Schneier on Security

MAY 18, 2020

A new malware, called Ramsey, can jump air gaps : ESET said they've been able to track down three different versions of the Ramsay malware, one compiled in September 2019 (Ramsay v1), and two others in early and late March 2020 (Ramsay v2.a Seems likely.

Malware 219

Malware Government 219

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims.

Malware 340

Malware Identity Theft Cybercrime Accountability 340

Schneier on Security

JUNE 9, 2023

The oldest traces of infection that we discovered happened in 2019. The initial message and the exploit in the attachment is deleted The malicious toolset does not support persistence, most likely due to the limitations of the OS. The timelines of multiple devices indicate that they may be reinfected after rebooting.

Malware 276

Malware Backups Mobile 276

Krebs on Security

MAY 14, 2019

Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003 , citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.

Malware 267

Malware Ransomware Authentication 267

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware 304

Malware Cybercrime Software Accountability 304

Krebs on Security

JANUARY 12, 2021

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company’s software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. In a blog post published Jan.

Software 354

Software Malware Government 354

Malwarebytes

OCTOBER 18, 2024

The vulnerability, tracked as CVE-2024-44133 was fixed in the September 16 update for Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later).

Adware 143

Adware Spyware Mobile Technology 143

Krebs on Security

MARCH 11, 2025

Rapid7’s lead software engineer Adam Barnett said Windows 11 and Server 2019 onwards are not listed as receiving patches, so are presumably not vulnerable. However, ESET notes the vulnerability itself also is present in newer Windows OS versions, including Windows 10 build 1809 and the still-supported Windows Server 2016.

System Administration 224

System Administration Engineering Internet Internet 224

Krebs on Security

NOVEMBER 13, 2019

In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT , a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme.

Malware 227

Malware Advertising Marketing System Administration 227

Schneier on Security

MARCH 28, 2019

In January 2019, we discovered a sophisticated supply chain attack involving the ASUS Live Update Utility. Kaspersky Labs is reporting on a new supply chain attack they call "Shadowhammer.". The attack took place between June and November 2018 and according to our telemetry, it affected a large number of users. [.].

Hacking 278

Hacking Malware 278

Krebs on Security

JANUARY 13, 2021

Ten of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited by malware or miscreants to seize remote control over unpatched systems with little or no interaction from Windows users.

Backups 318

Backups Malware Marketing Software 318

Security Affairs

DECEMBER 23, 2024

Court documents state that on October 29, 2019, plaintiffs filed this lawsuit, alleging that the defendants used WhatsApp to target approximately 1,400 mobile phones and devices to infect them with the surveillance software. NSOs witnesses have refused to answer whether it developed further WhatsApp-based Malware Vectors thereafter.

Spyware 108

Spyware Surveillance Software Hacking 108

Krebs on Security

MAY 30, 2019

In March 2019, the Canadian Radio-television and Telecommunications Commission (CRTC) — Canada’s equivalent of the U.S. Section 8 involves the surreptitious installation of computer programs on computers or networks including malware and spyware.

Computers and Electronics 235

Computers and Electronics Malware Software Telecommunications 235

Krebs on Security

FEBRUARY 4, 2025

The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled , English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. Constella found that a user named Shoppy registered on Cracked in 2019 using the email address finn@shoppy[.]gg.

eCommerce 205

eCommerce Cybercrime Accountability Passwords 205

Security Affairs

DECEMBER 22, 2024

The man is accused of being a LockBit ransomware developer from 2019 through at least February 2024. Panev and other developers were tasked to create and maintain the malware and infrastructure, while affiliates executed attacks and extorted ransoms, splitting the proceeds. Arrested in Israel, he awaits extradition to the U.S.

Ransomware 119

Ransomware Small Business Antivirus Malware 119

Security Affairs

OCTOBER 27, 2024

They were convicted of illegal payment handling, with Puzyrevsky and Khansvyarov also found guilty of malware use and distribution. They were found guilty of illegal payment handling, while Puzyrevsky and Khansvyarov were also convicted of using and distributing malware. “On Friday, October 25, the St. in March 2022.

Ransomware 142

Ransomware Hacking Malware Cybercrime 142

Schneier on Security

FEBRUARY 3, 2021

Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot , was deployed in September 2019, at the time hackers breached SolarWinds’ internal network.

Computers and Electronics 363

Computers and Electronics Malware Software Government 363

Krebs on Security

MARCH 27, 2025

Many successful phishing attacks result in a financial loss or malware infection. Tamoian, a native Russian who left the country in 2019, is the founder of the cyber investigation platform malfors.com. The real website of the Ukrainian paramilitary group “Freedom of Russia” legion. .” world and rusvolcorps[.]ru

Phishing 201

Phishing Government Engineering Internet 201

The Hacker News

APRIL 22, 2024

The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg.

Malware 140

Malware 140

Krebs on Security

AUGUST 14, 2020

billion in 2019. Sources close to the investigation tell KrebsOnSecurity the malware is known as Defray. Email security company Proofpoint says the Defray ransomware is somewhat unusual in that it is typically deployed in small, targeted attacks as opposed to large-scale “spray and pray” email malware campaigns.

Ransomware 363

Ransomware Healthcare Insurance Phishing 363

Krebs on Security

JANUARY 27, 2021

NetWalker is a ransomware-as-a-service crimeware product in which affiliates rent access to the continuously updated malware code in exchange for a percentage of any funds extorted from victims. “It picked up steam in mid-2020, growing the average ransom to $65,000 last year, up from $18,800 in 2019.” Powershell build.

