Cybercrime, the Dridex malspam campaign on false invoices is back
The email contains an xlsm attachment. This, if opened, contacts a random link from an internal list from to download a DLL, which starts the malware infection.
Cybercrime, three malware spread in a single compressed document
They are HawkEye, Matiex and Agent Tesla, hidden in a .7z file. It contains four exe, disguised as pdf. Probably it’s an email attachment on a fake shipping.
Cybercrime, here it comes the Gitpaste-12 worm
Juniper Threat Labs cybersecurity experts: the malware uses GitHub and Pastebin for housing component code and has at least 12 different attack modules available.
Cybercrime, AsyncRat campaign passes from a real company in India
The bait is the usual invoice, theoretically contained in the compressed attachment. Inside there is an exe file which, when opened, triggers the infection of the malware.
Cybercrime, more than 23,000 hacked databases available on forums-Telegram
ZDNet cybersecurity experts: The collection (estimated at around 50GB and 13 billion user record) have originated from Cit0Day.in.
Cybercrime, QuakBot exploits APP DIVISION ApS certificates to spread
The QBot malspam campaign continues to spread exploiting companies certificates to sign the exe file with malware.
Cybercrime, the new ransomware RegretLocker targets Windows VMs
The cybersecurity experts: The malware doesn’t contain a long-winded ransom note and uses email for communication. It encypts files with .mouse extention.
Cybercrime, new Dridex campaign on false invoices
The emails contain an xlsm attachment which, if opened, contacts a random link from an internal list and downloads a DLL. This starts the malware infection.
Cybercrime, the UPS campaign from Dridex goes to download Zeppelin-Buran
A doc file is downloaded from the link in the email which, if opened, activates the ransomware infection chain. This,can exfiltrate the data as well as encrypt it.
Cybersecurity, new severe RCE vulnerability on WebLogic Server
The company: It is remotely exploitable without authentication, letting remote attacker to take control of an affected system. Patch the CVE-2020-14750 now!