TrickBot operators slowly abandon the botnet and replace it with Emotet
Researchers believe the group behind TrickBot are moving the infected devices it controls to the newer, more difficult to detect Emotet malware.
Stories by Lucian Constantin
-
-
ShadowPad has become the RAT of choice for several state-sponsored Chinese APTs
ShadowPad came into the spotlight in 2017 when used in two software supply-chain attacks by a suspected Chinese state-sponsored hacker group.
-
Dangerous privilege escalation bugs found in Linux package manager Snap
Researchers found an easy-to-exploit vulnerability in Snap, a universal application packaging and distribution system developed for Ubuntu.
-
Google Cloud adds agentless threat detection to virtual machine workloads
Virtual Machine Threat Detection at first will target cryptominers running on virtual servers. Detecting ransomware, Trojans, and other malware is coming.
-
Iranian APT group uses previously undocumented Trojan for destructive access to organisations
The Moses Staff group's main target is Israel, but has recently launched attacks on organisations in other countries including India, Germany and the U.S.
-
How ransomware negotiations work
Here's what experienced negotiators say organisations should expect if it ever needs to pay a ransomware demand.
-
Serious PwnKit flaw in default Linux installations requires urgent patching
Attackers could gain root privileges by compromising any regular user account. Workarounds are available, patches on their way.
-
MoonBounce UEFI implant used by spy group brings firmware security into spotlight
The MoonBounce rootkit implants a malicious driver in the Windows kernel to provide persistence and stealthiness.
-
The Prometheus traffic direction system is a major player in malware distribution
Cyber crime is fueled by a complex ecosystem of criminal groups that specialise on different pieces of the final attack chains experienced by victims.
-
Thousands of enterprise servers are running vulnerable BMCs, researchers find
According to an analysis by firmware security firm Eclypsium, 7,799 HPE iLO (HPE's Integrated Lights-Out) server BMCs are exposed to the internet.
-
Cyber crime group Elephant Beetle lurks inside networks for months
Elephant Beetle specialises in stealing money from financial and commerce firms over an extended period of time while remaining undetected.
-
How to properly mitigate the Log4j vulnerabilities
A sure-fire way to prevent exploitation of Log4j vulnerabilities has yet to appear, but these actions are your best bet for reducing risk.
-
Researchers warn about continuous abuse of unpatched MikroTik routers
Attackers are still exploiting unaddressed vulnerabilities in an estimated 300,000 MikroTik routers. A new tool will detect compromised devices.
-
Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps
The vulnerability affects not only Java-based applications and services that use the library directly, but also many other popular Java components.
-
Google disrupts major malware distribution network Glupteba
The botnet take-down is believed to be temporary as the criminal group has a back-up command-and-control mechanism based on Bitcoin blockchain.
