2011, Information Security and Malware - Cyber Security Informer

PyMICROPSIA Windows malware includes checks for Linux and macOS

Security Affairs

DECEMBER 15, 2020

Experts from Palo Alto Networks’s Unit 42 discovered a new Windows info-stealing malware, named PyMICROPSIA, that might be used soon to also target Linux and macOS systems. AridViper is an Arabic speaking APT group that is active in the Middle East since at least 2011. ” reads the analysis published by Palo Alto Networks.

Malware

Malware Hacking Information Security

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

YTStealer info-stealing malware targets YouTube content creators

Security Affairs

JUNE 29, 2022

Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators. solutions.

Malware

Malware Authentication Software Accountability

Russia-linked threat actors targets critical infrastructure, US authorities warn

Security Affairs

JANUARY 12, 2022

The alert remarks that Russian nation-state actors have demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing custom malware. Russian state-sponsored APT actors’ global Energy Sector intrusion campaign, 2011 to 2018.

Malware

Malware Cyber threats Government Hacking

Security Affairs newsletter Round 284

Security Affairs

OCTOBER 4, 2020

Ransomware

Ransomware Advertising Firmware Insurance

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since at least 2011. We believe DePriMon is the first example of malware using this technique ever publicly described.”

Malware

Malware Telecommunications Advertising Encryption

US DoJ indicts four members of China-linked APT40 cyberespionage group

Security Affairs

JULY 19, 2021

US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. The fourth defendant, named Wu Shurong, was hired by Hainan Xiandun Technology Development to create malware, and hack into computer systems operated by foreign governments, companies and universities.

Hacking

Hacking Technology Government Malware

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Security Affairs

APRIL 27, 2023

Iran-linked APT group Charming Kitten employed a new malware dubbed BellaCiao in attacks against victims in the U.S., The Charming Kitten used a new custom malware, dubbed BellaCiao, that is tailored to suit individual targets and is very sophisticated. Europe, the Middle East and India. Israel, Iraq, and Saudi Arabia.

Malware

Malware DNS Media Architecture

Google disrupts the Glupteba botnet

Security Affairs

DECEMBER 7, 2021

The blockchain-enabled botnet has been active since at least 2011, researchers estimate that the Glupteba botnet is currently composed of more than 1 million Windows PCs around the world. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes.

Backups

Backups Advertising Accountability Malware

Windows Defender identified Chromium, Electron apps as Hive Ransomware

Security Affairs

SEPTEMBER 5, 2022

Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus to identify Chromium, Electron, as malware. Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus software to identify the app based on the Chromium browser engine or the Electron JavaScript framework as malware.

Ransomware

Ransomware Antivirus Malware Software

Silent Night Zeus botnet available for sale in underground forums

Security Affairs

MAY 23, 2020

The source code of the Zeus Trojan is available in the cybercrime underground since 2011 allowing crooks to develop their own release since. Experts found multiple variants in the wild, many of them belonging to the Terdot Zbot/Zloader malware family. The malware is able to infect all operating systems.

Banking

Banking Advertising Malware Data collection

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. These included PClock, CryptoLocker 2.0, Crypt0L0cker, and TorrentLocker.

Ransomware

Ransomware Hacking Encryption Penetration Testing

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

government agency created in 2011 to protect consumers in the financial sector, ensuring fair, transparent, and competitive financial markets The agency has issued a directive to employees to reduce the use of their phones and invite them to use Microsoft Teams and Cisco WebEx for their meetings and conversations that involve nonpublic data.

Hacking

Hacking Internet Internet Government

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Security Affairs

APRIL 21, 2022

Security researchers at Check Point Research have discovered a critical remote code execution that affects the implementation of the Apple Lossless Audio Codec (ALAC) in Android devices running on Qualcomm and MediaTek chipsets. ALAC was developed in 2004 and Apple open-sourced it in 2011, since then many third-party vendors used it.

Hacking

Hacking Media Malware Cybersecurity

US man sentenced to 4 years in prison for his role in Infraud scheme

Security Affairs

MAY 29, 2022

The transnational cybercrime ring was engaged in the mass acquisition and sale of fraud-related goods and services, including stolen identities, compromised credit card data, and computer malware. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS.

