The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. FBI spoofs 2012 – 2013. It surfaced in November 2012 and was making thousands of victims a day. File encryption 2013 – 2015. None of these early threats went pro.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

FEBRUARY 13, 2020

Microsoft is recommending administrators to disable the SMBv1 network communication protocol on Exchange servers to prevent malware attacks. Microsoft is urging administrators to disable the SMBv1 protocol on Exchange servers as a countermeasure against malware threats like TrickBot and Emotet. Get-WindowsFeature FS-SMB1).Installed

Authentication 145

Authentication Malware Advertising Hacking 145

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. This user said they specialize in developing malware, creating computer worms, and crafting new ways to hijack Web browsers.

Ransomware 300

Ransomware Cybercrime Accountability Malware 300

CyberSecurity Insiders

JULY 21, 2021

According to a press release from Associated Press, the Saudi Arabia-based petroleum producer was hit by a cyber attack in 2012 where the servers of the company were targeted by a malware named ‘Shamoon’ via a ‘spear phishing’ attack deceptively launched by Iran. Note- Usually, a ransomware gang encrypts data until a ransom is paid.

Ransomware 139

Ransomware Encryption Cryptocurrency Cyber Attacks 139

SecureList

MARCH 1, 2021

The mobile malware Trojan-Ransom.AndroidOS.Agent.aq Last year was notable for both malware and adware, the two very close in terms of capabilities. Interestingly enough, the share of adware attacks increased in relation to mobile malware in general. They typically work with malware developers to achieve this.

Mobile 145

Mobile Malware Adware Banking 145

Security Affairs

SEPTEMBER 24, 2023

Stealth Falcon is a nation-state actor active since at least 2012, the group targeted political activists and journalists in the Middle East in past campaigns. The attacks have been conducted from 2012 until 2106, against Emirati journalists, activists, and dissidents. The malware also supports multiple evasion capabilities.

Malware 142

Malware Spyware Architecture Encryption 142

Security Affairs

APRIL 14, 2020

Recently organizations in healthcare, research, and government facilities have been hit by Coronavirus-themed attacks that deployed multiple malware families, including ransomware and information stealers (i.e. AgentTesla ). ” continues the analysis.

Healthcare 144

Healthcare Ransomware Phishing Government 144

SecureList

OCTOBER 12, 2021

Besides finding the zero-day in the wild, we analyzed the malware payload used along with the zero-day exploit, and found that variants of the malware were detected in widespread espionage campaigns against IT companies, military/defense contractors, and diplomatic entities. Microsoft Windows Server 2012. Microsoft Windows 7.

Malware 145

Malware Technology Engineering Advertising 145

Security Affairs

AUGUST 23, 2019

Malware researchers at Trend Micro discovered a new variant of the Asruex Trojan that exploits old Microsoft Office and Adobe vulnerabilities to infect Windows and Mac systems. CVE-2012-0158 is a critical remote code execution (RCE) vulnerability that affected Microsoft Office. . SecurityAffairs – Asruex Trojan, malware).

Malware 110

Malware Advertising Spyware Encryption 110

Security Affairs

MAY 31, 2022

SideWinder has been active since at least 2012, the group main targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. The URLs used for C2 communications for these domains are split into two parts: The Installer module contains the first part of the URL which is the C2 server domain name in encrypted form.

Encryption 100

Encryption Malware Phishing Hacking 100

Security Affairs

FEBRUARY 26, 2020

Researchers from Cybaze Yoroi ZLab have spotted a new campaign exploiting the interest in coronavirus (COVID-19) evolution to spread malware. It is not new for cyber-crooks to exploit social phenomena to spread malware in order to maximize the impact and dissemination of a malicious campaign. Introduction. Technical Analysis.

Cyber Attacks 142

Cyber Attacks Malware Social Engineering Advertising 142

Security Affairs

JUNE 6, 2019

In June 2018, experts at Kaspersky were investigating attacks against government and military entities in South and Southeast Asian countries, The experts tracked the campaign as EasternRoppels, they speculate it may have started as far back as 2012. ” reads the analysis published by the expert. ” continues Kaspersky.

Encryption 103

Encryption Government Advertising Cyber Attacks 103

eSecurity Planet

OCTOBER 8, 2021

With a multi-layered approach to endpoint protection, the ESET PROTECT Advanced solution fits small to medium-sized businesses and offers advanced EPP capabilities, full disk encryption , and an automated sandbox for dynamic threat analysis. Full Disk Encryption. Read more: 19 Best Encryption Software & Tools of 2021.

