Researchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon.
https://threatpost.com/solarwinds-hack-linked-turla-apt/162918/
Researchers at Recorded Future report a rise in cracked Cobalt Strike and other open-source adversarial tools with easy-to-use interfaces.
https://threatpost.com/malicious-software-infrastructure-easier-deploy/162913/
An examination of the malware gang's payments reveals insights into its economic operations.
The agency said the malware has already compromised more than 150 organizations and provided insight into its ransomware-as-a-service behavior.
https://threatpost.com/fbi-egregor-attacks-businesses-worldwide/162885/
Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.
At least 6,500 cryptocurrency users have been infected by new, 'extremely intrusive' malware that's spread via trojanized macOS, Windows and Linux apps.
https://threatpost.com/electrorat-drains-cryptocurrency-wallet-funds-of-thousands/162705/
A look back at what was hot with readers -- offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.
In-depth report looks at how COVID-19 research has become as a juicy new target for organized cybercrime.
https://threatpost.com/hackers-amp-up-covid-19-ip-theft-attacks/162634/
Just in time for the Christmas holiday, Emotet is sending the gift of Trickbot.
https://threatpost.com/emotet-returns-100k-mailboxes/162584/
The phones of 36 journalists were infected by four APTs, possibly linked to Saudi Arabia or the UAE.
https://threatpost.com/zero-click-apple-zero-day-pegasus-spy-attack/162515/
Two malicious software building blocks that could be baked into web applications prey on unsuspecting users.
https://threatpost.com/rubygems-packages-bitcoin-stealing-malware/162360/
Researchers identify malware existing in popular add-ons for Facebook, Vimeo, Instagram and others that are commonly used in browsers from Google and Microsoft.
https://threatpost.com/3m-users-malicious-facebook-insta-browser-add-ons/162350/
Subway loyalty program members in U.K. and Ireland have been sent scam emails to trick them into downloading malware.
https://threatpost.com/subway-loyalty-card-phishing-scam/162308/
The worm returned in recent attacks against web applications, IP cameras and routers.
https://threatpost.com/gitpaste-12-worm-widens-exploits/162290/
The infamous keylogger has shifted its targeting tactics and now collects stored credentials for less-popular web browsers and email clients.
https://threatpost.com/agent-tesla-targeting-data-tactics/162268/
The newly discovered Python-based malware family targets the Outlook processes, and browser credentials, of Microsoft Windows victims.
https://threatpost.com/windows-trojan-steals-browser-credentials-outlook-files/162223/
The Adrozek ad-injecting browser modifier malware also extracts device data and steals credentials, making it an even more dangerous threat.
https://threatpost.com/adrozek-malware-fake-ads-30k-devices/162217/
Facebook shut down accounts and Pages used by two separate threat groups to spread malware and conduct phishing attacks.
https://threatpost.com/facebook-accounts-apt32-cyberattacks/162186/
The threat group is increasing its espionage activity in light of the current political climate and recent events in the Middle East, with two new backdoors.
https://threatpost.com/molerats-apt-espionage-facebook-dropbox/162162/
Convincing email-credentials phishing, emailed backdoors and mobile apps are all part of the groups latest effort against military and government targets.
https://threatpost.com/sidewinder-apt-nepal-afghanistan-spy-campaign/162086/
The developers behind the Android malware have a new variant that spies on instant messages in WhatsApp, Telegram, Skype and more.
https://threatpost.com/rana-android-malware-updates-allow-whatsapp-telegram-im-snooping/161971/
The group published files stolen from the Brazilian aircraft manufacturer in a ransomware attack last month.
https://threatpost.com/ransomexx-ransomware-gang-dumps-stolen-embraer-data-report/161918/
The skimmer steals credit-card data, using steganography to hide in plain sight in seemingly benign images.
https://threatpost.com/online-shopping-malware-social-media-buttons/161903/
The attack, which prevented Translink users from using their metro cards or buying tickets at kiosks, is the second from the prolific threat group just this week.
https://threatpost.com/vancouver-metro-egregor-ransomware/161892/
A new "TrickBoot" module scans for vulnerable firmware and has the ability to read, write and erase it on devices.
https://threatpost.com/trickbot-returns-bootkit-functions/161873/
In a recent cyberattack against an E.U. country's Ministry of Foreign Affairs, the Crutch backdoor leveraged Dropbox to exfiltrate sensitive documents.
https://threatpost.com/turla-backdoor-dropbox-espionage-attacks/161777/
Peter Lowe with DNSFilter discusses the science behind domain name system (DNS) filtering and how this method is effective in blocking out phishing and malware.
https://threatpost.com/dns-filtering-a-top-battle-front-against-malware-and-phishing/161708/
The never-before-seen Xanthe cryptomining botnet has been targeting misconfigured Docker APIs.
https://threatpost.com/misconfigured-docker-servers-xanthe-malware/161732/
The new backdoor comes with multiple payloads and new detection evasion tactics.
https://threatpost.com/macos-users-targeted-oceanlotus-backdoor/161655/
Some 50,000 targeted victims have been identified so far in a massive, global scam enterprise that involves 26 different malwares.
Fake Minecraft Modpacks on Google Play deliver millions of abusive ads and make normal phone use impossible.
https://threatpost.com/minecraft-mods-attack-android-devices/161567/
Blackrota is targeting a security bug in Docker, but is nearly impossible to reverse-analyze.
https://threatpost.com/blackrota-golang-backdoor-obfuscation/161544/
The TA416 APT has returned in spear phishing attacks against a range of victims - from the Vatican to diplomats in Africa - with a new Golang version of its PlugX malware loader.
https://threatpost.com/ta416-apt-plugx-malware-variant/161505/
Global biotech firm Miltenyi, which supplies key components necessary for COVID-19 treatment research, has been battling a malware attack.
https://threatpost.com/covid-19-antigen-malware-attack/161317/
A fake Java update found on various porn sites actually downloads the well-known Zloader malware.
https://threatpost.com/attackers-porn-malsmoke-zloader-attack/161277/
Fortinet's Aamir Lakhani discusses hacker forums as a rich source of threat intelligence.
https://threatpost.com/dark-web-security-researchers-bad-guys/161172/
Microsoft warns that cybercriminals are using Cobalt Strike to infect entire networks beyond the infection point, according to a report.
https://threatpost.com/microsoft-teams-fakeupdates-malware/161071/
The cyberattack has halted chemotherapy, mammogram and screening appointments, and led to 300 staff being furloughed or reassigned.
https://threatpost.com/cyberattack-uvm-health-network/161059/
The newly discovered malware uses GitHub and Pastebin to house component code, and harbors 12 different initial attack vectors.
https://threatpost.com/gitpaste-12-worm-linux-servers-iot-devices/161016/
Emails try to lure victims with malicious documents claiming to have information about voting interference.
https://threatpost.com/malspam-campaign-milks-election-uncertainty/160983/