Cybercrime

Cybercrime Hacking Malware Cybersecurity

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Security Affairs

MAY 15, 2020

The Tropic Trooper APT that has been active at least since 2011, it was first spotted in 2015 by security experts at Trend Micro when it targeted government ministries and heavy industries in Taiwan and the military in the Philippines. ” reads the analysis published by Trend Micro. ” continues the report.

Government

Government Malware Advertising Architecture

Law enforcement operation dismantled 911 S5 botnet

Security Affairs

MAY 30, 2024

Since 2011, Wang and his co-conspirators had been distributing malware through malicious VPN applications, including MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN. The law enforcement also arrested its administrator, the 35-year-old Chinese national YunHe Wang, in Singapore. based online service providers.

VPN

VPN Cryptocurrency Malware Software

Happy 10th Birthday, Security Affairs

Security Affairs

NOVEMBER 15, 2021

I launched Security Affairs for passion in 2011 and millions of readers walked with me. Ten years ago I launched Security Affairs, the blog over the past decade obtained important successes in the cyber security community, but the greatest one is your immense affection. Ten years together! I’m very excited.

Cybercrime

Cybercrime Hacking Cybersecurity Data breaches

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

Security Affairs

OCTOBER 16, 2021

FinCEN analyzed a data set composed of 2,184 SARs filed between 1 January 2011 and 30 June 2021 and identified 177 CVC (convertible virtual currency) wallets addresses that were used in ransomware operations associated with the above ransomware variants.

Ransomware

Ransomware Cryptocurrency Hacking Cybercrime

Hunting the ICEFOG APT group after years of silence

Security Affairs

JUNE 8, 2019

This week, Chi-en (Ashley) Shen presented at the CONFidence cybersecurity conference held in Poland her analysis on new samples of malware associated with the ICEFOG group. ICEFOG-M is the latest variant, it is a fileless malware that supports the same features of the ICEFOG-P but leverages HTTPs for communications.

Malware

Malware Government Advertising Banking

Russian Government-owned research institute linked to Triton attacks

Security Affairs

OCTOBER 23, 2018

Security experts from FireEye found evidence that links the development of the Triton malware (aka Trisis and HatMan) to a Russian government research institute. In December 2017, experts from FireEye discovered a new strain of malware dubbed Triton that was specifically designed to target industrial control systems (ICS).

Government

Government Malware Advertising Software

Google obtained a temporary court order against CryptBot distributors

Security Affairs

APRIL 28, 2023

Google announced that a federal judge in the Southern District of New York unsealed its civil action against the operators of the information stealer Cryptbot. to disrupt the operations of the CryptBot malware, which experts estimate infected approximately 670,000 computers this past year. ” concludes the announcemebt.

Malware

Malware Cybercrime Cryptocurrency Media

US indicted 4 Russian government employees for attacks on critical infrastructure

Security Affairs

MARCH 25, 2022

. “According to the indictment, between May and September 2017, the defendant and co-conspirators hacked the systems of a foreign refinery and installed malware, which cyber security researchers have referred to as “Triton” or “Trisis,” on a safety system produced by Schneider Electric, a multinational corporation.

Government

Government Energy and Utilities Malware Hacking

Command injection flaw in PHP Composer allowed supply-chain attacks

Security Affairs

APRIL 29, 2021

According to the researchers who discovered the issue, the flaw was introduced in November 2011. The vulnerability stems from improper sanitization of URLs for repositories in root composer.json files and package source download URLs that could be interpreted as options for system commands executed by Composer.

Hacking

Hacking Software Information Security Malware

Iran-linked Charming Kitten APT enhanced its POWERSTAR Backdoor

Security Affairs

JUNE 30, 2023

Iran-linked Charming Kitten group, (aka APT35 , Phosphorus , Newscaster , and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media. ” reads the report published by Volexity.

Phishing

Phishing Malware Passwords Media

Glupteba botnet is back after Google disrupted it in December 2021

Security Affairs

DECEMBER 19, 2022

The blockchain-enabled botnet has been active since at least 2011, researchers estimated that the Glupteba botnet was composed of more than 1 million Windows PCs around the world as of December 2021. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes.

DNS

DNS Antivirus Cryptocurrency Software

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

Since 2011 it was employed in attacks aimed at Human Rights Defenders (HRDs) in many countries, including Bahrain, Ethiopia, UAE, and more. FinSpy can spy on most popular desktop and mobile operating systems, including Android, iOS, Windows, macOS, and Linux.

