Trickbot trojan takes aim at vulnerabilities in booting process
By:
Derek B. Johnson
Trickbot, the notorious botnet and banking Trojan, has a new trick up its sleeve.
According...
TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions
A new “TrickBoot” module scans for vulnerable firmware and has the ability to read, write and erase it on devices.
The TrickBot malware has morphed once again, this time implementing...
Turla’s ‘Crutch’ Backdoor Leverages Dropbox in Espionage Attacks
In a recent cyberattack against an E.U. country’s Ministry of Foreign Affairs, the Crutch backdoor leveraged Dropbox to exfiltrate sensitive documents.
Researchers have discovered a previously undocumented backdoor and document...
Think-Tanks Under Attack by Foreign APTs, CISA Warns
The feds have seen ongoing cyberattacks on think-tanks (bent on espionage, malware delivery and more), using phishing and VPN exploits as primary attack vectors.
The Cybersecurity and Infrastructure Security Agency...
Using Speakeasy Emulation Framework Programmatically to Unpack Malware
Andrew Davis recently announced the public release of his new Windows emulation framework named Speakeasy. While the introductory blog post focused on using Speakeasy as an automated malware sandbox...
Conti Gang Hits IoT Chipmaker Advantech with $14M Ransom Demand
The ransomware group has leaked stolen data to add pressure on the company to pay up.
Advantech, the chip manufacturer, has confirmed that it received a ransom note from a...
Bandook malware targets ‘unusually wide variety’ of industries, regions
By:
Derek B. Johnson
Security researchers are warning that the once-dormant Bandook malware family is back, possibly be...
Misconfigured Docker Servers Under Attack by Xanthe Malware
The never-before-seen Xanthe cryptomining botnet has been targeting misconfigured Docker APIs.
Researchers have discovered a Monero cryptomining botnet they call Xanthe, which has been exploiting incorrectly configured Docker API installations...
German users targeted with Gootkit banker or REvil ransomware
After a noted absence, the Gootkit banking Trojan returns en masse to hit Germany. In an interesting twist, some of the victims may receive ransomware instead.
This blog post...
Digitally Signed Bandook Trojan Reemerges in Global Spy Campaign
A strain of the 13-year old backdoor Bandook trojan has been spotted in an espionage campaign.
A wave of targeted cyberattack campaigns bent on espionage is cresting around the globe,...
