Multiple threat actors are weaponizing a design flaw in Foxit PDF Reader to deliver a variety of malware such as Agent Tesla, AsyncRAT, DCRat, NanoCore RAT, NjRAT, Pony, Remcos RAT, and XWorm.
"This exploit triggers security warnings that could deceive unsuspecting users into executing harmful commands," Check Point said in a technical report. "This exploit has been used by multiple
Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that has been propagating the malware through malicious Windows Script Files (WSFs) since March 2024.
"Historically, Raspberry Robin was known to spread through removable media like USB drives, but over time its distributors have experimented with other initial infection vectors," HP Wolf Security researcher Patrick
Multiple threat actors, including LockBit ransomware affiliates, areΒ actively exploitingΒ a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and Gateway appliances to obtain initial access to target environments.
The joint advisory comes from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI),
Russian cyber espionage actors affiliated with the Federal Security Service (FSB) have been observed using a USB propagating worm calledΒ LitterDrifterΒ in attacks targeting Ukrainian entities.
Check Point, whichΒ detailedΒ Gamaredon's (aka Aqua Blizzard, Iron Tilden, Primitive Bear, Shuckworm, and Winterflounder) latest tactics, branded the group as engaging in large-scale campaigns that are
High-profile government and telecom entities in Asia have been targeted as part of an ongoing campaign since 2021 that's designed to deploy basic backdoors and loaders for delivering next-stage malware.
Cybersecurity company Check Point is tracking the activity under the nameΒ Stayin' Alive. Targets include organizations located in Vietnam, Uzbekistan, Pakistan, and Kazakhstan.
"The simplistic
An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan calledΒ BBTok, particularly users in Brazil and Mexico.
"The BBTok banker has a dedicated functionality that replicates the interfaces of more than 40 Mexican and Brazilian banks, and tricks the victims into entering its 2FA code to their bank accounts or into entering their payment card number,"
Tactical similarities have been unearthed between the double extortion ransomware group known as Rhysida and Vice Society, including in their targeting of education and healthcare sectors.
"As Vice Society was observed deploying a variety of commodity ransomware payloads, this link does not suggest that Rhysida is exclusively used by Vice Society, but shows with at least medium confidence that
A new malware strain known as BundleBot has been stealthily operating under the radar by taking advantage ofΒ .NET single-file deployment techniques, enabling threat actors to capture sensitive information from compromised hosts.
"BundleBot is abusing the dotnet bundle (single-file), self-contained format that results in very low or no static detection at all," Check PointΒ saidΒ in a report
Login
FreshRSS