2010, Information Security and Malware - Cyber Security Informer

REMnux 7, a Linux toolkit for malware analysts released

Security Affairs

JULY 26, 2020

A new version of the REMnux Linux toolkit for malware analysts is available for download, it includes a huge set of tools for professionals. REMnux is a Linux toolkit for reverse-engineering and dissecting software, it includes a collection of free tools created by the community that allows researchers to investigate malware.

Malware

Malware Advertising Software Engineering

Payment solutions giant Edenred announces malware infection

Security Affairs

NOVEMBER 22, 2019

The Payment solutions giant Edenred disclosed a malware incident that affected some of its computing systems, it immediately started an investigation. The Payment solutions giant Edenred announced that some of its computing systems have been infected with malware, the company is currently investigating the incident. Pierluigi Paganini.

Malware

Malware Advertising Mobile Government

The author of FastPOS PoS malware pleads guilty

Security Affairs

AUGUST 1, 2020

A 30-year-old Moldovan man pleaded guilty this week for creating the FastPOS malware that infected PoS systems worldwide. The Moldovan citizen Valerian Chiochiu (30), aka Onassis, pleaded guilty on Friday for creating the infamous FastPOS Point-of-Sale (POS) malware. and infraud.ws. Pierluigi Paganini.

Malware

Malware Advertising Cybercrime Hacking

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. “Thanks to you, we are now developing in the field of information security and anonymity!,”

Cybercrime

Cybercrime Advertising IoT Malware

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

SEPTEMBER 24, 2022

A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog , which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.”

Cybercrime

Cybercrime Data breaches Malware Ransomware

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

RUSdot is the successor forum to Spamdot , a far more secretive and restricted forum where most of the world’s top spammers, virus writers and cybercriminals collaborated for years before the community’s implosion in 2010. “Thanks to you, we are now developing in the field of information security and anonymity!,”

Advertising

Advertising Cybercrime System Administration Hacking

Experts linked ransomware attacks to China-linked APT27

Security Affairs

JANUARY 4, 2021

The APT group has been active since 2010, targeted organizations worldwide, including U.S. The cyber espionage group leverage both readily available tools and custom malware in their operations, many tools are available for years, but in recent attacks, their code was updated. They also uncovered the ASPXSpy webshell.

Ransomware

Ransomware Malware Encryption Financial Services

Colombian authorities arrested hacker behind the Gozi Virus

Security Affairs

JUNE 30, 2021

The Gozi banking Trojan is not a new threat, it was first spotted by security researchers in 2007. According to the experts, the Gozi Banking Malware infected more than 1 million computers worldwide, causing tens of millions of dollars in losses.

Banking

Banking Malware Hacking Information Security

A new variant of Asruex Trojan exploits very old Office, Adobe flaws

Security Affairs

AUGUST 23, 2019

Malware researchers at Trend Micro discovered a new variant of the Asruex Trojan that exploits old Microsoft Office and Adobe vulnerabilities to infect Windows and Mac systems. CVE-2010-2883 is a stack buffer overflow flaw that could be exploited by attackers to execute arbitrary code or trigger a denial of service condition. .

Malware

Malware Advertising Spyware Encryption

Iran announced to have foiled massive cyberattacks on public services

Security Affairs

APRIL 25, 2022

The attack against Iran’s national railway system involved a wiper malware dubbed Meteor and not ransomware as initially thought. Meteor was a previously undetected strain of malware, but experts were not able to link it to specific advanced persistent threat actors.

Cyber Attacks

Cyber Attacks Malware Internet Internet

NATO Chief calls for a new strategic to address new challenges

Security Affairs

OCTOBER 9, 2020

. “My thought is that the existing Strategic Concept, which we agreed in 2010, has served NATO well. Having said that, I think we all have to realise that since we agreed the Strategic Concept back in 2010, the world has fundamentally changed.” And it has actually served us well for many years.

