Emotet malware now distributed by Microsoft OneNote email attachments
The move intends to bypass Microsoft security restrictions and infect more targets. Emotet is a notorious malware botnet that has historically been distributed through Microsoft Word and Excel attachments that contain malicious macros.
If a user opens the attachment and enables macros, a DLL w... Read more
Fraudulent QR codes increasingly threaten mobile devices
Users of mobile devices are increasingly at risk of phishing when they scan fraudulent QR codes. There are also more and more compromised PDF, ZIP and IMG files in circulation and the number of malvertising campaigns is increasing.
This is according to HP Wolf Security in a recent study. The stu... Read more
Hackers attack security researchers via LinkedIn
North Korean state hackers are behind a new phishing campaign targeting security researchers.
This was discovered by researchers at Mandiant. According to the security provider, North Korean hackers UNC2970 have been conducting a campaign targeting security researchers since last June. With the ... Read more
Jamf: Companies’ device patch management often out of order
Companies are often behind on device patch management.
This is one of the findings from research by Jamf into the most important threats to devices in the workplace that occurred in the past year. A very important risk is that patch management on corporate (mobile) devices is not in order.
A... Read more
Microsoft makes major change to Excel due to rising malware attacks
The effort aims to stop attackers from abusing various Office document formats as an infection vector. The company has announced that Excel will block untrusted XLL add-ins by default in Microsoft 365 tenants worldwide.
Excel XLL files are dynamic-link libraries (DLLs) that expand the functional... Read more
Business-grade routers hit by Hiatus malware
Business-grade DrayTek routers are under attack by the Hiatus malware campaign. The successfully attacked routers are transformed into "listening posts" that can intercept email and steal files.
Security experts at Lumen note that the Hiatus malware campaign has been active since July 2022. The ... Read more
More than 11,000 WordPress websites compromised by malicious script
A recent mass infection of nearly 11,000 websites has been discovered by security firm Sucuri. The websites in question use WordPress as their CMS (Content Management System) and have a malicious script injected into legitimate files, including "index.php" and "wp-cron.php."
This script acts as ... Read more
Cybercriminals use Microsoft OneNote attachments to spread malware
Security researchers warn that cybercriminals have started using OneNote attachments in phishing emails to infect victims with remote access malware, allowing attackers to steal passwords and even cryptocurrency wallets.
The tactic isn't new, as attackers have been sending malware through malici... Read more
‘GitHub Codespaces can be used for malware delivery’
Researchers warn that hackers can use GitHub Codespaces to host and deliver malware.
According to a new report from Trend Micro, threat actors can abuse the port forwarding feature in GitHub Codespaces to host and distribute malware and malicious scripts.
GitHub Codespaces became widely avai... Read more
New malicious packages found in Python Package Index repository
A threat actor has uploaded three malicious packages to the PyPI (Python Package Index) repository. The packages reportedly drop info-stealing malware on developers' systems.
The threat is significant, according to BleepingComputer, as PyPI is the most widely used repository for Python package... Read more