Spyware

Spyware Surveillance Advertising Mobile

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Security Affairs

OCTOBER 19, 2020

The authorities reported that since 2011, 7 million Bitcoin went into the BTC-e exchange and 5.5 In 2017, Greek Police arrested the Russian national Alexander Vinnik and they accused the man of running the BTC-e Bitcoin exchange to launder more than US$4bn worth of the cryptocurrency. million withdrawn.

Advertising

Advertising Hacking Cybercrime Cryptocurrency

Experts warn of a spike in APT35 activity and a possible link to Memento ransomware op

Security Affairs

FEBRUARY 2, 2022

Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011. The attackers also used previously undetected malware, including info stealers and keyloggers.

Ransomware

Ransomware Malware Media Encryption

Copycat Criminals mimicking Lockbit gang in northern Europe

Security Affairs

JANUARY 28, 2023

One of the most recent attacks was reported by Computerland in Belgium against SMBs in the country, but according to the company they were targeted by a group of cybercriminals who appeared to be using a variant of the LockBit locker malware.

Ransomware

Ransomware Penetration Testing Firewall Social Engineering

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Security Affairs

OCTOBER 3, 2023

On August 2023, the security researcher 0xToxin documented an infection chain leveraging AutoIT scripts to deliver the DarkGate malware, a particular stealer supporting also HVNC and HAnyDesk, and the C2 he decoded was using the same hostname too. This hostname connection is particularly heterogeneous, but it technically makes sense.

Scams

Scams Ransomware System Administration Malware

German authorities raid the offices of the FinFisher surveillance firm

Security Affairs

OCTOBER 14, 2020

Since 2011 it was employed in attacks aimed at Human Rights Defenders (HRDs) in many countries, including Bahrain, Ethiopia, UAE, and more. FinSpy can spy on most popular desktop and mobile operating systems, including Android, iOS, Windows, macOS, and Linux.

Surveillance

Surveillance Spyware Software Advertising

Iran-linked APT42 is behind over 30 espionage attacks

Security Affairs

SEPTEMBER 11, 2022

APT42’s TTPs overlap with another Iran-linked APT group tracked as APT35 (aka ‘ Charming Kitten ‘, ‘ Phosphorus ‘, Newscaster , and Ajax Security Team) which made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media.

Surveillance

Surveillance Social Engineering Phishing Government

Antlion APT group used a custom backdoor that allowed them to fly under the radar for months

Security Affairs

FEBRUARY 3, 2022

The malware was also used by the attackers to browse the web, likely using it as a proxy to mask their IP address. “The xPack malware and its associated payload seems to be used for initial access; it appears that xPack was predominantly used to execute system commands, drop subsequent malware and tools, and stage data for exfiltration.

Manufacturing

Manufacturing Malware Data collection Encryption

KashmirBlack, a new botnet in the threat landscape that rapidly grows

Security Affairs

OCTOBER 26, 2020

“During our research we witnessed its evolution from a medium-volume botnet with basic abilities to a massive infrastructure that is here to stay,” Imperva concludes.

Advertising

Advertising Cryptocurrency Internet Internet

Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor

Security Affairs

SEPTEMBER 11, 2023

Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011 targeting journalists and activists in the Middle East, as well as organizations in the United States, and entities in the U.K., Israel, Iraq, and Saudi Arabia.

Internet

Internet Internet Healthcare Education

Iran-linked APT35 accidentally exposed 40 GB associated with their operations

Security Affairs

JULY 17, 2020

Iran-linked Charming Kitten group, (aka APT35 , Phosphorus , Newscaster , and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media. continues IBM.

Advertising

Advertising Media Authentication Hacking

Happy birthday Security Affairs … 11 years together!

Security Affairs

NOVEMBER 15, 2022

Happy BirthDay Security Affairs! I launched Security Affairs for passion in November 2011 and since then the blog was visited by tens of millions of readers. Eleven years ago I decided to launch Security Affairs, a blog that is considered today one of the most valuable sources of the cybersecurity industry.

