Neue Malware "#CoffeeLoader" tarnt sich als ASUS-Software für Gaming-PCs. Besonders trickreich: Ein Teil des Schadcodes versteckt sich im Speicher der Grafikkarte. #ASUS #Malware https://winfuture.de/news,150116.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia
North Korean threat actors are back - and scaling up. The #Lazarus Group is expanding its npm malware campaign with new RAT loaders, hex obfuscation, fresh aliases, and over 5,600 downloads across 11 packages.
Our latest research: https://socket.dev/blog/lazarus-expands-malicious-npm-campaign-11-new-packages-add-malware-loaders-and-bitbucket #JavaScript #malware
@JessTheUnstill @bohwaz @punkfairie @ajsadauskas @tomiahonen @fuchsiii Exactly...
Coincidentially, that's why #Android (and #iOS) doesn't let users have #root access because billions of devices owned by mostly "#TechIlliterates" that hardly get #SecurityUpdates would be an even bigger risk if they didn't boot a locked-down #ROM image, thus only allowing for #malware in user-privilegued userspace!
Cuz having a mobile OS that shoves everything through #Tor and only allows #userspace-Apps in the form modern web technologies would be a big #security and #privacy gain.
"Fast Flux: A National Security Threat" by US
Cybersecurity and Infrastructure Security Agency (CISA) - Advisory about evasion techniques used by bad actors to obscure locations of command & control servers for various types of #malware. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-093a #cybersecurity #network #tech
![article overview screenshot - follow link to see full text
[Cybersecurity & Infrastructure Security Agency logo] America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and Resilience
Cybersecurity Advisory
Fast Flux: A National Security Threat
Release Date
April 03, 2025
Alert Code
AA25-093A
Related topics:
Cybersecurity Best Practices, Critical Infrastructure Security and Resilience
Executive summary
Many networks have a gap in their defenses for detecting and blocking a malicious technique known as “fast flux.” This technique poses a significant threat to national security, enabling malicious cyber actors to consistently evade detection. Malicious cyber actors, including cybercriminals and nation-state actors, use fast flux to obfuscate the locations of malicious servers by rapidly changing Domain Name System (DNS) records. Additionally, they can create resilient, highly available command and control (C2) infrastructure, concealing their subsequent malicious operations. This resilient and fast changing infrastructure makes tracking and blocking malicious activities that use fast flux more difficult.
[...]](https://files.pnw.zone/media_attachments/files/114/275/834/019/197/314/original/3bf24735abb7064b.png "article overview screenshot - follow link to see full text
[Cybersecurity & Infrastructure Security Agency logo] America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and Resilience
Cybersecurity Advisory
Fast Flux: A National Security Threat
Release Date
April 03, 2025
Alert Code
AA25-093A
Related topics:
Cybersecurity Best Practices, Critical Infrastructure Security and Resilience
Executive summary
Many networks have a gap in their defenses for detecting and blocking a malicious technique known as “fast flux.” This technique poses a significant threat to national security, enabling malicious cyber actors to consistently evade detection. Malicious cyber actors, including cybercriminals and nation-state actors, use fast flux to obfuscate the locations of malicious servers by rapidly changing Domain Name System (DNS) records. Additionally, they can create resilient, highly available command and control (C2) infrastructure, concealing their subsequent malicious operations. This resilient and fast changing infrastructure makes tracking and blocking malicious activities that use fast flux more difficult.
[...]")
Cloudflare shuts down port 80 API access, malware devs turn to obscure languages like FORTH, and password reuse remains rampant. @SGgrc & @leo Laporte unpack the latest on Security Now 1019!
#CyberSecurity #Malware
Download and subscribe here:
https://buff.ly/aqfGWFq
FIN7 *again*? Seriously, these guys just don't quit, do they? 
Heads up – they've cooked up an Anubis backdoor using Python. And nope, *it's not* the Android Trojan people know. It's pretty wild what this thing packs: we're talking remote shell capabilities, file uploads, messing with the registry... 
Basically, the keys to the kingdom!
And let me tell you from a pentester's perspective: Just relying on AV? That's *definitely* not gonna cut it anymore. We all know that, right?
Looks like they're slipping in through compromised SharePoint sites now? Yikes. The nasty part? A Python script decrypts the payload *directly in memory*, making it incredibly tough to spot! 
Plus, their command and control chats happen over a Base64-encoded TCP socket.
