article thumbnail

Threat actors attempted to capitalize CrowdStrike incident

Security Affairs

The attackers attempted to trick the company’s customers into opening a ZIP archive file named “ crowdstrike-hotfix.zip.” ” The archive includes a loader named Hijack Loader used to execute the Remcos RAT. ” reads the report published by Kaspersky.

article thumbnail

CERT-UA warns of a phishing campaign targeting government entities

Security Affairs

Threat actors sent out emails attempting to impersonate Security Service of Ukraine (SSU) and contains a link to download a file named “Documents.zip.” ” Upon clicking the link, an MSI file is downloaded. If the recipient then opens this file, the ANONVNC malware, tracked as MESHAGENT, is executed. .

Phishing 118
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Threat actors attempted to capitalize CrowdStrike incident

Security Affairs

The attackers attempted to trick the company’s customers into opening a ZIP archive file named “ crowdstrike-hotfix.zip.” ” The archive includes a loader named Hijack Loader used to execute the Remcos RAT. ” reads the report published by Kaspersky.

article thumbnail

Fortinet fixes critical vulnerabilities in FortiNAC and FortiWeb

Security Affairs

The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756 , are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb. is an external control of file name or path in the keyUpload scriptlet of FortiNAC.

article thumbnail

A new Linux version of TargetCompany ransomware targets VMware ESXi environments

Security Affairs

The malware then enters “VM mode” to encrypt files with specific extensions. Once executed, the ransomware drops a text file named TargetInfo.txt that contains victim information. Like the Windows variant of the ransomware, the content of the file TargetInfo.txt is then sent to a C2 server.

article thumbnail

W4SP Stealer Stings Python Developers in Supply Chain Attack

Dark Reading

Threat actors continue to push malicious Python packages to the popular PyPI service, striking with typosquatting, authentic sounding file names, and hidden imports to fool developers and steal their information.

article thumbnail

Qakbot operations continue to evolve to avoid detection

Security Affairs

“Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel (XLM) 4.0 ThreatLabz reported that the attackers are using various different file names to disguise attachments designed to deliver Qakbot.