Paying off hackers after a ransomware infection could end up being a total loss, according to a study released Thursday which finds some attackers just take the money and run.A survey by researchers at the security firm Proofpoint found that 33 percent of organizations infected with ransomware opted to pay the ransom.But some 22 percent of those who paid a r

Attacks recently identified to target a key organization in the European energy sector have employed a remote access Trojan (RAT) previously associated with Iran-linked threat actors, Recorded Future reports.Dubbed PupyRAT, the backdoor is an open source piece of malware available on GitHub. Mainly written in Python, the threat is advertised as cross-platfor

I published the following diary on isc.sans.edu: “Complex Obfuscation VS Simple Trick“: Today, I would like to make a comparison between two techniques applied to malicious code to try to bypass AV detection. The Emotet malware family does not need to be presented. Very active for years, new waves of attacks are always fired using different in

For close to two years now, the Shlayer Trojan has been the most common threat on the macOS platform: in 2019, one in ten of our Mac security solutions encountered this malware at least once, and it accounts for almost 30% of all detections for this OS. The first specimens of this family fell into our hands back in February 2018, and we have since collected

A new methodology for instigating ransomware makes use of Windows' own Encrypting File System (EFS). EFS has been a part of Windows since Windows 2000. Unlike Windows' BitLocker -- which is a full disk encryption feature -- EFS can selectively encrypt individual files or folders. It does this transparently to the user, using a key that is partly stored in an

The threat actor or group behind the Satan ransomware -- and probably DBGer and Lucky and possibly Iron -- seems to be engaged in a new version or evolution of Satan: 5ss5c.According to malware researcher/analyst Bart Blaze, the actor has been working on this new product since at least November 2019. It is thought to be a work in progress because of the pres

Still under development, a newly discovered information stealer is successfully targeting Internet browsers and cryptocurrency wallet applications, and most victims are apparently located in the United States.The fairly new malware, which has been dubbed Oski Stealer, is being advertised on underground cyber-forums, including several Russian forums, security

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations that malicious hackers continue to exploit a widely known Pulse Secure VPN vulnerability.A researcher revealed recently that cybercriminals had started exploiting CVE-2019-11510, a critical vulnerability affecting enterprise VPN product

Over the past year and a half, the North Korea-linked Lazarus group has continued attacks on cryptocurrency exchanges but modified its malware and some techniques, Kaspersky reports. Supposedly backed by the North Korean government and active since at least 2009, Lazarus is believed to be behind various high-profile attacks, including the WannaCry outbr

Interpol announced on Wednesday that it has coordinated an international operation aimed at removing illegally installed cryptocurrency miners from routers located in Southeast Asia.The operation, dubbed Goldfish Alpha, was conducted in cooperation with Trend Micro, along with law enforcement and CERTs from ASEAN countries, including Brunei, Cambodia, Indone

A cyber-espionage group supposedly linked to the Chinese government is targeting non-governmental organizations (NGOs) in South and East Asia, Secureworks has revealed.Referred to as BRONZE PRESIDENT, the group may have been active since at least 2014, also targeting political and law enforcement organizations and using both proprietary and publicly availabl

A malicious application in the Google Play store targeted a recently patched zero-day vulnerability that affects multiple Android devices, including Google’s Pixel phones.Tracked as CVE-2019-2215, the vulnerability was disclosed as a zero-day in October by Google Project Zero security researcher Maddie Stone. A use-after-free in the binder driver, the bug co

A widely known vulnerability affecting an enterprise VPN product from Pulse Secure has been exploited by cybercriminals to deliver a piece of ransomware, a researcher has warned.The flaw in question, tracked as CVE-2019-11510, is one of the many security holes disclosed last year by a team of researchers in enterprise VPN products from Fortinet, Palo Alto Ne

Last week on Malwarebytes Labs, we took a dive into edge computing, looked at new web skimmer techniques, and rolled our eyes at silly people doing silly things. Other cybersecurity news: Stills and chills: A Reddit user notices their security camera is grabbing stills from other people’s devices. (Source: Reddit) Tik Tok, the clock has stopped: The US Mili

Reading Time: ~ 2 min. US Coast Guard Facility Hit with Ransomware During the last week of December a US Coast Guard facility was the target of a Ryuk ransomware attack that shut down operations for over 30 hours. Though the Coast Guard has implemented multiple cybersecurity regulations in just the last six months or so, this attack broke through the weak