2012, Information Security and Malware - Cyber Security Informer

Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

Security Affairs

MARCH 10, 2025

An attacker can exploit the flaw to bypass protections for a previous vulnerability, CVE-2012-1823, using specific character sequences. The issue resides in the Best-Fit feature of encoding conversion within the Windows operating system. reported Akamai.

DDOS

DDOS Security Intelligence Malware Hacking

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Security Affairs

NOVEMBER 22, 2019

The Russian hacker who created and used Neverquest banking malware has finally been sentenced to 4 years in prison by a US District Court. The Russian hacker was suspected of being the author of the Neverquest malware , aka Vawtrak malware, and the person who administrated the control infrastructure. Pierluigi Paganini.

Banking

Banking Malware Advertising Passwords

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Security Affairs

APRIL 1, 2020

Researchers spotted a campaign using Excel files to spread LimeRAT malware using the 8-year-old and well-known VelvetSweatshop bug. Researchers at the Mimecast Threat Center spotted a new campaign using Excel files to spread LimeRAT malware using the 8-year-old VelvetSweatshop bug. SecurityAffairs – LimeRAT, malware).

Malware

Malware Passwords Encryption Advertising

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Security Affairs

JULY 11, 2024

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. An attacker can exploit the flaw to bypass protections for a previous vulnerability, CVE-2012-1823, using specific character sequences. ” reported Akamai.

Malware

Malware DDOS Internet Internet

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

Security Affairs

MARCH 13, 2025

ScarCruft has been active since at least 2012, it made the headlines in early February 2018 when researchers revealed that the APT group leveraged a zero-day vulnerability in Adobe Flash Player to deliver malware to South Korean users. center, linked to Konni malware used by APT37, and nidlogon[.]com, One of C2 domains, st0746[.]net,

Spyware

Spyware Surveillance Encryption Malware

FireEye Mandiant M-Trends 2020 report: 500+ new Malware strains in 2019

Security Affairs

FEBRUARY 24, 2020

FireEye’s report revealed that the incident response division Mandiant observed more than 500 new malware families in 2019. million malware samples per day in 2019 and identified 1,268 malware families. The most worrisome figure is related to the number of previously unseen malware families which is greater than 500 (41%).

Malware

Malware Cyber threats Advertising Telecommunications

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

Microsoft is recommending administrators to disable the SMBv1 network communication protocol on Exchange servers to prevent malware attacks. Microsoft is urging administrators to disable the SMBv1 protocol on Exchange servers as a countermeasure against malware threats like TrickBot and Emotet. Get-WindowsFeature FS-SMB1).Installed

Authentication

Authentication Malware Advertising Hacking

A new Stantinko Bot masqueraded as httpd targeting Linux servers

Security Affairs

NOVEMBER 24, 2020

Researchers from Intezer have spotted a new variant of an adware and coin-miner botnet that is operated by Stantinko threat actors since 2012. Operators behind the botnet powered a massive adware campaign active since 2012, crooks mainly targeted users in Russia, Ukraine, Belarus, and Kazakhstan searching for pirated software. .”

Adware

Adware Malware Hacking Software

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software.

Malware

Malware Cybercrime Banking Hacking

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

The Russian hacker Yevgeniy Nikulin found guilty for LinkedIn, Dropbox, and Formspring data breach back in 2012 and the sale of their users’ data. A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces.

Hacking

Hacking Cybercrime Data breaches Advertising

SideWinder APT targets maritime and nuclear sectors with enhanced toolset

Security Affairs

MARCH 11, 2025

SideWinder (also known as Razor Tiger, Rattlesnake, and T-APT-04) has been active since at least 2012, the group mainly targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. SideWinder rapidly adapts to security detections, modifying malware within hours, altering tactics, techniques, and procedures.

Malware

Malware Government Phishing Hacking

The number of cyber attacks on Saudi Aramco is increasing

Security Affairs

FEBRUARY 9, 2020

“Overall there is definitely an increase in the attempts of (cyber) attacks, and we are very successful in preventing these attacks at the earliest stage possible,” Khalid al-Harbi, Saudi Aramco chief information security officer, told Reuters in a telephone interview.

Cyber Attacks

Cyber Attacks Malware Advertising Information Security

Colombian authorities arrested hacker behind the Gozi Virus

Security Affairs

JUNE 30, 2021

for his key role in the distribution of the Gozi virus that infected more than a million computers from 2007 to 2012. Paunescu was arrested in Romania in 2012, but was able to avoid extradition. The Gozi banking Trojan is not a new threat, it was first spotted by security researchers in 2007.

