Python developers who spent some time coding over the holiday break may want to check out an advisory regarding a malicious PyTorch package that was being fetched from PyPI last week.
Malware RSS
AV-TEST has shared interesting data regarding malware growth in 2022. The data consists of numbers for Windows, macOS, Linux, and Android. Overall, Windows sees the biggest malware count by far.
A malware campaign is using fraudulent loan apps to trick unsuspecting users into giving out their private information. The apps have amassed over 100,000 downloads from unofficial app stores.
An Android threat campaign using fraudulent educational apps was recently found. It can capture various Facebook information such as profile name, email address, password, and phone number.
Be careful before you install that TikTok "unfiltering" software — it might be loaded with malware that can steal your passwords, Discord accounts, cryptocurrency wallets, and credit card data.
A report by Elastic Security Labs found that 6.2% of malware ends up on macOS devices. However, almost 50% of this malware come from one source, a utility software suite called MacKeeper.
A newly discovered ransomware strain is framing cybersecurity experts by claiming that they are the ones behind the attacks. However, the people blamed are not associated in any way with the malware.
A typosquatting campaign that steals sensitive data and infects Android and Windows devices with malware has recently been discovered. Many of the fake domains look very similar to the real ones.
Meta has warned one million Facebook users who may have had their accounts compromised through a fraudulent iOS or Android app. The apps required users to sign in in order for the app to "work."
A new strain of Android malware that can steal information and eavesdrop on chats has been discovered. The malware is installed on a user's device if they install a fake phone number spoofing app.
Anti-malware vendor Bitdefender has discovered that Microsoft OneDrive is being used by crypto-jackers to mine cryptocurrency. The threat actors are using the DLL hijacking method to do so.
Microsoft is switching on tamper protection for all existing customers of Microsoft Defender for Endpoint. It comes after the company enabled the feature for new customers last year.
Microsoft Edge has been found to be serving malicious tech support scam ads. While the ads appear harmless from a distance, they are designed to redirect targets to malicious domains.
HP has warned that it has discovered a new high severity privilege escalation vulnerability inside its own Support Assistant software utility. The company has also issued a fix for the security flaw.
Avast has launched the Ransomware Shield for business users. It protects files and folders from being edited by unauthorized programs, which should protect them from ransomware programs.
The UK's Competition and Markets Authority has provisionally given the go ahead of the acquisition of Avast by NortonLifeLock. It said the merger won't give the firm a monopoly position.
Microsoft's Threat Intelligence Center (MSTIC) claims it caught an Austrian company selling spyware called Subzero. The malware relied on zero-day vulnerabilities, which have been patched.
Certain Windows PCs with Gigabyte and Asus motherboards have been found to be infected with a new "CosmicStrand" UEFI rootkit. The malware is an evolution of an older rootkit dubbed "Spy Shadow".
Microsoft is soon ready to start blocking Office macros once again. The company has updated its support documentation with clear explanations and step-by-step instructions for users and IT admins.
Microsoft is privately informing some enterprise customers about a high-risk worm called "Raspberry Robin" spreading across hundreds of Windows networks through infected USB devices.
A newly discovered zero-day vulnerability in modern Windows versions allows bad actors to launch a Windows Search window and connect to infected directories using a single Word file.
Sophisticated "Alien" spyware is targeting Android users to download "Predator" malware, which can record audio, hide apps, and perform several more nefarious activities. Google has sent out patches.
Microsoft has issued a warning about the growing threat posed by human-operated ransomware in the ransomware-as-a-service (RaaS) gig economy. It has also provided some guidance for organizations.
A new Magniber ransomware campaign is here that is infecting potential victims using fake Windows updates. Upon successful infection, the threat actors are asking for payment of around $2,600 in BTC.
Google Drive users are warned about suspicious files that may have been laced with malware. The banners alerting about viruses has now been extended to each file in Google Docs, Sheets, and Slides.
Google has revealed that it banned over 190,000 malicious and spammy developers from the Play Store last year. Similarly, 1.2 million apps that violated Play Store policies were also removed.
Microsoft has outlined some steps that organizations can leverage to manage their IoT security. These involve threat modeling and building a Zero Trust solution, among many other things.
A security company has published details about Hive ransomware currently targeting vulnerable Microsoft Exchange servers and encrypting environments with a "windows.exe" file containing ransomware.
Google's Project Zero team has published its findings for 0-day exploits in the year 2021. It detected the most 0-days in this year but some positive insights that can be drawn too.
Similar to many previous campaigns of this nature, a fake Microsoft lookalike Windows 11 download website has been found to infect victims' computers with a novel Inno info stealer malware.
In our latest recap for the Microsoft-verse, we have lots of stuff to talk about including tons of Windows updates, recent cybersecurity incidents, and some useful features being added to Edge.
The Powershell Windows Toolbox that was hosted on GitHub was found to contain malicious files. This third-party Windows tool claimed to install Google Play Store, debloat Windows 11, and more.
Microsoft has publicly revealed the identity and location of a perpetrator behind ZLoader in order to deter others. The person had developed a ZLoader component that is used to distribute ransomware.
The infamous Hafnium group which successfully targeted on-premises Microsoft Exchange servers is now going after Windows using Tarrask malware which evades detection by cleaning its activities.
The US Department of Justice has released a statement about a secret FBI operation that removed a bot network controlled by the Russian Federation's Main Intelligence Directorate (GRU) last month.
A new stealer malware called Vidar has been discovered. Vidar is distributed via emails and disguised as Microsoft CHM help or support file that goes on to steal user data and information.
A new remote access trojan (RAT) or BitRAT has been found which is being distributed through fake Windows product license key activation tools. It is able to bypass detections by Windows Defender.
A new malware campaign, dubbed CryptoRom, is sneaking malware onto iPhone and iPad devices through apps and services that Apple itself offers to users who are willing to test unvetted apps.
A new crypto wallet information stealing Kraken botnet has been discovered by ZeroFox. The malware is able to easily bypass Windows Defender scans by simply adding itself as an exclusion.
A fake Microsoft lookalike website has been discovered recently which is distributing a dangerous RedLine malware in the form of a Windows 11 installer package. The RedLine malware is a stealer.