Encryption 121

Encryption Malware Network Security Ransomware 121

Security Affairs

DECEMBER 5, 2020

DeathStalker is a hack-for-hire group discovered by Kaspersky, it has been targeting organizations worldwide, mainly law firms and financial entities, since 2012. Once executed the command, the malware the malicious code sends back command execution results. “On

DNS 122

DNS Phishing Encryption Antivirus 122

CyberSecurity Insiders

AUGUST 24, 2022

And security researchers from ESET have discovered that the malware was uploaded to the VirusTotal operated system in Brazil and was targeted by a social engineering attack. As BianLian follows the process of dividing the encrypted content in 10 bytes of data, it easily evaded detection by antivirus products.

Ransomware 107

Ransomware Digital transformation Encryption Social Engineering 107

Security Affairs

SEPTEMBER 9, 2019

ESET researchers discovered a new malware associated with the Stealth Falcon APT group that abuses the Windows BITS service to stealthy exfiltrate data. Security researchers from discovered a new malware associated with the Stealth Falcon cyber espionage group that abuses the Windows BITS service to stealthy exfiltrate data.

Malware 105

Malware Advertising System Administration Spyware 105

Security Affairs

JULY 28, 2021

Researchers from Palo Alto Networks Unit 42 team tracked the new version of the PlugX malware as Thor, they reported that the RAT was used as a post-exploitation tool deployed on one of the compromised servers. The analysis of the file revealed that it includes the encrypted and compressed PlugX payload. ” reads the analysis.

Encryption 119

Encryption Antivirus Malware Hacking 119

Security Affairs

AUGUST 21, 2019

The APT41 has been active since at least 2012, it was involved in both state-sponsored espionage campaigns and financially-motivated attacks since 2014. Unlike other China-based actors, the group used custom malware in cyber espionage operations, experts observed 46 different malware families and tools in APT41 campaigns.

Malware 109

Malware Telecommunications Advertising Healthcare 109

Security Affairs

DECEMBER 12, 2018

A new variant of the Shamoon malware, aka DistTrack, was uploaded to VirusTotal from Italy this week, but experts haven’t linked it to a specific attack yet. Shamoon was first observed in 2012 when it infected and wiped more than 30,000 systems at Saudi Aramco and other oil companies in the Middle East. Pierluigi Paganini.

Malware 108

Malware Advertising Cyber Attacks Encryption 108

SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. This malware employed a custom EternalBlue SMBv1 exploit to infiltrate its victims’ systems.

Malware 144

Malware DNS Encryption Ransomware 144

Security Affairs

JUNE 9, 2022

Luring users into double-clicking a fake Anti-Virus to execute malware in the victim’s host. Forging a fake removable device to lure users into opening the wrong folder and installing the malware successfully on their system. The malware sets the auto start function with the value “EverNoteTrayUService”.

Malware 98

Malware DNS Encryption Education 98

Malwarebytes

JULY 26, 2021

Last week, Check Point Research described a new Mac variant of malware they call XLoader. According to Check Point, the Mac version of the malware is being “rented” as part of a malware-as-a-service program, at the price of $49 for one month or $99 for three months. Fortunately, more details have since come to light.

Malware 143

Malware Encryption 143

SecureWorld News

MARCH 24, 2022

Summary: Multiple Facebook databases were found to be unprotected by passwords or encryption, meaning anyone who searched the internet could find them. They then gained access to a customer service database and uploaded malware to capture sensitive information. LinkedIn data breach (2012). Damages: leaked account information.

Data breaches 129

Data breaches Passwords Accountability Government 129

Security Affairs

JANUARY 31, 2021

Shadowsocks is a free and open-source encryption protocol project, widely used in China to circumvent Internet censorship. It was created in 2012 by a Chinese programmer named “ clowwindy “, and multiple implementations of the protocol have been made available since.

Firewall 144

Firewall Surveillance Internet Internet 144

SecureList

JUNE 2, 2022

In their initial disclosures on this threat actor, TeamT5 identified three malware families: SpyDealer, Demsty and WinDealer. In 2020, we discovered a whole new distribution method for the WinDealer malware that leverages the automatic update mechanism of select legitimate applications. WinDealer is a modular malware platform.

Malware 137

Malware Encryption Social Engineering Telecommunications 137

Vipre

MAY 5, 2021

Yes, endpoint security is a vital element in your malware defense, but it cannot do the job alone. As malware threats increase in sophistication, so should the tools to combat them. You also should consider encryption and strong authentication policies for added protection. Do you have a patch management policy?

