2003 and Malware - Cyber Security Informer

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

Krebs on Security

MAY 14, 2019

Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003 , citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.

Malware

Malware Ransomware Authentication

15-Year-Old Malware Proxy Network VIP72 Goes Dark

Krebs on Security

SEPTEMBER 1, 2021

Over the past 15 years, a cybercrime anonymity service known as VIP72 has enabled countless fraudsters to mask their true location online by routing their traffic through millions of malware-infected systems. Between 2003 and 2006, Corpse focused on selling and supporting his Haxdoor malware.

Malware

Malware Cybercrime Internet Internet

Signed Malware

Schneier on Security

FEBRUARY 2, 2018

Stuxnet famously used legitimate digital certificates to sign its malware. Now, researchers have presented proof that digitally signed malware is much more common than previously believed. What's more, it predated Stuxnet, with the first known instance occurring in 2003. In total, 109 of those abused certificates remain valid.

Malware

Malware Antivirus Software Accountability

Developer successfully compiled leaked source code for MS Windows XP and Windows Server 2003 OSs

Security Affairs

SEPTEMBER 30, 2020

Last week, the source code for MS Windows XP and Windows Server 2003 OSs were leaked online, now a developer successfully compiled them. Last week, the source code for Microsoft’s Windows XP and Windows Server 2003 operating systems was published as a torrent file on the bulletin board website 4chan. Windows NT 4 MS-DOS 3.30

Advertising

Advertising Hacking Accountability Information Security

Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware

Krebs on Security

JUNE 3, 2019

But new analysis suggests that while Eternal Blue could have been used to spread the infection, the Robbinhood malware itself contains no traces of it. Stewart said he obtained a sample of the malware that he was able to confirm was connected to the Baltimore incident. National Security Agency (NSA) and leaked online in 2017.

Ransomware

Ransomware Accountability Malware Government

PRIVATELOG, a new malware that leverages Common Log File System (CLFS) to avoid detection

Security Affairs

SEPTEMBER 3, 2021

Mandiant researchers spotted a new malware family, dubbed PRIVATELOG, that relies on the Common Log File System (CLFS) to evade detection solutions. It was introduced with Windows Server 2003 R2 and included in later Windows operating systems. CLFS can be used for both data logging as well as for event logging.

Malware

Malware Encryption Hacking Cybersecurity

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

As detailed in my 2014 book, Spam Nation , Spamdot was home to crooks controlling some of the world’s nastiest botnets, global malware contagions that went by exotic names like Rustock , Cutwail , Mega-D , Festi , Waledac , and Grum. Icamis promoted his services in 2003 — such as bulk-domains[.]info w s, icamis[.]ru

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Security Affairs

JULY 15, 2022

Dragos researchers uncovered a small-scale campaign targeting industrial engineers and operators with Sality malware. During a routine vulnerability assessment, Dragos researchers discovered a campaign targeting industrial engineers and operators with Sality malware. “Dragos only tested the DirectLogic-targeting malware.

Passwords

Passwords Software Firmware Malware

Former Ubiquiti Employee Charged with Data Theft

Heimadal Security

DECEMBER 2, 2021

is a technology company based in San Jose, California created in 2003. Ubiquiti Inc. Having its headquarters in New York City, Ubiquiti produces and distributes wireless data transmission and wired equipment for businesses and residences under a variety of brand names. What Happened?

Wireless

Wireless Technology Ransomware Malware

Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…

Anton on Security

MARCH 1, 2021

As one vendor once said, “you have an adversary problem, not a malware problem.” it will be clear why in the end… We need humans because the attackers are humans with their own creativity, irrationality, weirdness, etc. We need to hunt and not rely solely on automated systems for things like detection?—?hence hence humans are a must.

Information Security

Information Security Malware Cybersecurity

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

Security Affairs

JULY 17, 2020

on the CVSS scale and affects Windows Server versions 2003 to 2019. in the Windows DNS server that affects Windows Server versions 2003 to 2019, and can be triggered by a malicious DNS response. The bug affects the DNS server component that ships with all Windows Server versions from 2003 to 2019. ” states Krebs.

DNS

DNS Government Advertising Engineering

Expert developed a MetaSploit module for the BlueKeep flaw

Security Affairs

JUNE 5, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. This Metasploit module doesn’t work against Windows Server 2003. According to Z??osum0x0,

Penetration Testing

Penetration Testing Advertising Malware Authentication

Experts devised a new attack to bypass Microsoft PatchGuard

Security Affairs

MAY 31, 2021

The feature was first introduced in 2005 with the x64 editions of Windows XP and Windows Server 2003 Service Pack 1. Patching the kernel could allow attackers to run malicious code as kernel mode, which means that malware could run with the highest level of privileges could be undetected by common security solutions.

