Google and Adobe this week announced the availability of new open source security tools, for continuous fuzzing and detecting living-off-the-land attacks. Google releases ClusterFuzzLite Google announced the open source release of ClusterFuzzLite, which it described as a ClusterFuzz-based continuous fuzzing solution that runs as part of continuous integration (CI) workflows in an effort to help ..
Google on Thursday shared details about a recent attack that exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. According to Google, the attack, discovered in late August, was likely conducted by a well-resourced state-sponsored threat group which, based on the quality of their code, had access to their own ..
The cybercriminals behind the BlackMatter Ransomware-as-a-Service (RaaS) operation this week announced plans to close shop. Active since July 2021, BlackMatter is the product of the Coreid cybercrime group, which also operated the DarkSide ransomware. BlackMatter’s use in assaults on critical infrastructure entities in the United States has resulted in the U.S. government recently issuing an ..
The cybercriminal group tracked as TA551 recently showed a significant change in tactics with the addition of the open-source pentest tool Sliver to its arsenal, according to cybersecurity firm Proofpoint. Also referred to as Shathak, TA551 is an initial access broker known for the distribution of malware through thread hijacking – a technique where the ..
Google says it has disrupted phishing attacks in which threat actors were attempting to use cookie theft malware to hijack YouTube accounts and abuse them to promote cryptocurrency scams. As part of these campaigns, which have been ongoing since 2019, hackers recruited on a Russian-speaking forum targeted thousands with phishing emails that promised fake collaboration ..
A rootkit named FiveSys is able to evade detection and slip unnoticed onto Windows users’ systems courtesy of a Microsoft-issued digital signature, according to security researchers with Bitdefender. To prevent certain types of malicious attacks, Microsoft introduced strict requirements for driver packages that seek to receive a WHQL (Windows Hardware Quality Labs) digital signature, and ..
The Magnitude exploit kit (EK) is now capable of targeting Chromium-based browsers running on Windows systems, security researchers with Avast warn. Exploit kits such as Magnitude are known for expanding their arsenal with new browser or plugin exploits in a timely fashion, but for years they have mainly focused on Microsoft’s Internet Explorer and left ..
A previously unknown, modular malware family that targets Linux systems has been used in targeted attacks to collect credentials and gain access to victim systems, ESET reported on Thursday. Dubbed FontOnLake, the malware family employs a rootkit to conceal its presence and uses different command and control servers for each sample, which shows how careful ..
A recently observed attack employed a Python-based ransomware variant to target an organization’s VMware ESXi server and encrypt all virtual disks, Sophos reports. The attack involved the use of a custom Python script that, once executed on the target organization’s virtual machine hypervisor, took all VMs offline. The attackers, Sophos’ security researchers explain, were rather ..
A report published by Mandiant on Thursday details the activities and tools of FIN12, a highly aggressive ransomware group that has likely made a significant amount of money over the past years. The threat group, tracked until now by Mandiant as UNC1878, has been around since at least October 2018. The UNC classification is assigned ..