Learn more: www.lookout.com/products/endpoint-security
Request a demo: www.lookout.com/contact/request-a-demo
Try Lookout Mobile Endpoint Security free for 90 days: www.lookout.com/contact/90-day-free-trial
AsyncRAT appears in a new campaign, Water Curupira distributes PikaBot loader malware, and Turkish hackers exploit global MS SQL servers.
DARKGATE is Windows-based malware that is sold on the dark web. DARKGATE is a fully functional backdoor that can steal browser information, drop additional payloads, and steal keystrokes. Kroll previously noted DARKGATE’s distribution via Teams. When the DARKGATE payload runs on a victim system, it creates a randomly named folder within C:\ProgramData that contains encoded files. Within the randomly named folder is a short configuration file and the output of keystrokes logged on the system.
Rather than stick to traditional ransomware extortion methods that revolve around the attack itself, a new form of extortion known as Swatting puts the focus on the victim organization’s customers. A somewhat unexpected mode of extortion appears to be popping up in attacks targeting medical institutions. According to Dark Reading, cybercriminals are making repeat prank calls to police about individuals that are patients impacted by a data breach of a medical facility they are a customer of.
On January 16th, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent advisory to highlight the ongoing malicious activities by threat actors deploying the Androxgh0st Malware. Detailed information about these activities and the associated indicators of compromise (IOCs) and the various tactics, techniques, and procedures (TTPs) is listed in Known Indicators of Compromise Associated with Androxgh0st Malware.
The main difference between malware and viruses is that malware is an umbrella term used to describe all types of malicious software, whereas viruses are a specific type of malware. In other words, all viruses are malware but not all types of malware are viruses. Continue reading to learn what malware is, what a virus is, the key differences between the two and how you can protect yourself against all types of malware, including viruses.
Read also: The US charges admins, sellers and buyers linked to xDedic, a ShinyHunters hacker gets 3 yers in prison, and more.
BlackCat is and has been one of the more prolific malware strains in recent years. Believed to be the successor of REvil, which has links to operators in Russia, it first was observed in the wild back in 2021, according to researchers. BlackCat is written in the Rust language, which offers better performance and efficiencies than other languages previously used. BlackCat is indiscriminate in how it targets its victims, which range from healthcare to entertainment industries.
CISA adds two bugs to the KEV catalog, UAC-0050 distributes Remcos RAT with phishing tactics, and an updated version of Meduza Stealer launches on the dark web.
For the first time ever, the U.S. Justice Department announced the existence of an FBI-developed decryption tool that has been used to save hundreds of victim organizations attacked by one of the most prolific ransomware variants in the world. In an announcement made last month, the Justice Department made the world aware of the existence of a decryption tool to be used by those organizations hit by Blackcat – also known as ALPHV or Noberus.
AT&T Alien Labs has identified a campaign to deliver AsyncRAT onto unsuspecting victim systems. During at least 11 months, this threat actor has been working on delivering the RAT through an initial JavaScript file, embedded in a phishing page. After more than 300 samples and over 100 domains later, the threat actor is persistent in their intentions.
A flaw found by security researchers in the encryption software allows victim organizations to use “Black Basta Buster” to recover some of their data – but there’s a catch. We’ve all heard – for as long as ransomware attacks have been happening, you either need to pay the ransom or recover from backups. But a third option has now sprouted up on GitHub.
This mechanism is intended to simplify installing Windows apps after cybercriminals started using it to spread malware loaders that resulted in ransomware and backdoor outbreaks. The feature in question is called the ms-appinstaller consistent resource identifier plan, and its initial purpose was to make deploying Windows programs to devices simpler.
Read also: Four people arrested over ChatGPT-linked ransomware attacks, a scammer charged for stealing $7.5M from two charities, and more.
Hitting three hospitals within a Germany-based hospital network, the extent of the damage in this confirmed ransomware attack remains undetermined but has stopped parts of operations. It appears that affiliates of ransomware gangs have forgotten the golden rule – you don’t hit hospitals. It’s one thing to disrupt operations at a regular brick and mortar business. But hitting a business where someone’s life could be literally placed in jeopardy because a system is unavailable?
Chae$ 4 threatens the finance and logistics sectors, 3AM ransomware attacks continue, BattleRoyal deploys DarkGate and NetSupport, and Andariel steals South Korean defense secrets.
The main differences between a worm and a virus are how they spread and how they are activated. Worms spread automatically to devices through a network by self-replicating, whereas viruses spread by attaching themselves to files or programs. Worms don’t need human interaction to activate and infect a device, whereas viruses do. Continue reading to learn more key differences between worms and viruses and how to keep your devices and data safe from both types of malware.
Bunker Hill Community College (BHCC) serves a population of about 13,000 across two campuses and dispersed locations. BHCC offers over 100 degrees, including arts, sciences, business, health, law, and STEM opportunities. In May 2023, BHCC experienced a ransomware event—officials responded by taking their systems offline—but the threat was successful nonetheless. The assailants stole an estimated 195,588 records in their attack.