Blogs

A new method in cyberattacks uses ZIP file concatenation to deliver malicious payloads undetected. By leveraging differences in ZIP parser handling, attackers can hide trojans in ZIP files, targeting unsuspecting users via phishing emails disguised as legitimate notices.

The newly discovered SteelFox malware leverages a vulnerable driver to escalate privileges, enabling it to steal sensitive data and mine cryptocurrency on Windows machines. Distributed through cracked software on forums and torrent sites, SteelFox presents significant risks to users of popular programs like AutoCAD, JetBrains, and Foxit PDF Editor.

Microsoft has officially launched Windows Server 2025, bringing a host of exciting new features and improvements for businesses looking to leverage cutting-edge technology for their infrastructure. Available from November 1st, 2024, Windows Server 2025 delivers significant advancements in virtualization, security, and storage. 

A dangerous new Android banking malware, dubbed ToxicPanda, has infected over 1,500 devices by bypassing security measures and exploiting Android’s accessibility features to facilitate fraudulent money transfers. With roots in the TgToxic malware, ToxicPanda is suspected to be the work of a Chinese-speaking threat actor targeting bank customers in Europe and Latin America.

The newly emerged Interlock ransomware is designed to specifically target FreeBSD servers, exploiting the OS's prevalence in critical infrastructure environments. This ransomware operation, active since late September 2024, has already compromised several organizations, using a unique FreeBSD-based encryptor to execute double-extortion attacks, leaving critical services vulnerable.

The latest variant of the FakeCall malware has taken vishing attacks to a new level, hijacking Android devices to intercept banking calls and manipulate call interfaces. This highly sophisticated malware leverages accessibility permissions to gain control over calls, messages, and other sensitive data, tricking users into sharing critical financial information.

A large-scale ransomware campaign targeting over 22,000 CyberPanel instances has leveraged a critical remote code execution vulnerability to infiltrate servers and encrypt files. Known as the PSAUX ransomware, this attack exploits authentication flaws, command injection vulnerabilities, and security filter bypasses in CyberPanel version 2.3.6, leading to mass outages and compromised data security.

Cybersecurity researchers have identified a significant rise in phishing attacks utilizing Webflow, a legitimate website builder. These attacks target sensitive login information for various cryptocurrency wallets and corporate webmail platforms. With a tenfold increase in phishing traffic between April and September 2024, the campaigns highlight the growing sophistication of cybercriminals leveraging legitimate tools to deceive users.

This Diwali, light up your digital life with complete protection from Net Protector. Celebrate worry-free with our powerful, fast, and multilayered security solutions, keeping your devices safe from cyber threats.

TeamTNT, a notorious hacking group specializing in cryptojacking, has unleashed a new wave of cyberattacks aimed at cloud-native environments. Exploiting exposed Docker APIs, the group is deploying malware and cryptominers, utilizing breached Docker instances for cryptocurrency mining and renting the compromised infrastructure for profit. This multi-stage campaign highlights the need for vigilant cloud security to prevent unauthorized access and cryptomining activity.

Fortinet has disclosed an actively exploited critical vulnerability, CVE-2024-47575, impacting FortiManager and FortiAnalyzer devices, which has been attributed to threat cluster UNC5820. This flaw, labeled FortiJump, enables remote unauthenticated attackers to execute arbitrary code on compromised systems, allowing for data exfiltration and potential lateral movement across enterprise networks. The U.S. CISA has flagged this vulnerability for immediate federal agency action, urging rapid patching to prevent unauthorized access and data theft.

A new variant of the Qilin (Agenda) ransomware, known as Qilin.B, has been discovered with enhanced encryption methods, improved evasion techniques, and capabilities to disrupt data recovery. This strain targets both Windows and network systems, making it a serious threat to enterprises across various sectors.

Ransomware gangs are using the notorious LockBit’s reputation to intimidate victims and carry out sophisticated data exfiltration attacks via Amazon S3 Transfer Acceleration. These attacks exploit embedded AWS credentials and target Windows and macOS systems, encrypting data and applying pressure tactics to extract ransom payments.

Net Protector Total Security has proudly received the International VB100 certification, showcasing its exceptional malware detection abilities and reinforcing its reputation as a trusted cybersecurity solution.

The Lazarus hacking group exploited a Google Chrome zero-day vulnerability (CVE-2024-4947) through a fake decentralized finance (DeFi) game, "DeTankZone," targeting individuals in the cryptocurrency sector. This attack demonstrates Lazarus' evolving tactics, using browser exploits and rebranded games to steal sensitive data and potentially cryptocurrency.

A new phishing campaign has been uncovered targeting Russian-speaking users, leveraging the Gophish framework to deliver two remote access trojans (RATs)—DarkCrystal RAT (DCRat) and a newly identified malware, PowerRAT. The campaign exploits phishing emails, malicious documents, and HTML pages to initiate infection chains, resulting in system compromise and data exfiltration.

The Bumblebee malware loader, believed to be a creation of TrickBot developers, has resurfaced after going silent following a law enforcement disruption in May 2024. New attacks tied to Bumblebee have been observed, signaling a possible resurgence of the malware. It continues to target victims through phishing and malvertising, delivering dangerous payloads like ransomware and information-stealing malware.

A recently discovered phishing campaign is exploiting a stored cross-site scripting (XSS) vulnerability in the open-source Roundcube webmail software to steal login credentials. Threat actors are leveraging a now-patched flaw (CVE-2024-37383) via malicious emails, targeting government organizations in Commonwealth of Independent States (CIS) countries. The vulnerability, patched in May 2024, allowed attackers to execute JavaScript within victims' browsers, tricking them into revealing sensitive login information.

A new ClickFix campaign is targeting users with fake Google Meet conference errors, luring them to download infostealing malware on both Windows and macOS systems. The campaign impersonates technical issues and prompts victims to run malicious PowerShell code, infecting devices with malware like Stealc, Rhadamanthys, and AMOS Stealer.

Cybercriminals are increasingly abusing the open-source EDRSilencer tool to tamper with Endpoint Detection and Response (EDR) solutions and conceal their malicious activities. This tool uses the Windows Filtering Platform (WFP) to block security software from communicating, making it harder for organizations to detect and remove malware.