Banking

Banking Malware Hacking Information Security

School Gives Malware Infected Laptops to Students

SecureWorld News

JANUARY 23, 2021

Unfortunately, a number of the laptops sent out were discovered to have malware. English students' laptops infected with malware. BBC News has reported that upon delivery of the laptops to students, teachers began sharing information on an online forum about suspicious files found on laptops that went to Bradford school students.

Malware

Malware Education Spyware Government

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

FBI spoofs 2012 – 2013. It surfaced in November 2012 and was making thousands of victims a day. Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Security Affairs

SEPTEMBER 24, 2023

Stealth Falcon is a nation-state actor active since at least 2012, the group targeted political activists and journalists in the Middle East in past campaigns. The attacks have been conducted from 2012 until 2106, against Emirati journalists, activists, and dissidents. The malware also supports multiple evasion capabilities.

Malware

Malware Spyware Architecture Encryption

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. Together, CWRU and the FBI were able to identify that an IP address with which the malware was communicating had also been used to access the alumni email account of a man called Phillip Durachinsky.

Malware

Malware Passwords Identity Theft Data collection

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

Security Affairs

FEBRUARY 21, 2024

Mustang Panda has been active since at least 2012, it targeted American and European entities such as government organizations, think tanks, NGOs , and even Catholic organizations at the Vatican. Upon opening the reports, the infection process starts leading to the deployment of malware on the victim’s system.

Malware

Malware Phishing Government Passwords

Threat actors are offering for sale 550 million stolen user records

Security Affairs

MAY 15, 2020

Data appears to come from past data breaches, the oldest one dates back as 2012 while the latest one dates April 2020. cyber #cybersecurity @BleepinComputer #malware pic.twitter.com/CtnppIyhxn — Cyble (@AuCyble) May 14, 2020. million April 2018 Netlog.com (Twoo.com) 57 million November 2012 Dubsmash.com Phone numbers 47.1

Data breaches

Data breaches Advertising Passwords Hacking

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

Security Affairs

SEPTEMBER 19, 2021

Fahd was the mind behind a criminal scheme that begun in 2012 and that caused more than $200 million in losses to the company, according to DoJ, he continued his activity even after he became aware that law enforcement was investigating. SecurityAffairs – hacking, malware). ” reads the press release published by DoJ.

Hacking

Hacking Malware Cybercrime Information Security

DeathStalker cyber-mercenary group targets the financial sector

Security Affairs

AUGUST 26, 2020

A hack-for-hire group, tracked as DeathStalker, has been targeting organizations in the financial sector since 2012 Kaspersky researchers say. DeathStalker is a hack-for-hire group discovered by Kaspersky, it has been targeting organizations worldwide, mainly law firms and financial entities, since 2012. ” continues the report.

Malware

Malware Hacking Advertising Cybercrime

A new variant of Cicada ransomware targets VMware ESXi systems

Security Affairs

SEPTEMBER 2, 2024

Cicada 3301 is the name given to three sets of puzzles posted under the name “3301” online between 2012 and 2014. The first puzzle started on January 4, 2012, on 4chan and ran for nearly a month. The following image shows the list of victims published by the gang on its Dark Web leak site.

Ransomware

Ransomware Encryption Malware Cybercrime

Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

Security Affairs

JULY 8, 2021

According to the experts, the member “integra” has joined the cybercrime forum in September 2012 and has gained a high reputation over the course of time. The threat actor is also a member of another cybercrime forum since October 2012. . “The TA is willing to buy the following things with the deposited money.”

Cybercrime

Cybercrime Malware Hacking Information Security

US deported NeverQuest operator Stanislav Vitaliyevich Lisov to Russia

Security Affairs

JUNE 21, 2020

The United States has deported the author of NeverQuest banking malware, the computer programmer Stanislav Vitaliyevich Lisov to Russia. . The Russian hacker was suspected of being the author of the Neverquest malware , aka Vawtrak malware, and the person who administrated the control infrastructure. Pierluigi Paganini.

Banking

Banking Malware Advertising Hacking

US indicted 4 Russian government employees for attacks on critical infrastructure

Security Affairs

MARCH 25, 2022

has indicted four Russian government employees for their role in cyberattacks targeting hundreds of companies and organizations in the energy sector worldwide between 2012 and 2018. The conspirators designed the Triton malware to prevent the refinery’s safety systems from functioning (i.e., ” continues the DoJ.

Government

Government Energy and Utilities Malware Hacking

A study on malicious plugins in WordPress Marketplaces

Security Affairs

AUGUST 30, 2022

The experts studied the evolution of CMS plugins in the production web servers dating back to 2012, to do this they developed an automated framework named YODA to detect malicious plugins. Post-deployment attacks infected $834K worth of previously benign plugins with malware.” Among these, $41.5K ” reads the research paper.

