Malware

Pierluigi Paganini September 24, 2024
A generative artificial intelligence malware used in phishing attacks

HP researchers detected a dropper that was generated by generative artificial intelligence services and used to deliver AsyncRAT malware. While investigating a malicious email, HP researchers discovered a malware generated by generative artificial intelligence services and used to deliver the AsyncRAT malware. The AI-generated malware was discovered in June 2024, the phishing message used an invoice-themed lure […]

Pierluigi Paganini September 23, 2024
North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages

North Korea-linked APT group Gleaming Pisces is distributing a new malware called PondRAT through tainted Python packages. Unit 42 researchers uncovered an ongoing campaign distributing Linux and macOS malwar PondRAT through poisoned Python packages. The campaign is attributed to North Korea-linked threat actor Gleaming Pisces (also known as Citrine Sleet), who previously distributed the macOS […]

Pierluigi Paganini September 23, 2024
Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw

Suspected China-linked APT Earth Baxia targeted a government organization in Taiwan by exploiting a recently patched OSGeo GeoServer GeoTools flaw. Trend Micro researchers reported that China-linked APT group Earth Baxia has targeted a government organization in Taiwan and potentially other countries in the Asia-Pacific (APAC) region. The threat actor used spear-phishing emails and exploited the […]

Pierluigi Paganini September 22, 2024
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 12

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Protect Your Crypto: Understanding the Ongoing Global Malware Attacks and What We Are Doing to Stop Them   CISA warns of Windows flaw used in infostealer malware attacks Exotic SambaSpy is now dancing with Italian users   Loki: […]

Pierluigi Paganini September 20, 2024
UNC1860 provides Iran-linked APTs with access to Middle Eastern networks

Iran-linked APT group UNC1860 is operating as an initial access facilitator that provides remote access to Middle Eastern Networks. Mandiant researchers warn that an Iran-linked APT group, tracked as UNC1860, is operating as an initial access facilitator that provides remote access to target networks in the Middle East. UNC1860 is linked to Iran’s Ministry of […]

Pierluigi Paganini September 18, 2024
Experts warn of China-linked APT’s Raptor Train IoT Botnet

Researchers warn of a new IoT botnet called Raptor Train that already compromised over 200,000 devices worldwide. Cybersecurity researchers from Lumen’s Black Lotus Labs discovered a new botnet, named Raptor Train, composed of small office/home office (SOHO) and IoT devices. The experts believe the botnet is controlled by a Chine-linked APT group Flax Typhoon (also […]

Pierluigi Paganini September 17, 2024
Qilin ransomware attack on Synnovis impacted over 900,000 patients

The personal information of a million individuals was published online following a ransomware attack that in June disrupted NHS hospitals in London. In June, a ransomware attack on pathology and diagnostic services provider Synnovis has severely impacted the operations at several major NHS hospitals in London. The attack forced the impacted hospitals to cancel some […]

Pierluigi Paganini September 16, 2024
Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Apple drops its lawsuit against commercial spyware vendor NSO Group, due to the risk of “threat intelligence” information exposure. Apple is seeking to drop its lawsuit against Israeli spyware company NSO Group, citing the risk of “threat intelligence” information exposure. Apple wants to dismiss its lawsuit against NSO Group due to three key developments. First, […]

Pierluigi Paganini September 15, 2024
Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack

Port of Seattle confirmed on Friday that the Rhysida ransomware group was behind the cyberattack that hit the agency in August. In August, a cyber attack hit the Port of Seattle, which also operates the Seattle-Tacoma International Airport, websites and phone systems were impacted. Media reported that the Port of Seattle, which also operates the […]

Pierluigi Paganini September 15, 2024
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 11

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Mythical Beasts and Where to Find Them: Mapping the Global Spyware Market and its Threats to National Security and Human Rights   Dissecting Lumma Malware: Analyzing the Fake CAPTCHA and Obfuscation Techniques – Part 2   Predator Spyware […]