So, keep a *sharp eye* on those ZIP attachments! Double-check your SharePoint sites' integrity. You'll also want to monitor network traffic closely (especially that TCP activity!). And make sure your endpoint security is actually up to snuff – remember, they love finding ways to bypass defenses!
How are *you* tackling threats like this one? What are your go-to tools and strategies for defense? 
Let's share some knowledge!
"What 'experts' recommend installing Kaspersky?" Hard pass...
New Triada Trojan comes preinstalled on Android devices https://securityaffairs.com/176143/malware/new-triada-comes-preinstalled-on-android-devices.html
Safer internet
Block #malware, #spyware, #ads, and #trackers across all apps with Rethink DNS. Servers in 300+ locations: Experience Blazing fast speeds.
Try #RethinkDNS for free.
The Rethink Proxy Network launching soon.
HellCat ransomware: what you need to know - HellCat - the ransomware gang that has been known to demand payment... in baguettes!
A... https://www.tripwire.com/state-of-security/hellcat-ransomware-what-you-need-know #ransomware #guestblog #malware
New Windows 11 trick lets you bypass Microsoft Account requirement
https://www.bleepingcomputer.com/news/microsoft/new-windows-11-trick-lets-you-bypass-microsoft-account-requirement/
#ycombinator #computers #windows #linux #mac #support #tech_support #spyware #malware #virus #security #Local_Account #Microsoft #Microsoft_Account #ms_cxh_localonly #Windows_11 #virus_removal #malware_removal #computer_help #technical_support
Staying ahead means staying informed, right? Here's our latest wrap of the day's Cyber News:
https://opalsec.io/daily-news-update-thursday-april-3-2025-australia-melbourne/
If you're short on time, here’s a quick whip-around of the top 3 stories of note:
Hunters Ransomware Rethink: Is the heat getting too much? Hunters International leadership reportedly told affiliates ransomware is now too "risky," planning a shift to pure data theft/extortion under a "World Leaks" banner. While their current status is murky, this potential pivot away from encryption echoes moves by other groups and highlights how defensive pressures are forcing attacker evolution – something we all need to track.
White House OpSec Woes: Remember that recent White House Signal mishap? Well, now the same National Security Adviser is reportedly facing heat for using personal Gmail for sensitive (if unclassified) government discussions, raising serious OpSec and compliance alarms. It's a potent reminder for us all: even seemingly benign comms on personal platforms can create significant risks, and basic security hygiene is non-negotiable, especially when sensitive info is involved.
Verizon API Call Log Leak: Here’s a worrying find: a simple API flaw in Verizon's Call Filter app exposed the incoming call history of potentially all their wireless customers to each other. Technically, it was a textbook case of broken object-level authorization – the API didn't check if the user's token matched the phone number whose logs were requested in a header. This highlights the critical need for robust API authorization checks and the significant privacy impact even call metadata can have.
Have a read of the full newsletter, and sign up to get all the details straight to your inbox each day:
https://opalsec.io/daily-news-update-thursday-april-3-2025-australia-melbourne/#/portal/signup
New Triada Trojan comes preinstalled on Android devices – Source: securityaffairs.com https://ciso2ciso.com/new-triada-trojan-comes-preinstalled-on-android-devices-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #TriadaTrojan #hackingnews #CyberCrime #Cybercrime #Security #hacking #Malware
Alerta: Telemóveis Android falsos podem trazer malware Triada de fábrica https://tugatech.com.pt/t65489-alerta-telemoveis-android-falsos-podem-trazer-malware-triada-de-fabrica
Ataques "ClickFix": Nova tática de hackers norte-coreanos contra firmas cripto https://tugatech.com.pt/t65487-ataques-clickfix-nova-tatica-de-hackers-norte-coreanos-contra-firmas-cripto
#Gootloader #Malware Resurfaces in #Google Ads for Legal Docs. Attackers target a familiar industry, law professionals, by hiding the infostealer in ads delivered via Google-based malvertising.
https://www.darkreading.com/cyberattacks-data-breaches/gootloader-malware-google-ads-legal-docs
New #Triada trojan comes preinstalled on #Android devices
https://securityaffairs.com/176143/malware/new-triada-comes-preinstalled-on-android-devices.html
#securityaffairs #hacking #malware
New advanced #FIN7's #Anubis #backdoor allows to gain full system control on #Windows
https://securityaffairs.com/176134/malware/new-advanced-fin7s-anubis-backdoor-allows-to-gain-full-system-control-on-windows.html
#securityaffairs #hacking #malware
Hacker News 
/
) 
