apple flaw, Microsoft enhanced logging, an Android banking Trojan, North Korean hackers and a baking giant fell to ransomware.
Also: Polish Prime Minister Says Previous Administration Deployed Pegasus SpywareThis week, the Zeus leader pleaded guilty, Prudential detected hackers, U.S. telecoms have to report breaches, Microsoft patched zero-days, researchers said Chinese threat intel is faulty, ransomware hit Romanian healthcare entities, Juniper was breached and Poland allegedly previously used Pegasus.
The threat actors behind the 8Base ransomware are leveraging a variant of the Phobos ransomware to conduct their financially motivated attacks