VIRUS Archives - Cybersecurity News Everyday

One ClickFix and LummaStealer reCAPTCHA’s Our Attention – Part 1

RevEng.AI has been monitoring LummaStealer, a malware campaign utilizing ClickFix to deceive users into executing malicious commands via fake Google reCAPTCHA pages. The report examines the detailed delivery chain and methods of execution, showcasing how LummaStealer evolves while maintaining its malicious capabilities. The evolving code aims to evade detection mechanisms while facilitating data theft.…

0Trash

Reducing Remediation Time Remains a Challenge: How Tenable Vulnerability Watch Can Help

April 26, 2025April 26, 2025 iocOne

Timely remediation of vulnerabilities remains a substantial challenge for organizations, often due to a lack of context in traditional scoring systems like CVSS. Tenable’s Vulnerability Watch offers a new classification framework aimed at improving prioritization, inspired by the WHO’s approach to monitoring COVID-19 variants. This framework categorizes vulnerabilities based on risk and urgency, facilitating more effective communication and decision-making.…

Threat Research

Step-by-Step Guide: SOC Automation — SMB Threat Hunting & Incident Response Lab

April 26, 2025April 26, 2025 Detect.fyi

This project illustrates the simulation of a malicious insider threat, exploiting Windows server vulnerabilities through the SMB protocol to deliver backdoor malware. Utilizing automation in incident response, the objective is to detect, contain, and eradicate the threat effectively, highlighting the importance of modern cybersecurity practices. Affected: Windows Server, SMB Protocol, Insider Threats, Cybersecurity Environment

Keypoints :

The WannaCry ransomware attack in 2017 underscored the necessity for advanced cybersecurity solutions.…

Threat Research

Fake GIF Leveraged in Multi-Stage Reverse-Proxy Card Skimming Attack

April 26, 2025 Sucuri

A sophisticated multi-stage carding attack targeted a Magento eCommerce website, exploiting an outdated version of the platform. Attackers used a fake gif file to introduce malware that facilitated the theft of sensitive customer data, including credit card details and login information, while maintaining stealth through a malicious reverse proxy.…

Threat Research

Infostealer Malware FormBook Spread via Phishing Campaign – Part I

April 24, 2025 Fortinet

This article discusses a phishing campaign that delivered malicious Word documents exploiting CVE-2017-11882 to install a variant of Formbook, an information-stealing malware targeting Windows systems. The campaign involves a well-crafted email tricking users into opening attachments that execute the malware, stealing sensitive user data via process hollowing.…

Cyber Security News

Yokogawa Recorder Vulnerability Could Let Attackers Hijack Critical Industrial Systems

April 21, 2025 CybersecurityNews

Summary: A high-severity vulnerability (CVE-2025-1863) has been identified in various Yokogawa Electric Corporation industrial recorder and data acquisition systems, exposing them to significant security risks. The issue arises from disabled default authentication settings, allowing unauthorized access to critical functions. Users are urged to enable authentication and implement robust security measures to mitigate potential threats.…

Interesting Stuff

Phishing Attempt: AT0 0NLINE SERVICES

April 20, 2025April 20, 2025 iocOne

Phishing attempts continue to evolve, with attackers impersonating legitimate entities to deceive victims. This article analyzes a recent phishing email masquerading as communication from Australia’s Centrelink service, using visual deception, urgency tactics, and legitimate-sounding domains to trick users. Effective detection and reporting of such attacks are vital in enhancing cybersecurity measures.…

Threat Research

Interlock ransomware evolving under the radar

April 16, 2025 SekoiaIO

The Interlock ransomware group, first observed in September 2024, has emerged as a significant cyber threat, employing tactics such as Big Game Hunting and double extortion. Unlike many ransomware organizations, it does not operate as a Ransomware-as-a-Service (RaaS) group and features a Data Leak Site called “Worldwide Secrets Blog” for negotiation and data exposure.…

Cyber Security News

China accuses NSA of launching cyberattacks on Asian Winter Games

April 16, 2025 CybersecurityNews

Summary: China has accused three alleged employees of the U.S. National Security Agency of orchestrating cyberattacks on the Asian Winter Games held in February. These accusations include specific names and details, marking a notable escalation in the ongoing cyber dispute between the two nations. China’s Foreign Ministry has urged the U.S.…

Threat Research

BlackTech Unmasked

April 13, 2025April 13, 2025 iocOne

The article examines the sophisticated cyber espionage group known as BlackTech, believed to be state-sponsored by the People’s Republic of China. Since at least 2010, they have targeted critical sectors across East Asia and the US, employing advanced tactics, techniques, and procedures (TTPs) to infiltrate networks and steal valuable information.…

