An app which purported to launch distributed denial-of-service (DDoS) attacks against the internet infrastructure of Russia, was in reality secretly installing malware on to the devices of pro-Ukrainian activists. As researchers at Google's Threat Analysis Group (TAG) describe, the Moscow-backed Turla hacking group created a website purporting to belong to Ukraine's Azov regiment. READ MORE...
Attackers targeted a large, unnamed software development company in Ukraine that services various state entities with a "fairly uncommon" piece of malware in recent weeks, researchers with Cisco Talos said Thursday. The unknown hackers used a slightly modified version of an open-source backdoor named "GoMet," the researchers said, that at least two sophisticated hacking groups have used since 2020. READ MORE...
Leveraging little more than Linux bugs, common cloud application vulnerabilities, and misconfigurations, the 8220 Gang has been able to use its latest IRC botnet to infect more than 30,000 hosts with their PwnRig cryptominer. Researchers with SentinelOne reported observing this noteworthy increase in the number of infected hosts over the course of just the past month. In mid-2021, the analysts said the malicious botnet was running on just 2,000 hosts worldwide. READ MORE...
Microsoft announced today that it resumed the rollout of VBA macro auto-blocking in downloaded Office documents after temporarily rolling it back earlier this month following user feedback. The change comes after the company improved its user and admin support documentation to make it easier to understand the available options when a macro is blocked. READ MORE...
Atlassian has fixed three critical vulnerabilities and is urging customers using Confluence, Bamboo, Bitbucket, Crowd, Fisheye and Crucible, Jira and Jira Service Management to update their instances as soon as possible. There is no mention of these vulnerabilities being exploited in the wild, but flaws in Atlassian Confluence are often leveraged by attackers. READ MORE...
A new and previously undetected malware dubbed 'Lightning Framework' targets Linux systems and can be used to backdoor infected devices using SSH and deploy multiple types of rootkits. Described as a "Swiss Army Knife" in a report published today by Intezer, Lightning Framework is a modular malware that also comes with support for plugins. This malware is yet to be spotted in the wild, and some of its components (referenced in the source code) are yet to be found and analyzed. READ MORE...
Kaspersky researchers discovered a new ransomware family written in the Rust programming language on a darknet ransomware forum. Luna uses an atypical encryption scheme, a combination of the x25519 key exchange and the advanced encryption standard, that isn't often encountered in ransomware, according to the research, released Tuesday. It can run on Windows, Linux and ESXi systems with minor variations in the code, according to Kaspersky. READ MORE...