Artificial Intelligence

Artificial Intelligence Technology Advertising Marketing

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Security Affairs

APRIL 23, 2020

The name ‘Nazar’ comes from the debug paths he found in the dump alongside Farsi resources in some of the malware droppers. The analysis of the submissions times in VirusTotal for the artifacts employed in the Nazar campaign allowed the expert to date the campaign between 2010 and 2013. ” continues the expert. .

Hacking

Hacking Advertising Malware Engineering

Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group

Security Affairs

DECEMBER 7, 2021

APT15 has been active since at least 2010, it conducted cyber espionage campaigns against targets worldwide in several industries, including defense, high tech, energy, government, aerospace, and manufacturing. “The Microsoft Digital Crimes Unit (DCU) has disrupted the activities of a China-based hacking group that we call Nickel.

VPN

VPN Manufacturing Government Hacking

British Court rejects the US’s request to extradite Julian Assange

Security Affairs

JANUARY 4, 2021

Wikileaks founder is currently facing extradition to the United States for his role in one of the largest compromises of classified information in the history of the United States. He published thousands of classified diplomatic and military documents on WikiLeaks in 2010.

Government

Government Risk Passwords Hacking

Is the recent accident at Iran Natanz nuclear plant a cyber attack?

Security Affairs

APRIL 11, 2021

.” Reports claim that the attack was launched by Israel-linked hackers, the same state is suspected to have had a main role in the Stuxnet attack that hit the same nuclear plant back in 2010.

Cyber Attacks

Cyber Attacks Energy and Utilities Media Hacking

Magecart hackers hide stolen credit card data into images and bogus CSS files

Security Affairs

JULY 12, 2021

Magecart hackers have devised a new technique to obfuscating the malware within comment blocks and hide stolen credit card data into images evading detection. Security firms have monitored the activities of a dozen groups at least since 2010. php echo ""."h"."e"."".""."llo"."w"."o"."".""."r"."l"."d"."";

Malware

Malware Software Marketing Hacking

Russia-linked Energetic Bear APT behind San Francisco airport attacks

Security Affairs

APRIL 15, 2020

The Energetic Bear APT group has been active since at least 2010 most of the victims of the group are organizations in the energy and industrial sectors. The Energetic Bear APT group has been active since at least 2010 most of the victims of the group are organizations in the energy and industrial sectors.

Data breaches

Data breaches Passwords Advertising Telecommunications

The cybersecurity researcher Dan Kaminsky has died

Security Affairs

APRIL 24, 2021

Dan Kaminsky was very active in the cyber security community, he was a regular speaker at major cybersecurity and hacking conferences, including Black Hat and DEFCON. On June 16, 2010, he was named by Internet Corporation for Assigned Names and Numbers (ICANN) as one of the Trusted Community Representatives for the DNSSEC root.

Cybersecurity

Cybersecurity InfoSec DNS Hacking

ChromeLoader campaign uses VHD files disguised as cracked games and pirated software

Security Affairs

FEBRUARY 27, 2023

Threat actors behind the ChromeLoader malware campaign are using VHD files disguised as popular games, experts warn. Researchers from Ahnlab Security Emergency Response Center ( ASEC ) recently uncovered a malware campaign distributing the ChromeLoader using VHD files. ” concludes the report.

Software

Software Malware Advertising Hacking

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

Security Affairs

SEPTEMBER 2, 2019

Stuxnet is a malicious computer worm developed to target SCADA systems that was first uncovered in 2010, but researchers believe its development begun at least 2005. and Israel get Stuxnet onto the highly secured Natanz plant? That mole physically spread the malware inside the plant using a USB flash drive.

Malware

Malware Engineering Advertising Hacking

German intelligence agency warns of China-linked APT27 targeting commercial organizations

Security Affairs

JANUARY 26, 2022

. “The Federal Office for the Protection of the Constitution ( BfV ) has information about an ongoing cyber espionage campaign by the cyber attack group APT27 using the malware variant HYPERBRO against German commercial companies.” ” reads the advisory published by the German intelligence.

