Security Affairs

MAY 27, 2020

Group-IB , a Singapore-based cybersecurity company that specializes in preventing cyberattacks, found out that the year of 2019 was marked by ransomware evolution and was dominated by increasingly aggressive ransomware campaigns, with its operators resorting to more cunning TTPs, reminding those of APT groups to get their victims shell out.

Ransomware 129

Ransomware Phishing Advertising Encryption 129

Security Affairs

JULY 29, 2019

According to experts at Sonicwall, scanning of random ports and the diffusion of encrypted malware are characterizing the threat landscape. The situation is better in the first half of 2019, when SonicWall recorded 4.8 The situation is better in the first half of 2019, when SonicWall recorded 4.8 billion attacks.

IoT 110

IoT Encryption Malware Advertising 110

Security Affairs

DECEMBER 5, 2019

Researchers discovered a vulnerability tracked as CVE-2019-14899 that can be exploited to hijack active TCP connections in a VPN tunnel. “Additionally, we are able to determine the exact seq and ack num bers by counting encrypted packets and/or examining their size. SecurityAffairs – CVE-2019-14899 , hacking).

VPN 98

VPN Encryption Advertising Authentication 98

Security Affairs

FEBRUARY 26, 2020

The Kr00k vulnerability, tracked as CVE-2019-15126, could be exploited by nearby remote attackers to intercept and decrypt some wireless network packets transmitted over-the-air by a vulnerable device. “ after a disassociation occurs, data from the chip’s Tx buffer will be transmitted encrypted with the all-zero TK. .

Encryption 111

Encryption Wireless Manufacturing Advertising 111

Security Affairs

DECEMBER 26, 2019

Experts spotted a new strain of the Ryuk Ransomware that was developed to avoid encrypting folders commonly seen in *NIX operating systems. Kremez noticed that the ransomware doesn’t encrypt folders that are associated with *NIX operating systems. 2019-12-21: #Ryuk #Ransomware as V2.EXE ” reported BleepingComputer.

Encryption 93

Encryption Ransomware Malware Advertising 93

Security Affairs

JUNE 12, 2019

Microsoft releases Patch Tuesday security updates for June 2019 that address 88 vulnerabilities in Windows OS and other products. The flaws were disclosed by the researcher SandboxEscaper over the past weeks, below the list of the issue: CVE-2019-0973 CVE-2019-1053 CVE-2019-1064 CVE-2019-1069.

Advertising 97

Advertising Authentication Encryption Internet 97

Security Affairs

JULY 28, 2019

According to a report published by cyber security firm Sixgill data for over 23 million payment card were on offer in underground forums in the first half of 2019. . The following graph shows that three trading posts accounted for 64 percent of the cards on offer during the first half of 2019. . AMEX accounted for 12 percent. .

eCommerce 111

eCommerce Marketing Advertising Accountability 111

Security Affairs

JANUARY 7, 2020

Security experts have found a malicious app in the Google Play that exploits the recently patched CVE-2019-2215 zero-day vulnerability. Earlier October, Google Project Zero researchers Maddie Stone publicly disclosed a zero-day vulnerability , tracked as CVE-2019-2215 , in Android. ” reads a blog post published by Stone.

Surveillance 98

Surveillance Advertising Marketing Encryption 98

Security Affairs

AUGUST 22, 2019

million to allow victims to access encrypted data. million to allow victims to access encrypted data. The attacks started in the morning of August 16 and security experts investigating the incidents believe that it was a coordinated attack carried out by a single cyber crime gang. Pierluigi Paganini.

Encryption 109

Encryption Ransomware Government Advertising 109

Security Affairs

NOVEMBER 19, 2024

Ptitsyn reportedly sold the ransomware on darknet forums under aliases like “derxan” and “zimmermanx,” enabling other criminals to encrypt data and demand ransom. Phobos operation uses a ransomware-as-a-service (RaaS) model, it has been active since May 2019.

Cybercrime 114

Cybercrime Ransomware Healthcare Education 114

Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. The researchers noticed that the encryption algorithm implemented in the ELF executable is flawed and can allow victims to decrypt locked files without paying a ransom. ” continues the report.

Encryption 98

Encryption Ransomware Cybercrime Engineering 98

The Last Watchdog

MARCH 17, 2021

NTT Research opened its doors in Silicon Valley in July 2019 to help nurture basic research in three subject areas that happen to be at the core of digital transformation: quantum physics, medical informatics and cryptography. More about these paradigm shifters below.

