Cybersecurity researchers have identified an increasing trend where threat actors are abusing legitimate and commercially available packer software, such as BoxedApp, to evade detection and distribute malware, including remote access trojans and information stealers. Targeted Industries and Geographical Spread According to Check Point security researcher Jiri Vinopal, the majority of malicious samples have targeted financial institutions and government sectors.

Over time, cybercriminals find ways to exploit new cybersecurity breaches, leading to the creation of malware that compromises users' security. Every year, one or more malware variants stand out as new, evasive, or dangerous. According to our Internet Security Report (ISR), last year it was Glupteba.

Researchers at Trustwave warn that a phishing campaign is distributing malware via HTML attachments disguised as invoices. Notably, the HTML files abuse the Windows Search protocol to launch Windows Explorer and trick users into installing the malware. “Trustwave SpiderLabs has detected a sophisticated malware campaign that leverages the Windows search functionality embedded in HTML code to deploy malware,” the researchers state.

So, you’re all set up with Amazon Simple Storage Service (Amazon S3), because you’re looking for best-in-class solutions for your company’s structured and unstructured data. Smart. But there’s more to do. Here are some myths about your Amazon S3 data, the real story behind them. Phew! We’re glad you agree that your Amazon S3 data needs strong protection. Wise decision. Here’s where we can help with a faster, cheaper, better solution.

The FBI has made a significant breakthrough in the fight against LockBit ransomware by recovering over 7,000 decryption keys, which can now be used by victims to restore their encrypted data at no cost. FBI's Efforts Against LockBit Ransomware During the 2024 Boston Conference on Cyber Security, FBI Cyber Division Assistant Director Bryan Vorndran announced the recovery of these keys, emphasizing the agency's commitment to assisting past LockBit victims.

A phishing campaign is impersonating recruiting firms to target job seekers with a new strain of malware, according to researchers at Elastic Security. “Since late April 2024, our team has observed new phishing campaigns leveraging lures tied to recruiting firms,” the researchers write.

Read also: 22 Chinese Cybercriminals Get Long Prison Sentences In Zambia, two Bangladeshi cops accused of selling citizens’ data, and more.

Novel Attack Vector Uses Custom Shell for Payload Delivery and Execution A fresh variant of the Mallox ransomware has emerged, specifically targeting VMware ESXi environments with administrative privileges. This advanced attack method, discovered by researchers at Trend Micro, demonstrates the evolving sophistication of ransomware tactics. Mallox Ransomware: An Overview Mallox, also known as Fargo and Tohnichi, first emerged in June 2021.

A new phishing-as-a-service toolkit that leverages credential interception and anti-detection capabilities has put EU banks at severe risk of fraud. One of the growing dangers of the cyber crime economy is the phishing toolkit. Putting well-designed, expertly-coded webpages, authentication services, and obfuscation features into the hands of even a would-be cybercriminal creates havoc for the intended victim organizations.

Malware, short for malicious software, is a program that is intentionally designed to harm computer systems and devices. In 2022, 5.5 billion malware attacks occurred around the world. Cybercriminals often use malware to cause damage to a system, take control of your device, spy on your web activity or steal personal data for financial gain. Individuals are targeted with malware through methods such as phishing, smishing and vishing which are types of social engineering.