Financial Services

Financial Services Surveillance Malware Cyber Attacks

COVID-19 – Johnson & Johnson saw a 30% uptick in cyber-attacks

Security Affairs

DECEMBER 5, 2020

“ Nation-state actors are targeting healthcare organizations “every single minute of every single day,” Marene Allison, the Chief Information Security Officer at Johnson & Johnson, said Thursday at the online Aspen Cyber Summit. .: Johnson & Johnson and Maryland-based Novavax Inc.,

Cyber Attacks

Cyber Attacks Healthcare CISO Information Security

China-Linked APT15 group is using a previously undocumented backdoor

Security Affairs

JULY 23, 2019

APT15 has been active since at least 2010, it conducted cyber espionage campaigns against targets worldwide in several industries, including the defense, high tech, energy, government, aerospace, and manufacturing. ” reads the report published by ESET. ” reads the report published by ESET. ” continues the report.

Malware

Malware DNS Advertising Manufacturing

China-linked Budworm APT returns to target a US entity

Security Affairs

OCTOBER 13, 2022

The China-linked APT27 group has been active since 2010, it targeted organizations worldwide, including U.S. The cyber espionage group leverage both readily available tools and custom malware in their operations, many tools are available for years, but in recent attacks, their code was updated. based organization.

Penetration Testing

Penetration Testing Financial Services Surveillance Manufacturing

330K stolen payment cards and 895K stolen gift cards sold on dark web

Security Affairs

APRIL 8, 2021

.” The investigation of the cybercriminal actor selling the gift cards and payment cards revealed that he is a prolific Russian-speaking hacker who was engaged in similar activities since 2010.

Cybercrime

Cybercrime Hacking Banking Information Security

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

Security Affairs

OCTOBER 22, 2023

BlackTech is a Chinese APT group that has been active since at least 2010 and that known for conducting cyber espionage campaigns in Asia aimed at entities in Hong Kong, Japan, and Taiwan. The researchers observed Flax Typhoon gaining and maintaining long-term access to Taiwanese organizations’ networks with minimal use of malware.

Telecommunications

Telecommunications Technology Government Firmware

Bulletproof VPN services took down in a global police operation

Security Affairs

DECEMBER 22, 2020

VPN bulletproof services are widely adopted by cybercrime organizations to carry out malicious activities, including ransomware and malware attacks, e-skimming breaches, spear-phishing campaigns, and account takeovers. ” reads the press release published by the Europol. The services were offered for prices ranging from $1.3/day

VPN

VPN Cybercrime Advertising Ransomware

Crooks leverages.htaccess injector on Joomla and WordPress sites for malicious redirects

Security Affairs

MAY 27, 2019

The website was used by attackers to redirect traffic to advertising sites that attempted to deliver malware. Sucuri spotted threat actors abusing the URL redirect function of the.htaccess file to redirect visitors of compromised websites to phishing sites, sites delivering malware, or simply to generate impressions.

Advertising

Advertising Malware Software Antivirus

Volvo Cars suffers a data breach. Is it a ransomware attack?

Security Affairs

DECEMBER 10, 2021

In 2010, Volvo Cars became a subsidiary of the Chinese manufacturer Geely Holding Group, which confirmed that it “has become aware that one of its file repositories has been illegally accessed by a third party.” Swedish automotive manufacturer Volvo Cars revealed that threat actors have stolen R&D data from its systems.

Data breaches

Data breaches Ransomware Manufacturing Hacking

US-based children’s clothing maker Hanna Andersson discloses a data breach

Security Affairs

JANUARY 21, 2020

Security firms have monitored the activities of a dozen groups at least since 2010. . The malware was completely removed on November 11, 2019. “We have taken steps to re-secure the online purchasing platform on our website and to further harden it against compromise.