Digital transformation 222

Digital transformation Encryption Technology Mobile 222

Security Affairs

NOVEMBER 1, 2019

One of the two flaws in Chrome addressed by Google, CVE-2019-13720, was exploited in a campaign that experts attribute to Korea-linked threat actors. Reported by banananapenguin on 2019-10-12[$TBD][ 1019226 ] High CVE-2019-13720: Use-after-free in audio. SecurityAffairs – CVE-2019-13720, Lazarus). Pierluigi Paganini.

Advertising 80

Advertising Encryption Hacking Information Security 80

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. Pierluigi Paganini.

Encryption 96

Encryption Ransomware Malware Scams 96

Security Affairs

DECEMBER 27, 2021

The attackers first create a user in the administrator group, then use it to encrypt the content of the NAS. “It is important to note that there is a free decryptor for files locked with an older version (before July 17th, 2019) of eCh0raix ransomware. The malicious code appends.encrypt extension to filenames of encrypted files.

Ransomware 142

Ransomware Encryption Manufacturing Hacking 142

Security Affairs

NOVEMBER 28, 2020

The Conti ransomware gang hit infected the systems of industrial automation and Industrial IoT (IIoT) chip maker Advantech and is demanding over $13 million ransom (roughly 750 BTC) to avoid leaking stolen files and to provide a key to restore the encrypted files. billion in 2019. Pierluigi Paganini.

Ransomware 145

Ransomware Encryption IoT Malware 145

Security Affairs

SEPTEMBER 17, 2022

The cybersecurity firm Bitdefender has released a free decryptor to allow LockerGoga ransomware victims to recover their encrypted files without paying a ransom. “We’re pleased to announce the availability of a new decryptor for LockerGoga, a strain of ransomware that rose to fame in 2019 with the attack of the Norsk Hydro company.”

Ransomware 136

Ransomware Encryption Backups Cybercrime 136

Security Affairs

NOVEMBER 19, 2023

Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. 8base” file extension for encrypted documents, a circumstance that suggested a possible link to the 8Base group or the use of the same code-base for their ransomware.

Ransomware 140

Ransomware Encryption Backups Malware 140

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

OCTOBER 5, 2020

Security researchers at Netlab, the network security division Qihoo 360, have published a report that details an IoT botnet dubbed Ttint. The experts are monitoring the Mirai-based botnet since November 2019 and observed it exploiting two Tenda router 0-day vulnerabilities to spread a Remote Access Trojan (RAT).

IoT 145

IoT Firmware Advertising DNS 145

Security Affairs

JANUARY 31, 2020

Experts at cyber security firm Cypher conducted a study on Portuguese domains during 2019 and concluded that Emotet and Ryuk were the most active threats. This is the conclusion of a study by Cipher Portugal, which studied Portuguese domains during 2019. This enhancement appeared in the middle of September 2019.

Malware 143

Malware Advertising Retail Antivirus 143

Security Affairs

JUNE 6, 2020

The eCh0raix ransomware was appeared in the threat landscape in June 2019 by experts at security firms Intezer and Anomali. The ransomware, tracked by Intezer as “ QNAPCrypt ” and “ eCh0raix ” by Anomali, is written in the Go programming language and uses AES encryption to encrypt files. The malicious code appends .encrypt

Ransomware 142

Ransomware Encryption Advertising Manufacturing 142

Security Affairs

NOVEMBER 1, 2020

The Maze ransomware operators are shutting down their operations for more than one year the appeared on the threat landscape in May 2019. The Maze cybercrime gang is shutting down its operations, it was considered one of the most prominent and active ransomware crew since it began operating in May 2019.

Ransomware 145

Ransomware Cybercrime Advertising Software 145

Security Affairs

JUNE 15, 2021

In October 2019, security experts at Emsisoft have developed a tool to decrypt files encrypted by the Paradise ransomware. The ransomware family encrypts files using Salsa20 and RSA-1024 and it appends several extensions to their filenames.

Ransomware 143

Ransomware Hacking Encryption Malware 143

Security Affairs

MARCH 19, 2020

” According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. locked to the filename of the encrypted files. “On one of the compromised information systems, experts found encrypted files with the extension “ newversion.”

Government 142

Government Ransomware Encryption Penetration Testing 142

Security Affairs

APRIL 9, 2020

million ransom to decrypt its files after being encrypted by the infamous Sodinokibi ransomware. “As part of this attack, the operators behind the Sodinokibi ransomware told BleepingComputer that they had encrypted the company’s entire network, deleted backup files, and copied more than 5GB of personal data.

