JavaScript - Security Intelligence

Woman opening Monero-mining malware on an office computer.

news

Fileless Attack Campaign Leverages PCASTLE to Distribute XMRig Monero-Mining Malware

According to researchers, the fileless attack uses PCASTLE to distribute samples of XMRig, a well-known Monero-mining malware family.

June 11, 2019 | By David Bisson

news

A programmer analyzes computer code for vulnerabilities: blacksquid malware

news

BlackSquid Malware Capable of Abusing 8 Exploits to Install XMRig Monero Miner

The new BlackSquid malware is capable of abusing eight notorious exploits in its attempts to install the XMRig Monero miner.

June 5, 2019 | By David Bisson

news

Two security professionals discussing a Shade ransomware infection

news

Shade Ransomware Campaign Compromises at Least 500 WordPress and Joomla Websites

Security researchers discovered a hidden HTTP directory that is allowing threat actors to install Shade ransomware on WordPress and Joomla websites.

April 3, 2019 | By Shane Schick

news

Woman using computer infected with Shade ransomware

news

Threat Actors Impersonate Oil and Gas Companies in Latest Shade Ransomware Attack

Digital criminals tried to impersonate oil and gas companies in a recent attack campaign distributing Shade ransomware.

February 20, 2019 | By David Bisson

news

Woman shopping online with her credit card: JavaScript attack

news

Magecart Group’s Use of Credit Card-Skimming JavaScript Attack on the Rise

An online retailer was hit by a JavaScript attack from a group associated with Magecart, a collective of cybercriminals that specializes in skimming credit card numbers from compromised websites.

December 14, 2018 | By Shane Schick

news

news

Popular JavaScript Library for Node.JS Infected With Malware to Empty Bitcoin Wallets

For several months, a version of a popular JavaScript library for Node.js contained malicious code that enabled digital attackers to compromise users' bitcoin wallets.

December 11, 2018 | By David Bisson

news

Illustration of a syringe injecting red liquid into a computer monitor: watering hole campaign

news

OceanLotus Watering Hole Campaign Compromises 21 High-Profile Southeast Asian Websites

A watering hole campaign that has been active in Southeast Asia since September has compromised at least 21 websites, including government and media domains.

November 29, 2018 | By Shane Schick

news

Many CPUs facilitating crypto-mining malware.

news

Threat Actors Obfuscate JavaScript to Hide Crypto-Mining Malware

Cybercriminals buried crypto-mining malware inside compromised websites in an effort to hijack victims' computing resources.

October 17, 2018 | By Shane Schick

news

Cacti in an open field: fileless malware

news

Fileless Malware CactusTorch Executes Harmful .NET Assemblies From Memory

Security researchers observed CactusTorch, a fileless malware, using a .NET executable to run harmful .NET assemblies from memory.

August 9, 2018 | By David Bisson

news

A woman checking her email on a desktop computer.

article

Analyzing PDF and Office Documents Delivered Via Malspam

Endpoint detection and antiphishing tools can help users filter basic spam email, but detecting malspam in PDF and Microsoft Office documents requires a more thorough investigation.

May 1, 2018 | By Koen Van Impe

article

Fraudsters Abuse Smartphone Google Calendar Feature to Push Through Scam Offers

Latest Mirai Malware Variant Contains 18 Exploits, Focuses on Embedded IoT Devices

Extortion Scam Threatens Website Owners With Reputational Damage

Attack Campaign Exploits CVE-2019-2725, Abuses Certificate Files to Deliver Monero Miner

Voices of Security

X-Force Red in Action

A Secure Start

On the Front Line With IBM X-Force IRIS

IoMT Security: A Comprehensive Approach to Mitigate Risk and Secure Connected Devices

High Stakes, Rising Risks: The Ripple Effects of Cybersecurity in the Healthcare Sector

Industrial Control Systems Security: To Test or Not to Test?

Observations of ITG07 Cyber Operations

Getting Quantum Ready and What This Means for Cryptography

HawkEye Malware Operators Renew Attacks on Business Users

GozNym Closure Comes in the Shape of a Europol and DOJ Arrest Operation

Podcast: Lateral Movement: Combating High-Risk, Low-Noise Threats

Podcast: Travel Security: Why Data Safety Doesn’t Get a Day Off

Podcast: Lessons from a Gray Beard: Transitioning From the Military to Cybersecurity

Podcast: Foundations for a Winning Operational Technology (OT) Security Strategy

Webinar: Under the Radar: IBM QRadar Demo Series

Webinar: Appliance Networking Topics

Webinar: zSecure Real Time Feeds: Alert vs. Audit

Webinar: zSecure Real Time Feeds: Alert vs. Audit

Tag: JavaScript

Fileless Attack Campaign Leverages PCASTLE to Distribute XMRig Monero-Mining Malware

BlackSquid Malware Capable of Abusing 8 Exploits to Install XMRig Monero Miner

Shade Ransomware Campaign Compromises at Least 500 WordPress and Joomla Websites

Threat Actors Impersonate Oil and Gas Companies in Latest Shade Ransomware Attack

Magecart Group’s Use of Credit Card-Skimming JavaScript Attack on the Rise

Popular JavaScript Library for Node.JS Infected With Malware to Empty Bitcoin Wallets

OceanLotus Watering Hole Campaign Compromises 21 High-Profile Southeast Asian Websites

Threat Actors Obfuscate JavaScript to Hide Crypto-Mining Malware

Fileless Malware CactusTorch Executes Harmful .NET Assemblies From Memory

Analyzing PDF and Office Documents Delivered Via Malspam