Cybersecurity

Cybersecurity Government Hacking Data breaches

Iran-linked Charming Kitten APT contacts targets via WhatsApp, LinkedIn

Security Affairs

AUGUST 28, 2020

Iran-linked Charming Kitten group, (aka APT35 , Phosphorus , Newscaster , and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media. Israel, Iraq, and Saudi Arabia.

Phishing

Phishing Accountability Advertising Media

Checkra1n, a working iPhone Jailbreak, was released

Security Affairs

NOVEMBER 16, 2019

In September, the security expert Axi0mX released a new jailbreak, dubbed Checkm8 , that works on all iOS devices running on A5 to A11 chipsets. The jailbreak works with all Apple products released between 2011 and 2017, including iPhone models from 4S to 8 and X.

Surveillance

Surveillance Advertising Risk Media

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

Security Affairs

APRIL 15, 2021

The issue affects SAP Commerce versions 1808, 1811, 1905, 2005, 2011. ” April 2021 Security Patch Day includes two other Hot News security notes, which are updates to previously released notes. ” reads the advisory published by NIST.

Engineering

Engineering Software Hacking Information Security

Checkm8: unpatchable iOS exploit could lead to permanent jailbreak for iOS devices running A5 to A11 chips

Security Affairs

SEPTEMBER 27, 2019

The security expert Axi0mX has released a new jailbreak, dubbed Checkm8 , that works on all iOS devices running on A5 to A11 chipsets. The jailbreak works with all Apple products released between 2011 and 2017, including iPhone models from 4S to 8 and X.

Advertising

Advertising Hacking Software Engineering

Heap-based buffer overflow in Linux Sudo allows local users to gain root privileges

Security Affairs

JANUARY 27, 2021

The vulnerability was introduced in July 2011 ( commit 8255ed69 ), and affects all versions from 1.8.2 The vulnerability is caused by Sudo incorrectly handling backslashes in the arguments. to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1, in their default configuration.

Authentication

Authentication Passwords Hacking Information Security

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

At the time of this writing, no ransomware group has claimed responsibility for the security breach. CDHE provides free access to the identify theft monitoring Experian IdentityWorks SM for 24 months.

Education

Education Data breaches Ransomware Hacking

PyMICROPSIA Windows malware includes checks for Linux and macOS

Purple Lambert, a new malware of CIA-linked Lambert APT group

Trending Sources

YTStealer info-stealing malware targets YouTube content creators

Russia-linked threat actors targets critical infrastructure, US authorities warn

Security Affairs newsletter Round 284

DePriMon downloader uses a never seen installation technique

US DoJ indicts four members of China-linked APT40 cyberespionage group

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Google disrupts the Glupteba botnet

Windows Defender identified Chromium, Electron apps as Hive Ransomware

Silent Night Zeus botnet available for sale in underground forums

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

US man sentenced to 4 years in prison for his role in Infraud scheme

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Law enforcement operation dismantled 911 S5 botnet

Happy 10th Birthday, Security Affairs

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

Hunting the ICEFOG APT group after years of silence

Russian Government-owned research institute linked to Triton attacks

Google obtained a temporary court order against CryptBot distributors

US indicted 4 Russian government employees for attacks on critical infrastructure

Command injection flaw in PHP Composer allowed supply-chain attacks

Iran-linked Charming Kitten APT enhanced its POWERSTAR Backdoor

Glupteba botnet is back after Google disrupted it in December 2021

Unknown FinSpy Mac and Linux versions found in Egypt

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Experts warn of a spike in APT35 activity and a possible link to Memento ransomware op

Copycat Criminals mimicking Lockbit gang in northern Europe

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

German authorities raid the offices of the FinFisher surveillance firm

Iran-linked APT42 is behind over 30 espionage attacks

Antlion APT group used a custom backdoor that allowed them to fly under the radar for months

KashmirBlack, a new botnet in the threat landscape that rapidly grows

Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor

Iran-linked APT35 accidentally exposed 40 GB associated with their operations

Happy birthday Security Affairs … 11 years together!

Iran-linked Charming Kitten APT contacts targets via WhatsApp, LinkedIn

Checkra1n, a working iPhone Jailbreak, was released

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

Checkm8: unpatchable iOS exploit could lead to permanent jailbreak for iOS devices running A5 to A11 chips

Heap-based buffer overflow in Linux Sudo allows local users to gain root privileges

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Stay Connected