Agenda is a new strain of Golang ransomware specifically targeting healthcare and education organizations in Indonesia, Thailand, South Africa, and Saudi Arabia. Discovered by Trend Micro researchers, Agenda ransomware can reboot compromised systems in safe mode and can attempt to…
A Turkish-based cryptocurrency mining malware (crypto miner) campaign has been detected. Called Nitrokod and discovered by the Check Point Research team, the campaign has infected machines across 11 countries with a XMRig crypto miner. Nitrokod Cryptominer Campaign: Some Details The…
A new report by NCC Group sheds light on the threat landscape for the past month (July 2022). Apparently, ransomware attacks are once again on the rise, with LockBit being the most active ransomware in the wild. What else has…
The LockBit ransomware group is now working towards improving its protection against DDoS attacks as well as adding triple extortion to its malicious operations. These actions are triggered by a recent clash between LockBit criminals and security firm Entrust. LockBit…
Another critical Atlassian vulnerability has been reported in numerous API endpoints of Bitbucket Server and Data Center. The vulnerability in question is CVE-2022-36804, a command injection issue in version 7.0.0 of Bitbucket Server and Data Center. CVE-2022-36804: Atlassian Bitbucket Server…
MagicWeb is the name of a new post-exploitation (post-compromise) tool discovered and detailed by Microsoft security researchers. The tool is attributed to the Nobelium APT (advanced persistent threat) group which uses it to maintain persistent access to compromised systems. This…
GitLab revealed a critical vulnerability for branches 15.1, 15.2, and 15.3 of its community and enterprise editions. The vulnerability, identified as CVE-2022-2884 and rated 9.9 on the CVSS scale, could enable a threat actor to carry out remote command execution…
CVE-2022-2588, also known as Dirty Cred, is an eight-year old vulnerability in the Linux kernel that has been described as “as nasty as Dirty Pipe”. The Connection Between CVE-2022-2588 and CVE-2022-0847 Dirty Pipe, or CVE-2022-0847, was disclosed earlier this year…
DarkTortilla is a sophisticated and highly configurable crypter malware that delivers popular infostealers and remote access trojans including AgentTesla, AsyncRAT, Redline and NanoCore. What Is the DarkTortilla Crypter? A crypter is a type of software that has the capabilities to…
![VibeProfile Mac Virus - How to Remove [Free Guide]](https://cdn.sensorstechforum.com/wp-content/uploads/2020/05/apple-security-sensorstechforum-1024x584.jpg "Apple Fixed Two Actively Exploited Zero-Days [CVE-2022-32893]")
Two zero-days were fixed by Apple in the following operating systems – macOS, iOS and iPadOS. The zero-days, known as CVE-2022-32893 and CVE-2022-32894, have been exploited in the wild against exposed devices. CVE-2022-32893 and CVE-2022-32894 in macOS, iOS and iPadOS…
An actively exploited, highly severe zero-day vulnerability has been fixed in Google Chrome desktop. The vulnerability has been assigned the CVE-2022-2856 identifier. Details about CVE-2022-2856 According to the official description, CVE-2022-2856 relates to an insufficient validation of untrusted input in…
![SOVA Android Malware Upgraded with a Ransomware Module [.enc Files]](https://cdn.sensorstechforum.com/wp-content/uploads/2022/02/android-trojan-sensorstechforum-1024x585.jpg "SOVA Android Malware Upgraded with a Ransomware Module [.enc Files]")
SOVA is an Android banking trojan that first appeared in an underground forum in September 2021. Even the first iterations of the malware had plenty of functionalities, with the most recent ones updated with new features and code improvements. SOVA…
Orchard is the name of a new botnet taking advantage of Bitcoin’s creator Satoshi Nakamoto’s account transaction information to generate DGA [Domain Generation Algorithms] domain names. This is done to conceal the botnet’s command-and-control infrastructure. “Because of the uncertainty of…
GwisinLocker is a new ransomware family targeting South Korean industrial and pharmaceutical companies. Capable of compromising both Windows and Linux systems, GwisinLocker has been coded by a relatively unknown threat actor, called Gwisin (meaning ghost or spirit in Korean). Security…
VMware recently released another set of patches addressing a number of vulnerabilities in several products. The vulnerabilities (CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31662, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665) were reported privately. The severity scores of the flaws vary from 4.7 to…
The well-known LockBit ransomware has been receiving significant updates, as evident by the reports of several cybersecurity vendors. New Version of LockBit Observed in the Wild According to SentinelLabs, a new iteration of the ransomware has been deployed in the…
New auto-starting malware on the Google Play Store has been identified. HiddenAds Android Malware The malware is propagated with the help of malicious apps masquerading themselves as cleaner and optimization apps for device management. The Android apps were distributed on…
Security researchers recently uncovered a large network of fake investment scamming sites targeting specific European countries and North America. Fake Investment Phishing Sites Targeting European Countries The network consists of at least 11,000 domains that target the United Kingdom, Belgium,…
Security researchers share a new trend in phishing campaigns which now utilize the so-called IPFS URLs as payload. The discovery comes from TrustWave researchers who came across a site called the Chameleon Phishing page. Websites like this one can change…
Security researchers detail a new phishing-as-a-service (Phaas) platform in a recently released report. The platform is an example of how initial access brokers gain a foothold in organizations’ networks. Robin Banks is the name of a new PhaaS platform which,…
