Leaked LockBit 3.0 ransomware builder used by multiple threat actors

GlobalDefenseBot 27 August

3 minutes

The leak of the source code of the LockBit 3.0 ransomware builder in 2022 allowed threat actors to create new variants of the threat. Lockbit v3, aka Lockbit Black, was detected in June 2022, but in September 2022 a builder for this variant was leaked online. The availability of the builder allowed anyone to create their own […]

The post Leaked LockBit 3.0 ransomware builder used by multiple threat actors appeared first on Security Affairs.

breaking news

Security Affairs newsletter Round 434 by Pierluigi Paganini – International edition

GlobalDefenseBot 27 August

4 minutes

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Cloud and hosting provider Leaseweb took down critical systems after a cyber attack French employment agency […]

The post Security Affairs newsletter Round 434 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses

CySecBot 26 August

1 minute

The Cisco Talos report exposes new malware used by the group to target Internet backbone infrastructure and healthcare organizations in the U.K. and the U.S.

XLoader Malware Variant Targets MacOS Disguised as OfficeNote App

CySecBot 25 August

1 minute

A new variant of malware called XLoader is targeting macOS users. XLoader’s execution, functionalities and distribution are detailed.

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure

CySecBot 25 August

1 minute

North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe and the US. The group leveraged the vulne…

Lockbit leak, research opportunities on tools leaked from TAs

CySecBot 25 August

8 minutes

In September of 2022, multiple security news professionals wrote about and confirmed the leakage of a builder for Lockbit 3 ransomware. In this post we provide the analysis of the builder and recently discovered builds.

[SANS ISC] Python Malware Using Postgresql for C2 Communications

CySecBot 25 August

1 minute

Today, I published the following diary on isc.sans.edu: “Python Malware Using Postgresql for C2 Communications“: For modern malware, having access to its C2 (Command and control) is a crucial point. There are many ways to connect to a C2 server using tons of protocols, but today, HTTP remains very common

The post [SANS ISC] Python Malware Using Postgresql for C2 Communications appeared first on /dev/random.

breaking news

Whiffy Recon malware triangulates the position of infected systems via Wi-Fi

GlobalDefenseBot 25 August

3 minutes

Experts observed the SmokeLoader malware delivering a new Wi-Fi scanning malware strain dubbed Whiffy Recon. Secureworks Counter Threat Unit (CTU) researchers observed the Smoke Loader botnet dropping a new Wi-Fi scanning malware named Whiffy Recon. The malicious code triangulates the positions of the infected systems using nearby Wi-Fi access points as a data point for Google’s […]

The post Whiffy Recon malware triangulates the position of infected systems via Wi-Fi appeared first on Security Affairs.

Ransomware dwell time hits new low

CySecBot 25 August

1 minute

Median attacker dwell time—the time from when an attack starts to when it’s detected—shrunk from 10 to eight days for all attacks, and to five days for ransomware attacks during the first half of 2023, according to Sophos. In 2022, the median dwell tim…