Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. Follow me on Twitter: @securityaffairs and Facebook.

Accountability 144

Accountability Malware Phishing Social Engineering 144

Security Affairs

APRIL 26, 2021

Apple addresses a zero-day in macOS exploited by Shlayer malware to bypass Apple’s security features and deliver second-stage malicious payloads. The developers behind the Shlayer malware have successfully managed to get their malicious payloads approved by Apple through its automated notarizing process in order to run on macOS.

Malware 145

Malware Software Engineering Hacking 145

Security Affairs

DECEMBER 13, 2021

The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and business services. Proofpoint researchers uncovered a campaign exclusively targeting French entities and organizations with operations in France with the banking malware TinyNuke. Pierluigi Paganini.

Banking 123

Banking Malware Manufacturing Business Services 123

Security Affairs

FEBRUARY 2, 2025

Meta announced the disruption of a malware campaign via WhatsApp that targeted journalists with the Paragon spyware. Meta announced that discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka Graphite).

Spyware 108

Spyware Hacking Surveillance Malware 108

Security Affairs

JANUARY 14, 2021

Security experts from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian government institutions and private companies. Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian entities exclusively. Pierluigi Paganini.

Malware 140

Malware Surveillance Phishing Government 140

Security Affairs

JANUARY 8, 2021

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes.

Malware 145

Malware Encryption Passwords Antivirus 145

Security Affairs

APRIL 11, 2021

More than 500,000 Huawei users have been infected with the Joker malware after downloading apps from the company’s official Android store. More than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store. ” reads the post published by Dr. Web.

Malware 145

Malware Spyware Mobile Antivirus 145

Adam Levin

DECEMBER 24, 2019

stated that the company’s information security team had discovered malware on their payment processing servers about a week earlier. In an announcement released December 19, Wawa CEO Chris Gheysens.

Data breaches 161

Data breaches Malware Information Security Cybersecurity 161

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. The experts noticed that the threat actors have rewritten many functions of the malware to run on Linux systems. Additional analysis led to the discovery of a previously unknown Linux backdoor tracked as SprySOCKS.

Malware 126

Malware Encryption Telecommunications Authentication 126

Security Affairs

NOVEMBER 12, 2020

Cybersecurity researchers spotted a new modular PoS malware, dubbed ModPipe, that targets PoS restaurant management software from Oracle. ESET has been aware of the existence of modules since the end of 2019 when its experts first spotted the “basic” components of the malware. SecurityAffairs – hacking, PoS malware).

Malware 142

Malware Architecture Passwords Software 142

Security Affairs

SEPTEMBER 15, 2023

The Russian national Dariy Pankov (28), aka dpxaker, is the author of the NLBrute malware. The NLBrute malware allows operators to compromise protected computers by decrypting login credentials. The powerful malware was capable of compromising protected computers by decrypting login credentials, such as passwords.

Malware 125

Malware Marketing Passwords Hacking 125

Krebs on Security

JANUARY 24, 2023

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. Denis Kloster, as posted to his Vkontakte page in 2019. Kloster’s blog enthused. “We

Cybercrime 276

Cybercrime Advertising IoT Malware 276

Security Affairs

NOVEMBER 19, 2024

Ptitsyn and his conspirators used a ransomware-as-a-service (RaaS) model to distribute their malware to a network of affiliates. Phobos operation uses a ransomware-as-a-service (RaaS) model, it has been active since May 2019.

Cybercrime 114

Cybercrime Ransomware Healthcare Education 114

SecureList

APRIL 24, 2023

It is worth noting that while we identified a few targets in other locations, all of them appear to be foreign diplomatic entities of the colored countries: Tomiris’s polyglot toolset Tomiris uses a wide variety of malware implants developed at a rapid pace and in all programming languages imaginable.

Malware 134

Malware DNS Government Software 134

Security Affairs

JANUARY 12, 2022

The alert remarks that Russian nation-state actors have demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing custom malware. Some of the hacking campaigns that were publicly attributed to Russian state-sponsored APT actors by U.S.

