The Russian-backed Turla cyber-espionage group used stolen malware and hijacked infrastructure from the Iranian-sponsored OilRig to attack targets from dozens of countries according to a joint United Kingdom’s National Cyber Security Centre (NCSC) and U.S. National Security Agency (NSA) advisory published today.
Posts By: National CSIRT-CY
Tools and Tactics of the Sodinokibi Ransomware Distributors
Using a network of honeypots, researchers from McAfee examined the tools and tactics used by the Sodinokibi Ransomware (REvil) affiliates to infect their victims with ransomware and compromise other machines on the network.
Fake WordPress Plugin Comes with Cryptocurrency Mining Function
Malicious plugins for WordPress websites are being used not just to maintain access on the compromised server but also to mine for cryptocurrency. Researchers at website security company Sucuri noticed the number of malicious plugins increase over the past months. The components are clones of legitimate software, altered for nefarious purposes. Normally, these fake plugins… Read more »
Attackers Hide Backdoors and Cryptominers in WAV Audio Files
Attackers behind a new malicious campaign are using WAV audio files to hide and drop backdoors and Monero cryptominers on their targets’ systems as BlackBerry Cylance threat researchers discovered. While various other malware peddlers were previously observed injecting payloads in JPEG or PNG image files [1, 2, 3] with the help of steganography, a well-known technique used to evade anti-malware detection, this… Read more »
Adobe Fixes 45 Critical Vulnerabilities in Acrobat and Reader
Adobe has released security updates to resolve vulnerabilities that could allow attackers to gain unauthorized access, execute commands on vulnerable computers, or elevate their privileges. Of particular concern are the 45 Critical vulnerabilities found in Adobe Acrobat and Reader. As both programs are widely used, and these vulnerabilities could allow attackers to execute code on… Read more »
