TA505 cybercrime group that operated the Dridex Trojan and Locky ransomware, has been using a new RAT dubbed SDBbot in recent attacks. Security experts at Proofpoint observed the notorious TA505 cybercrime group that has been using a new RAT dubbed SDBbot in recent attacks. The TA505 group, that is known to have operated both the Dridex and Locky malware families, continues …
A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. A new Mac malware dubbed Tarmac has been distributed via …
Emsisoft firm has released a new free decryption tool the STOP (Djvu) ransomware, in the last months the research team helped victims of many other threats. STOP (Djvu) ransomware has 160 variants that infected more hundreds of thousands of victims worldwide. Experts estimated a total number of 460,000 victims, that makes this threat the most …
The US ingredient provider Ingredion Incorporated announced that it has recently detected suspicious activity associated with a malware attack. The US ingredient provider Ingredion Incorporated revealed to have detected an ongoing malware attack after its experts noticed a suspicious activity this week. Ingredion has hired third-party experts to help its staff in investigating the incident …
Security firm revealed that China-linked APT group Turbine Panda conducted cyber-espionage operations aimed at various aerospace firms for years. Security researchers at Crowdstrike conducted long-running cyber-espionage operations aimed at various aerospace firms. According to the experts the cyber espionage operations begun in January 2010, after the state-owned enterprise Commercial Aircraft Corporation of China (COMAC) selected …
The global shipping and mailing services company Pitney Bowes revealed that the recent partial outage was caused by the Ryuk ransomware. The global shipping and mailing services company Pitney Bowes recently suffered a partial outage of its service caused by a ransomware attack. Pitney Bowes is a global technology company that provides commerce solutions in the …
Researchers at Cyberbit spotted a crypto mining campaign that infected more than 50% of the European airport workstations. Security experts at Cyberbit have uncovered a crypto mining campaign that infected more than 50% of the European airport workstations. European airport systems were infected with a Monero cryptocurrency miner that was linked to the Anti-CoinMiner campaign discovered this …
We often find various fake WordPress plugins installed by hackers during website cleanups. Recently, we’ve noticed a new wave of infections that install fake plugins with backdoor functionality. Malicious Plugins Sourced from UpdraftPlus Attackers have been using different names for these fake plugins, including initiatorseo or updrat123—but any title can be used. While their code …
Security experts at Palo Alto Networks discovered a worm dubbed Graboid that spreads using Docker containers. Palo Alto Networks researchers discovered a new Monero miner with wormable capabilities, dubbed Graboid, that spreads using Docker containers. Experts discovered that to target new systems, the Graboid worm periodically queries the C&C for vulnerable hosts, in this way …
When cleaning websites, we regularly find phishing pages, malicious code injected into files, and SEO spam. However, over the past couple of months we’ve also noticed a considerable increase in the number of malicious plugins which have been added to compromised websites as well. These plugins appear to be legitimate, but inspecting the code reveals …