Cisco Talos analysts say that hackers are now using Excel add-ins to infiltrate victims’ systems and networks. After Microsoft began blocking VBA macros in Office documents downloaded from the Internet (marked as Mark Of The Web), attackers had to rethink their attack chains: for example, now hackers are increasingly using Excel add-in files (.XLL) as… Continue reading Hackers Use Excel Add-Ins as Initial Penetration Vector
Tag: Cisco Talos
New Version of Truebot Exploits Vulnerabilities in Netwrix Auditor and Raspberry Robin Worm
Information security experts warned of an increase in the number of infections with the new version of TrueBot, primarily targeting users from Mexico, Brazil, Pakistan and the United States. According to Cisco Talos, malware operators have now moved from using malicious emails to alternative delivery methods, including exploiting an RCE vulnerability in Netwrix Auditor, as… Continue reading New Version of Truebot Exploits Vulnerabilities in Netwrix Auditor and Raspberry Robin Worm
Gamaredon Hack Group Uses New Malware to Attack Ukrainian Organizations
Cisco Talos analysts write that the Russian-speaking hack group Gamaredon (aka Primitive Bear, Shuckworm, IronTiden and Callisto) is attacking Ukrainian organizations with the help of a new infostealer. The targets of this campaign are employees of the Ukrainian state, defense and law enforcement agencies. Let me remind you that we also wrote that Hacker groups… Continue reading Gamaredon Hack Group Uses New Malware to Attack Ukrainian Organizations
North Korean Group Lazarus Attacks Energy Companies
A new malware campaign by the North Korean hacker group Lazarus has been discovered, which was active from February to July 2022. This time the hackers have targeted energy suppliers around the world, including companies in the US, Canada and Japan. Let me remind you that we also reported that Microsoft accused Russia and North… Continue reading North Korean Group Lazarus Attacks Energy Companies
A special version of Flash for China turned into adware
Many users and cybersecurity specialists have discovered that a special version of Flash for China has turned into adware. As you know, at the beginning of 2021, support for Adobe Flash Player was finally discontinued. A special self-destructing code was pre-built into the software code, and starting from January 12, 2021, Adobe blocks the launch… Continue reading A special version of Flash for China turned into adware
Prometei botnet uses SMB for distribution
Cisco Talos has discovered a new botnet, Prometei, which was active since March 2020 and focused on mining the Monero (XMR) cryptocurrency. The researchers note that the Prometei botnet intensively uses the SMB protocol for distribution. The malware mainly attacks users from the USA, Brazil, Pakistan, China, Mexico and Chile. During four months of activity,… Continue reading Prometei botnet uses SMB for distribution