Malware 143

Malware Cyber threats Government Hacking 143

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. RCE CVE-2020-5902 F5 BigIP RCE No CVE (vulnerability published on 2019) ThinkPHP 5.X The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” LFI CVE-2018-16763 Fuel CMS 1.4.1 ” concludes the report.

Malware 145

Malware DDOS IoT Cybercrime 145

Krebs on Security

JUNE 22, 2022

A copy of the passport for Denis Kloster, as posted to his Vkontakte page in 2019. 2019, he obtained a visa from the American Embassy in Bangkok, Thailand. “Thanks to you, we are now developing in the field of information security and anonymity!,” info , allproxy[.]info It shows that in Oct.

Advertising 317

Advertising Cybercrime System Administration Hacking 317

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software. Since May 2019, Penchukov had a prominent role in the Zeus operation.

Malware 129

Malware Cybercrime Banking Hacking 129

Security Affairs

JULY 7, 2021

WildPressure APT is targeting industrial organizations in the Middle East since 2019 and was spotted using now a new malware that targets both Windows and macOS. Researchers from Kaspersky have spotted a new malware used by the WildPressure APT group to targets both Windows and macOS systems.

Malware 136

Malware VPN Architecture Hacking 136

Security Affairs

SEPTEMBER 17, 2021

Security researchers spotted a new malware that uses Windows Subsystem for Linux (WSL) to evade detection in attacks against Windows machines. Security researchers from Lumen’s Black Lotus Labs have discovered several malicious Linux binaries developed to target the Windows Subsystem for Linux (WSL). Pierluigi Paganini.

Malware 140

Malware Hacking Information Security 140

Security Affairs

MARCH 2, 2024

In October 2019, WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. In May 2019, Facebook patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568 , that has been exploited to remotely install spyware on phones by calling the targeted device.

Spyware 143

Spyware Surveillance Software Architecture 143

Krebs on Security

SEPTEMBER 24, 2022

At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the United States, reportedly telling the judge, “America is looking for me because I have enormous information and they need it.” ” A copy of the passport for Denis Kloster, as posted to his Vkontakte page in 2019.

Cybercrime 251

Cybercrime Data breaches Malware Ransomware 251

Security Affairs

MARCH 14, 2025

The dual Russian-Israeli national was arrested in Israel in 2024 and faces charges related to his role in the ransomware operation The man is accused of being a LockBit ransomware developer from 2019 through at least February 2024. reads the press release published by DoJ.

Ransomware 64

Ransomware Cryptocurrency Small Business Malware 64

Security Affairs

FEBRUARY 23, 2023

Dariy Pankov, a Russian VXer behind the NLBrute malware, has been extradited to the United States from Georgia. The Russian national Dariy Pankov, aka dpxaker, is suspected to be the author of the NLBrute malware. The malware allows operators of compromising protected computers by decrypting login credentials.

Malware 98

Malware Marketing Passwords Hacking 98

Security Affairs

DECEMBER 20, 2024

The US Department of Justice sentenced the Ukrainian national Mark Sokolovsky (28) for his role in the distribution of the Raccoon Infostealer malware. The Raccoon stealer was first spotted in April 2019, it was designed to steal victims credit card data, email credentials, cryptocurrency wallets, and other sensitive data.

Cryptocurrency 62

Cryptocurrency Identity Theft Cybercrime Malware 62

Security Affairs

AUGUST 14, 2020

The campaigns were classified as either phishing or malware. This report provides intelligence and indicators of compromise (IOCs) that organizations can use to fight current attacks, anticipating emerging threats, and manage security awareness in a better way. Phishing and Malware Q2 2020. Malware by Numbers.