Backups

Backups Malware Technology Hacking

Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations

Security Affairs

JULY 13, 2024

Ukrainian national Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID malware operations. DoJ sentenced the Ukrainian national Vyacheslav Igorevich Penchukov (37) to prison and ordered him to pay millions of dollars in restitution for his role in the Zeus and IcedID malware operations.

Cybercrime

Cybercrime Banking Malware Hacking

Lebanese Cedar APT group broke into telco and ISPs worldwide

Security Affairs

JANUARY 28, 2021

The APT group has been active since 2012, experts linked the group to the Hezbollah militant group. CVE-2012-3152). Once inside the target networks, the attackers deployed the Explosive remote access trojan (RAT), a malware exclusively used by the Lebanese Cedar group in past attacks.

Internet

Internet Internet Hacking Malware

Facebook links cyberespionage group APT32 to Vietnamese IT firm

Security Affairs

DECEMBER 11, 2020

Facebook has suspended some accounts linked to APT32 that were involved in cyber espionage campaigns to spread malware. Facebook has suspended several accounts linked to the APT32 cyberespionage that abused the platform to spread malware. APT32 also carried out watering hole attacks through compromised websites or their own sites.

Retail

Retail Malware Mobile Accountability

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

Security Affairs

AUGUST 20, 2020

Microsoft released an Out-of-Band security update to address privilege escalation flaws in Windows 8.1 and Windows Server 2012 R2 systems. Microsoft released this week an out-of-band security update for Windows 8.1 and Windows Server 2012 R2 systems that address two privilege escalation vulnerabilities in Windows Remote Access.

Advertising

Advertising Hacking Information Security Malware

A new variant of Asruex Trojan exploits very old Office, Adobe flaws

Security Affairs

AUGUST 23, 2019

Malware researchers at Trend Micro discovered a new variant of the Asruex Trojan that exploits old Microsoft Office and Adobe vulnerabilities to infect Windows and Mac systems. CVE-2012-0158 is a critical remote code execution (RCE) vulnerability that affected Microsoft Office. . SecurityAffairs – Asruex Trojan, malware).

Malware

Malware Advertising Spyware Encryption

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and impacts all versions of EtherNet/IP Adapter Source Code Stack prior to 2.28, which was released on November 21, 2012. Tracked as CVE-2020-25159 , the flaw is rated 9.8

Hacking

Hacking Firmware Internet Internet

Belarusian authorities seized XakFor, one of the largest Russian-speaking hacker sites

Security Affairs

SEPTEMBER 8, 2019

net), a popular hacking forum a place frequented by hackers, malware authors, scammers and cybercriminals. XakFor has been active since 2012, most of its visitors were Russian-speaking hackers and crooks. Not all the malware were authentic, some of them were cracked versions, while other s were backdoored. Pierluigi Paganini.

Advertising

Advertising Malware Cybercrime Hacking

Japan Suffered Record Number of Privacy and Security Violations in 2020

Hot for Security

FEBRUARY 23, 2021

88 publicly traded companies in Japan compromised personal information last year, either because of a malware infection or misconfigured access protocols. Credit reporting agency Tokyo Shoko Research (TSR), which compiled the data, says the number is the highest since it began collecting it in 2012, reported the Japan Times.

Accountability

Accountability Information Security Malware Data breaches

Microsoft disrupted US-Based Infrastructure of the Necurs botnet

Security Affairs

MARCH 10, 2020

Necurs botnet is one of the largest spam botnet , it has been active since at least 2012 and was involved in massive campaigns spreading malware such as the Locky ransomware , the Scarab ransomware , and the Dridex banking Trojan. SecurityAffairs – malware, Necurs botnet). million spam messages to more than 40.6

Advertising

Advertising Malware Cybercrime Government

Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas

Security Affairs

JUNE 26, 2022

ICS malware like TRITON , which experts associated with Russia-linked APT group XENOTIME , has offensive capabilities to shut down industrial safety controls and cause extensive damages to industrial facilities. Experts speculate a cyber attack may have turned off the industrial safety controls at the natural gas facility.

Cyber Attacks

Cyber Attacks Hacking Malware Government

Don’t trust links with known domains: BMW affected by redirect vulnerability

Security Affairs

JANUARY 3, 2024

They were used to access the internal workplace systems for BMW dealers and could have been useful to attackers for spear-phishing campaigns or malware distribution. SAP redirect vulnerability is a security issue that affects web application servers for SAP products (SAP NetWeaver Application Server Java).

Phishing

Phishing Manufacturing Firewall Cybercrime

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

Security Affairs

SEPTEMBER 9, 2019

ESET researchers discovered a new malware associated with the Stealth Falcon APT group that abuses the Windows BITS service to stealthy exfiltrate data. Security researchers from discovered a new malware associated with the Stealth Falcon cyber espionage group that abuses the Windows BITS service to stealthy exfiltrate data.

