Hackers linked to Iran target WHO staff emails during coronavirus
www.reuters.com/article/us-health-coronavirus-cyber-iran-exclusi/exclusive-hackers-linked-to-iran-target-who-staff-emails-during-coronavirus-sources-idUSKBN21K1RC Hackers working in the interests of the Iranian government have attempted to break into the personal email accounts of staff at the World Health Organization during the coronavirus outbreak, four people with knowledge of the matter told Reuters.
CORONAVIRUS TROJAN OVERWRITING THE MBR
securitynews.sonicwall.com/xmlpost/coronavirus-trojan-overwriting-the-mbr/ SonicWall Capture Labs Threat Research team recently found a new malware taking advantage of the CoViD19 pandemic which makes disks unusable by overwriting the MBR.. See also:
AZORult brings friends to the party
blog.talosintelligence.com/2020/04/azorult-brings-friends-to-party.html Attackers are constantly reinventing ways of monetizing their tools. Cisco Talos recently discovered a complex campaign with several different executable payloads, all focused on providing financial benefits for the attacker in a slightly different way. The first payload is a Monero cryptocurrency miner based on XMRigCC, and the second is a trojan that monitors the clipboard and replaces its . content. There’s also a variant of the infamous AZORult information-stealing malware, a variant of Remcos remote access tool and, finally, the DarkVNC backdoor trojan.
MakeFrame: Magecart Group 7s Latest Skimmer Has Claimed 19 Victim Sites
www.riskiq.com/blog/labs/magecart-makeframe/ On January 24th, we first became aware of a new Magecart skimmer, which we dubbed MakeFrame after its ability to make iframes for skimming payment data. We initially flagged it with our machine learning model for detecting obfuscated code.
Loncom packer: from backdoors to Cobalt Strike
securelist.com/loncom-packer-from-backdoors-to-cobalt-strike/96465/ The previous story described an unusual way of distributing malware under disguise of an update for an expired security certificate. After the story went out, we conducted a detailed analysis of the samples we had obtained, with some interesting findings. All of the malware we examined from the campaign was packed with the same packer, which we named Trojan-Dropper.NSIS.Loncom. The malware uses
Pekraut – German RAT starts gnawing
www.gdatasoftware.com/blog/2020/04/35849-pekraut-german-rat-starts-gnawing Feature-rich remote access malware Pekraut emerges. The rodent seems to be of German origin and is ready to be released. We analyzed the malware in-depth.
[PDF] WireGuard: Next Generation Kernel Network Tunnel
www.wireguard.com/papers/wireguard.pdf WireGuard is a secure network tunnel, operating at layer 3, implemented as a kernel virtual network. interface for Linux, which aims to replace both IPsec for most use cases, as well as popular user space and/or. TLS-based solutions like OpenVPN, while being more secure, more performant, and easier to use.