The Security Blog From Gridinsoft

XZ Utils Backdoor Allows for Unauthorized SSH Access

XZ Utils Backdoor Discovered, Threating Linux Servers

A backdoor in liblzma library, a part of XZ data compression tool was discovered by Andres Freund. The maintainer of…

UnitedHealth Hack Leaks 6 TB of User Data

UnitedHealth Group, one of the largest providers of health insurance and health care services in the United States, suffered a…

Microsoft SharePoint Vulnerability Exploited, Update Now

In late March 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued the alert regarding the exploitation of a…

PyPI Malware Spreading Outbreak Exploits Typosquatting

PyPI, an index of Python packages, once again became a place for malware spreading. Threat actors registered hundreds of profiles…

ShadowRay Vulnerability Threatens AI Workloads, No Patch Available

Recent review of vulnerabilities in the Ray framework uncovered the unpatched flaw, dubbed ShadowRay. It appears that hundreds of machine…

PUA:Win32/Softcnapp Detection of Microsoft Defender

PUA:Win32/Softcnapp

Detection of PUA:Win32/Softcnapp by Microsoft Defender, assigned to an unwanted program. It sometimes appears as a false positive of a legit app, like a desktop Viber client, NZXT Cam app,…

Microsoft is Hacked Again by Midnight Blizzard

Microsoft is Hacked, Again by Midnight Blizzard

Microsoft acknowledges being hacked for the second time this year, by the same Russia state-sponsored group Midnight Blizzard. The company confirms that this new breach is the outcome of the…

The Phantom Hacker Scams

Phantom Hacker Scams On The Rise, Target Elderly

Phantom hacker scams is a specific type of fraud that aims at convincing the victim to transfer the funds due to the non-existent hacker threat. Over the last few months,…

WogRAT Malware (WingsOfGod.dll) - Teardown and Removal Tutorial

WingsOfGod.dll – WogRAT Malware Analysis & Removal

WogRAT, also known as WingsOfGod RAT, is a novice remote access trojan that attacks users from Asian countries. Named after its own file – Wingsofgod.dll, this malware attacks people since…

ALPHV/BlackCat Shuts Down In Supposed Exit Scam

ALPHV Ransomware Shut Down, Exit Scam Supposed

On March 5, 2024, ALPHV/BlackCat ransomware claimed its shutdown, “due to the FBI takeover”. Despite the actions from law enforcement really happening to this gang before, there are quite a…

LockBit Ransomware is Back After Europol Takedown

LockBit is Back With New Claims and Victims

The story around LockBit ransomware takedown on February 19 continues to unfold. After almost a week of downtime and silence, the infamous gang is back online on a new Onion…

MrB Ransomware Analysis & Removal Guide

MrB Ransomware (.mrB Files) – Analysis & File Decryption

MrB ransomware is a new Dharma ransomware sample, discovered on February 21, 2024. It is distinctive for applying a complex extension to the encrypted files that ends up with “.mrB”.…

NCA Claims LockBit Takedown in Operation Cronos

LockBit Ransomware Taken Down by NCA

On February 19, 2024, LockBit ransomware was taken down by the UK National Crime Agency in cooperation with a selection of other law enforcement agencies. The banner typical for such…

SYSDF Ransomware (Dharma) Description & Removal Guide

SYSDF Ransomware (.SYSDF Files) – Malware Analysis & Removal

SYSDF is a ransomware-type program that belongs to the Dharma malware family. Such malicious software aims mainly at small companies, aiming at file encryption with further requests for ransom payment…

7 Malicious Fake ChatGPT Apps Explained

Malicious Fake ChatGPT Apps: 7 AI Malware Scams to Avoid

Public release of ChatGPT made a sensation back in 2022; it is not an exaggeration to say it is a gamechanger. However, the scammers go wherever large numbers of people…

MIT Students' Data Leaked On the Darknet

MIT Hacked, Students’ Data Sold on the Darknet

On February 13, 2024, a post on a Darknet forum appeared, offering to purchase a large pack of data leaked from Massachusetts Institute of Technology (MIT). The hacker under the…

US DoJ stops Warzone RAT and arrests its operators

Warzone RAT Dismantled, Members Arrested

In an international law enforcement operation, the U.S. Department of Justice continues its fight against cybercriminals. The operation dismantled a network that sold and supported the Warzone Remote Access Trojan…