Ransomware 144

Ransomware Encryption Advertising Backups 144

Security Affairs

AUGUST 10, 2021

The eCh0raix ransomware has been active since at least 2019, when eExperts from security firms Intezer and Anomali separately discovered sample of the ransomware targeting Network Attached Storage (NAS) devices. The malicious code appends.encrypt extension to filenames of encrypted files.

Ransomware 138

Ransomware Encryption Firmware Passwords 138

Security Affairs

JULY 28, 2020

These are encrypted with the actor’s public key and sent to their infrastructure over HTTPS. In November 2019, security experts first spotted the QSnatch malware that at the time infected thousands of QNAP NAS devices worldwide. Webshell functionality for remote access. ” reads the alert.

Malware 142

Malware Firmware Advertising Manufacturing 142

Security Affairs

AUGUST 12, 2019

Searching online the expert first found an encrypted firmware, he found on a forum a Portable ROM Dumper , (a custom firmware update file that once loaded, dumps the memory of the camera into the SD Card) that allowed him to dump the camera’s firmware and load it into his disassembler (IDA Pro). ” – Eyal Itkin.

Ransomware 111

Ransomware Firmware Wireless Encryption 111

The Last Watchdog

NOVEMBER 16, 2020

I recently had the chance to discuss iO with Dr. Tatsuaki Okamoto, director of NTT Research’s Cryptography and Information Security (CIS) Lab , and Dr. Amit Sahai, professor of computer science at UCLA Samueli School of Engineering and director of UCLA Center for Encrypted Functionalities (CEF). NTT endowed its new U.S.

Software 182

Software Computers and Electronics Encryption Energy and Utilities 182

Security Affairs

NOVEMBER 23, 2019

For Catch NYC (including Catch Roof), the timeframe was from March 19, 2019 through October 17, 2019. For Catch Steak, the timeframe was September 17, 2019 through October 17, 2019. Portable POS devices are not affected because they utilize point-to-point encryption.

Malware 133

Malware Advertising Data breaches Encryption 133

Security Affairs

JANUARY 16, 2022

BleepingComputer also reported that dozens of ransom notes and encrypted files have been submitted to the ID-Ransomware service by affected QNAP users. The ransomware, tracked by Intezer as “ QNAPCrypt ” and “ eCh0raix ” by Anomali, is written in the Go programming language and uses AES encryption to encrypt files.

Ransomware 139

Ransomware Encryption Backups Firmware 139

Malwarebytes

JUNE 7, 2021

Data transfer between homes will be capped, and the data communicated through Amazon Sidewalk will be encrypted. Other experts have warned about the security and privacy implications of Amazon’s project, as Sidewalk will rely on an untested WiFi protocol to link together selected devices.

Wireless 145

Wireless Internet Internet Encryption 145

Security Affairs

OCTOBER 21, 2021

The Macaw Locker ransomware encrypts victims’ files and append the .macaw macaw extension to the file name of the encrypted files. In 2019, the U.S. Bleeping Computer, citing Emsisoft CTO Fabian Wosar, reported that the Macaw Locker ransomware is the latest rebrand of Evil Corp.

Ransomware 142

Ransomware Cybercrime Banking Encryption 142

Security Affairs

AUGUST 30, 2019

The Project Zero researcher Ian Beer explained that only two of the 14 security flaws were zero-days , CVE-2019-7287 and CVE-2019-7286, he also revealed that the campaign remained under the radar for at least two years. CVE-2019-7286 and CVE-2019-7287 in the iOS advisory today ( [link] ) were exploited in the wild as 0day.

Spyware 111

Spyware Hacking Advertising Encryption 111

Security Affairs

SEPTEMBER 19, 2023

Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group. It consists of two components, the loader and the encrypted main payload. The backdoor uses AES-ECB encryption for C2 communications.

Malware 126

Malware Encryption Telecommunications Authentication 126

Security Affairs

JANUARY 6, 2023

The MegaCortex ransomware first appeared on the threat landscape in May 2019 when it was spotted by security experts at Sophos. Since November 2019, MegaCortex operators started adopting double extortion tactics. The decryptor also supports the “Scan Entire System” mode which allows users to search for all encrypted files.

Ransomware 98

Ransomware Antivirus Encryption Backups 98