2008, Information Security and Malware - Cyber Security Informer

A zero-day in Windows 7 and Windows Server 2008 has yet to be fixed

Security Affairs

NOVEMBER 26, 2020

Researcher discovers a zero-day vulnerability in Windows 7 and Windows Server 2008 while he was working on a Windows security tool. The French security researcher Clément Labro discovered a zero-day vulnerability was discovered while the security researcher was working on an update Windows security tool.

Hacking

Hacking Information Security Malware

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

PLAYFULGHOST is a new malware family with capabilities including keylogging, screen and audio capture, remote shell access, and file transfer/execution. The PLAYFULGHOST backdoor shares functionality with Gh0stRAT whose source code was publicly released in 2008. ” reads the report published by Google.

Malware

Malware Encryption Phishing Hacking

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Security Affairs

JUNE 19, 2020

New AcidBox Malware employed in targeted attacks leverages an exploit previously associated with the Russian-linked Turla APT group. Palo Alto Networks researchers analyzed a new malware, dubbed AcidBox, that was employed in targeted attacks and that leverages an exploit previously associated with the Russian-linked Turla APT group.

Malware

Malware Advertising InfoSec Hacking

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

Security Affairs

JUNE 3, 2022

An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. The activity of the group was first documented by TeamT5 researchers that also reported the use of three malware families: SpyDealer, Demsty and WinDealer. To nominate, please visit:?.

Malware

Malware Telecommunications Hacking Internet

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

Microsoft is recommending administrators to disable the SMBv1 network communication protocol on Exchange servers to prevent malware attacks. Microsoft is urging administrators to disable the SMBv1 protocol on Exchange servers as a countermeasure against malware threats like TrickBot and Emotet. Get-WindowsFeature FS-SMB1).Installed

Authentication

Authentication Malware Advertising Hacking

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

PlugX malware delivered by exploiting flaws in Chinese programs

Security Affairs

MARCH 11, 2023

Researchers observed threat actors deploying PlugX malware by exploiting flaws in Chinese remote control programs Sunlogin and Awesun. Researchers at ASEC (AhnLab Security Emergency response Center) observed threat actors deploying the PlugX malware by exploiting vulnerabilities in the Chinese remote control software Sunlogin and Awesun.

Malware

Malware Software Hacking Information Security

Threat actors leverages DLL-SideLoading to spread Qakbot malware

Security Affairs

JULY 26, 2022

Qakbot malware operators are using the Windows Calculator to side-load the malicious payload on target systems. Security expert ProxyLife and Cyble researchers recently uncovered a Qakbot campaign that was leveraging the Windows 7 Calculator app for DLL side-loading attacks. SecurityAffairs – hacking, malware).

Malware

Malware Passwords Hacking Information Security

Expert developed a MetaSploit module for the BlueKeep flaw

Security Affairs

JUNE 5, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. osum0x0 also published a video PoC that shows how to exploit the BlueKeep vulnerability on a Windows 2008 system.

Penetration Testing

Penetration Testing Advertising Malware Authentication

The Most Common Types of Malware in 2021

CyberSecurity Insiders

JANUARY 31, 2021

Regardless of how familiar you are with Information Security, you’ve probably come across the term ‘malware’ countless times. From accessing your business-critical resources and sensitive information to halting business operations and services, a malware infection can quickly become an organization’s worst nightmare come true.

Malware

Malware Computers and Electronics Adware Spyware

Qakbot is back and targets the Hospitality industry

Security Affairs

DECEMBER 18, 2023

Experts warn of a new phishing campaign distributing the QakBot malware, months after law enforcement dismantled its infrastructure. Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. ” concludes Microsoft.

Malware

Malware Phishing Ransomware Hacking

Qakbot operations continue to evolve to avoid detection

Security Affairs

JULY 13, 2022

Experts warn that operators behind the Qakbot malware operation are improving their attack chain in an attempt to avoid detection. Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. SecurityAffairs – hacking, malware). Pierluigi Paganini.

Malware

Malware Hacking Cybercrime Information Security

NSA urges Windows Users and admins to Patch BlueKeep flaw

Security Affairs

JUNE 5, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Many security experts have already developed their own exploit code for this issue without publicly disclosing it for obvious reasons. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003.

