The increasing spread of wiper malware is a stark reminder of the dangerous landscape organisations face when protecting their data. A solid, well-managed data backup and recovery plan is the key to ensuring data safety in the face of today’s growing array of threats.
Dark web forum posts indicate that low- or even no-skill threat actors have figured out how to manipulate ChatGPT instructions to get it to produce basic but viable malware.
The FBI warned that hackers are using search engine ads for phishing and spreading malware to unsuspecting users by impersonating legitimate businesses and services.
2K Games accounts used for online games may have received unexpected messages from the helpdesk system claiming to be a response to a request. The messages look authentic, but conclude with a link to RedLine malware.
Attackers are becoming savvier, using search engine optimization (SEO) techniques to bump malicious links and malware to the top of users’ search engine results. Email, SMS, messaging apps, and social media are also commonly used to lure users.
Intel 471 researchers found that hackers leveraged messaging apps and their infrastructure to distribute malware, steal and store data, and deliver malicious payloads.
Security researchers discovered a “package planting” flaw that allows malware developers to add respected open-source contributors to malicious NPM packages without notification or approval.
Lazarus APT targets the employees of blockchain companies with fake job offers, tricking them into downloading trojanized apps that steal security keys and make fraudulent transactions.
US intelligence agencies have issued a public warning indicating that APT groups have developed a "mutli-tool" malware kit that targets a commonly used range of industrial control systems.
The operation disrupted Russian GRU control over infected devices by removing Cyclops Blink botnet malware from the infected WatchGuard Firebox devices used as command-and-control (C2) servers.