Security Affairs

AUGUST 21, 2024

During the recent campaign, the threat actor distributed a variant of the open-source XenoRAT malware, dubbed ‘MoonPeak,’ which is a remote access trojan (RAT) actively developed by the group. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, MoonPeak malware)

Malware 135

Malware Phishing Hacking Information Security 135

Security Affairs

APRIL 27, 2023

Iran-linked APT group Charming Kitten employed a new malware dubbed BellaCiao in attacks against victims in the U.S., The Charming Kitten used a new custom malware, dubbed BellaCiao, that is tailored to suit individual targets and is very sophisticated. Europe, the Middle East and India. Israel, Iraq, and Saudi Arabia.

Malware 98

Malware DNS Media Architecture 98

Security Affairs

JUNE 12, 2020

The group was first discovered by Symantec and TrendMicro in 2015 but evidence of its activities has been dated back to 2013. “We have seen this module implemented in two different languages: C# and VBScript” The arsenal of the group includes also multiple malware, most of them downloaders and backdoors. Pierluigi Paganini.

Malware 142

Malware Phishing Advertising Government 142

SiteLock

AUGUST 27, 2021

A recent report from PandaLabs suggests that “there were twice as many malware infections in 2014 compared to 2013” and that 2015 could be even worse. Today’s attacks are becoming increasingly sophisticated, and a simple malware injection can compromise your entire database. Automatic remediation of known threats.

Malware 52

Malware Penetration Testing Insurance DDOS 52

Security Affairs

OCTOBER 10, 2019

New espionage malware found targeting Russian-speaking users in Eastern Europe. ESET found an advanced malware piece of malware named Attor, targeting diplomats and high-profile Russian-speaking users in Eastern Europe. Threat actors have been using Attor since 2013, the malicious code remained under the radar until last year.

Malware 104

Malware Encryption Advertising Mobile 104

CyberSecurity Insiders

JANUARY 31, 2021

Regardless of how familiar you are with Information Security, you’ve probably come across the term ‘malware’ countless times. From accessing your business-critical resources and sensitive information to halting business operations and services, a malware infection can quickly become an organization’s worst nightmare come true.

Malware 107

Malware Computers and Electronics Adware Spyware 107

Security Affairs

SEPTEMBER 2, 2024

A second round of puzzles began one year later on January 4, 2013, and then a third round following the confirmation of a fresh clue posted on Twitter on January 4, 2014. Truesec researchers dissected a variant that targets VMware ESXi systems, which appears to be a version of the same malware for Windows.

Ransomware 136

Ransomware Encryption Malware Cybercrime 136

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. FBI spoofs 2012 – 2013. File encryption 2013 – 2015.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

NOVEMBER 11, 2021

Beta, D6220, D6400, D7000 CVE-2018-10561, CVE-2018-10562 GPON home routers CVE-2013-3307 Linksys X3000 1.0.03 d26m CVE-2013-5223 D-Link DSL-2760U Gateway CVE-2020-8958 Guangzhou 1GE ONU V2801RW 1.9.1-181203 “To deliver its exploit, the malware first queries the target with a simple “GET” request. A2pvI042j1.d26m

IoT 141

IoT Firmware Malware Wireless 141

Krebs on Security

SEPTEMBER 24, 2022

A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog , which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.”

Cybercrime 218

Cybercrime Data breaches Malware Ransomware 218

Security Affairs

MAY 19, 2024

The malware is a version of the GoBear backdoor which was delivered in a recent campaign by Kimsuky via Trojanized software installation packages. Kimsuky cyberespionage group (aka Springtail, ARCHIPELAGO, Black Banshee, Thallium , Velvet Chollima, APT43 ) was first spotted by Kaspersky researcher in 2013.

Software 140

Software Malware Government Banking 140

Security Affairs

FEBRUARY 11, 2021

Researchers at mobile security firm Lookout have provided details about two recently discovered Android spyware families, dubbed Hornbill and SunBird, used by an APT group named Confucius. Confucius is a pro-India APT group that has been active since 2013, it mainly focused on Pakistani and other South Asian targets.

Spyware 144

Spyware Surveillance Malware Mobile 144

Security Affairs

JANUARY 15, 2021

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. Investigating the attack, the experts discover a number of new malware samples used by the attackers, including various droppers, loaders, and injectors. 229, referenced in a 2018 CrowdStrike report.