Penetration Testing

Penetration Testing Firewall Authentication Advertising

DHS also issued an alert for the Windows BlueKeep flaw

Security Affairs

JUNE 18, 2019

Enable Network Level Authentication in Windows 7, Windows Server 2008, and Windows Server 2008 R2. BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003.

Authentication

Authentication Advertising Malware Firewall

QakBot threat actors are still operational after the August takedown

Security Affairs

OCTOBER 7, 2023

Threat actors behind the QakBot malware are still active, since August they are carrying out a phishing campaign delivering Ransom Knight ransomware and Remcos RAT. Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. Duck Hunt is one of the largest U.S. .

Malware

Malware Ransomware Phishing Hacking

Black Basta ransomware operators leverage QBot for lateral movements

Security Affairs

JUNE 7, 2022

The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation.

Ransomware

Ransomware Backups Malware Firewall

Experts add a BlueKeep exploit module to MetaSploit

Security Affairs

SEPTEMBER 7, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. It has been developed to target only the 64-bit versions of Windows 7 and Windows 2008 R2. The initial PR of the exploit module targets 64-bit versions of Windows 7 and Windows 2008 R2.”

Penetration Testing

Penetration Testing Advertising Malware Engineering

Chinese APT IronHusky use Win zero-day in recent wave of attacks

Security Affairs

OCTOBER 13, 2021

Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10 (build 14393) Microsoft Windows Server 2016 (build 14393) Microsoft Windows 10 (build 17763) Microsoft Windows Server 2019 (build 17763). ” concludes Kaspersky.

Hacking

Hacking Malware Government Technology

Microsoft Patch Tuesday addresses dangerous RDS flaw that opens to WannaCry-like attacks

Security Affairs

MAY 15, 2019

The vulnerability tracked as CVE-2019-0863 could be exploited by an attacker with low-privileged access to the targeted system to deliver a malware. As explained by Microsoft, this vulnerability could be exploited by malware with wormable capabilities. ” It is important to highlight that the RDP itself is not vulnerable.

Malware

Malware Authentication Advertising Accountability

First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild

Security Affairs

NOVEMBER 3, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Over the last months, many security experts have developed their own exploit code for this issue without publicly disclosing it for obvious reasons. ” concludes the expert.

Cyber Attacks

Cyber Attacks Penetration Testing Cryptocurrency Hacking

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Security Affairs

APRIL 23, 2020

Guerrero-Saade discovered that the SIG37 campaign references hacking activities dated back as far as 2008 that was carried out by an unknown threat actor, the expert tracked it as Nazar. The name ‘Nazar’ comes from the debug paths he found in the dump alongside Farsi resources in some of the malware droppers.

Hacking

Hacking Advertising Malware Engineering

Microsoft warns for the second time of applying BlueKeep patch

Security Affairs

MAY 31, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Many security experts have already developed their own exploit code for this issue without publicly disclosing it for obvious reasons. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003.

Internet

Internet Internet Malware Advertising

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

Security Affairs

DECEMBER 1, 2023

Some of the victims’ ransom payments were sent by both Conti and Black Basta groups to gang behind the Qakbot malware. Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware spreads via malspam campaigns, it inserts replies in active email threads.

Ransomware

Ransomware Malware Retail Insurance

Regin spyware involved in attack against the Russian tech giant Yandex

Security Affairs

JUNE 28, 2019

Allegedly Western nation-state actors breached the systems of Russian tech giant Yandex in 2018, the attack involved a new variant of the Regin malware. According to the Reuters, Western state-sponsored hackers breached the systems of the Russian tech giant Yandex in 2018, the attack involved a new variant of the Regin malware.

Spyware

Spyware Malware Advertising Authentication

Security Affairs newsletter Round 291

Security Affairs

NOVEMBER 29, 2020

A cyberattack crippled the IT infrastructure of the City of Saint John Hundreds of female sports stars and celebrities have their naked photos and videos leaked online Romanians arrested for running underground malware services Threat actor shared a list of 49,577 IPs vulnerable Fortinet VPNs Computer Security and Data Privacy, the perfect alliance (..)

Data breaches

Data breaches Social Engineering Ransomware Malware

Internet scans found nearly one million systems vulnerable to BlueKeep

Security Affairs

MAY 28, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Many security experts have already developed their own exploit code for this issue without publicly disclosing it for obvious reasons. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003.

