freeware | Breaking Cybersecurity News | The Hacker News

A variant of a ransomware strain known as DJVU has been observed to be distributed in the form of cracked software. "While this attack pattern is not new, incidents involving a DJVU variant that appends the .xaro extension to affected files and demanding ransom for a decryptor have been observed infecting systems alongside a host of various commodity loaders and infostealers," Cybereason security researcher Ralph Villanueva  said . The new variant has been codenamed Xaro by the American cybersecurity firm. DJVU, in itself, is a  variant of the STOP ransomware , typically arrives on the scene masquerading as legitimate services or applications. It's also delivered as a payload of  SmokeLoader . A significant aspect of DJVU attacks is the deployment of additional malware, such as information stealers (e.g., RedLine Stealer and Vidar), making them more damaging in nature. In the latest attack chain documented by Cybereason, Xaro is propagated as an archive file from a

Chinese authorities have recently initiated a crackdown on the operators of a massive adware campaign that infected around 250 Million computers , including Windows and Mac OS, across the world earlier this year. The adware campaign was uncovered by security researchers at Check Point last month after it already infected over 25 million computers in India, 24 million in Brazil, 16 million in Mexico, 13 million in Indonesia and 5.5 million in the United States. Dubbed Fireball , the infamous adware comes bundled with other free legitimate software that you download off the Internet. Once installed, the malware installs browser plug-ins to manipulate the victim's web browser configurations and replace their default search engines and home pages with fake search engines. Far from legitimate purposes, Fireball has the ability to spy on victim's web traffic, execute malicious code on the infected computers, install plugins, and even perform efficient malware dropping, cr

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.