Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, March 25th, 2023.
Researchers has released a report about a new malware called dotRunpeX is being developed to distribute variously known malware families, such as BitRAT, Agent Tesla, and LokiBot. DotRunpeX is a new injector written in .NET using the Process Hollowing technique and used to infect systems with a variety of known malware families. It has become a preferred tool for cybercriminals due to its ease of use and ability to bypass security measures. It is a second-stage malware in the infection chain, often transmitted through phishing emails or malicious Google Ads
Researchers discovered a banking trojan called Mispadu, which is getting used in several spam campaigns targeting victims in Latin America – Chile, Mexico, Peru, and Portugal. The findings, which show 90,518 credentials stolen from a total of 17,595 unique websites, includes several government websites: 105 in Chile, 431 in Mexico and 265 in Peru.
The upgraded version of the Mispadu banking Trojan comes with a new backdoor programmed using Rust that still bypasses endpoint protection tools, but the infection rate is low.
A new version of a decryption tool for the Conti ransomware has been published by Kaspersky researchers, based on previously leaked source code for the Conti ransomware. Earlier last year, the source code of the Conti ransomware operation has been released by the researchers to protest the potential conflict. Based on that , an unknown ransomware group started distributing a modified version of the Conti ransomware in attacks.
Last month, Kaspersky researchers uncovered a new portion of leaked data published on forums and noticed the presence of 258 private keys. The leak also included source code and some pre-compiled decryptor, which allowed the researchers to release new version of the public decryptor.
Russian based threat actor Killnet has been observed targeting healthcare applications hosted using the Microsoft Azure infrastructure for over three months. Microsoft has published the details of the new campaign in an advisory published on last week. The Azure Network Security Team said it saw between 10 and 20 attacks in November 2022 and between 40 and 60 daily attacks in February 2023.
The National Basketball Association (NBA) is the latest organization to suffer a data breach, with data stolen following the hack of a third-party newsletter service provider. The association started informing affected fans, describing the data theft as an “incident”. The data stolen from the unnamed third-party provider included names and email addresses but did not include usernames, passwords, or other PII.
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day.
Researchers have discovered a new ransomware family that has been highly active over the past several months. The threat actor known to be Trigona, targets organizations in agriculture, construction, finance, high tech, manufacturing, and marketing in Australia, Italy, France, Germany, New Zealand, and the United States.