A recently discovered technique allows ransomware to encrypt files on Windows-based systems without being detected by existing anti-ransomware products, Nyotron security researchers warn.Dubbed RIPlace, the technique allows malware to bypass defenses using the legacy file system "rename" operation, and the security researchers say it is effective even agains

One in ten of Louisiana’s 5,000 computer network servers that power operations across state government were damaged by this week’s cyberattack, a key technology official told lawmakers Friday.Neal Underwood, Louisiana’s deputy chief information officer, said the ransomware attack wasn’t catastrophic to state government. No data was lost, and no ransom was pa

Update your Android OS because hackers might be accessing your camera and photos A camera security threat for Android devices might have affected hundreds of millions of smartphone and tablet users. The chilling revelation made by researchers exposed a system vulnerability in Android devices that was allowing unauthorized remote use and access to the device’

A newly discovered malware downloader achieves persistence through registering a new local port monitor, ESET’s security researchers report.Dubbed DePriMon, due to its use of the “Windows Default Print Monitor” name, the malware has a modular architecture and is complex enough for the researchers to consider it a framework.The threat appears to have been act

The DopplePaymer ransomware spreads via existing Domain Admin credentials, not exploits targeting the BlueKeep vulnerability, Microsoft says.The malware, which security researchers believe to have been involved in the recent attack on Mexican state-owned oil company Petróleos Mexicanos (Pemex), has been making the rounds since June 2019, with some earlier sa

Executive summary The Cybercrime Ecosystem is a series of articles explaining how cybercriminals operate, what drives them, what techniques they use and how we, regular Internet users, are part of that ecosystem. The articles will also cover technical details and up-to-date research on the threat landscape to provide a more realistic understanding of why thi

Phoenix Keylogger Attempts to Disable More Than 80 security Products, Exfiltrates Data Direct from MemoryThe Phoenix Keylogger, operating at the cusp of keylogger and infostealer, was launched in July 2019. It is sold as malware-as-a-service (MaaS), and appears to be gaining traction in the criminal underworld.Nocturnus, the research team from Cybereaso

By Gabrielle Joyce Mabutas Criminal interest in MacOS continues to grow, with malware authors churning out more threats that target users of the popular OS. Case in point: A new variant of a Mac backdoor (detected by Trend Micro as Backdoor.MacOS.NUKESPED.A) attributed to the cybercriminal group Lazarus, which was observed targeting Korean users with a macro

The official website for the Monero cryptocurrency was hacked recently and attackers replaced legitimate wallet files offered for download with a malicious version.The breach was discovered on November 18 after someone noticed that the hashes for the Linux CLI wallet available for download on getmonero.org did not match the hashes provided by the software’s

A fake Windows Update spam campaign has been dropping the Cyborg ransomware. The mail delivery mechanism claims to come from Microsoft. It directs the potential victim to an attachment described as the 'latest critical update'."The fake update attachment," writes Trustwave (who discovered the campaign), "although having a '.jpg' file extension, is an executa

Louisiana Governor John Bel Edwards on Monday revealed that a ransomware attack hit state servers, prompting a response from the state’s cyber-security team.The incident appears to have affected only some of the state’s servers, but the Office of Technology Services (OTS) decided to take offline all of the servers in an effort to ensure that the infection is

A new JavaScript skimmer targets data entered into the payment forms of ecommerce merchant websites, Visa Payment Fraud Disruption (PFD) warns.Dubbed Pipka, the skimmer was discovered on an ecommerce website previously infected with the JavaScript skimmer known as Inter, but it has infected at least sixteen other merchant websites as well.What sets Pipka apa

An Iran-linked cyberespionage group tracked as APT33 has used obfuscated botnets as part of attacks aimed at high-value targets located in the United States, the Middle East and Asia, Trend Micro reported on Thursday.APT33, which some experts believe has been active since at least 2013, is also known as Refined Kitten, Elfin, Magnallium and Holmium. It has t

Mexican state-owned oil company Petróleos Mexicanos (Pemex) on Sunday suffered a ransomware attack that took down parts of its network.The attack, the company claims, was quickly neutralized and only impacted less than 5% of the computers in its network.In an attempt to stop any rumors related to the suffered attack, the company also pointed out that it is o

ASP.NET hosting provider SmarterASP.NET is currently working on recovering customer data after being hit by a ransomware attack over the weekend.Operating since 1999, SmarterASP.NET has datacenters in the United States and Europe and serves over 440,000 customers worldwide.On Saturday, the company fell victim to a ransomware attack that resulted in its custo