Schneier on Security

JUNE 30, 2022

Wired is reporting on a new remote-access Trojan that is able to infect at least eighty different targets: So far, researchers from Lumen Technologies’ Black Lotus Labs say they’ve identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and DrayTek.

Malware 245

Malware DNS Architecture Hacking 245

Krebs on Security

MARCH 28, 2021

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. Further reading: A Basic Timeline of the Exchange Mass-Hack. Organizations Newly Hacked Via Holes in Microsoft’s Email Software.

Hacking 363

Hacking Cybercrime DNS Internet 363

Krebs on Security

AUGUST 28, 2020

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. ”

Accountability 362

Accountability Hacking Authentication Marketing 362

Security Affairs

MARCH 26, 2025

New ReaderUpdate malware variants, now written in Crystal, Nim, Rust, and Go, targets macOS users, SentinelOne warns. SentinelOne researchers warn that multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages, are targeting macOS users. The malware maintains persistence via a.plist file.

Malware 71

Malware Adware Antivirus Marketing 71

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. The malware stole data and encrypted files to block remediation attempts.

Firewall 75

Firewall Hacking Malware Passwords 75

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In some cases, this allows the intruders to profit even if their malware somehow fails to do its job.

Hacking 359

Hacking Ransomware Banking Accountability 359

SecureList

OCTOBER 6, 2022

During the pandemic, lockdowns forced people to stay at home and do their shopping online, which was mirrored in point-of-sale (PoS) and ATM malware activity, as certain regions saw malicious transactions drop significantly. Perpetrators continue to spread already-existing, widely used malware to attack PoS terminals and ATMs.

Malware 143

Malware Banking Software Cybercrime 143

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware 304

Malware Cybercrime Software Accountability 304

Krebs on Security

FEBRUARY 9, 2023

Initially a stealthy trojan horse program delivered via email and used to steal passwords, Trickbot evolved into “a highly modular malware suite that provides the Trickbot Group with the ability to conduct a variety of illegal cyber activities, including ransomware attacks,” the Treasury Department said. Image: Microsoft.

Hacking 237

Hacking Cybercrime Ransomware Government 237

Security Affairs

DECEMBER 27, 2024

charges for allegedly threatening to release data stolen from a company in a March 2020 security breach. government has charged the Brazilian citizen Junior Barros De Oliveira, 29, with allegedly threatening to release data stolen from a company during a March 2020 security breach. A Brazilian citizen faces U.S. Sellinger announced.”

Hacking 67

Hacking Government Data breaches Information Security 67

Security Affairs

NOVEMBER 29, 2024

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. On or about June 25, 2020, Matveev and his LockBit coconspirators targeted a law enforcement agency in Passaic County, New Jersey. The attacks hit law enforcement agencies in Washington, D.C.

Ransomware 117

Ransomware Healthcare Hacking Malware 117

SecureBlitz

FEBRUARY 21, 2024

In 2020, the digital landscape witnessed a cunning maneuver by the infamous Astaroth malware. Cisco Talos researchers first uncovered this devious strategy, revealing that Astaroth embedded encrypted and […] The post Astaroth malware uses YouTube channel descriptions for hacks appeared first on SecureBlitz Cybersecurity.

Malware 116

Malware Hacking Encryption Cybersecurity 116

Schneier on Security

APRIL 8, 2021

This seems to have been exploited by “Western government operatives actively conducting a counterterrorism operation”: The exploits, which went back to early 2020 and used never-before-seen techniques, were “watering hole” attacks that used infected websites to deliver malware to visitors.

Government 280

Government Hacking Malware Cybersecurity 280

The Last Watchdog

JANUARY 25, 2021

Thanks to a couple of milestone hacks disclosed at the close of 2020 and start of 2021, they will forever be associated with putting supply-chain vulnerabilities on the map. Similarly, the SolarWinds and Mimecast hacks are precursors of increasingly clever and deeply-damaging hacks of the global supply chain sure to come.

Hacking 228

Hacking B2B Authentication Software 228

Security Affairs

MARCH 8, 2025

In May 2020, NTT Communications (NTT Com) disclosed a data breach that impacted hundreds of customers. The company launched an investigation after discovering unauthorized access to some systems on May 7, 2020, and then this week, it confirmed that threat actors may have been stolen.

Data breaches 115

Data breaches Mobile Hacking Malware 115

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. In early 2020, several cybercriminals groups followed suit.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

FEBRUARY 17, 2024

CISA warns that the Akira Ransomware gang is exploiting the Cisco ASA/FTD vulnerability CVE-2020-3259 (CVSS score: 7.5) Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco ASA and FTD bug, tracked as CVE-2020-3259 (CVSS score: 7.5), to its Known Exploited Vulnerabilities catalog. in attacks in the wild.

Ransomware 141

Ransomware VPN Education Hacking 141

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. Image: Proofpoint.

Accountability 351

Accountability Advertising Passwords Phishing 351

Security Affairs

NOVEMBER 19, 2024

Evgenii Ptitsyn and others allegedly ran an international hacking scheme since November 2020, deploying Phobos ransomware to extort victims. Ptitsyn and his conspirators used a ransomware-as-a-service (RaaS) model to distribute their malware to a network of affiliates.

Cybercrime 114

Cybercrime Ransomware Healthcare Education 114

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware 330

Malware Software Technology Accountability 330

Security Affairs

NOVEMBER 1, 2024

The malware also grants attackers access to the device’s system, enabling them to retrieve user KeyChain data, device lists, and execute shell commands, potentially gaining full control over the device. The authors utilized the publicly available Safari exploit CVE-2020-9802 for initial access and CVE-2020-3837 for privilege escalation.

