Trustwave’s SpiderLabs researchers have released a code that allows victims of the BlackByte ransomware to restore their files for available.While investigating a recent malware incident, the experts discovered the BlackByte ransomware. The ransomware was created to avoid infecting systems that primarily use Russian or related languages.
Trustwave analysed that,
“Unlike other ransomware that may have a unique key in each session, BlackByte uses the same raw key (which it downloads) to encrypt files and it uses a symmetric-key algorithm – … Read more
Since the beginning of 2021, Ajax Bash a Google TAG’S Analyst announces on Thursday that it is watching more than 270 government threat actors from more than 50 countries and that it has delivered 50,000 warnings to users about state – sponsored malware. that Thousands of these warnings are sent every month, even in cases where the corresponding attack is blocked.
Google reported that the figure includes organisations involved in both cyber espionage and disinformation activities. In 2021, the group … Read more
Kaspersky technologies discovered attacks on numerous Microsoft Windows systems using vulnerability in late August and early September 2021.Earlierly The attacks had several log strings from a known vulnerability CVE – 2016 – 3309. We determined that it was exploiting in the Win 32k driver that leaks the base addresses of kernel modules. Immediately reported the results to Microsoft that the information disclosure part of the attack chain did not overcome the security border.
The researchers examined the RAT used in … Read more
ESET security team had identified a new malware family named “FontOnLake” that are constantly upgraded with new functionality to infect victims with an indication of an active development phase. According to samples uploaded to VirusTotal , the first intrusions involving this threat could have occurred as early as May 2020.
ESET researchers Vladislav Hrka reported that , the Nature of FontOnLake ‘s tools together with their complex design and low usage suggest that they are used in targeted attacks. This … Read more
Cybersecurity firm ESET had identified a new malware was codenamed “ESPecter” due to its ability to persist on the ESP(EFI System Partition) as well as Microsoft Windows Driver Signature Enforcement to load its own unsigned driver that can be used to facilitate espionage activities such as document theft, keylogging, and screen monitoring by periodically capturing screenshots.
“After all the years of insignificant changes, those behind ESPecter apparently decided to move their malware from legacy BIOS systems to modern UEFI … Read more