Dissecting the malicious arsenal of the Makop ransomware gang

GlobalDefenseBot 14 March

7 minutes

Cyber security researcher Luca Mella analyzed the Makop ransomware employed in a recent intrusion. Executive summary Introduction The Makop ransomware operators started their infamous criminal business in 2020 leveraging a new variant of the notorious Phobos ransomware. During the last years, the gang maintained a solid presence in the criminal underground even if they did […]

The post Dissecting the malicious arsenal of the Makop ransomware gang appeared first on Security Affairs.

breaking news

Golang-Based Botnet GoBruteforcer targets web servers

GlobalDefenseBot 14 March

3 minutes

A recently discovered Golang-based botnet, dubbed GoBruteforcer, is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services Researchers from Palo Alto Networks Unit 42 recently discovered a Golang-based botnet, tracked as GoBruteforcer, which is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services. In order to compromise a target system, the samples require […]

The post Golang-Based Botnet GoBruteforcer targets web servers appeared first on Security Affairs.

SYS01 stealer targets Facebook business accounts and browser credentials

CySecBot 13 March

1 minute

The SYS01 infection chain uses DLL sideloading to steal information. Learn how to protect your business from this cybersecurity threat.
The post SYS01 stealer targets Facebook business accounts and browser credentials appeared first on TechRepublic.

breaking news

Dark Pink APT targets Govt entities in South Asia

GlobalDefenseBot 13 March

3 minutes

Researchers reported that Dark Pink APT employed a malware dubbed KamiKakaBot against Southeast Asian targets. In February 2023, EclecticIQ researchers spotted multiple KamiKakaBot malware samples that were employed by the Dark Pink APT group (aka Saaiwc) in attacks against government entities in Southeast Asia countries. The activity of the group was first detailed by Group-IB […]

The post Dark Pink APT targets Govt entities in South Asia appeared first on Security Affairs.

breaking news

Security Affairs newsletter Round 410 by Pierluigi Paganini

GlobalDefenseBot 12 March

2 minutes

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. PlugX malware delivered by exploiting flaws in Chinese programs Prometei botnet evolves and infected +10,000 […]

The post Security Affairs newsletter Round 410 by Pierluigi Paganini appeared first on Security Affairs.

breaking news

PlugX malware delivered by exploiting flaws in Chinese programs

GlobalDefenseBot 11 March

2 minutes

Researchers observed threat actors deploying PlugX malware by exploiting flaws in Chinese remote control programs Sunlogin and Awesun. Researchers at ASEC (AhnLab Security Emergency response Center) observed threat actors deploying the PlugX malware by exploiting vulnerabilities in the Chinese remote control software Sunlogin and Awesun. Sunlogin RCE vulnerability (CNVD-2022-10270 / CNVD-2022-03672) is known to be […]

The post PlugX malware delivered by exploiting flaws in Chinese programs appeared first on Security Affairs.

breaking news

Prometei botnet evolves and infected +10,000 systems since November 2022

GlobalDefenseBot 11 March

3 minutes

A new version of the Prometei botnet has infected more than 10,000 systems worldwide since November 2022, experts warn. Cisco Talos researchers reported that the Prometei botnet has infected more than 10,000 systems worldwide since November 2022. The crypto-mining botnet has a modular structure and employs multiple techniques to infect systems and evade detection. The Prometei botnet […]

The post Prometei botnet evolves and infected +10,000 systems since November 2022 appeared first on Security Affairs.

Hackers target web servers using Golang-based malware

CySecBot 11 March

1 minute

Researchers have discovered a Golang-based malware known as GoBruteforcer. This malware has been detected to be targeting web servers using phpMyAdmin, FTP, MySQL and Postgres to bring devices together in a botnet. Golang-based malware uses brute-force…

NetWire Malware Site and Server Seized, Admin Arrested

CySecBot 11 March

1 minute

By Habiba Rashid
The alleged administrator of the website selling NetWire malware has been arrested in Croatia.
This is a post from HackRead.com Read the original post: NetWire Malware Site and Server Seized, Admin Arrested

breaking news

Law enforcement seized the website selling the NetWire RAT and arrested a Croatian man

GlobalDefenseBot 10 March

3 minutes

An international law enforcement operation seized the infrastructure associated with the NetWire RAT and resulted in the arrest of its administrator. A coordinated international law enforcement operation resulted in the seizure of the infrastructure associated with the NetWire RAT, the police also arrested its administrator. Law enforcement seized the website www.worldwiredlabs[.]com and its alleged administrator, […]

The post Law enforcement seized the website selling the NetWire RAT and arrested a Croatian man appeared first on Security Affairs.