Ransomware 336

Ransomware Cybercrime Antivirus Encryption 336

Krebs on Security

DECEMBER 8, 2020

Nine of the 58 security vulnerabilities addressed this month earned Microsoft’s most-dire “critical” label, meaning they can be abused by malware or miscreants to seize remote control over PCs without any help from users.

DNS 336

DNS Backups Malware Software 336

Krebs on Security

NOVEMBER 26, 2019

The other three restaurants are all part of the same parent company and disclosed breaches in August 2019. Focus Brands (which owns Moe’s, McAlister’s, and Schlotzsky’s) was breached between April and July 2019, and publicly disclosed this on August 23. Krystal announced a card breach last month. percent worldwide.

Marketing 344

Marketing Cybercrime Retail Advertising 344

Security Affairs

AUGUST 4, 2024

A China-linked APT, tracked as StormBamboo, compromised an internet service provider (ISP) to poison software update mechanisms with malware. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines. The company linked the attacks to StormBamboo APT group.

Malware 143

Malware DNS Firewall Software 143

The Last Watchdog

FEBRUARY 3, 2020

and Saudi Arabia have been steadily escalating for at least the past decade, with notable spikes in activity throughout the course of 2019. It describes malware being iterated by hackers who’ve clearly been doing this for a long while. The Soleimani assassination simply added kerosene to those long-flickering flames.

Energy and Utilities 330

Energy and Utilities Malware Hacking Passwords 330

Krebs on Security

JANUARY 28, 2020

In late December 2019, fuel and convenience store chain Wawa Inc. The fraud bazaar Joker’s Stash on Monday began selling some 30 million stolen payment card accounts that experts say have been tied back to a breach at Wawa in 2019. Pennsylvania-based Wawa says it discovered the intrusion on Dec.

Retail 333

Retail Banking Malware Accountability 333

Security Affairs

DECEMBER 18, 2024

The APT group targeted an organization in Latin America in 2019 and 2022. While investigating the 2022 attack, the researchers noticed that the victim organization had also suffered a 2019 attack using “Careto2” and “Goreto” frameworks. ” reads the analysis published by Kaspersky.

Cyber Attacks 114

Cyber Attacks Hacking Government Malware 114

Krebs on Security

OCTOBER 13, 2020

Eleven of the vulnerabilities earned Microsoft’s most-dire “critical” rating, which means bad guys or malware could use them to gain complete control over an unpatched system with little or no help from users.

Backups 353

Backups Malware Engineering Hacking 353

Krebs on Security

FEBRUARY 11, 2020

A dozen of the vulnerabilities Microsoft patched today are rated “critical,” meaning malware or miscreants could exploit them remotely to gain complete control over an affected system with little to no help from the user. It could be used to install malware just by getting a user to browse to a malicious or hacked Web site.

Backups 64

Backups Malware Internet Internet 64

Krebs on Security

SEPTEMBER 8, 2020

None of the flaws are known to be currently under active exploitation, but 23 of them could be exploited by malware or malcontents to seize complete control of Windows computers with little or no help from users. “We have seen the previously patched Exchange bug CVE-2020-0688 used in the wild, and that requires authentication. .”

Software 310

Software Backups Authentication Internet 310

SecureList

FEBRUARY 27, 2023

Kaspersky mobile cyberthreat detection dynamics in 2020–2022 ( download ) Cybercriminals continued to use legitimate channels to spread malware. The spread of malware through Google Play continued as well. Harly malware programs were downloaded a total of 2.6 These secretly signed users up for paid services. percentage points.

Mobile 143

Mobile Malware Adware Banking 143

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. This user said they specialize in developing malware, creating computer worms, and crafting new ways to hijack Web browsers.

Ransomware 300

Ransomware Cybercrime Accountability Malware 300

Krebs on Security

JUNE 16, 2021

First debuting in early 2019, CLOP is one of several ransomware groups that hack into organizations, launch ransomware that encrypts files and servers, and then demand an extortion payment in return for a digital key needed to unlock access. ?

Ransomware 358

Ransomware Cybercrime Malware Encryption 358

SecureList

OCTOBER 6, 2022

During the pandemic, lockdowns forced people to stay at home and do their shopping online, which was mirrored in point-of-sale (PoS) and ATM malware activity, as certain regions saw malicious transactions drop significantly. Perpetrators continue to spread already-existing, widely used malware to attack PoS terminals and ATMs.

Malware 143

Malware Banking Software Cybercrime 143

Krebs on Security

AUGUST 16, 2020

A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem. And, he said, this exact attack vector was indeed detected in a malware sample sent to VirusTotal.

Antivirus 363

Antivirus Malware Software 363

Security Affairs

FEBRUARY 2, 2025

Meta announced the disruption of a malware campaign via WhatsApp that targeted journalists with the Paragon spyware. Meta announced that discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka Graphite).

Spyware 108

Spyware Hacking Surveillance Malware 108

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. The experts noticed that the threat actors have rewritten many functions of the malware to run on Linux systems. Additional analysis led to the discovery of a previously unknown Linux backdoor tracked as SprySOCKS.

Malware 126

Malware Encryption Telecommunications Authentication 126