Malware 108

Malware Technology Software Information Security 108

Security Affairs

FEBRUARY 13, 2020

Microsoft is recommending administrators to disable the SMBv1 network communication protocol on Exchange servers to prevent malware attacks. Microsoft is urging administrators to disable the SMBv1 protocol on Exchange servers as a countermeasure against malware threats like TrickBot and Emotet. ” continues Microsoft.

Authentication 145

Authentication Malware Advertising Hacking 145

Security Affairs

MAY 8, 2023

Ukraine’s CERT-UA warns of an ongoing phishing campaign aimed at distributing the SmokeLoader malware in the form of a polyglot file. CERT-UA warns of an ongoing phishing campaign that is distributing the SmokeLoader malware in the form of a polyglot file. ” reads the alert published by Ukraine’s CERT.

Malware 98

Malware Phishing VPN Accountability 98

Security Affairs

OCTOBER 21, 2019

Security experts have a new malware, dubbed skip-2.0 Security experts at ESET have discovered a new malware, dubbed skip-2.0, The Winnti group was first spotted by Kaspersky in 2013, according to the researchers the gang has been active since 2007. The skip-2.0 by its authors and part of the Winnti Group’s arsenal.”

Malware 71

Malware Passwords Advertising DNS 71

Security Affairs

DECEMBER 1, 2022

In 2013, Yahoo suffered one of the worst data breaches in history, exposing over 3 billion user accounts. Near the holiday season of 2013, hackers exposed the credit and debit card information of over 110 million Target customers. Here are three of the worst data breaches that could have been avoided: Yahoo. Pierluigi Paganini.

Data breaches 108

Data breaches Passwords Social Engineering Encryption 108

Security Affairs

DECEMBER 25, 2023

Microsoft says the APT33 (aka Peach Sandstorm , Holmium , Elfin , and Magic Hound ) Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack against organizations in the Defense Industrial Base (DIB) sector. ” reads the report published by Microsoft. . South Korea, and Europe.

Passwords 144

Passwords Accountability Authentication Malware 144

Security Affairs

MAY 16, 2021

Alleged Pakistan-Linked cyber espionage group, tracked as Transparent Tribe, targets Indian entities with a new Windows malware. Researchers from Cisco Talos warn that the Pakistan-linked APT group Transparent Tribe expanded its Windows malware arsenal. ” read the analysis published Cisco Talos. ” continues the report.

Malware 142

Malware Phishing Hacking Information Security 142

Security Affairs

SEPTEMBER 18, 2021

The group is suspected to have been running successful malware campaigns for more than five years. The attackers have used off-the-shelf malware since the beginning of their operations and have never developed their own malware. SecurityAffairs – hacking, malware). ” reads the analysis published by Cisco Talos.

Malware 125

Malware Phishing DNS Cybercrime 125

Security Affairs

SEPTEMBER 14, 2020

The project was launched in September 2019 and as of August 2020, the experts collected 680 records of ransomware attacks that took place since November 2013. These are based on publicly disclosed incidents in the media or security reports.” The maintainers of the project also mapped the attacks to the MITRE ATT&CK framework.

Ransomware 144

Ransomware Advertising Data collection Healthcare 144

Security Affairs

NOVEMBER 10, 2020

Exposed data, some of which go back to 2013, include sensitive information and credit card details. The availability of such kind of data could expose hotel guests to a wide range of malicious activities, including identity theft, phishing attacks, scams, malware attacks, and reservation takeover. According to the experts.

Identity Theft 135

Identity Theft Scams Phishing Malware 135

Security Affairs

APRIL 23, 2020

The name ‘Nazar’ comes from the debug paths he found in the dump alongside Farsi resources in some of the malware droppers. The analysis of the submissions times in VirusTotal for the artifacts employed in the Nazar campaign allowed the expert to date the campaign between 2010 and 2013. ” continues the expert. .

Hacking 139

Hacking Advertising Malware Engineering 139

Security Affairs

JUNE 8, 2019

The activities of the APT group were first uncovered by Kaspersky Lab in September 2013, at the time the researchers defined the crew as an emerging group of cyber-mercenaries that was able to carry out surgical hit and run operations against strategic targets. Feedbacks and questions are welcome!

