China-linked APT Weaver Ant infiltrated the network of a telecommunications services provider for over four years. The China-linked threat actor Weaver Ant infiltrated the network of a telecom provider in Asia for over four years. During a forensic investigation, Sygnia researchers observed multiple alerts that revealed a re-enabled threat actor account by a service account […]
When you think of malware, your mind probably jumps to malicious downloads or email attachments. But it turns…
A recent development in Linux kernel security has led to the creation of a Rust-based kernel module designed to detect rootkits, a type of malware that can hide itself and other malicious activities from system administrators. This project, part of an …
Medusa ransomware uses a malicious Windows driver ABYSSWORKER to disable security tools, making detection and mitigation more difficult. Elastic Security Labs tracked a financially driven MEDUSA ransomware campaign using a HEARTCRYPT-packed loader and a revoked certificate-signed driver, ABYSSWORKER, to disable EDR tools. The attackers used a 64-bit Windows PE driver named smuol.sys, disguised as a […]
The Medusa ransomware relies on a malicious Windows driver to disable the security tools running on the infected systems.
The post Medusa Ransomware Uses Malicious Driver to Disable Security Tools appeared first on SecurityWeek.
A new strain of malware, known as SvcStealer, has emerged as a significant threat in the cybersecurity landscape. This malware is primarily delivered through spear phishing attacks, where malicious attachments are sent via email to unsuspecting victims…
The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users’ sensitive information and infect their systems with malware. “The FBI Denver Field Office is warning that agents are increasingly seeing a scam […]
The Cloak ransomware group claims responsibility for a cyberattack on the Virginia Attorney General’s Office that occurred in February. The ransomware group Cloak has claimed responsibility for a February cyberattack on the Virginia Attorney General Office. A cyberattack on the Virginia Attorney General’s Office forced officials to shut down IT systems, including email and VPN, […]
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes ClearFake’s New Widespread Variant: Increased Web3 […]
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash Zero-day broker Operation Zero offers up to […]