Hostrisk

Researchers discovered a new, modular banking trojan with ties to Cerberus and Alien that has the capability to become a much larger threat than it is now.

https://threatpost.com/xenomorph-malware-google-play-facehugger/178563/

Researchers said a Jan. 27 attack that aired footage of opposition leaders calling for assassination of Iran’s Supreme Leader was a clumsy and unsophisticated wiper attack.

https://threatpost.com/iranian-state-broadcaster-clumsy-buggy-code/178524/

Kraken has already spread like wildfire, but in the past few months, the malware’s author has been tinkering away, adding more infostealers and backdoors.

https://threatpost.com/golang-botnet-pulling-in-3k-month/178509/

On Tuesday, institutions central to Ukraine’s military and economy were hit with denial-of-service (DoS) attacks. Impact was limited, but the ramifications are not.

https://threatpost.com/ukrainian-ddos-attacks-should-put-us-on-notice-researchers/178498/

Threat actors are infiltrating the increasingly popular collaboration app to attach malicious files to chat threads that drop system-hijacking malware.

https://threatpost.com/microsoft-teams-targeted-takeover-trojans/178497/

The resurgent trojan has targeted 60 top companies to harvest credentials for a wide range of applications, with an eye to virulent follow-on attacks.

https://threatpost.com/trickbot-amazon-paypal-top-brands/178483/

The phishing attacks are spoofing LinkedIn to target ‘Great Resignation’ job hunters, who are also being preyed on by huge data-scraping bot attacks.

https://threatpost.com/massive-linkedin-phishing-bot-attacks-hungry-job-seekers/178476/

An ongoing malicious email campaign that includes macro-laden files and multiple layers of obfuscation has been active since late December.

https://threatpost.com/emotet-spreading-malicious-excel-files/178444/

Researchers have never before seen SquirrelWaffle attackers use typosquatting to keep sending spam once a targeted Exchange server has been patched for ProxyLogon/ProxyShell.

https://threatpost.com/squirrelwaffle-fraud-exchange-server-malspamming/178434/

Since 2017, the attacker has flung simple off-the-shelf malware in malicious email campaigns aimed at aviation, aerospace, transportation and defense.

https://threatpost.com/ta2541-apt-rats-aviation/178422/

Hours before the Superbowl and two days after the FBI warned about the ransomware gang, BlackByte leaked what are purportedly the NFL team’s files.

https://threatpost.com/blackbyte-tackles-the-sf-49ers-us-critical-infrastructure/178416/

35K+ players were exposed to an auto-updater that planted a trojan that choked performance for fellow modders and Colossal Order employees.

https://threatpost.com/cities-skylines-modder-banned-over-hidden-malware/178403/

The ‘ModifiedElephant’ threat actors are technically unimpressive, but they’ve evaded detection for a decade, hacking human rights advocates’ systems with dusty old keyloggers and off-the-shelf RATs.

https://threatpost.com/cybercrooks-frame-targets-plant-incriminating-evidence/178384/

The Maze gang are purportedly never going back to ransomware and have destroyed all of their ransomware source code, said somebody claiming to be the developer.

https://threatpost.com/decryptor-keys-maze-egregor-sekhmet-ransomwares/178363/

Sonya Duffin, ransomware and data-protection expert at Veritas Technologies, shares three steps organizations can take today to reduce cyberattack fallout.

https://threatpost.com/harsh-truths-cybersecurity-tips/178311/

The living-off-the-land binary (LOLBin) is anchoring a rash of cyberattacks bent on evading security detection to drop Qbot and Lokibot.

https://threatpost.com/cybercriminals-windows-utility-regsvr32-malware/178333/

Crane Hassold, former FBI analyst turned director of threat intel at Abnormal Security, shares stories from his covert work with cyberattackers.

https://threatpost.com/gumshoe-nabs-cybercrooks-fbi-tactics/178298/

Researchers from Proofpoint have spotted a new Middle East-targeted phishing campaign that delivers a novel malware dubbed NimbleMamba.

https://threatpost.com/molerats-apt-trojan-cyberespionage-campaign/178305/

Attackers infiltrated the media giant’s network using BEC, while Microsoft moved to stop such attacks by blocking VBA macros in 5 Windows apps. Included: more ways to help stop BEC.

https://threatpost.com/china-suspected-news-corp-cyberespionage/178277/

However, groups are rebranding and recalibrating their profiles and tactics to respond to law enforcement and the security community’s focus on stopping ransomware attacks.

https://threatpost.com/lockbit-blackcat-swissport-ransomware-activity/178261/