Malware

Malware Advertising System Administration Spyware

Chinese APT IronHusky use Win zero-day in recent wave of attacks

Security Affairs

OCTOBER 13, 2021

Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10 (build 14393) Microsoft Windows Server 2016 (build 14393) Microsoft Windows 10 (build 17763) Microsoft Windows Server 2019 (build 17763). ” concludes Kaspersky.

Hacking

Hacking Malware Government Technology

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

Security Affairs

DECEMBER 1, 2022

ScarCruft has been active since at least 2012, it made the headlines in early February 2018 when researchers revealed that the APT group leveraged a zero-day vulnerability in Adobe Flash Player to deliver malware to South Korean users. Kaspersky first documented the operations of the group in 2016.

Accountability

Accountability Malware Cyber Attacks Media

New Cyber Attack Campaign Leverages the COVID-19 Infodemic

Security Affairs

FEBRUARY 26, 2020

Researchers from Cybaze Yoroi ZLab have spotted a new campaign exploiting the interest in coronavirus (COVID-19) evolution to spread malware. It is not new for cyber-crooks to exploit social phenomena to spread malware in order to maximize the impact and dissemination of a malicious campaign. Introduction. Technical Analysis.

Cyber Attacks

Cyber Attacks Malware Social Engineering Advertising

Mitsubishi Electric Corp. was hit by a new cyberattack

Security Affairs

NOVEMBER 20, 2020

The hacker group has been targeting Japanese heavy industry, manufacturing and international relations at least since 2012, According to the experts, the group is linked to the People’s Republic of China and is focused on exfiltrating confidential data. SecurityAffairs – hacking, malware). Pierluigi Paganini.

Cyber Attacks

Cyber Attacks Banking Accountability Media

Law enforcement seized the website selling the NetWire RAT and arrested a Croatian man

Security Affairs

MARCH 10, 2023

The NetWire Remote Access Trojan (RAT) is available for sale on cybercrime forums since 2012, it allows operators to steal sensitive data from the infected systems. DomainTools further shows this email address was used to register one other domain in 2012: wwlabshosting[.]com, ” reads the press release published DoJ.

Malware

Malware Cybercrime Data breaches Internet

China-linked APT41 group exploits Citrix, Cisco, Zoho flaws

Security Affairs

MARCH 25, 2020

The APT41 has been active since at least 2012, it was involved in both state-sponsored espionage campaigns and financially-motivated attacks since 2014. Unlike other China-based actors, the group used custom malware in cyber espionage operations, experts observed 46 different malware families and tools in APT41 campaigns.

Telecommunications

Telecommunications Healthcare Education Advertising

Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Trending Sources

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

FireEye Mandiant M-Trends 2020 report: 500+ new Malware strains in 2019

Microsoft recommends Exchange admins to disable the SMBv1 protocol

A new Stantinko Bot masqueraded as httpd targeting Linux servers

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

SideWinder APT targets maritime and nuclear sectors with enhanced toolset

The number of cyber attacks on Saudi Aramco is increasing

Colombian authorities arrested hacker behind the Gozi Virus

School Gives Malware Infected Laptops to Students

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Alleged FruitFly malware creator ruled incompetent to stand trial

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

Threat actors are offering for sale 550 million stolen user records

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

DeathStalker cyber-mercenary group targets the financial sector

A new variant of Cicada ransomware targets VMware ESXi systems

Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

US deported NeverQuest operator Stanislav Vitaliyevich Lisov to Russia

US indicted 4 Russian government employees for attacks on critical infrastructure

A study on malicious plugins in WordPress Marketplaces

Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations

Lebanese Cedar APT group broke into telco and ISPs worldwide

Facebook links cyberespionage group APT32 to Vietnamese IT firm

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

A new variant of Asruex Trojan exploits very old Office, Adobe flaws

A critical flaw in industrial automation systems opens to remote hack

Belarusian authorities seized XakFor, one of the largest Russian-speaking hacker sites

Japan Suffered Record Number of Privacy and Security Violations in 2020

Microsoft disrupted US-Based Infrastructure of the Necurs botnet

Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas

Don’t trust links with known domains: BMW affected by redirect vulnerability

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

Chinese APT IronHusky use Win zero-day in recent wave of attacks

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

New Cyber Attack Campaign Leverages the COVID-19 Infodemic

Mitsubishi Electric Corp. was hit by a new cyberattack

Law enforcement seized the website selling the NetWire RAT and arrested a Croatian man

China-linked APT41 group exploits Citrix, Cisco, Zoho flaws

Stay Connected