‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems

It’s similar to Lazarus’s Manuscrypt malware, but the new spyware is splattering itself onto government organizations and ICS in a non-Lazarus-like, untargeted wave of attacks. Researchers have tracked new spyware…

The Log4j Vulnerability Is Now Used by State-Backed Hackers

The vulnerability, officially tagged as CVE-2021-44228 and called Log4Shell or LogJam, is an unauthenticated RCE vulnerability that allows total system takeover on systems running Log4j 2.0-beta9 through 2.14.1. What Happened? Nation-state hackers…

‘DarkWatchman’ RAT Shows Evolution in Fileless Malware

The new tool manipulates Windows Registry in unique ways to evade security detections and is likely being used by ransomware groups for initial network access. A novel remote access trojan…

Log4j flaw: This new threat is going to affect cybersecurity for a long time

If there ever was any doubt over the severity of the Log4j vulnerability, director of US cybersecurity and infrastructure agency CISA, Jen Easterly, immediately quashed those doubts when she described…

Cobalt Strike Is Being Installed by Emotet for Faster Attacks

Emotet belongs to the malware strain known as banking Trojans, and it primarily spreads through malspam. The messages used by Emotet often contain familiar branding, mimicking the email format of well-known…

Variant of Phorpiex botnet used for cryptocurrency attacks in Ethopia, Nigeria, India and more

Check Point Research has discovered new attacks targeting cryptocurrency users in Ethiopia, Nigeria, India and 93 other countries. The cybercriminals behind the attacks are using a variant of the Phorpiex…

Relentless Log4j Attacks Include State Actors, Possible Worm

More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell. Call it a “logjam” of threats: Attackers including nation-state actors have already targeted…

Cybersecurity experts debate concern over potential Log4j worm

As the fallout from the Log4j vulnerability continues, cybersecurity experts are debating what the future might hold.  Tom Kellermann, VMware’s head of cybersecurity strategy, said the Log4j vulnerability is one…

New Ransomware Family Deployed in Log4Shell Attacks

Recently a public exploit for the major zero-day vulnerability known as ‘Log4Shell’ in the Apache Log4j Java-based logging platform has been made available. Log4j is a development platform that enables…

Log4j flaw: Now state-backed hackers are using bug as part of attacks, warns Microsoft

State-sponsored hackers from China, Iran, North Korea and Turkey have started testing, exploiting and using the Log4j bug to deploy malware, including ransomware, according to Microsoft.    As predicted by…