Internet

Internet Internet Advertising Malware

FBI: Operation ‘Duck Hunt’ dismantled the Qakbot botnet

Security Affairs

AUGUST 30, 2023

’ Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware spreads via malspam campaigns, it inserts replies in active email threads. The Duck Hunt operation involved law enforcement agencies from the U.S., and abroad.

Malware

Malware Manufacturing Data breaches Cyber threats

New Turla ComRAT backdoor uses Gmail for Command and Control

Security Affairs

MAY 26, 2020

Cybersecurity researchers discovered a new version of the ComRAT backdoor, also known as Agent.BTZ , which is a malware that was employed in past campaigns attributed to the Turla APT group. Earlier versions of Agent.BTZ were used to compromise US military networks in the Middle East in 2008.

Advertising

Advertising Malware Encryption Authentication

New QBot campaign delivered hijacking business correspondence

Security Affairs

APRIL 17, 2023

Kaspersky researchers warn of a new QBot campaign leveraging hijacked business emails to deliver malware. In early April, Kaspersky experts observed a surge in attacks that QBot malware attacks (aka Qakbot , QuackBot, and Pinkslipbot ). Its modular structure allows operators to implement new features to extend their capabilities.

Malware

Malware Education Banking Media

Actively exploited CVE-2020-1464 Windows Spoofing flaw was known since 2018

Security Affairs

AUGUST 19, 2020

“In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.”. The flaw affects many Windows OSs, including Windows 7 and Windows Server 2008, for which the IT giant will not provide security updates because the reached the end-of-life.

Advertising

Advertising Malware Internet Internet

Qbot uses a new email collector module in the latest campaign

Security Affairs

AUGUST 31, 2020

QBot, aka Qakbot and Pinkslipbot , has been active since 2008, it is used by malware for collecting browsing data and banking credentials and other financial information from the victims. The attackers could hijack the email threads to propagate the malware.

Banking

Banking Advertising Passwords Malware

IETF deprecates TLS 1.0 and TLS 1.1, update to latest versions

Security Affairs

MARCH 31, 2021

The Internet Engineering Task Force (IETF) formally deprecates Transport Layer Security (TLS) versions 1.0 (RFC was recommended for IETF protocols in 2008 and became obsolete with the introduction of TLS version 1.3 RFC 2246) and 1.1 (RFC Both versions lack support for current and recommended cryptographic algorithms and mechanisms.

Internet

Internet Internet Engineering Hacking

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Security Affairs

MAY 23, 2023

In October 2022, Kaspersky researchers uncovered a malware campaign aimed at infecting government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions with a previously undetected framework dubbed CommonMagic. This means that the threat actor was able to avoid detection for more than 15 years.

Malware

Malware Spyware Encryption Hacking

Zoom is working on a patch for a zero-day in Windows client

Security Affairs

JULY 9, 2020

The zero vulnerability was reported to ACROS by a security researcher who wanted to remain anonymous. The vulnerability affects Windows client running on old versions of Windows OS, including Windows 7 and Windows Server 2008 R2 and earlier. Clients running on Windows 8 or Windows 10 are not affected.

Advertising

Advertising Hacking Software Information Security

Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues

Security Affairs

AUGUST 14, 2019

A wormable flaw could be exploited by malware to propagate from vulnerable computer to vulnerable computer without any user interaction. The flaws affect Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows XP, Windows Server 2003, and Windows Server 2008 are not affected.

Authentication

Authentication Advertising Internet Internet

PoC Exploits for CVE-2019-0708 wormable Windows flaw released online

Security Affairs

MAY 23, 2019

As explained by Microsoft, this vulnerability could be exploited by malware with wormable capabilities, it could be exploited without user interaction, making it possible for malware to spread in an uncontrolled way into the target networks. Enabling NLA mitigates the bug. Patch now or GFY!

Advertising

Advertising Malware Authentication Cyber Attacks

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Security Affairs

JANUARY 18, 2022

VPNLab was launched in 2008 and was offering online anonymity to criminal organizations. Law enforcement took interest in the provider after multiple investigations uncovered criminals using the VPNLab.net service to facilitate illicit activities such as malware distribution.

VPN

VPN Cybercrime Ransomware Advertising

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

The Last Watchdog

FEBRUARY 28, 2021

Regardless of how familiar you are with Information Security, you’ve probably come across the term ‘malware’ countless times. From accessing your business-critical resources and sensitive information to halting business operations and services, a malware infection can quickly become an organization’s worst nightmare come true.