Malware 111

Malware Government Advertising Banking 111

Security Affairs

DECEMBER 16, 2020

Security experts spotted a new malware strain, named Goontact, that allows its operators to spy on both Android and iOS users. Security researchers from Lookout have discovered new spyware, dubbed Goontcat, that could target both Android and iOS users. The spyware is likely used as part of a sextortion campaign.

Spyware 143

Spyware Mobile Surveillance Malware 143

Security Affairs

JUNE 30, 2024

According to the media outlet, Chinese state-sponsored hackers used the Winnti trojan malware to infect the systems of the Company. The Winnti group was first spotted by Kaspersky in 2013, according to the researchers, the nation-state actor has been active since at least 2007.

Accountability 141

Accountability Hacking Architecture Malware 141

Security Affairs

JANUARY 1, 2022

Microsoft Exchange on-premise servers cannot deliver emails starting on January 1st, 2022, due to a bug in the FIP-FS anti-malware scanning engine dubbed Y2k22 bug. FIP-FS is the anti-malware scanning engine used by Microsoft to protect its users, it was used starting with Exchange Server 2013.

Engineering 119

Engineering Malware Hacking Information Security 119

Security Affairs

JUNE 30, 2023

Iran-linked Charming Kitten group, (aka APT35 , Phosphorus , Newscaster , and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media. ” reads the report published by Volexity.

Phishing 98

Phishing Malware Passwords Media 98

Security Affairs

NOVEMBER 5, 2021

This ‘line of work’ is coordinated by the FSB’s 18th Center (Information Security Center) based in Moscow.” The Gamaredon group was first discovered by Symantec and TrendMicro in 2015, but evidence of its activities has been dated back to 2013. .” reads the announcement published by the SSU.

Government 140

Government Software Cyber threats Cyber Attacks 140

Security Affairs

NOVEMBER 19, 2021

The TA406 cyber espionage group was first spotted by Kaspersky researchers in 2013. At the end of October 2020, the US-CERT published a report on Kimusky’s recent activities that provided information of their TTPs and infrastructure. In March, the group orchestrated a malware campaign targeting North American entities.

Cryptocurrency 102

Cryptocurrency Malware Government Education 102

Security Affairs

APRIL 6, 2021

at least since 2013. The Cycldek group was first spotted in September 2013, in past campaigns it mainly targeted entities in Southeast Asia using different malware variants, such as PlugX and HttpTunnel. ” reads the technical analysis of the malware.

Government 120

Government Malware Phishing Education 120

Security Affairs

AUGUST 16, 2022

Russia-linked Gamaredon APT group targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad. Russia-linked Gamaredon APT group (aka Shuckworm , Actinium , Armageddon , Primitive Bear , and Trident Ursa) targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad, Symantec warns.

Malware 100

Malware Phishing Hacking Government 100

Security Affairs

APRIL 5, 2022

ua,” the campaign aims at infecting the target systems with malware. The Gamaredon group was first discovered by Symantec and TrendMicro in 2015, but evidence of its activities has been dated back to 2013. The phishing messages have been sent from “vadim_melnik88@i[.]ua,”

Phishing 139

Phishing Government Hacking Malware 139

Security Affairs

SEPTEMBER 19, 2021

In 2013, AT&T implemented a new system to monitor the activity of the employees, for this reason, the Pakistani man corrupted the employees to install malware and other tools on the infrastructure of the company to unlock the devices remotely. SecurityAffairs – hacking, malware). Secret Service, IRS-CI and the U.S.

Hacking 140

Hacking Malware Cybercrime Information Security 140

Security Affairs

FEBRUARY 4, 2022

In Mid January the Ukrainian government was hit with destructive malware, tracked as WhisperGate , and several Ukrainian government websites were defaced by exploiting a separate vulnerability in OctoberCMS. These clusters link to over 700 malicious domains, 215 IP addresses, and over 100 samples of malware.

Government 100

Government Malware Phishing Software 100

Security Affairs

APRIL 18, 2021

The Carbanak gang (aka FIN7 , Anunak or Cobalt ) stole over a billion euros from banks across the world, the name “Carbanak” comes with the name of the malware they used to compromise computers at banks, other financial institutions, restaurants, and other industries. ” reads the press release published by DoJ.

System Administration 138

System Administration Penetration Testing Malware Hacking 138

Security Affairs

JANUARY 2, 2022

This is not an issue with malware scanning or the malware engine, and it is not a security-related issue.” “The version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues.”

Engineering 145

Engineering Malware Hacking Information Security 145