Hacking

Hacking Malware Software Information Security

Evolution and rise of the Avaddon Ransomware-as-a-Service

Security Affairs

APRIL 3, 2021

The Avaddon ransomware operators updated their malware after security researchers released a public decryptor in February 2021. The Avaddon ransomware quickly reacted to the availability of the decryptor and released an update for the code of their malware that made the tool inefficient. Source ZDNet. ” added Walter.

Ransomware

Ransomware Encryption Malware Cybercrime

DHS also issued an alert for the Windows BlueKeep flaw

Security Affairs

JUNE 18, 2019

Microsoft has also released patches for a number of OSs that are no longer officially supported, including Windows Vista, Windows XP, and Windows Server 2003. BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities.

Authentication

Authentication Advertising Malware Firewall

Don’t Let Your Domain Name Become a “Sitting Duck”

Krebs on Security

JULY 31, 2024

” “There is evidence that some domains were used for Cobalt Strike and other malware command and control (C2). org — was registered in 2003 by the Anti-Phishing Working Group (APWG), a cybersecurity not-for-profit organization that closely tracks phishing attacks. by the brand protection firm MarkMonitor.

DNS

DNS Internet Internet Phishing

Security Affairs newsletter Round 284

Security Affairs

OCTOBER 4, 2020

Ransomware

Ransomware Advertising Firmware Insurance

Security Affairs newsletter Round 283

Security Affairs

SEPTEMBER 27, 2020

fitness chains Town Sports leaked online Group-IB detects a series of ransomware attacks by OldGremlin HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS? Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT Banking Advertising Ransomware

US disrupts Russia-linked Snake implant’s network

Security Affairs

MAY 10, 2023

The US government announced to have disrupted the peer-to-peer (P2P) network of computers compromised by the Snake malware. The malware has been designed and used by Center 16 of Russia’s Federal Security Service (FSB) in cyber espionage operations on sensitive targets. ” reads the press release published by DoJ.

Malware

Malware Government Hacking Cybersecurity

PikaBot distributed via malicious search ads

Malwarebytes

DECEMBER 15, 2023

During this past year, we have seen an increase in the use of malicious ads (malvertising) and specifically those via search engines, to drop malware targeting businesses. In the past few days, researchers including ourselves have observed PikaBot, a new malware family that appeared in early 2003, distributed via malvertising.

Social Engineering

Social Engineering Engineering Malware Marketing

Cracked Windows installations are serially infected with EternalBlue exploit code

Security Affairs

SEPTEMBER 18, 2018

ETERNALBLUE targets the Server Message Block SMBv1 protocol on port 445, it has become widely adopted in the community of malware developers to target Windows 7 and Windows XP systems. Our research has linked this to Windows machines that haven’t been updated against the NSA Eternal Blue exploit and are an open target for malware.”.

Advertising

Advertising Software Malware Hacking

Microsoft Patch Tuesday addresses dangerous RDS flaw that opens to WannaCry-like attacks

Security Affairs

MAY 15, 2019

The vulnerability tracked as CVE-2019-0863 could be exploited by an attacker with low-privileged access to the targeted system to deliver a malware. As explained by Microsoft, this vulnerability could be exploited by malware with wormable capabilities. ” It is important to highlight that the RDP itself is not vulnerable.

Malware

Malware Authentication Advertising Accountability

NSA urges Windows Users and admins to Patch BlueKeep flaw

Security Affairs

JUNE 5, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. Many security experts have already developed their own exploit code for this issue without publicly disclosing it for obvious reasons.

Penetration Testing

Penetration Testing Firewall Authentication Advertising

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers

Security Affairs

JULY 14, 2020

on the CVSS scale and affects Windows Server versions 2003 to 2019. in the Windows DNS server that affects Windows Server versions 2003 to 2019, and can be triggered by a malicious DNS response. “Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction.

DNS

DNS Advertising Malware Hacking

Lockbit Ransomware targets England Merseyrail

CyberSecurity Insiders

APRIL 28, 2021

What’s interesting in this file encrypting malware attack is the fact that few of the employees from Merseyrail and some journalists from reputed publications received an email from the company with a subject line ‘Lockbit Ransomware Attack and Data Theft’ and essayed that some sensitive data was stolen in the incident.

Ransomware

Ransomware Cyber Attacks Malware Encryption

Microsoft warns for the second time of applying BlueKeep patch

Security Affairs

MAY 31, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. Many security experts have already developed their own exploit code for this issue without publicly disclosing it for obvious reasons.

