[SecurityWeek] Russia’s APT29 Still Actively Delivering Malware Used in COVID-19 Vaccine Spying

The Russian cyberespionage group known as APT29 and Cozy Bear is still actively delivering a piece of malware named WellMess, despite the fact that the malware was exposed and detailed last year by Western governments.

read more

Source: Read More (SecurityWeek RSS Feed)

You might be interested in …

[HackerNews] A New Wave of Malware Attack Targeting Organizations in South America

All posts, HackerNews

A spam campaign delivering spear-phishing emails aimed at South American organizations has retooled its techniques to include a wide range of commodity remote access trojans (RATs) and geolocation filtering to avoid detection, according to new research. Cybersecurity firm Trend Micro attributed the attacks to an advanced persistent threat (APT) tracked as APT-C-36 (aka Blind Eagle), a suspected […]

Read More

[SANS ISC] YARA Rule for OOXML Maldocs: Less False Positives, (Tue, Nov 23rd)

All posts, Sans-ISC

In this diary entry, I introduce an updated version of the YARA rule I presented in diary entry “Simple YARA Rules for Office Maldocs” for OOXML files with VBA code. Here is the OOXML YARA rule I presented yesterday: rule pkvba {     strings:         $vbaprojectbin = “vbaProject.bin”     condition:         uint32be(0) == 0x504B0304 and […]

Read More

[SecurityWeek] China-Linked Cyberespionage Operation Suggests Interest in SCADA Systems

All posts, Security Week

A cyberespionage group that appears to be based in China has been seen targeting critical infrastructure organizations in Southeast Asia, and the attackers may be interested in industrial control systems (ICS). read more Source: Read More (SecurityWeek RSS Feed)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.