News

Russian hackers use new Lunar malware to breach a European govt's agencies

Security researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad. [...]

IPv6 Stockpiling: A Trojan Horse in Our Midst?

The current combination of RIPE policies and rules for RIPE NCC membership enable IPv6 stockpiling. And what might sound like an unlikely activity is not only happening, but is actually on the rise. Here we look at the trends and some of the potential consequences and ask where we go from here.

Android 15, Google Play Protect get new anti-malware and anti-fraud features

Today, Google announced new security features coming to Android 15 and Google Play Protect that will help block scams, fraud, and malware apps on users' devices. [...]

Malware was almost 50% of threat detections in Q1 2024

According to a cybersecurity and threat intelligence report, the U.S. was the 4th most targeted country in the world regarding phishing attacks.

Inside Poland's groundbreaking effort to reckon with spyware abuses

Poland was once a “dark spot” on spyware abuse, but a probe, victim notifications and more has made it a potential model for other nations. The post Inside Poland's groundbreaking effort to reckon with spyware abuses appeared first on CyberScoop.

How attackers deliver malware to Foxit PDF Reader users

Threat actors are taking advantage of the flawed design of Foxit PDF Reader's alerts to deliver malware via booby-trapped PDF documents, Check Point researchers have warned. Exploiting the issue The researchers have analyzed several campaigns using malicious PDF files that are targeting Foxit Reader users. The attackers are leveraging a variety of .NET and Python exploit builders, the most popular of which is the “PDF Exploit Builder”, to create PDF documents with macros that execute … More → The post How attackers deliver malware to Foxit PDF Reader users appeared first on Help Net Security.

Russian Actors Weaponize Legitimate Services in Multi-Malware Attack

The threat actor, likely located in the Commonwealth of Independent States (CIS), strategically targeted a spectrum of operating systems and computer architectures in the credential harvesting campaign, including Windows and macOS.

QakBot attacks with Windows zero-day (CVE-2024-30051)

In April 2024, while researching CVE-2023-36033, we discovered another zero-day elevation-of-privilege vulnerability, which was assigned CVE-2024-30051 identifier and patched on May, 14 as part of Microsoft's patch Tuesday. We have seen it exploited by QuakBot and other malware.

Microsoft fixes Windows zero-day exploited in QakBot malware attacks

Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems. [...]

TROJANSPY.WIN64.EMOTET.A / Arbitrary Code Execution

Posted by malvuln on May 14Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/f917c77f60c3c1ac6dbbadbf366ddd30.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: TrojanSpy.Win64.EMOTET.A Vulnerability: Arbitrary Code Execution Description: The malware looks for and executes a x64-bit "CRYPTBASE.dll" PE file in its current directory. Therefore, we can hijack the DLL and execute our own...