Internet

Internet Internet Malware Advertising

PoC Exploits for CVE-2019-0708 wormable Windows flaw released online

Security Affairs

MAY 23, 2019

As explained by Microsoft, this vulnerability could be exploited by malware with wormable capabilities, it could be exploited without user interaction, making it possible for malware to spread in an uncontrolled way into the target networks. Enabling NLA mitigates the bug. Patch now or GFY!

Advertising

Advertising Malware Authentication Cyber Attacks

0patch issued a micropatch to address the BlueKeep flaw in always-on servers

Security Affairs

MAY 25, 2019

As explained by Microsoft, this vulnerability could be exploited by malware with wormable capabilities, it could be exploited without user interaction, making it possible for malware to spread in an uncontrolled way into the target networks.

Advertising

Advertising Malware Cyber Attacks Authentication

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

SI-LAB captured a piece of the FlawedAmmyy malware that leverages undetected XLM macros as an Infection Vehicle to compromise user’s devices. This technology is stored in the Workbook OLE stream in Excel 97-2003 format which makes it very difficult to detect and parse by antivirus (AV) engines. macro technology.

Malware

Malware Antivirus Technology Phishing

ZombieBoy, a new Monero miner that allows to earn $1,000 on a monthly basis

Security Affairs

AUGUST 5, 2018

The expert called this new malware ZombieBoy because it uses a tool called ZombieBoyTools to drop the first dll, it uses some exploits to spread. The ZombieBoy mine leverages several exploits, including: CVE-2017-9073, RDP vulnerability on Windows XP and Windows Server 2003. CVE-2017-0143 , SMB exploit. CVE-2017-0146 , SMB exploit.

Cryptocurrency

Cryptocurrency Advertising Malware Ransomware

Britain’s information commissioner fines British Airways for 2018 Hack

Security Affairs

OCTOBER 16, 2020

. “The ICO has specific responsibilities set out in the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003. ” concludes the ICO.

Hacking

Hacking Data breaches Advertising Information Security

British Court rejects the US’s request to extradite Julian Assange

Security Affairs

JANUARY 4, 2021

. “That extradition should be refused because it would be unjust and oppressive by reason of Mr. Assange’s mental condition and the high risk of suicide pursuant to section 91 of the EA 2003;” said District Judge (Magistrates’ Court) Vanessa Baraitser In the Westminster Magistrates’ Court.

Government

Government Risk Passwords Hacking

Interior Designer Keeps Her Site Beautiful with SiteLock After Malware Attack

SiteLock

AUGUST 27, 2021

Founded in 2003, Rochelle Interiors is a full-service interior design consultation business offering decorating, space planning, remodeling, and updating for clients’ homes. According to SiteLock data, redirects account for 17% of all malware-infected sites. Company Overview. The Resolution. I got my website back.

Malware

Malware Small Business Firewall Accountability

Nokoyawa ransomware attacks with Windows zero-day

SecureList

APRIL 11, 2023

CLFS is a log file subsystem that was first introduced in Microsoft Windows Server 2003 R2 / Microsoft Vista and is implemented in the clfs.sys driver. Post exploitation and malware We see that the main purpose of using elevation-of-privilege exploits was to dump the contents of the HKEY_LOCAL_MACHINESAM registry hive. Generic Win64.Agent*

Ransomware

Ransomware Malware Engineering Technology

Microsoft July 2020 Security Updates address 123 vulnerabilities

Security Affairs

JULY 15, 2020

on the CVSS scale and affects Windows Server versions 2003 to 2019. Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction. The most severe issue is the 17-year-old wormable issue SigRed , tracked as CVE-2020-1350 , that allows hijacking of Microsoft Windows Server.

DNS

DNS Advertising Engineering Internet

Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…

Security Boulevard

MARCH 1, 2021

As one vendor once said, “you have an adversary problem, not a malware problem.” You face the attackers who use worms for everything , and these are not the dumb 2003 worms, but these are coded by the best of the best of the offensive “community”. it will be clear why in the end…. hence humans are a must.

Information Security

Information Security Malware Cybersecurity Risk

Internet scans found nearly one million systems vulnerable to BlueKeep

Security Affairs

MAY 28, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. Many security experts have already developed their own exploit code for this issue without publicly disclosing it for obvious reasons.

Internet

Internet Internet Advertising Malware

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Security Affairs

SEPTEMBER 1, 2023

These data packets can contain malware such as a trojan, ransomware, or similar dangerous program. During this lateral movement, the attacker may deploy various tools and malware to further their objectives. The NotPetya malware, another highly impactful cyber attack, also leveraged EternalBlue for propagation.