Spyware 142

Spyware Media Malware Hacking 142

Security Affairs

FEBRUARY 2, 2025

A joint law enforcement operation led to the seizure of 39 domains tied to a Pakistan-based HeartSender cybercrime group (aka Saim Raza and Manipulators Team) known for selling hacking and fraud tools. The HeartSender group has sold phishing tools to criminals since 2020, causing over $3 million in U.S.

Cybercrime 109

Cybercrime Advertising Phishing Hacking 109

Security Affairs

DECEMBER 23, 2024

NSO Group continued using WhatsApp exploits, including spyware called Erised, even after being sued for violating anti-hacking laws. 2 NSO continued to use and make Erised available to customers even after this litigation had been filed, until changes to WhatsApp blocked its access sometime after May 2020. continues the court filing.

Spyware 108

Spyware Surveillance Software Hacking 108

Krebs on Security

JUNE 30, 2020

The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. An ad for a site selling stolen payment card data, circa March 2020. But fraud experts say recent developments suggest both trends are about to change — and likely for the worse.

Retail 347

Retail Banking Hacking Cybercrime 347

CyberSecurity Insiders

FEBRUARY 23, 2022

A new malware developed by Sandworm hacking group has targeted appliances that are fire walled and reports are in that the military intelligence of the Russian Federation developed the malicious software. Now some statistic facts about malware. In the first half of 2020 alone, SonicWall registered over 3.2

Firewall 132

Firewall Malware IoT Software 132

The Last Watchdog

APRIL 21, 2021

From January through March 2021, TLS concealed 45 percent of the malware Sophos analysts observed circulating on the Internet; that’s double the rate – 23 percent – seen in early 2020, Dan Schiappa, Sophos’ chief product officer, told me in a briefing. And then they may use off-the-shelf malware to carry out their attack.

Malware 214

Malware Firewall Encryption Digital transformation 214

Krebs on Security

APRIL 7, 2022

The DOJ said it did not seek to disinfect compromised devices; instead, it obtained court orders to remove the Cyclops Blink malware from its “command and control” servers — the hidden machines that allowed the attackers to orchestrate the activities of the botnet. billion euros in 2020 alone. energy facilities.

Marketing 304

Marketing Energy and Utilities Malware Ransomware 304

Krebs on Security

APRIL 18, 2022

” On April 13, Microsoft said it executed a legal sneak attack against Zloader , a remote access trojan and malware platform that multiple ransomware groups have used to deploy their malware inside victim networks. alone by October 2020.

Healthcare 340

Healthcare Ransomware Cybersecurity Malware 340

Security Affairs

FEBRUARY 2, 2024

The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. ” reads the alert published by CERT-UA.

Malware 135

Malware Internet Internet DDOS 135

Security Affairs

MARCH 28, 2025

The Trojan has been active since 2016, it initially targeted Brazil but expanded to Mexico, Portugal, and Spain since 2020. The malware uses a custom URI Client and unusual port numbers to communicate with the server. “The attack involves malicious ZIP files containing obfuscated VBS scripts that drop a Delphi-based EXE.

Banking 76

Banking Phishing Malware Passwords 76

Security Affairs

DECEMBER 4, 2021

Cuba ransomware has been active since at least January 2020. Cuba ransomware has been actively distributed through the Hancitor malware , a commodity malware that partnered with ransomware gangs to help them gain initial access to target networks. SecurityAffairs – hacking, ransomware). ” states the alert.

Ransomware 145

Ransomware Hacking Malware Encryption 145

CyberSecurity Insiders

MAY 12, 2022

According to research carried out by SecureWorks, an Iranian Hacking group dubbed “Cobalt Mirage” was discovered to be distributing ransomware. In most cases, the hackers from Iran are seen breaching networks by exploiting Log4j vulnerabilities and ProxyShell, along with Fortinet Security flaws- discovered in the early months of 2020.

Hacking 127

Hacking Ransomware Encryption Government 127

Security Affairs

JULY 16, 2021

The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. In April 2021, more than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store. explained. “If

Malware 145

Malware Mobile Spyware Encryption 145

Security Affairs

FEBRUARY 12, 2025

At the end of October 2020, the US-CERT published a report on Kimuskys recent activities that provided information on their TTPs and infrastructure. Recently, researchers from AhnLab Security Intelligence Center (ASEC) observed North Koreas Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware.

Phishing 88

Phishing Malware Security Intelligence Hacking 88

Security Affairs

OCTOBER 9, 2023

pic.twitter.com/YJavUu53v3 — vx-underground (@vxunderground) October 7, 2023 BleepingComputer was able to verify with the help of the popular malware researcher Michael Gillespie that that source code is legitimate and is related to the first version of the ransomware that was employed in 2020.

Cybercrime 140

Cybercrime Ransomware DDOS Encryption 140

Security Affairs

NOVEMBER 2, 2024

The threat actors exploited vulnerabilities in networking devices used by businesses to gain a foothold by installing custom malware. Sophos researchers speculate the attack was part of an intelligence-gathering campaign aimed at developing malware for network devices.

Firmware 120

Firmware Government Firewall Malware 120

Security Affairs

DECEMBER 29, 2021

China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. “It means that they are actively developing new malwares.

Malware 144

Malware Phishing Passwords Media 144