Tag: Ransomware
-
HybridPetya: UEFI Bootkit + Ransomware, Explained
TL;DR ESET has identified “HybridPetya,” a Petya/NotPetya-style ransomware that extends into the firmware layer by planting a malicious EFI application on the EFI System Partition and abusing CVE-2024-7344 to bypass UEFI Secure Boot on outdated systems. That combination enables pre-OS persistence and faster encryption of the NTFS master file table (MFT). Organizations should prioritize firmware…
-
Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling
Threat actors misused the open source Velociraptor incident‑response tool and the Visual Studio Code editor to create a covert command‑and‑control tunnel in a recent attack. Learn how the attackers abused legitimate tools and what organisations can do to detect and defend against this novel abuse.
-
ShadowCaptcha campaign hijacks WordPress sites to deliver ransomware, info‑stealers and cryptominers
The ShadowCaptcha campaign uses compromised WordPress sites to redirect visitors to fake CAPTCHA pages that install information stealers, Epsilon Red ransomware and cryptocurrency miners. Learn how the attack works and how to defend your organization.
-
HOOK Android Trojan adds ransomware overlays and over 100 commands
A new variant of the HOOK Android banking trojan adds a full-screen ransomware overlay triggered by remote commands and expands its arsenal to 107 commands, enabling credential theft, fake overlays and device takeover. Learn about this threat and how to protect yourself.
redsec.ninja 