2014, Malware and System Administration

Orcus RAT Author Charged in Malware Scheme

Krebs on Security

NOVEMBER 13, 2019

In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT , a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme.

Malware

Malware Advertising Marketing System Administration

Stolen Nvidia certificates used to sign malware—here’s what to do

Malwarebytes

MARCH 15, 2022

Those certificates are now being used to sign malware. From there, any cybercriminal that wanted to could grab the certificates and use them to sign their malware. The two leaked Nvidia certificates have expired, being valid from 2011 to 2014 and 2015 to 2018. An expired certificate (the valid to date is 2014).

Malware

Malware Software System Administration Ransomware

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

The Carbanak gang (aka FIN7 , Anunak or Cobalt ) stole over a billion euros from banks across the world, the name “Carbanak” comes with the name of the malware they used to compromise computers at banks, other financial institutions, restaurants, and other industries. Hladyr is suspected to be a system administrator for the group.

Malware

Malware Penetration Testing Banking System Administration

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years in prison for having served as a manager and systems administrator for the financially motivated group FIN7 , aka Carbanak. Between 2014 and 2016 the group used a new custom malware dubbed Carbanak that is considered a newer version of Anunak.

System Administration

System Administration Penetration Testing Malware Hacking

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

” The DOJ’s statement doesn’t mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums. Kloster says he’s worked in many large companies in Omsk as a system administrator, web developer and photographer.

Advertising

Advertising Cybercrime System Administration Hacking

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming

Krebs on Security

SEPTEMBER 2, 2019

online ad firm that acquired Adconion in 2014, bills itself as the world’s leading independent advertising platform. For many years, Dye was a system administrator for Optinrealbig , a Colorado company that relentlessly pimped all manner of junk email, from mortgage leads and adult-related services to counterfeit products and Viagra.

Media

Media Government Marketing Internet

Yomi Hunter Catches the CurveBall

Security Affairs

JANUARY 21, 2020

The Malware Threat behind CurveBall. Many system administrators and companies were rushing to update internet exposed machines, like web servers or gateways, worried about possible remote code execution, reviving the EternalBlue /WannaCry crisis in their mind. . Pierluigi Paganini. SecurityAffairs – Curveball, hacking).

Malware

Malware Advertising System Administration Risk

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

The Carbanak gang (aka FIN7 , Anunak or Cobalt ) stole over a billion euros from banks across the world, the name “Carbanak” comes with the name of the malware they used to compromise computers at banks, other financial institutions, restaurants, and other industries. Hladyr is suspected to be a system administrator for the group.

Malware

Malware Penetration Testing Banking System Administration

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Security Affairs

MARCH 10, 2020

In human-operated ransomware attack scenario, attackers use stolen credentials, exploit misconfiguration and vulnerabilities to access target networks, attempt to escalate privileges and move laterally, and deliver malware and exfiltrate data. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Cybercrime Social Engineering Banking

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

The popular researcher Larry Cashdollar, from Akamai SIRT, announced in exclusive to The Register, that he observed a miner that previously hit only Arm-powered IoT devices targeting Intel systems. The researchers revealed that one of his honeypots was hit by this IoT malware that targets Intel machines running Linux.

IoT

IoT Cryptocurrency Malware Advertising

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

Security Affairs

MARCH 11, 2020

Users and system administrators are recommended to apply the latest security patches as soon as possible to prevent attackers exploiting them. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

System Administration

System Administration Advertising Internet Internet

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware

Malware System Administration Hacking Media

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Security Affairs

AUGUST 19, 2020

US CISA published an alert related to a new North Korean malware, dubbed BLINDINGCAN, used in attacks on the US defense and aerospace sectors. According to the government experts, the BLINDINGCAN malware was employed in attacks aimed at US and foreign companies operating in the military defense and aerospace sectors. In April, the U.S.

Malware

Malware Cyber threats Government Advertising

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

Security Affairs

SEPTEMBER 9, 2019

ESET researchers discovered a new malware associated with the Stealth Falcon APT group that abuses the Windows BITS service to stealthy exfiltrate data. Security researchers from discovered a new malware associated with the Stealth Falcon cyber espionage group that abuses the Windows BITS service to stealthy exfiltrate data.

