Rorschach ransomware has the fastest file-encrypting routine to date

GlobalDefenseBot 4 April

4 minutes

A new ransomware strain named Rorschach ransomware supports the fastest file-encrypting routine observed to date. Check Point Research (CPR) and Check Point Incident Response Team (CPIRT) researchers detected a previously unknown ransomware strain, dubbed Rorschach ransomware, that was employed in attack against a US-based company. The experts pointed out that the Rorschach ransomware appears to be unique. […]

The post Rorschach ransomware has the fastest file-encrypting routine to date appeared first on Security Affairs.

3CX Supply chain attack allowed targeting cryptocurrency companies

GlobalDefenseBot 4 April

4 minutes

Threat actors behind the 3CX supply chain attack have targeted a limited number of cryptocurrency companies with a second-state implant. As of Mar 22, 2023, SentinelOne observed a spike in behavioral detections of the 3CXDesktopApp, which is a popular voice and video conferencing software product. The products from multiple cybersecurity vendors started detecting the popular […]

The post 3CX Supply chain attack allowed targeting cryptocurrency companies appeared first on Security Affairs.

North Korea Hacking Cryptocurrency Sites with 3CX Exploit

CySecBot 4 April

1 minute

News:

Researchers at Russian cybersecurity firm Kaspersky today revealed that they identified a small number of cryptocurrency-focused firms as at least some of the victims of the 3CX software supply-chain attack that’s unfolded over the past week. Kaspersky declined to name any of those victim companies, but it notes that they’re based in “western Asia.”

Security firms CrowdStrike and SentinelOne last week pinned the operation on North Korean hackers, who compromised 3CX installer software that’s used by 600,000 organizations worldwide, according to the vendor. Despite the potentially massive breadth of that attack, which SentinelOne dubbed “Smooth Operator,” Kaspersky has now found that the hackers combed through the victims infected with its corrupted software to ultimately target fewer than 10 machines—at least as far as Kaspersky could observe so far—and that they seemed to be focusing on cryptocurrency firms with “surgical precision.”…

New VPN Malvertising Attack Drops OpcJacker Crypto Stealer

CySecBot 3 April

1 minute

By Deeba Ahmed
Researchers warned that the campaign works through a network of fake websites that promote seemingly harmless crypto apps and other software.
This is a post from HackRead.com Read the original post: New VPN Malvertising Attack Drops OpcJ…

Grazie Ragazzi – But It’s Not Ferrari Who’s Saying It This Time!

CySecBot 3 April

1 minute

Ferrari’s woes seem to be continuing from F1 tracks to their data. And surprisingly, ransomware today encrypts files as fast as a Ferrari V8 goes from 0 to 60 mph. The current ransomware attack means cybercriminals now have access to confidential…

Malware and machine learning: A match made in hell

CySecBot 3 April

1 minute

We’ve been developing machine learning-based cybersecurity systems for many years and began developing automation for analysis in our labs in 2005. These early automation projects have since evolved into full-blown machine-learning frameworks. Si…

breaking news

Moobot botnet spreads by targeting Cacti and RealTek flaws

GlobalDefenseBot 3 April

3 minutes

The Moobot botnet is actively exploiting critical vulnerabilities in Cacti, and Realtek in attacks in the wild. FortiGuard Labs researchers observed an ongoing hacking campaign targeting Cacti (CVE-2022-46169) and Realtek (CVE-2021-35394) vulnerabilities to spread ShellBot and Moobot malware. The ShellBot, also known as PerlBot, is a Perl-based DDoS bot that uses IRC protocol for C2 communications. The […]

The post Moobot botnet spreads by targeting Cacti and RealTek flaws appeared first on Security Affairs.

breaking news

Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal

GlobalDefenseBot 2 April

4 minutes

Files leaked by Russian IT contractor NTC Vulkan show that Russia-linked Sandworm APT requested it to develop offensive tools. Documents leaked from Russian IT contractor NTC Vulkan show it was likely involved in the development of offensive tools. The documents demonstrate that it also developed hacking tools for the Russia-linked APT group Sandworm. The Sandworm group […]

The post Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal appeared first on Security Affairs.

breaking news

LockBit leaks data stolen from the South Korean National Tax Service

GlobalDefenseBot 2 April

2 minutes

The LockBit ransomware gang announced the publishing of data stolen from the South Korean National Tax Service. On March 29, 2023, The Lock Bit ransomware gang announced the hack of the South Korean National Tax Service. The group added the South Korean agency to its Tor leak site and announced the release of stolen data […]

The post LockBit leaks data stolen from the South Korean National Tax Service appeared first on Security Affairs.

breaking news

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

GlobalDefenseBot 1 April

3 minutes

CISA has added nine flaws to its Known Exploited Vulnerabilities catalog, including bugs exploited by commercial spyware on mobile devices. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog. Five of the issues added by CISA to its catalog are part of the exploits used by surveillance […]

The post CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog appeared first on Security Affairs.