Showing 67 results for: "XOR".

brief
Web skimming campaign hits several websites
Hackread reports that at least 17 organizations, including major Japanese electronics manufacturing firm Casio's UK subsidiary, had their websites compromised in a double-entry web skimming attack that involved the loading of a script from the same Russian hosting provider and the di...
brief
Vulnerable devices subjected to ongoing attacks with updated Mirai botnet
BleepingComputer reports that intrusions involving a new Mirai-based botnet have been targeting Teltonika RUT9XX routers impacted by the CVE-2018-17532 flaw, TP-Link devices affected by CVE-2023-1389, and DigiEver DS-2105 Pro network video recorders with a yet-to-be patched remote code execution vu...
news
Upstart SafePay ransomware group uses LockBit builder, claims 22 victims
An emerging and little-known cybercrime operation that deploys LockBit-based ransomware has claimed 22 victims so far, according to a report by Huntress published last week. Huntress discovered that an obscure operation known as SafePay was behind two incidents targeting its customers in October...
news
‘Honkai: Star Rail’ game executable hijacked to launch ransomware
A new ransomware uses the executable for the popular video game “Honkai: Star Rail” to help launch itself while avoiding detection. The ransomware, dubbed “Kransom” and discovered by analysts from ANY.RUN, employs a technique known as dynamic-link library (DLL) side-loading to hijack the executi...
brief
US, others subjected to novel Zergeca botnet attacks
Organizations in the U.S., Canada, and Germany have been targeted with attacks involving the novel Zergeca distributed denial-of-service botnet last month, The Hacker News reports. Most of the intrusions from early to mid-June were ACK flood DDoS attacks but Zergeca had additional capabilities t...
brandview
Malware campaign attempts abuse of defender binaries
We are investigating a ransomware campaign that abuses legitimate Sophos executables and DLLs by modifying their original content, overwriting the entry-point code, and inserting the decrypted payload as a resource – in other words, impersonating legitimate files to attempt to sneak onto systems. A...
brandview
Smoke and (screen) mirrors: A strange signed backdoor
In December 2023, Sophos X-Ops received a report of a false positive detection on an executable signed by a valid Microsoft Hardware Publisher Certificate. However, the version info for the supposedly clean file looked a little suspicious. Figure 1: Version info of the detected file. Note the ty...
brief
Antivirus updates exploited for GuptiMiner malware deployment
Intrusions hijacking the eScan antivirus software's updating mechanism have been conducted by threat actors suspected to be linked to North Korean advanced persistent threat operation Kimsuky to facilitate the delivery of the sophisticated GuptiMiner malware that would then distribute cryptocurrenc...
brief
Thousands of WordPress sites impacted by Sign1 malware campaign
BleepingComputer reports that more than 39,000 WordPress sites have been compromised to display popup ads and redirects as part of the widespread Sign1 malware campaign during the past six months, with 2,500 sites infected since January alone.Threat actors behind the campaign have de...
brief
Updated QBot malware variants discovered
New variants of the QBot malware, also known as Qakbot, have emerged since mid-December despite having been disrupted in August, suggesting continuous testing by the malware developer, BleepingComputer reports. Sophos X-Ops researchers discovered that QBot samples deployed in December and January w...

You can skip this ad in 5 seconds