Data breaches

Data breaches Retail Identity Theft eCommerce

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Security Affairs

SEPTEMBER 27, 2023

BlackTech is a Chinese APT group that has been active since at least 2010 and that known for conducting cyber espionage campaigns in Asia aimed at entities in Hong Kong, Japan, and Taiwan. The nation-state actors employed multiple custom malware families targeting Windows, Linux, and FreeBSD operating systems.

Firmware

Firmware Telecommunications System Administration Malware

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

Security Affairs

APRIL 28, 2021

The Naikon APT group is a China-linked cyber espionage group that has been active at least since 2010 and that remained under the radar since 2015 while targeting entities in Asia-Pacific (APAC) region. . The malware gains persistence by adding a new registry key to automatically execute the malicious code on system restarts after login.

Backups

Backups Malware Mobile Passwords

Machete cyber-espionage group targets Latin America military

Security Affairs

AUGUST 5, 2019

The group has been active since 2010 and hit military organizations and other high-profile targets worldwide. Experts noticed the group regularly upgrade the malware in its arsenal and its infrastructure. ” continues the report.

Advertising

Advertising Malware Hacking Government

China-linked cyberspies Turbine PANDA targeted aerospace firms for years

Security Affairs

OCTOBER 18, 2019

Security researchers at Crowdstrike conducted long-running cyber-espionage operations aimed at various aerospace firms. According to the experts the cyber espionage operations begun in January 2010, after the state-owned enterprise Commercial Aircraft Corporation of China (COMAC) selected U. Office of Personnel Management (OPM) breach.

Engineering

Engineering Manufacturing Malware Advertising

PoC Released for Critical CVE-2020-1147 flaw, SharePoint servers exposed to hack

Security Affairs

JULY 23, 2020

depending on the Windows version), SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016 , SharePoint Server 2010 Service Pack 2, SharePoint Server 2019, Visual Studio 2017 version 15.9, The CVE-2020-1147 vulnerability impacts.NET Core 2.1,NET NET Framework 2.0 and Visual Studio 2019 versions 16.0,

Hacking

Hacking Advertising Software Information Security

Naikon APT is flying under the radar since 2015

Security Affairs

MAY 7, 2020

The Naikon APT group is a China-linked cyber espionage group that has been active at least since 2010 and that remained under the radar over the past five years while targeting entities in Asia-Pacific (APAC) region. ” reads a report published by CheckPoint. ” continues the report.

Government

Government Advertising Technology Hacking

The Satan Ransomware adds new exploits to its arsenal

Security Affairs

MAY 21, 2019

The Satan ransomware first appeared in the threat landscape in January 2017 when the independent malware research @Xylit0l discovered it. Since its discovery, the malware was costantly updated, in one of the campaigns monitored by Fortinet, it utilized a cryptominer as an additional payload to maximize its profits. .

Ransomware

Ransomware Advertising Malware Encryption

The OpenSSL Project addressed three vulnerabilities

Security Affairs

FEBRUARY 18, 2021

In 2010, the Open SSL project addressed three vulnerabilities, including two DDoS issues rated high severity. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. The flaw was reported to OpenSSL Project on 21st January 2021 by D. Katz and Joel Luellwitz from Trustwave.

DDOS

DDOS Encryption Hacking Information Security

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. The threat actors behind the campaigns used two Android spyware to spy on the victims and steal sensitive information. The malware is able to steal sensitive data, record audio, and download arbitrary files.

Surveillance

Surveillance Spyware Malware Mobile

Dragon Breath APT uses double-dip DLL sideloading strategy

Security Affairs

MAY 7, 2023

Most of the victims are Chinese-speaking Windows users engaged in online gambling, the APT group relies on Telegram to distribute the malware. The malware is also able to steal cryptocurrency from the MetaMask crypto (Ethereum) wallet extension for Google Chrome. Sophos discovered a web site (telegramos[.]org)

Malware

Malware Cryptocurrency Encryption Phishing

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

SEPTEMBER 10, 2018

Security experts from Kaspersky have observed the LuckyMouse APT group (aka Emissary Panda , APT27 and Threat Group 3390) using a digitally signed 32- and 64-bit network filtering driver NDISProxy in recent attacks. The APT group has been active since at least 2010, the crew targeted U.S.

