ALERTS 2014 OCTOBER HOME AI APT BOTNET CAMPAIGN CRIME CRYPTOCURRENCY EXPLOIT HACKING GROUP OPERATION PHISHING RANSOM SPAM VIRUS VULNEREBILITY | 2024 2025
2024 March(16) April(92) May(99) June(94) July(88) August(112) SEPTEMBER(67) October(13) November(80) December(6)
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
|
1.11.24 | New variant of FakeCall Android malware | A new variant of the Android malware called FakeCall has been observed in the wild. The attackers behind this malware employ voice phishing (vishing) techniques in order to trick victims into disclosing sensitive information such as credentials or banking information. | ALERTS | VIRUS |
|
1.11.24 | Sauron - a new ransomware variant in the wild | Sauron is a new ransomware variant recently found in the wild. The malware appends ".sauron" extension to the encrypted files. The ransom note is dropped in form of a text file called "#HowToRecover.txt" on the affected machines. | ALERTS | RANSOM |
|
1.11.24 | UNC5812 campaigns against Ukraine with Android and Windows malware | A recent report highlighted activity attributed to a suspected Russian threat actor identified as UNC5812. The activity involved distributions of Android and Windows malware targeting Ukranian military recruits. The intent of the campaign was not only to engage in espionage but also attempt to negatively influence support for pro-Ukranian forces. | ALERTS | GROUP |
|
1.11.24 | A possible Bumblebee Loader resurgence | A new campaign delivering the Bumblebee loader has been reported this month. Bumblebee is a highly sophisticated downloader variant discovered initially back in 2022. The malware has been spread across a multitude of malicious campaigns and used for the delivery and execution of miscellaneous payloads such as Cobalt Strike, ransomware, etc. | ALERTS | VIRUS |
|
1.11.24 | CVE-2024-40711 - Veeam Backup and Replication deserialization vulnerability exploited by ransomware actors | CVE-2024-40711 is a recently disclosed critical (CVSS score 9.8) deserialization vulnerability affecting the Veeam Backup and Replication software in version 12.1.2.172 or older. If successfully exploited the flaw might provide unauthenticated attackers with remote code execution (RCE) on the vulnerable systems. | ALERTS | VULNEREBILITY |
|
1.11.24 | Malicious "Lounge Pass" app targets air travelers in India | A campaign involving a malicious Android app called "Lounge Pass" targeting air travelers at Indian airports has been observed. Distributed through fake domains, the app intercepts and forwards SMS messages from victims' devices to cybercriminals, leading to significant financial losses. | ALERTS | VIRUS |
|
1.11.24 | Adware Campaign uses Fake CAPTCHA to deliver Lumma and Amadey malware | Threat actors are increasingly using fake CAPTCHA as an initial attack vector. A recent adware campaign is targeting online users by presenting them with fake CAPTCHA or update prompts. Attackers are leveraging ad networks to redirect victims to compromised sites that host these social engineering lures. | ALERTS | VIRUS |
|
1.11.24 | TeamTNT targets cloud-native environments in new Cryptojacking campaign | A new campaign by the cryptojacking group TeamTNT has been reported targeting cloud-native environments for cryptocurrency mining and reselling compromised servers. | ALERTS | CRYPTOCURRENCY |
|
1.11.24 | Rekoobe malware found potentially targeting TradingView users | An open directory has been discovered hosting Rekoobe malware, potentially aimed at targeting TradingView users along with other cyber espionage campaigns. Rekoobe is a versatile backdoor previously deployed by APT31 and other adversaries engaged in cyber espionage and data theft. | ALERTS | VIRUS |
|
1.11.24 | Daggerfly targets Taiwanese entities with new CloudScout Toolset | China-linked threat actor Daggerfly (also known as Evasive Panda) has been reported targeting a government entity and a religious organization in Taiwan with a previously undocumented post-compromise toolset called CloudScout. | ALERTS | APT |
|
1.11.24 | Daggerfly targets Taiwanese entities with new CloudScout Toolset | Researchers have recently uncovered a malicious campaign spreading the XWorm RAT trojan via fake emails posing as official communications from Namirial, a software and service company. The emails prompt users to open a password-protected PDF, and if it fails, directs them to a Dropbox link that downloads a ZIP file containing a URL that would connect to the attacker's servers and download additional malicious scripts, enabling control over the victim's machine. | ALERTS | VIRUS |
|
1.11.24 | Phishing Campaign Distributing XWorm RAT | Researchers have recently uncovered a malicious campaign spreading the XWorm RAT trojan via fake emails posing as official communications from Namirial, a software and service company. The emails prompt users to open a password-protected PDF, and if it fails, directs them to a Dropbox link that downloads a ZIP file containing a URL that would connect to the attacker's servers and download additional malicious scripts, enabling control over the victim's machine. | ALERTS | PHISHING |
|
1.11.24 | HeptaX Cyberattack Operations | A researcher recently identified a multi-stage cyberattack targeting the healthcare industry, initiated through a ZIP file containing a malicious shortcut (.lnk) file, likely spread via phishing emails. When executed, the LNK file runs a PowerShell command that downloads additional payloads including scripts and BAT files from a remote server. | ALERTS | OPERATION |