The Ragnar Locker ransomware has been deploying a full virtual machine to ensure that it can evade detection, Sophos reveals.The cybercriminals behind Ragnar Locker use various exploits or target Remote Desktop Protocol (RDP) connections to compromise networks, and also steal data from targeted networks prior to deploying the ransomware, to entice victims to

A threat actor believed to be operating out of China has been targeting physically isolated military networks in Taiwan and the Philippines, Trend Micro reports.Tracked as Tropic Trooper and KeyBoy, and active since at least 2011, the threat actor is known for the targeting of government, military, healthcare, transportation, and high-tech industries in Taiw

Microsoft’s Update Tuesday patches for April 2020 address 113 vulnerabilities, including three Windows flaws that have been exploited in attacks for arbitrary code execution and privilege escalation.Microsoft has patched two actively exploited remote code execution vulnerabilities related to the Adobe Type Manager Library. Despite its name, this library is e

Dell on Friday announced the launch of Dell SafeBIOS Events & Indicators of Attack, a utility designed to alert IT and security teams about BIOS configuration changes that could be part of a sophisticated attack.Dell SafeBIOS Events & Indicators of Attack (IoA) is available immediately worldwide for Dell commercial PCs as part of the company’s Truste

Sophos this week announced that the source code of isolation tool Sandboxie is now publicly available.Sandboxie was initially developed by Ronen Tzur, who sold it to Invincea in 2013. The sandbox-based isolation program became part of Sophos’ portfolio in 2017, after the cybersecurity solutions provider acquired Invincea.In September last year, Sophos made S

Security solutions provider Avast this week announced the launch of an Android version of its Avast Secure Browser.Previously available for Windows and macOS, the browser aims to provide users with increased security and privacy while navigating the Internet, shopping, or accessing their bank accounts on their Android devices.The mobile application builds on

Many companies are offering free cybersecurity tools and resources to help organizations during the COVID-19 coronavirus outbreak.Tens of companies have announced over the past weeks that they are offering free tools and services to organizations impacted by the pandemic. However, some experts have cautioned about these offers.“A word of caution to businesse

A malicious campaign is targeting organizations from a broad range of industries with a piece of malware known as Kwampirs, the Federal Bureau of Investigation warns.Initially detailed in 2018, the malware is a custom backdoor associated with a threat actor tracked as Orangeworm, which has been active since at least 2015, mainly targeting organizations in th

The financially-motivated hacking group FIN7 has started mailing malicious USB devices to intended victims in an effort to infect their computers with malware, the FBI warns.Active since at least 2015, the cybercrime group has been focused on stealing credit card information from businesses worldwide. The hackers were indicted in the United States for target

Some users have complained that the Windows security update released recently by Microsoft to patch a wormable vulnerability related to Server Message Block 3.0 (SMBv3) is causing problems.Microsoft released an out-of-band update for Windows 10 and Windows Server on March 12 to fix CVE-2020-0796, a vulnerability that can allow an unauthenticated attacker to

Microsoft announced this week that has deprecated Remote Desktop Connection Manager (RDCMan) due to security concerns. The application has been around for decades, providing users with the ability to manage multiple remote desktop connections, but Microsoft has long been investing in other solutions to provide users with remote desktop access. In a

Google has released a new software tool designed to identify potential USB keystroke injection attacks and block devices they originate from. With keystroke injection tools being easily availabile, they are able to send keystrokes immensely fast while being effectively invisible to the victim. Delivered over USB, keystroke injection attacks require a Hu

Many processors made by Intel are vulnerable to a newly disclosed type of attack named Load Value Injection (LVI), but the chip maker has told customers that the attack is not very practical in real world environments.The vulnerability, tracked as CVE-2020-0551, was first reported to Intel in April 2019 by Jo Van Bulck from the KU Leuven research university

Cybersecurity firm Checkpoint has created an encyclopedia of the various techniques used by malware to evade analysis.The encyclopedia covers evasion techniques related to the file system, registry, generic OS queries, global OS objects, user interface artifacts, OS features, processes, network, CPU, firmware tables, hooks, hardware, and macOS-specific sandb

Microsoft this week announced new features in its Edge browser to prevent the download of potentially unwanted applications (PUA).PUAs may refer to applications that create extra advertisements, mine for crypto-currencies, or display offers for other pieces of software that have a poor reputation. Such software can hurt user experience, lower productivity an