We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

Medusa

Ransomware crews add EDR killers to their arsenal
Tech Optimizer
March 31, 2025

Ransomware crews add EDR killers to their arsenal

Antivirus and endpoint security tools are increasingly challenged by ransomware groups that use sophisticated strategies to disable defenses early in attacks. Cisco Talos reported that in nearly half of the ransomware incidents they handled in 2024, attackers successfully employed "EDR killers" to neutralize endpoint detection and response (EDR) systems, achieving success 48 percent of the time. Tools such as EDRSilencer, EDRSandblast, EDRKillShifter, and Terminator pose significant threats to organizational security. EDRKillShifter exploits vulnerable drivers on Windows machines to terminate EDR products, a tactic observed in operations by rival gangs like Medusa, BianLian, and Play. The primary goal of these tools is to disable EDR protections, allowing attackers to operate undetected, complicating system recovery efforts. Recovery often requires wiping and rebuilding entire networks if robust backups are available. Some EDR killers, like HRSword, are legitimate software tools misused by ransomware actors to disable endpoint protection systems. Attackers have exploited misconfigured systems, particularly EDR products set to audit-only mode, which detect but do not block malicious activity. LockBit has remained the most active ransomware-as-a-service group for the third consecutive year, accounting for 16 percent of claimed attacks in 2024. Newcomer RansomHub secured the second position with 11 percent of posts to leak sites. The effectiveness of law enforcement actions plays a significant role in shaping the ransomware landscape.
FBI spots HiatusRAT malware attacks targeting web cameras, DVRs
Winsage
December 17, 2024

FBI spots HiatusRAT malware attacks targeting web cameras, DVRs

The FBI has issued a warning about HiatusRAT malware that targets vulnerable web cameras and DVRs, particularly focusing on Chinese-branded devices lacking security updates. In March 2024, HiatusRAT actors conducted a scanning campaign against Internet of Things (IoT) devices in the US, Australia, Canada, New Zealand, and the UK. They exploit known vulnerabilities, including CVE-2017-7921, CVE-2018-9995, CVE-2020-25078, CVE-2021-33044, and CVE-2021-36260, as well as weak vendor-supplied passwords. Primary targets include Hikvision and Xiongmai devices with telnet access. Attackers use tools like Ingram and Medusa to exploit devices with exposed TCP ports such as 23, 26, 554, 2323, 567, 5523, 8080, 9530, and 56575. The FBI recommends limiting the use of affected devices and isolating them from broader networks. Previous attacks linked to HiatusRAT include targeting a Defense Department server and compromising businesses through DrayTek Vigor VPN routers. Lumen, a cybersecurity firm, noted that HiatusRAT is designed to deploy additional payloads and turn compromised systems into SOCKS5 proxies. The targeting strategy aligns with broader Chinese strategic interests as highlighted in the 2023 annual threat assessment by the Office of the Director of National Intelligence.
Heroes of History is InnoGames' upcoming time-trotting strategy game, pre-registrations now open
BetaBeacon
July 29, 2024

Heroes of History is InnoGames’ upcoming time-trotting strategy game, pre-registrations now open

Forge of Empires by InnoGames is developing a new game called Heroes of History, which allows players to recruit historical figures to fight alongside them. The game includes both mythological and quirky historical figures like Abraham Lincoln and Marie Curie. Additionally, there are lists of the best mobile games of 2024 and most anticipated mobile games of the year.
Android banking trojan evolves to evade detection and strike globally - CyberGuy
Tech Optimizer
July 6, 2024

Android banking trojan evolves to evade detection and strike globally – CyberGuy

The Medusa Android trojan has made changes to evade detection, including requesting fewer permissions and adding new ones like Broadcasting SMS and Package Management. It is targeting people globally, with two different botnet groups operating in Turkey, Canada, the US, Italy, and France. The hackers are using new tactics, such as installing the malware through apps downloaded from untrusted sources.
Search