malware
-
Blog
Alert issued for ‘Voldemort’ malware as dozens of organizations hit
Security experts have issued an alert over the ‘Voldemort’ malware campaign that’s hit more than 70 organizations globally. Uncovered by researchers at Proofpoint, the malware has mainly been used to attack insurance companies, which account for a quarter of victims, with other heavily-targeted sectors including aerospace, transport, and universities. In all, 18 different verticals were targeted. The malicious activity was…
Read More » -
Blog
GitHub comments abused to push password stealing malware masked as fixes
GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. The campaign was first reported by a contributor to the teloxide rust library, who noted on Reddit that they received five different comments in their GitHub issues that pretended to be fixes but were instead pushing malware. Further review by BleepingComputer found thousands of…
Read More » -
Blog
New Voldemort malware abuses Google Sheets to store stolen data
A new malware campaign is spreading a previously undocumented backdoor named “Voldemort” to organizations worldwide, impersonating tax agencies from the U.S., Europe, and Asia. As per a Proofpoint report, the campaign started on August 5, 2024, and has disseminated over 20,000 emails to over 70 targeted organizations, reaching 6,000 in a single day at the peak of its activity. Over…
Read More » -
Blog
Microsoft issues warning over potent malware strain developed by Iranian threat actor
Microsoft has published information on a highly concerning malware campaign being carried out by suspected Iranian state-backed threat group, Peach Sandstorm. Between April and July 2024, Microsoft’s threat intelligence arm observed the collective deploying a newly developed custom multi-stage backdoor, which it has dubbed Tickler. The malware has been used to target businesses operating in the satellite, communications equipment, oil…
Read More » -
Blog
Malware exploits 5-year-old zero-day to infect end-of-life IP cameras
Image: Midjourney The Corona Mirai-based malware botnet is spreading through a 5-year-old remote code execution (RCE) zero-day in AVTECH IP cameras, which have been discontinued for years and will not receive a patch. The flaw, discovered by Akamai’s Aline Eliovich, is tracked as CVE-2024-7029 and is a high-severity (CVSS v4 score: 8.7) issue in the “brightness” function of the cameras,…
Read More » -
Blog
South Korean hackers exploited WPS Office zero-day to deploy malware
The South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East Asian targets. WPS Office is a productivity suite developed by the Chinese firm Kingsoft that is popular in Asia. Reportedly, it has over 500 million active users worldwide. The zero-day flaw, tracked…
Read More » -
Blog
Malware infiltrates Pidgin messenger’s official plugin repository
The Pidgin messaging app removed the ScreenShareOTR plugin from its official third-party plugin list after it was discovered that it was used to install keyloggers, information stealers, and malware commonly used to gain initial access to corporate networks. The plugin was promoted as a screen-sharing tool for secure Off-The-Record (OTR) protocol and was available for both Windows and Linux versions…
Read More » -
Blog
Exchange Online mistakenly tags emails as malware
Image: MidjourneyMicrosoft is investigating an Exchange Online false positive issue causing emails containing images to be wrongly tagged as malicious and sent to quarantine. “Users’ email messages containing images may be incorrectly flagged as malware and quarantined,” Microsoft said in a service alert posted on the Microsoft 365 admin center two hours ago. “We’re reviewing service monitoring telemetry to isolate…
Read More » -
Blog
Stealthy ‘sedexp’ Linux malware evaded detection for two years
A stealthy Linux malware named ‘sedexp’ has been evading detection since 2022 by using a persistence technique not yet included in the MITRE ATT&CK framework. The malware was discovered by risk management firm Stroz Friedberg, an Aon Insurance company, and enables its operators to create reverse shells for remote access and to further the the attack. “At the time of…
Read More » -
Blog
New macOS malware poses as legitimate apps to steal passwords, crypto wallets and more — how to stay safe
While Apple’s Macs aren’t targeted by hackers as much as Windows PCs, they aren’t impenetrable. Security researchers recently uncovered malware dubbed “Cthulhu Stealer” that impersonates popular apps to harvest passwords and steal data from macOS users. As first reported by The Hacker News, Cado Security pushed out a public warning this week about Cthulhu Stealer, a malware-as-a-service targeting macOS users launched…
Read More »