Threat Reports 145

Threat Reports Phishing Banking Malware 145

Security Affairs

JANUARY 26, 2021

Threat Report Portugal Q4 2020: Data related to Phishing and malware attacks based on the Portuguese Abuse Open Feed 0xSI_f33d. The submissions were classified as either phishing or malware. Phishing and Malware Q4 2020. A new piece of malware was also tracked and analyzed during Q3 and active in Q4 – trojan URSA/mispadu.

Threat Reports 137

Threat Reports Phishing Malware Banking 137

Security Affairs

AUGUST 3, 2020

He allegedly subscribed the GandCrab ransomware-as-a-service to create his own version of the malware and spread it running a spam campaign. The RaaS implements a user-friendly admin console, which is accessible via Tor Network, to allow malware customization (i.e. Close of GandCrab Ransomware : 1-6-2019. Pierluigi Paganini.

Ransomware 145

Ransomware Advertising Malware Hacking 145

Security Affairs

MAY 7, 2021

The NCSC, NSA, CISA, and CSE have previously issued a joint report regarding the group’s campaigns aimed at organizations involved in COVID-19 vaccine development throughout 2020 using WellMess and WellMail malware. The news joint repost, speculate the SVR has reacted to the report by changing their TTPs. ” states the report.

Cybersecurity 140

Cybersecurity Hacking Government Malware 140

Security Affairs

DECEMBER 3, 2024

According to the Gazeta Wyborcza daily, the spyware was used to spy on the phone of Jacek Karnowski, mayor of the city of Sopot, in 2018-2019. The PiS government admitted having used the spyware, but pointed out the Pegasus was never used against political opponents.

Spyware 117

Spyware Government Surveillance Hacking 117

Security Affairs

FEBRUARY 10, 2025

The group was also observed exploiting vulnerabilities in Telerik UI such as CVE-2017-9248 and CVE-2019-18935. CVE-2024-57968 allows remote authenticated users to upload files to unintended folders, while CVE-2025-25181 is an SQL injection flaw enabling remote SQL execution (no patch available).

Manufacturing 110

Manufacturing Cybercrime Passwords Authentication 110

Krebs on Security

JANUARY 6, 2020

In mid-November 2019, Wisconsin-based Virtual Care Provider Inc. ” Security news site Bleeping Computer reported on the T-Systems Ryuk ransomware attack on Dec. Holden said it appears the intruders laid the groundwork for the VPCI using Emotet , a powerful malware tool typically disseminated via spam. In our Dec.

Passwords 252

Passwords Ransomware Password Management Malware 252

Security Affairs

NOVEMBER 28, 2020

billion in 2019. The operators also announced that the stolen data will be permanently removed from its servers and it will provide security tips on how to secure the network to prevent future infections. Advantech has 8,000 employees worldwide and has reported a yearly sales revenue of over $1.7

Ransomware 145

Ransomware Encryption IoT Malware 145

Security Affairs

JUNE 11, 2022

The activity of the Lyceum APT group was first documented earlier in August 2019 by researchers at ICS security firm Dragos which tracked it as Hexane. “Initially the malware sets up an attacker controlled DNS server by acquiring the IP Address of the domain name “cyberclub[.]one” “The dropped binary is a .NET

DNS 145

DNS Telecommunications Malware Phishing 145

Security Affairs

JUNE 1, 2023

According to Kaspersky researchers, Operation Triangulation began at least in 2019 and is still ongoing. “The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data” reads the analysis published by Kaspersky. .”

Malware 98

Malware Backups Mobile Hacking 98

Security Affairs

JUNE 7, 2024

Ukraine CERT-UA warned of cyber attacks targeting defense forces with SPECTR malware as part of a cyber espionage campaign dubbed SickSync. The Ukrainian CERT attributes the attack to the threat actor UAC-0020 which employed a malware called SPECTR as part of the campaign tracked as SickSync.

Malware 84

Malware Cyber threats Cyber Attacks Software 84

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. ” continues the analysis.

IoT 145

IoT DDOS Architecture Passwords 145