Malware

Malware Advertising System Administration Spyware

CIA elite hacking unit was not able to protect its tools and cyber weapons

Security Affairs

JUNE 17, 2020

The Chinese security firm also adds that the APT-C-39 hacking group employed several Vault 7 tools in its operations, including the Fluxwire backdoor, and the Grasshopper malware builder. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – hacking, CIA).

Hacking

Hacking Engineering Data breaches Advertising

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

Security Affairs

APRIL 26, 2021

European law enforcement has conducted an operation aimed at performing a mass-sanitization of computers infected with the infamous Emotet Windows malware. European law enforcement agencies automatically wiped the infamous Emotet malware from infected systems across the world as part of a mass sanitization operation.

Malware

Malware Banking System Administration Hacking

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

The Roboto botnet spreads by compromising systems by exploiting the Webmin RCE vulnerability tracked as CVE-2019-15107 to drop its downloader module on Linux servers running vulnerable installs. Webmin is an open-source web-based interface for system administration for Linux and Unix. Pierluigi Paganini.

DDOS

DDOS Advertising System Administration DNS

New Linux/DDosMan threat emerged from an evolution of the older Elknot

Security Affairs

APRIL 1, 2019

The popular expert unixfreaxjp analyzed a new China ELF DDoS’er malware tracked as “Linux/DDoSMan” that evolves from the Elknot malware to deliver new ELF bot. But what kind of malware is this Elknot Trojan? This malware is an update and reuse from the Elknot’s malware source code.

DDOS

DDOS Malware Encryption Penetration Testing

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

OCTOBER 28, 2018

“The intrusion attempts to deploy a cryptocurrency-mining malware (detected by Trend Micro as Coinminer.SH.MALXMR.ATNE) on the misconfigured systems.” The Center for Internet Security (CIS) has a reference that can help system administrators and security teams establish a benchmark to secure their Docker engine.

Engineering

Engineering Cryptocurrency Advertising System Administration

Experts discovered a severe command injection flaw in Cisco Webex Meetings Desktop

Security Affairs

OCTOBER 25, 2018

.” Cisco advisory reveals that the vulnerability could be exploited remotely by leveraging the operating system remote management tools. The vulnerability could be exploited by a malware or ill-intentioned logged-in user to gain system administrator rights and carry out malicious activities. and later prior to 33.0.5,

Advertising

Advertising System Administration Hacking Software

US authorities charged Dridex gang members for stealing over $100 Million

Security Affairs

DECEMBER 7, 2019

US DoJ charged two Russian citizens for deploying the Dridex malware and for their involvement in international bank fraud and computer hacking schemes. The Bugat malware a multifunction malware package designed to automate the theft of confidential personal and financial information. Attorney Brady.

Banking

Banking Malware Accountability Cybercrime

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs

JUNE 27, 2019

. “APT10 often attacked a service provider’s system by “spear-phishing” – sending company employees emails designed to trick them into revealing their passwords or installing malware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the report. Pierluigi Paganini.

Identity Theft

Identity Theft Hacking Advertising System Administration

Initial patch for Webex Meetings flaw WebExec was incomplete. Cisco fixed it again

Security Affairs

NOVEMBER 28, 2018

Cisco advisory reveals that the vulnerability could be also exploited remotely by leveraging the operating system remote management tools. The issue could be exploited by a malware or ill-intentioned logged-in user to gain system administrator rights and carry out malicious activities. and later prior to 33.0.5,

Advertising

Advertising System Administration Software Authentication

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

A baseboard management controller (BMC) is a specialized service processor that monitors the physical state of a computer, network server or other hardware device using sensors and communicating with the system administrator through an independent connection. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Firmware Media Authentication

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

Security Affairs

JULY 6, 2020

System administrators need to upgrade to fixed versions ASAP. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Our preliminary CVE-2020-5902 scans have located 1,832 vulnerable F5 hosts.

System Administration

System Administration Advertising Hacking Banking

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

One of the defining signatures of PerSwaysion is that it spreads like wildfire jumping from one victim to another while no malware is present on a user device during the attack. PerSwaysion campaign is a series of Malware-as-a-Service-based operations. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Phishing

Phishing Accountability Financial Services Cloud Migration

Three members of FIN7 (Carbanak) gang charged with stealing 15 million credit cards

Security Affairs

AUGUST 2, 2018

The gang stole over a billion euros from banks across the world, the name “Carbanak” comes with the name of the malware they used to compromise computers at banks and other financial institutions. Hladyr is suspected to be a system administrator for the group. The man is suspected to be a supervisor of the group.