Advertising

Advertising Financial Services Malware Government

Microsoft sued North Korea-linked Thallium group

Security Affairs

DECEMBER 30, 2019

The APT group has been active since at least 2010, Microsoft revealed that the hackers launched spear-phishing using legitimate services, including Gmail, Yahoo, and Hotmail. ” Through Thallium.

Computers and Electronics

Computers and Electronics Phishing Accountability Malware

Iron Tiger APT is behind a supply chain attack that employed messaging app MiMi

Security Affairs

AUGUST 15, 2022

The Iron Tiger APT (aka Panda Emissary , APT27 , Bronze Union , Lucky Mouse , and TG-3390) is active at least since 2010 and targeted organizations in APAC, but since 2013 it is attacking high-technology targets in the US. Trend Micro experts discovered a server hosting both a HyperBro sample and a malicious Mach-O executable named “rshell.”

Malware

Malware Hacking Technology Information Security

CIA elite hacking unit was not able to protect its tools and cyber weapons

Security Affairs

JUNE 17, 2020

According to his LinkedIn profile , Schulte worked for the NSA for five months in 2010 as a systems engineer, after this experience, he joined the CIA as a software engineer and he left the CIA in November 2016. Schulte was identified a few days after WikiLeaks started leaking the precious dumps.

Hacking

Hacking Engineering Data breaches Advertising

REMnux 7, a Linux toolkit for malware analysts released

Payment solutions giant Edenred announces malware infection

Trending Sources

The author of FastPOS PoS malware pleads guilty

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Meet the Administrators of the RSOCKS Proxy Botnet

Experts linked ransomware attacks to China-linked APT27

Colombian authorities arrested hacker behind the Gozi Virus

A new variant of Asruex Trojan exploits very old Office, Adobe flaws

Iran announced to have foiled massive cyberattacks on public services

NATO Chief calls for a new strategic to address new challenges

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group

British Court rejects the US’s request to extradite Julian Assange

Is the recent accident at Iran Natanz nuclear plant a cyber attack?

Magecart hackers hide stolen credit card data into images and bogus CSS files

Russia-linked Energetic Bear APT behind San Francisco airport attacks

The cybersecurity researcher Dan Kaminsky has died

ChromeLoader campaign uses VHD files disguised as cracked games and pirated software

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

German intelligence agency warns of China-linked APT27 targeting commercial organizations

COVID-19 – Johnson & Johnson saw a 30% uptick in cyber-attacks

China-Linked APT15 group is using a previously undocumented backdoor

China-linked Budworm APT returns to target a US entity

330K stolen payment cards and 895K stolen gift cards sold on dark web

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

Bulletproof VPN services took down in a global police operation

Crooks leverages.htaccess injector on Joomla and WordPress sites for malicious redirects

Volvo Cars suffers a data breach. Is it a ransomware attack?

US-based children’s clothing maker Hanna Andersson discloses a data breach

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

Machete cyber-espionage group targets Latin America military

China-linked cyberspies Turbine PANDA targeted aerospace firms for years

PoC Released for Critical CVE-2020-1147 flaw, SharePoint servers exposed to hack

Naikon APT is flying under the radar since 2015

The Satan Ransomware adds new exploits to its arsenal

The OpenSSL Project addressed three vulnerabilities

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Dragon Breath APT uses double-dip DLL sideloading strategy

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Microsoft sued North Korea-linked Thallium group

Iron Tiger APT is behind a supply chain attack that employed messaging app MiMi

CIA elite hacking unit was not able to protect its tools and cyber weapons

Stay Connected