Social Engineering

Social Engineering Penetration Testing Engineering Malware

OnionPoison: infected Tor Browser installer distributed through popular YouTube channel

SecureList

OCTOBER 4, 2022

Visual Studio 2003 – 7.10 Upon startup, the malicious library creates a mutex with the name GlobalTBrowser that prevents two instances of the malware from running at the same time. The malware then reflectively loads this DLL and invokes its entry point function. 2021-Sep-25 21:56:47. dll library. The second stage DLL.

Encryption

Encryption Spyware Malware Software

First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild

Security Affairs

NOVEMBER 3, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003.

Cyber Attacks

Cyber Attacks Penetration Testing Cryptocurrency Hacking

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

Security Affairs

SEPTEMBER 2, 2019

For years, experts speculated the involvement of a spy that infiltrated the Iranian plant and installed the malware. That mole physically spread the malware inside the plant using a USB flash drive. In 2003, British and U.S. The unanswered question is, how did the U.S. and Israel get Stuxnet onto the highly secured Natanz plant?

Malware

Malware Engineering Advertising Hacking

Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues

Security Affairs

AUGUST 14, 2019

A wormable flaw could be exploited by malware to propagate from vulnerable computer to vulnerable computer without any user interaction. Windows XP, Windows Server 2003, and Windows Server 2008 are not affected. This issue reminds us of the flaw exploited by the Stuxnet malware back in 2010.

Authentication

Authentication Advertising Internet Internet

Buran ransomware-as-a-service continues to improve

Security Affairs

NOVEMBER 12, 2019

Buran is advertised as a stable malware that uses an offline cryptoclocker , 24/7 support, global and session keys, and has no third-party dependencies such as libraries. The malware will encrypt the files only if the machines are not in Russia, Belarus or Ukraine. . SecurityAffairs – Buran RaaS, malware). Pierluigi Paganini.

Ransomware

Ransomware Advertising Malware Encryption

It’s a party! Cisco SecureX at RSAC and Cisco Live US 2022

Cisco Security

MAY 11, 2022

BRKSEC-2101 – Malware Execution as A Service: a Deep Dive into CSMA Advanced File Analysis. BRKMER-2003 – Meraki & Secure Network and Cloud Analytics: Threat Detection for the Rest of Us. BRKSEC-2754 – Save Countless Hours with SecureX’s Latest Feature: Device Insights. Instructor Led Lab (4 Hours).

Firewall

Firewall Threat Detection Risk Engineering

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

15-Year-Old Malware Proxy Network VIP72 Goes Dark

Trending Sources

Signed Malware

Developer successfully compiled leaked source code for MS Windows XP and Windows Server 2003 OSs

Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware

PRIVATELOG, a new malware that leverages Common Log File System (CLFS) to avoid detection

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Former Ubiquiti Employee Charged with Data Theft

Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

Expert developed a MetaSploit module for the BlueKeep flaw

Experts devised a new attack to bypass Microsoft PatchGuard

Evolution and rise of the Avaddon Ransomware-as-a-Service

DHS also issued an alert for the Windows BlueKeep flaw

Don’t Let Your Domain Name Become a “Sitting Duck”

Security Affairs newsletter Round 284

Security Affairs newsletter Round 283

US disrupts Russia-linked Snake implant’s network

PikaBot distributed via malicious search ads

Cracked Windows installations are serially infected with EternalBlue exploit code

Microsoft Patch Tuesday addresses dangerous RDS flaw that opens to WannaCry-like attacks

NSA urges Windows Users and admins to Patch BlueKeep flaw

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers

Lockbit Ransomware targets England Merseyrail

Microsoft warns for the second time of applying BlueKeep patch

PoC Exploits for CVE-2019-0708 wormable Windows flaw released online

0patch issued a micropatch to address the BlueKeep flaw in always-on servers

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

ZombieBoy, a new Monero miner that allows to earn $1,000 on a monthly basis

Britain’s information commissioner fines British Airways for 2018 Hack

British Court rejects the US’s request to extradite Julian Assange

Interior Designer Keeps Her Site Beautiful with SiteLock After Malware Attack

Nokoyawa ransomware attacks with Windows zero-day

Microsoft July 2020 Security Updates address 123 vulnerabilities

Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…

Internet scans found nearly one million systems vulnerable to BlueKeep

UNRAVELING EternalBlue: inside the WannaCry’s enabler

OnionPoison: infected Tor Browser installer distributed through popular YouTube channel

First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues

Buran ransomware-as-a-service continues to improve

It’s a party! Cisco SecureX at RSAC and Cisco Live US 2022

Stay Connected