Banking

Banking Cybercrime Identity Theft Penetration Testing

Beautiful Basics: Lesson 3

Security Boulevard

MAY 28, 2022

Which to be fair, is what a lot of malware and APT actors do. System administrators usually know their systems very well. With the move to DevOps, I’m not sure if that is decreasing because systems are more transitory or the monitoring systems have kept pace or improved because of it. Do EDRs detect things?

System Administration

System Administration Accountability Passwords VPN

Most Common SSH Vulnerabilities & How to Avoid Them

Security Boulevard

DECEMBER 2, 2022

In most organization system administrators can disable or change most or all SSH configurations; these settings and configurations can significantly increase or reduce SSH security risks. Infamous Sony breach (2014) was done with the use of stolen SSH key. Late 2019 Kinsing Malware attacks targeting container environments.

Risk

Risk Passwords Authentication Accountability

CSPM vs CWPP vs CIEM vs CNAPP: What’s the Difference?

eSecurity Planet

AUGUST 4, 2023

Cloud Security Posture Management services (CSPM) began to appear in 2014 to manage cloud service configurations as cloud service providers like AWS, Microsoft Azure, and Google Cloud grew more prevalent. To set up and administer access controls using CIEM systems, administrators and security teams may need specialized training.

Architecture

Architecture Risk Data breaches Threat Detection

Ransomware Gangs and the Name Game Distraction

Krebs on Security

AUGUST 5, 2021

It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. REvil’s last big victim was Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. ” That CrowdStrike report was from July 2019. .

Ransomware

Ransomware Cybercrime Malware System Administration

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

Canadian police last week raided the residence of a Toronto software developer behind “ Orcus RAT ,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. In 2014, the U.S. An advertisement for Orcus RAT.

Advertising

Advertising Malware Software Marketing

IT threat evolution Q2 2021

SecureList

AUGUST 12, 2021

We discovered the malware as part of an attack against a high-profile organization in Vietnam. We found the loader for this file so interesting that we decided to base one of the tracks of our Targeted Malware Reverse Engineering course on it. The exploit-chain attempts to install malware in the system through a dropper.

Ransomware

Ransomware Malware Banking Encryption

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

China-linked hackers carried out cyber espionage campaigns targeting governments, corporations, and think tanks with TAIDOOR malware. “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1 See the latest malware analysis report on their TTPs at @CNMF_CyberAlert. v1 , U.S. .

Malware

Malware Government Passwords Advertising

Cyber Security Informer

Orcus RAT Author Charged in Malware Scheme

Stolen Nvidia certificates used to sign malware—here’s what to do

Trending Sources

FireEye experts found source code for CARBANAK malware on VirusTotal?

A member of the FIN7 group was sentenced to 10 years in prison

Meet the Administrators of the RSOCKS Proxy Botnet

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming

Yomi Hunter Catches the CurveBall

FireEye experts found source code for CARBANAK malware on VirusTotal?

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

North Korea-linked Lazarus APT targets the IT supply chain

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

CIA elite hacking unit was not able to protect its tools and cyber weapons

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

Roboto, a new P2P botnet targets Linux Webmin servers

New Linux/DDosMan threat emerged from an evolution of the older Elknot

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Experts discovered a severe command injection flaw in Cisco Webex Meetings Desktop

US authorities charged Dridex gang members for stealing over $100 Million

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Initial patch for Webex Meetings flaw WebExec was incomplete. Cisco fixed it again

USBAnywhere BMC flaws expose Supermicro servers to hack

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Three members of FIN7 (Carbanak) gang charged with stealing 15 million credit cards

Beautiful Basics: Lesson 3

Most Common SSH Vulnerabilities & How to Avoid Them

CSPM vs CWPP vs CIEM vs CNAPP: What’s the Difference?

Ransomware Gangs and the Name Game Distraction

Canadian Police Raid ‘Orcus RAT’ Author

IT threat evolution Q2 2021

US govt agencies share details of the China-linked espionage malware Taidoor

Stay Connected