Cyber threats

Cyber threats Computers and Electronics Adware Spyware

Security Affairs newsletter Round 254

Security Affairs

MARCH 8, 2020

CIA Hacking unit APT-C-39 hit China since 2008. Malware campaign employs fake security certificate updates. The North Korean Kimsuky APT threatens South Korea evolving its TTPs. US officials charge two Chinese men for laundering cryptocurrency for North Korea. Iranian government blocked Wikipedia Farsi due Coronavirus outbreak.

Data breaches

Data breaches Advertising Mobile Ransomware

Security Affairs newsletter Round 233

Security Affairs

SEPTEMBER 29, 2019

Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. 0patch will provide micropatches for Windows 7 and Server 2008 after EoS. North Korea-linked malware ATMDtrack infected ATMs in India. Once again thank you!

Data breaches

Data breaches Advertising Malware Ransomware

NSA Equation Group tool was used by Chinese hackers years before it was leaked online

Security Affairs

FEBRUARY 22, 2021

In 2015, Kaspersky first spotted the NSA Equation Group, it revealed it was operating since at least 2001 and targeted almost any industry with sophisticated zero-day malware. We cannot exclude that APT31 has stolen the tool from Equation Group servers. .

Hacking

Hacking Malware Software Information Security

Avast released a free decryptor for the Windows version of the Akira ransomware

Security Affairs

JULY 1, 2023

In June 2023, the malware analyst rivitna published a sample of the ransomware that is compiled for Linux. Files are encrypted by Chacha 2008 ( D. Cybersecurity firm Avast released a free decryptor for the Akira ransomware that can allow victims to recover their data without paying the ransom. Bernstein’s implementation ).”

Ransomware

Ransomware Encryption Malware Hacking

After latest Microsoft Windows updates some PCs running Sophos AV not boot

Security Affairs

MAY 21, 2019

According to Sophos, the problems have been reported by customers running Windows 7 and Windows Server 2008 R2. Microsoft pointed out that this vulnerability could be exploited by malware with wormable capabilities. The experts suggest to remove Windows update by booting the system in Safe mode. ” continues the note.

Advertising

Advertising Antivirus Malware Cyber Attacks

A zero-day in Windows 7 and Windows Server 2008 has yet to be fixed

PLAYFULGHOST backdoor supports multiple information stealing features

Trending Sources

Who and What is Behind the Malware Proxy Service SocksEscort?

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Purple Lambert, a new malware of CIA-linked Lambert APT group

PlugX malware delivered by exploiting flaws in Chinese programs

Threat actors leverages DLL-SideLoading to spread Qakbot malware

Expert developed a MetaSploit module for the BlueKeep flaw

The Most Common Types of Malware in 2021

Qakbot is back and targets the Hospitality industry

Qakbot operations continue to evolve to avoid detection

NSA urges Windows Users and admins to Patch BlueKeep flaw

DHS also issued an alert for the Windows BlueKeep flaw

QakBot threat actors are still operational after the August takedown

Black Basta ransomware operators leverage QBot for lateral movements

Experts add a BlueKeep exploit module to MetaSploit

Chinese APT IronHusky use Win zero-day in recent wave of attacks

Microsoft Patch Tuesday addresses dangerous RDS flaw that opens to WannaCry-like attacks

First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Microsoft warns for the second time of applying BlueKeep patch

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

Regin spyware involved in attack against the Russian tech giant Yandex

Security Affairs newsletter Round 291

Internet scans found nearly one million systems vulnerable to BlueKeep

FBI: Operation ‘Duck Hunt’ dismantled the Qakbot botnet

New Turla ComRAT backdoor uses Gmail for Command and Control

New QBot campaign delivered hijacking business correspondence

Actively exploited CVE-2020-1464 Windows Spoofing flaw was known since 2018

Qbot uses a new email collector module in the latest campaign

IETF deprecates TLS 1.0 and TLS 1.1, update to latest versions

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Zoom is working on a patch for a zero-day in Windows client

Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues

PoC Exploits for CVE-2019-0708 wormable Windows flaw released online

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

Security Affairs newsletter Round 254

Security Affairs newsletter Round 233

NSA Equation Group tool was used by Chinese hackers years before it was leaked online

Avast released a free decryptor for the Windows version of the Akira ransomware

After latest Microsoft Windows updates some PCs running Sophos AV not boot

Stay Connected