Cyber Security News

The CyberDiplomat’s Daily Report

April 10, 2025April 10, 2025 iocOne

This report outlines various global cybersecurity incidents, including sophisticated spyware targeting Tibetan and Taiwanese communities, scrutiny over Bangladesh’s Cyber Security Act, a DDoS attack on Indonesia’s Tempo.co, and breaches in Australia’s superannuation sector. Other highlights include malware threats in various regions and ongoing efforts to enhance cybersecurity across nations.…

Interesting Stuff

CYBERDEFENDERS, — ICEID LAB

April 10, 2025April 10, 2025 iocOne

This article details a challenge based on the IceID banking Trojan, focusing on skills required for blue team analysts, including network traffic analysis, memory forensics, and reverse engineering. By utilizing tools such as VirusTotal and the MITRE ATT&CK framework, the challenge addresses sophisticated cyber threats and fosters expertise in identifying indicators of compromise.…

Interesting Stuff

Exploiting Windows ADS To Hide Payloads Backdoors

April 6, 2025April 6, 2025 Infosecwriteups

This article explains the exploitation of Alternate Data Streams (ADS) in Windows, detailing how attackers can hide malicious payloads and backdoors within legitimate files to evade detection. The piece walks through creating and executing commands that leverage ADS to conceal harmful executables. Affected: Windows, cybersecurity sector

Keypoints :

ADS stands for Alternate Data Streams, a feature of NTFS designed for compatibility with MacOS HFS.…

Threat Research

Operation HollowQuill: Malware delivered into Russian R&D Networks via Research Decoy PDFs

April 1, 2025 Seqrite

The article discusses Operation HollowQuill, a targeted cyber campaign against the Baltic State Technical University, designed to infiltrate academic and defense networks through weaponized decoy documents. The attack utilizes a multi-stage infection chain, including a malicious RAR file, a .NET malware dropper, Golang shellcode, and a Cobalt Strike payload.…

Interesting Stuff

Pentesting Tools Exploiting SMB With PsExec

March 31, 2025 Infosecwriteups

This article provides an educational overview of PsExec, a Windows utility for executing commands on remote systems using valid user credentials. It discusses the process of performing penetration testing using PsExec, including scanning for SMB services, brute-forcing user credentials, and utilizing PsExec.py for executing commands remotely.…

Threat Research

APT Silver Fox Utilizing Stock Investment Decoy and Undocumented Windows API to Evade Detection

March 30, 2025 AnalysisSpace

The article provides a detailed analysis of ValleyRAT, a remote access Trojan used by the Silver Fox threat organization. The malware employs various techniques, including deploying both a Trojan and a decoy PDF, to deceive victims while establishing a connection to a command and control server.…

Cyber Security News

Investigative Journalists in Serbia Hit by Advanced Spyware Attack

March 28, 2025 CybersecurityNews

Summary: Two Serbian journalists from the Balkan Investigative Reporting Network (BIRN) were targeted with Pegasus spyware, confirming a disturbing trend of digital surveillance against civil society in Serbia. This incident marks the third use of Pegasus spyware against Serbian activists in recent years, highlighting the ongoing repression and intimidation faced by journalists.…

Cyber Security News

New York’s cyber chief on keeping cities and states safe from cyberattacks

March 27, 2025 CybersecurityNews

Summary: Colin Ahern, New York state’s first chief cyber officer, reflects on his journey from military intelligence to leading cybersecurity efforts. During his tenure, he has focused on protecting government systems from escalating cyber threats, particularly ransomware. Ahern discusses the collaboration needed between state and local governments, as well as the essential role of education in promoting cybersecurity awareness.…

Cyber Attack

Malaysia Braces for Cyberattacks During Hari Raya: Cyber999 Issues Warning

March 26, 2025 LeakNews

Summary: A significant rise in cybersecurity incidents has been reported in Malaysia since early 2025, prompting Cyber999 to issue an advisory for heightened vigilance and preventive measures. The ongoing threats include ransomware, data breaches, and various scams, especially during the festive season. Key recommendations for system administrators, financial institutions, and home users are provided to mitigate these risks.…

Threat Research

Unattributed Shellcode Loader Likely Targeting Cambodia

March 23, 2025 DmpDump

On March 20, 2025, MalwareHunterTeam revealed a ZIP file named CNP_MFA_Meeting_Documents.zip, discovered in Cambodia, containing a malicious LNK file designed to execute a hidden PowerShell script that downloads and extracts further payloads. The malware employs techniques such as DLL hijacking and creates a scheduled task for persistent access.…

Tag: VIRUS