RIPlace: a new evasion technique that allows ransomware to bypass most antivirus

Researchers by cybersecurity firm Nyotron has discovered a new way that lets windows malware to modify files in a unique style that current anti-ransomware solutions are unable to identify.

Continue reading “RIPlace: a new evasion technique that allows ransomware to bypass most antivirus”

Also Node.js has been used to perform a Living off the Land (LotL) attack

Researchers from Cisco Talos recently discovered a new malware loader being used to deliver and infect systems using NodeJS as well as the legitimate open-source utility WinDivert.

Continue reading “Also Node.js has been used to perform a Living off the Land (LotL) attack”

CVE-2019-1132: a Windows Zero-Day exploited by Buhtrap Group in espionage campaigns

According to experts at ESET, the Windows zero-day vulnerability CVE-2019-1132 was exploited by the Buhtrap threat group in a targeted attack aimed at a government organization in Eastern Europe.

Continue reading “CVE-2019-1132: a Windows Zero-Day exploited by Buhtrap Group in espionage campaigns”

New version of FinFisher spyware used to spy on iOS and Android users in 20 countries

Malware researchers from Kaspersky have discovered new and improved versions of the FinFisher spyware, able o infect both Android and iOS devices.

According to the experts, the new versions have been active at least since 2018, one of the samples analyzed was used last month in Myanmar, where local government is accused of violating human rights.

Continue reading “New version of FinFisher spyware used to spy on iOS and Android users in 20 countries”