New Phishing Attack Delivers Three Types Of Malware To Victims

June 8, 2022

Phishing campaigns get more effective the more closely they can imitate a trusted source. Recently, security researchers at Fortinet discovered evidence of a phishing campaign that specifically targets Microsoft Windows users and installs three different types of malware on the systems it manages to infect. Among other things, this campaign gives the hackers behind it the ability to steal usernames, passwords, banking details, and more. That is in addition to leveraging the infected system to secretly mine for cryptocurrency, which finds its way into a wallet controlled by the hackers.

Microsoft Warns New Sysrv Botnet Variant Is Dangerous

June 7, 2022

Security researchers employed by Microsoft have recently spotted a variant of the Sysrv botnet. They have dubbed the new variant Sysrv-K. This new variant works in two ways. First, it exploits a flaw in the Spring Cloud Gateway that allows remote code execution (tracked as CVE-2022-22947). Second, the botnet scans the web for WordPress plugins with older, unpatched vulnerabilities. Of significance, this variant of the botnet can take control of web servers, which makes it dangerous indeed.

You Might Need This HP Bios Security Update

June 6, 2022

HP recently released a BIOS update to address a pair of high-severity vulnerabilities that affect a wide range of PC and notebook products offered by the company. In both cases, the vulnerabilities would allow an attacker to execute code arbitrarily and with Kernel level privileges. The two flaws are being tracked as CVE-2021-3808 and CVE-2021-3809 respectively, and both bear a CVSS 3.1 score of 8.8 which makes them both serious issues indeed.

Update Zyxel Products To Fix Possible Security Vulnerability

June 4, 2022

Do you use a Zyxel firewall? If so, there's good news. The company has fixed an issue you may not have even been aware that you had. The company pushed out the fix in a silent update a little over two weeks ago, but when they implemented the push, they didn't provide many details about it. More of those details are emerging now. Security researchers at Rapid7 discovered a critical security flaw, now being tracked as CVE-2022030525, which is listed as being a severity 9.

Say Goodbye To The Apple iPod

June 3, 2022

It is the end of an era. Apple recently announced that they were discontinuing the legendary iPod, which is now in its 7th generation of production. When first released more than fifteen years ago, the iPod was an instant smash hit that almost singlehandedly created the digital music industry, moving it from the shadowy frontier of P2P file sharing services to mainstream respectability. That's not bad for a device that costs just under two hundred bucks.

Windows 11 May Release New Feature For Copying Information

June 2, 2022

If you're a member of the Windows Insiders group, then you are likely already aware of this. If not, here's something else to look forward to when Windows 11 is formally released. Microsoft has been experimenting with a new "Suggested Actions" feature when you copy data onto your clipboard. It all begins with Windows 11 build 22621 in the Beta channel and Build 25115 in the Dev channel. There you'll see the new feature in action any time you copy something to your clipboard.

New Method Hides Malware In Windows Event Logs

June 1, 2022

At least one group of hackers has learned a new trick you need to be aware of. Security researchers at Kapersky Lab have discovered a malicious campaign-in-progress that is using event logs to store malware. That is a technique that has not been seen or documented until now. This new methodology is designed for maximum stealth, allowing the threat actor to plant fileless malware in the target device's file system.

Beware Of New Backdoor Malware Targeting Linux Users

May 31, 2022

The name Kevin Beaumont may not be familiar to you, but if you're a Linux or Solaris user, he may have just saved you a whole lot of grief. Recently, Mr. Beaumont discovered a stealthy backdoor malware that has been quietly infecting Linux and Solaris SPARC systems for more than five years. BPFdoor only parses ICMP, UDP and TCP packets checking them for a specific data value and in the case of UDP and TCP packets, also checking for a password.

New Phishing Scams Using Twitter Account Emails

May 30, 2022

Hackers around the world are increasingly targeting verified Twitter accounts with emails designed to pilfer your Twitter login credentials. Verified Twitter accounts differ from standard Twitter accounts in that they sport a large blue check mark next to the user's name, which indicates that the person who owns the account is someone of considerable influence on the platform. To be considered for verified status, you must formally apply for verification, which involves sending the company additional information including website references and pictures of your Photo ID.

Tricky Ransomware Encrypts Small Data But Overwrites Large Data

May 28, 2022

The MalwareHunterTeam recently discovered a new ransomware operation that is particularly nasty. Called Onyx, outwardly, the operation does what most ransomware campaigns do. It gets inside a corporate network, exfiltrates the data that it wants, then seems to encrypt the rest, and then threatens to release the files to the broader public unless their demands for payment are met. An additional fee is demanded to unlock the encrypted files, but there's a catch in this instance.

Contact

Network Revolution

Social Media