The Security Blog From Gridinsoft

MrB Ransomware Analysis & Removal Guide

MrB Ransomware (.mrB Files) – Analysis & File Decryption

MrB ransomware is a new Dharma ransomware sample, discovered on February 21, 2024. It is distinctive for applying a complex…

LockBit Ransomware Taken Down by NCA

On February 19, 2024, LockBit ransomware was taken down by the UK National Crime Agency in cooperation with a selection…

SYSDF Ransomware (.SYSDF Files) – Malware Analysis & Removal

SYSDF is a ransomware-type program that belongs to the Dharma malware family. Such malicious software aims mainly at small companies,…

Malicious Fake ChatGPT Apps: 7 AI Malware Scams to Avoid

Public release of ChatGPT made a sensation back in 2022; it is not an exaggeration to say it is a…

MIT Hacked, Students’ Data Sold on the Darknet

On February 13, 2024, a post on a Darknet forum appeared, offering to purchase a large pack of data leaked…

MIT Students' Data Leaked On the Darknet

MIT Hacked, Students’ Data Sold on the Darknet

On February 13, 2024, a post on a Darknet forum appeared, offering to purchase a large pack of data leaked from Massachusetts Institute of Technology (MIT). The hacker under the…

US DoJ stops Warzone RAT and arrests its operators

Warzone RAT Dismantled, Members Arrested

In an international law enforcement operation, the U.S. Department of Justice continues its fight against cybercriminals. The operation dismantled a network that sold and supported the Warzone Remote Access Trojan…

HijackLoader Malware Comes With Sophisticated Evasion Tactics

HijackLoader Malware Comes With New Evasion Methods

The HijackLoader malware has added new defense evasion techniques. Other threat actors are increasingly using the malware to deliver payloads and tooling. The developer used a standard process hollowing technique…

Critical Update for the Fortinet FortiOS SSL VPN Remote Code Execution Vulnerability

New Fortinet VPN RCE Flaw Discovered, Patch ASAP

Fortinet has issued a warning about a recently discovered critical vulnerability in its FortiOS SSL VPN system that could be actively exploited by attackers. The vulnerability in Fortinet network security…

Critical Boot Loader Vulnerability in Shim Puts Linux Systems in Danger

Shim Bootloader Vulnerability Affects Linux Systems

Researchers have identified a critical vulnerability in Shim, a widely-used Linux bootloader. This vulnerability could potentially allow attackers to execute malicious code and gain control of target systems before the…

Ov3r_Stealer Malware Spreads Through Facebook Job Listings

Ov3r_Stealer Steals Crypto and Credentials, Exploits Facebook Job Ads

A new Windows malware called Ov3r_Stealer is spreading through fake Facebook job ads, according to a report by Trustwave SpiderLabs. The malware is designed to steal sensitive information and crypto…

One More Flaw in Ivanti VPN Products

Third Ivanti VPN Vulnerability Under Massive Exploitation

Experts have discovered a third Server Side Request Forgery (SSRF) vulnerability in Ivanti products. This is a serious security issue for corporate VPN devices. The new vulnerability allows unauthorized access…

Docker API Vulnerability Exploited in Commando Cat Attacks

Docker API Vulnerability Exploited in Cryptojacking Campaign

A new campaign named “Commando Cat” uses a Docker API vulnerability. It uses Docker to gain initial access to a system and then deploys a series of malicious payloads. This…

Data Leaked From Hewlett Packard is For Sale on BreachForums

Hewlett Packard Enterprise Hacked, Darknet Forum Sales Data

On February 1, 2024, a post on a Darknet hacker forum selling Hewlett Packard Enterprise data appeared. Threat actor known as IntelBroker claims hacking into the company’s network and grabbing…

Critical Mastodon Vulnerability Leads to Account Takeover

Mastodon Vulnerability Allows for Account Takeover

A security vulnerability loophole discovered by cybersecurity experts has revealed that decentralized social network Mastodon contains a critical vulnerability. Also, the flaw could potentially allow attackers to gain unauthorized access…

Mispadu Stealer Exploits Windows SmartScreen Flaw, Targets LATAM

Mispadu Banking Trojan Exploits SmartScreen Flaw

Recent research uncovers a new sample of Mispadu malware that uses a SmartScreen bypass flaw to integrate itself into the system. This banking trojan from 2019 uses the vulnerability discovered…

Claro Company Reports Being Hacked by Trigona Ransomware

Claro Company Hit by Trigona Ransomware

Claro Company, the largest telecom operator in Central and South America, disclosed being hit by ransomware. Representatives shared this information in response to the service disruptions in several regions. From…