Justice Department seizes domains used in Nobelium spear-phishing attacks

• Post author:Frank Crast
• Post published:June 2, 2021
• Post category:Cybersecurity Attacks/Messaging Security/Phishing

The U.S. Justice Department has announced the seizure of domains used in Nobelium spear-phishing attacks previously identified by Microsoft last week.

Continue ReadingJustice Department seizes domains used in Nobelium spear-phishing attacks

New macOS malware linked to OceanLotus group

• Post author:Frank Crast
• Post published:December 1, 2020
• Post category:Cybersecurity Attacks/Malware

Security researchers have discovered a new macOS backdoor linked to the OceanLotus hacking group. The new malware variant has added new features such as new behavior and domain names.

Continue ReadingNew macOS malware linked to OceanLotus group

SlothfulMedia: new malware variant used by “sophisticated actors”

• Post author:Frank Crast
• Post published:October 2, 2020
• Post category:Malware

Security experts warned of a new malware variant dubbed SlothfulMedia has been used by a "sophisticated cyber actor."

Continue ReadingSlothfulMedia: new malware variant used by “sophisticated actors”

GADOLINIUM threat actors use cloud services and open source tools in cyberattacks

• Post author:Frank Crast
• Post published:October 2, 2020
• Post category:Cloud Security/Cybersecurity Articles/Cybersecurity Attacks/Malware

Security experts from Microsoft have observed a cyber threat actor dubbed GADOLINIUM that uses new attack techniques via cloud services and open source tools.

Continue ReadingGADOLINIUM threat actors use cloud services and open source tools in cyberattacks

NSA and FBI: watch out for Russian malware Drovorub

• Post author:Frank Crast
• Post published:August 14, 2020
• Post category:Cybersecurity Attacks

The National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) have released a joint cybersecurity alert for a new Russian malware dubbed Drovorub.

Continue ReadingNSA and FBI: watch out for Russian malware Drovorub

Doki malware targets exposed Docker servers in the cloud

• Post author:Frank Crast
• Post published:July 29, 2020
• Post category:Cloud Security/Configuration Management/Cybersecurity Attacks

Security researchers at Intezer Labs detected a new Linux malware dubbed "Doki" and cyber attack that uses blockchain wallet for generating command and control (C2) domain names.

Continue ReadingDoki malware targets exposed Docker servers in the cloud

CStealer: a new Windows trojan password stealer

• Post author:Frank Crast
• Post published:November 30, 2019
• Post category:Malware/Password Management

A new Windows trojan dubbed CStealer attempts to steal passwords from Chrome browser. The malware also uses a remote MongoDB server to store the stolen passwords.

Continue ReadingCStealer: a new Windows trojan password stealer

Watchbog targets unpatched systems

• Post author:Frank Crast
• Post published:September 13, 2019
• Post category:Malware/Vulnerabilities & Exploits

Security experts have uncovered an incident that involved the Watchbog cryptomining botnet. Attackers exploited CVE-2018-1000861 to establish a foothold on the victim's network and install Watchbog malware on unpatched systems.

Continue ReadingWatchbog targets unpatched systems

PyLocky ransomware decryption tool

• Post author:Frank Crast
• Post published:January 13, 2019
• Post category:Business Continuity & Resiliency/Malware

Talos security researchers have developed a new decryption tool that victims could potentially use to recover files locked out by PyLocky ransomware.

Continue ReadingPyLocky ransomware decryption tool

Linux Rabbit and Rabbot Malware threats

• Post author:Frank Crast
• Post published:December 10, 2018
• Post category:Cybersecurity Attacks/Malware

Security researchers from Anomali Labs have discovered a new malware dubbed "Linux Rabbit" that has targeted Linux servers and Internet-of-Things (IoT) devices in Russia, South Korea, the UK, and the US.

Continue ReadingLinux Rabbit and Rabbot Malware threats