Ransomware 122

Ransomware Backups Phishing Education 122

Fox IT

DECEMBER 7, 2021

This model utilizes the Half-Space-Trees algorithm and provides our security operations teams (SOC) with the opportunity to detect suspicious behavior, in real-time, even when network traffic is encrypted. The prevalence of encrypted traffic. The use of encrypted network protocols yields improved mitigation against eavesdropping.

Encryption 79

Encryption Ransomware Internet Internet 79

Security Affairs

FEBRUARY 16, 2023

Below is the list of vulnerabilities exploited by V3G4: CVE-2012-4869 : FreePBX Elastix Remote Command Execution Vulnerability Gitorious Remote Command Execution Vulnerability CVE-2014-9727 : FRITZ!Box Unlike most Mirai variants, the V3G4 variant uses different XOR encryption keys for string encryption.

IoT 98

IoT DDOS Encryption Malware 98

Malwarebytes

JUNE 1, 2021

The Kimsuky APT—also known as Thallium, Black Banshee, and Velvet Chollima—is a North Korean threat actor that has been active since 2012. The unpacked sample is highly obfuscated and important API calls and strings have been encrypted using a custom encryption algorithm. This blog post was authored by Hossein Jazi.

Government 145

Government Phishing Encryption Media 145

Security Affairs

OCTOBER 20, 2021

” The MSI package first removes registry keys associated with the old Purple Fox installations if any are present, then it replaces the components of the malware with new ones. “The goal is to install the MSI package as an admin without any user interaction.” ” continues the analysis.

Encryption 112

Encryption DNS Architecture Firewall 112

SecureList

NOVEMBER 1, 2022

Since the malware in this incident was compiled on April 15, 2021, and compilation dates are the same for all known samples, this incident is likely to be the first involving Maui ransomware. This report included technical details of malware used in the campaign, such as Ecipekac, SodaMaster, P8RAT, FYAnti and QuasarRAT.

Malware 145

Malware Ransomware Spyware Encryption 145

Security Affairs

JUNE 23, 2022

China-linked APT group Tropic Trooper has been spotted previously undocumented malware written in Nim language. The encryption routine used to wrap the Yahoyah Trojan in this campaign is a custom implementation of AES, named by Check Point AEES. The collected information is formatted and sent to the C&C server.

Hacking 123

Hacking Wireless Encryption Passwords 123

Security Boulevard

MAY 5, 2022

OpenSSL Patches New Bug Targeting Encryption [Lessons from Heartbleed]. A flaw in the encryption algorithm used to underpin OpenSSL was exploited, triggering an infinite number of requests when certain input value(s) are used. It did not require sophisticated malware, and it was easy to replicate. Encryption must be encrypted.

Encryption 52

Encryption Software Media Passwords 52

SecureList

JULY 14, 2021

In some cases, this was followed by deployment of a signed, but fake version of the popular application Zoom, which was in fact malware enabling the attackers to exfiltrate files from the compromised systems. com/s/esh1ywo9irbexvd/COVID-19%20Case%2012-11- 2020.rar?dl=0&file_subpath=%2FCOVID-19+Case+12-11-2020%2FCOVID-19+Case+12-11-2020(2).docx.

Malware 145

Malware Phishing Technology Encryption 145

Security Affairs

APRIL 28, 2020

The Outlaw Hacking Group is back, malware researchers from Cybaze-Yoroi ZLab have uncovered a new botnet that is targeting European organizations. During our daily monitoring activities, we intercepted a singular Linux malware trying to penetrate the network of some of our customers. Introduction. Technical Analysis.

Architecture 133

Architecture Malware Hacking DDOS 133

SecureWorld News

DECEMBER 29, 2020

Summary: Multiple Facebook databases were found to be unprotected by passwords or encryption, meaning anyone who searched the internet could find them. They then gained access to a customer service database and uploaded malware to capture sensitive information. LinkedIn data breach (2012). Damages: Leaked account information.

Data breaches 98

Data breaches Passwords Accountability Government 98

Malwarebytes

FEBRUARY 3, 2021

Browser syncing was introduced in 2012 by Chrome with the goal of letting you continue at home where you left off at work, and vice versa. Malware in the form of browser extensions is relatively rare, but it does happen. What is browser sync? Since then, other browsers have introduced similar features.

Risk 125

Risk Passwords Adware Accountability 125