malware campaign | Breaking Cybersecurity News | The Hacker News

If you hold an interest in the North Korean Missile Program and are one of those curious to know capabilities of the recently tested North Korean long-range missile than you could be a target of a new malware campaign. North Korea claims to have conducted the first test of an intercontinental ballistic missile (ICBM), the Hwasong-14 , on 3rd July, and US officials believe the country may have fired a brand-new missile that has not been seen before. Now, just a day after the test missile launch, hackers have started utilizing the news to target people interested in North Korean missile arsenal that has progressed over the decades from crude artillery rockets to testing what the country claims long-range missiles that could strike targets in the United States. Security researchers at Talos Intelligence have discovered a new malware campaign that started on 4th July to target victims with KONNI, an unknown Remote Access Trojan (RAT) that has been in use for over three years. ...

Recently, Microsoft issued an Emergency patch for a zero-day vulnerability in Internet Explorer that is being exploited to deploy Korplug malware on vulnerable PCs. Korplug , a known variant of PlugX , is a Trojan that creates a backdoor used for information stealing on infected computers. In one of the most publicized cases, an evangelical church in Hong Kong was compromised to deliver the malware. Attackers were able to breach the church's website and inject a malicious iFrame overlay designed to look like the site itself. The iFrame was then used to redirect visitors to a site hosting the IE exploit . Once users land on the website, they are served a java.html which installs Korplug on their computers. To defend against Korplug, system administrators, and security engineers should educate users of corporate assets about these types of hacking techniques. In many cases, organizations are breached because of the lack of internal education around how to ident...

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we'll focus on the device threat vector. The risk they pose is significant, which is why device management tools like Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) are essential components of an organization's security infrastructure. However, relying solely on these tools to manage device risk actually creates a false sense of security. Instead of the blunt tools of device management, organizations are looking for solutions that deliver device trust . Device trust provides a comprehensive, risk-based approach to device security enforcement, closing the large gaps left behind by traditional device management solutions. Here are 5 of those limitations and how to ov...

A huge data-stealing cyber espionage campaign that targeted Banks, Corporations and Governments in Germany, Switzerland, and Austria for 12 years, has finally come for probably the longest-lived online malware operation in history. The campaign is dubbed as ' Harkonnen Operation ' and involved more than 800 registered front companies in the UK — all using the same IP address – that helped intruder installs malware on victims' servers and network equipments from different organizations, mainly banks, large corporations and government agencies in Germany, Switzerland and Austria. In total, the cyber criminals made approximately 300 corporations and organisations victims of this well-organised and executed cyber-espionage campaign . CyberTinel , an Israel-based developer of a signature-less endpoint security platform, uncovered this international cyber-espionage campaign hitting Government institutions, Research Laboratories and critical infrastructure facilit...

Last week, the Researchers at the German security company G Data Software have reported about the most complex and sophisticated rootkit  malware, Uroburos which is designed to steal data from secure facilities and has ability to take control of an infected machine, execute arbitrary commands and hide system activities. Recently, British cyber specialist BAE  has disclosed the parent Russian malware campaign dubbed as ' SNAKE ' that remained almost undetected for least eight years while penetrating highly secured systems. Uroburos rootkit was one of the components of this campaign. In a separate Investigation, Western intelligence officers have found another piece of spyware , infecting hundreds of government computers across Europe and the United States, known as ' Turla '. Researchers believed that  Turla  campaign is linked to a previously known campaign ' Red October ', a massive global cyber spying operation targeting diplomatic, military and nucle...

A sophisticated cyber spying operation, The Mask , that has been under the radar for about 7 years and targeted approximately 31 countries, has now been unmasked by researchers at Kaspersky Labs . Researchers believe the campaign has been active since 2007 and is a highly sophisticated nation-state spying tool targeting government agencies, diplomatic offices, embassies, private companies, and activists. In the report published by Kaspersky, over 380 unique victims were identified. The name " Mask " comes from the Spanish slang word "Careto," meaning " Ugly Face " or " Mask ," which was found in several malware modules. Developers of The Mask (aka Careto ) used a complex toolset, including advanced malware, bootkits, and rootkits capable of: Sniffing encryption keys Intercepting VPN configurations, SSH keys, and RDP files Monitoring network traffic, keystrokes, Skype conversations, Wi-Fi traffic Capturing screens and tracking file op...

Malwares are getting updated during the age of social networking. FortiGuard Labs researchers have discovered a new malware called ' Rodpicom Botnet ' that spreads via messaging applications such as Skype and MSN Messenger. Dubbed W32/Rodpicom.A - Rodpicom Botnet sends a message to the victim with a link to a malicious site that leads to downloadable content. When the user clicks the link, the attack downloads another strain of malware, known as Dorkbot . Once the target machine is infected, it checks to see if the victim is using any messaging applications such as Skype or MSN Messenger.  It is revealed that, the malware employs new stealth tactics, including an exception handling technique that generates its own error to dodge analysis and relies on an anti-emulator that attacks the heuristic-scanning capabilities in antivirus software and enables its code to jump around several hundred times. The malware is enough smart to checks the language of the installed operating...

Multiple malware attacks against both Israeli and Palestinian systems, likely to be coming from the same source, have been seen over the last year. Researchers in Norway have uncovered evidence of a vast Middle Eastern espionage network that for the past year has deployed malicious software to spy on Israeli and Palestinian targets. Israel has banned its police force from connecting to the Internet and from using memory sticks or disks in an effort to curb a cyberattack. The ban, enacted last week, is meant to prevent a malware program called Benny Gantz-55 named after Benny Gantz, Israel's Chief of General Staff from infecting the police's computer network  Trend Micro has obtained samples of malware implicated in a recent incident, The attack began with a spammed message purporting to come from the head of the Israel Defense Forces, Benny Gatz. The From field has the email address, bennygantz59(at)gmail.com and bore the subject IDF strikes militants in Gaza Strip...