New Variant Of XWorm Delivered Via Windows Script File

It executes a wide range of commands like “system manipulation” (‘shutdown,’ ‘restart,’ ‘logoff’), “file operations,” and “remote code execution” via PowerShell. This diverse toolkit enables the actors to have a extensive access and control over the systems that have been compromised which makes “XWorm” a significant threat in today’s cybersecurity ecosystem. These sophisticated techniques enable “XWorm” to “access sensitive information,” “gain remote access,” and deploy “additional malware” while evading detection. It communicates with its “command and control (‘C2’) server” via “TCP sockets,” using “AES-ECB encryption” with a modified “MD5 hash” as the key. XWorm captures ‘screenshots’ using the “CopyFromScreen” function and stores them as “JPEG” images in memory before transmission. Here the new features in v5.6 include the ability to remove plugins and a “Pong” command for response time reporting.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 01 Oct 2024 15:06:24 +0000


Cyber News related to New Variant Of XWorm Delivered Via Windows Script File

CVE-2021-41769 - A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < ...
2 years ago
New Variant Of XWorm Delivered Via Windows Script File - It executes a wide range of commands like “system manipulation” (‘shutdown,’ ‘restart,’ ‘logoff’), “file operations,” and “remote code execution” via PowerShell. This diverse ...
2 months ago Cybersecuritynews.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
11 months ago Techrepublic.com
CVE-2009-3874 - Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary ...
6 years ago
Face Off: US Election Debate Sparks New Wave of Crypto-Doubling Scams | Netcraft - The page features Elon Musk’s Tesla logo instead of Trump’s campaign logo, demonstrating how criminals tailor their content to appeal to different audiences, i.e., politically engaged vs cryptocurrency minded. The perpetrators of these scams ...
2 months ago Netcraft.com
Cops dismantled LockBit before latest variant hit market The Register - Law enforcement's disruption of the LockBit ransomware crew comes as the criminal group was working on bringing a brand-new variant to market, research reveals. As part of the daily LockBit leaks this week, Trend Micro's report on the group, ...
9 months ago Go.theregister.com
Windows 11 24H2 now rolling out, here are the new features - Version 24H2 is now also accessible via Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Microsoft 365 admin center. Microsoft suggests that businesses start targeted rollouts to ensure ...
2 months ago Bleepingcomputer.com
'HeadCrab' Malware Variants Commandeer Thousands of Servers - BLACK HAT EUROPE 2023 - London - The HeadCrab malware, which adds infected devices to a botnet for use in cryptomining and other attacks, has resurfaced with a shiny new variant that allows root access to Redis open source servers. Researchers from ...
11 months ago Darkreading.com
STOP ransomware, more common than LockBit, gains stealthier variant - StopCrypt, the most common ransomware family of 2023, has a new variant leveraging more advanced evasion tactics. StopCrypt, also known as STOP/DJVU, surpassed the LockBit ransomware family in detections in 2023, according to Trend Micro's 2023 ...
8 months ago Packetstormsecurity.com
See How Our Cloud-Delivered Security Services Provide 357% ROI - Investing in Palo Alto Networks Cloud-Delivered Security Services provided a 357% return on investment and net present value of $10.04 million over 3 years, along with a 6-month payback period, according to a recently released Forrester Consulting ...
8 months ago Paloaltonetworks.com
U.S. Joins U.K. to Seize LockBit Site, Disrupt Massive Ransomware Variant - The U.S. Department of Justice has partnered with the United Kingdom and international law enforcement partners in London today to announce the disruption of the LockBit ransomware group. The LockBit ransomware group is one of the most active ...
9 months ago Americansecuritytoday.com
Rust-Based Botnet P2Pinfect Targets MIPS Architecture - The cross-platform botnet known as P2Pinfect has been observed taking a significant leap in sophistication. Since its emergence in July 2023, this Rust-based malware has been on the radar for its rapid expansion, according to a new advisory published ...
1 year ago Infosecurity-magazine.com
A New, Spookier Gh0st RAT Malware Haunts Global Cyber Targets - A new variant of the infamous "Gh0st RAT" malware has been identified in recent attacks targeting South Koreans and the Ministry of Foreign Affairs in Uzbekistan. The Chinese group "C.Rufus Security Team" first released Gh0st RAT on the open Web in ...
1 year ago Darkreading.com
New Malware Uses Fileless Technique to Deploy Ransomware - The group behind the Windows Gootloader malware, known as UNC2565, has effectively modified the code to make it more intrusive and difficult to detect. Researchers at Mandiant noted UNC2565 started making significant adjustments to its operational ...
1 year ago Cybersecuritynews.com
Microsoft No Longer Selling Windows 10 Licenses Redirects to Windows 11 Product Pages - Marking an end to an era, Microsoft is no longer directly selling Windows 10 product keys on their website, instead redirecting users to Windows 11 product pages. This month, Microsoft began displaying an alert on their Windows 10 Home and Pro ...
1 year ago Bleepingcomputer.com
East Texas hospital network can't receive ambulances because of potential cybersecurity incident - GetTime();if(!(u<=a&&d<=l throw new RangeError("Invalid interval");return r.inclusive?u<=l&&d<=a:ut||isNaN(t. Step):1;if(s<1||isNaN(s throw new RangeError("`options. Step):1;if(l<1||isNaN(l throw new RangeError("`options. GetTime()<=n throw new ...
1 year ago Cnn.com
Chameleon Android Malware Can Bypass Biometric Security - A new variant of the Chameleon Android banking trojan features new bypass capabilities and has expanded its targeting area, online fraud detection firm ThreatFabric reports. Active since early 2023, the malware initially targeted mobile banking ...
11 months ago Securityweek.com
Windows 11 to let admins mandate SMB encryption for outbound connections - Windows 11 will let admins mandate SMB client encryption for all outbound connections, starting with today's Windows 11 Insider Preview Build 25982 rolling out to Insiders in the Canary Channel. SMB encryption provides data end-to-end encryption and ...
1 year ago Bleepingcomputer.com
Hackers Increasingly Use Microsoft OneNote to Deliver Malware - OneNote documents are increasingly being used by threat actors to send malware to unsuspecting end users via email, according to Proofpoint researchers. It infects victims with remote access malware that can be used to install additional malware, ...
1 year ago Cybersecuritynews.com
CVE-2021-25668 - A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P ...
2 years ago
CVE-2021-25669 - A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P ...
2 years ago
SugarGh0st RAT Delivered via Malicious Windows & JavaScript - RATs allow threat actors to execute the following malicious actions while remaining hidden from the victim:-. Recently, cybersecurity researchers at Cisco Talos discovered a malicious campaign that was found to be delivering a new RAT that's been ...
1 year ago Cybersecuritynews.com
Bringing Simplicity to Security: The Journey of the Cisco Security Cloud - In June of 2022 at the RSA Conference, we announced our vision for the Cisco Security Cloud Platform. Since the announcement, we've been working hard to deliver, and the core of what we've accomplished has been rooted in how we can bring simplicity ...
11 months ago Feedpress.me
Microsoft unveils new 'Sudo for Windows' feature in Windows 11 - Microsoft introduced 'Sudo for Windows' today, a new Windows 11 feature allowing users to execute commands with elevated privileges from unelevated terminals. The company is also working on open-sourcing the new tool and recommends Gerardo Grignoli's ...
9 months ago Bleepingcomputer.com
Fake IT support sites push malicious PowerShell scripts as Windows fixes - First discovered by eSentire's Threat Response Unit, the fake support sites are promoted through YouTube channels that have been compromised and hijacked to add legitimacy to the content creator. In particular, the threat actors are creating fake ...
5 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)