Security Affairs

MARCH 20, 2021

A hacking group has employed at least 11 zero-day flaws as part of an operation that took place in 2020 and targeted Android, iOS, and Windows users. Google researchers observed two separate waves of attacks that took place in February and October 2020, respectively. ” wrote the popular Project Zero researcher Maddie Stone.

Hacking 145

Hacking Software Information Security Malware 145

Security Affairs

JUNE 15, 2021

Researchers from AT&T Alien Lab have spotted a new variant of the Mirai botnet, tracked asu Moobot, which was scanning the Internet for the CVE-2020-10987 remote code-execution (RCE) issue in Tenda routers. All the variants had in common the same malware hosting page, dns.cyberium[.]cc,

Malware 143

Malware Internet Internet DDOS 143

Security Affairs

JULY 16, 2021

The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. Since 2019 experts found many Joker apps on Google Play store, in September 2019 security experts at Google removed from the store 24 apps. ” states a post published by the experts. explained. “If

Malware 145

Malware Mobile Spyware Encryption 145

Krebs on Security

MARCH 1, 2022

Shouting “Glory for Ukraine,” the Contileaks account has since published additional Conti employee conversations from June 22, 2020 to Nov. 22, 2020, the U.S. Conti is one of several cybercrime groups that has regularly used Trickbot to deploy malware. On Sunday, Feb. It’s just some kind of sabotage.”

Ransomware 305

Ransomware Healthcare Cybercrime Government 305

Security Affairs

APRIL 26, 2021

Apple addresses a zero-day in macOS exploited by Shlayer malware to bypass Apple’s security features and deliver second-stage malicious payloads. The developers behind the Shlayer malware have successfully managed to get their malicious payloads approved by Apple through its automated notarizing process in order to run on macOS.

Malware 145

Malware Software Engineering Hacking 145

Security Affairs

DECEMBER 27, 2023

Researchers discovered a new Android malware dubbed Xamalicious that can take full control of the device and perform fraudulent actions. The malware has been implemented with Xamarin, an open-source framework that allows building Android and iOS apps with.NET and C#. Google promptly removed the malware-laced apps from Google Play.

Malware 137

Malware Encryption Social Engineering Marketing 137

Security Affairs

OCTOBER 9, 2023

pic.twitter.com/YJavUu53v3 — vx-underground (@vxunderground) October 7, 2023 BleepingComputer was able to verify with the help of the popular malware researcher Michael Gillespie that that source code is legitimate and is related to the first version of the ransomware that was employed in 2020.

Cybercrime 143

Cybercrime Ransomware DDOS Encryption 143

Security Affairs

DECEMBER 13, 2021

The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and business services. Proofpoint researchers uncovered a campaign exclusively targeting French entities and organizations with operations in France with the banking malware TinyNuke. Pierluigi Paganini.

Banking 132

Banking Malware Manufacturing Business Services 132

Security Affairs

DECEMBER 29, 2021

China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. ” reads the analysis published by NTT Security.

Malware 145

Malware Phishing Passwords Media 145

Security Affairs

SEPTEMBER 29, 2021

Security researchers uncovered a massive malware operation, dubbed GriftHorse, that has already infected more than 10 million Android devices worldwide. Security researchers from Zimperium have uncovered a piece of malware, dubbed GriftHorse, that has infected more than 10 million Android smartphones across more than 70 countries.

Malware 141

Malware Scams Mobile Phishing 141

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their credentials have been stolen. The malicious code can also act as a first-stage malware.

Accountability 145

Accountability Malware Data breaches Passwords 145

Security Affairs

JUNE 3, 2022

An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. The activity of the group was first documented by TeamT5 researchers that also reported the use of three malware families: SpyDealer, Demsty and WinDealer. To nominate, please visit:?.

Malware 145

Malware Telecommunications Hacking Internet 145

Security Affairs

JANUARY 26, 2024

The Russian national malware developer Vladimir Dunaev was sentenced to more than 5 years in prison for his role in the TrickBot operation. The Russian national Vladimir Dunaev (40) has been sentenced in the US to 64 months in prison for his role in the development and distribution of the TrickBot malware. in October 2021.

Malware 140

Malware Identity Theft Banking Ransomware 140

Krebs on Security

OCTOBER 8, 2020

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” ” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in.

Cybercrime 338

Cybercrime VPN Malware Ransomware 338

Security Affairs

SEPTEMBER 14, 2023

Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than three years. Researchers from Kaspersky discovered a free download manager site that has been compromised to serve Linux malware. org domain and they were not containing any malware. org subdomain. .”

Malware 139

Malware Software Cryptocurrency Passwords 139

Security Affairs

DECEMBER 30, 2021

The attacks were spotted by Iranian cybersecurity firm Amnpardaz, this is the first time ever that malware targets iLO firmware. The persistence achieved by tampering this module allows the malware to survive to the re-installation of the operating system. ” reads the report published by the expers. ” continues the report.

Firmware 145

Firmware Malware System Administration Technology 145

Security Affairs

DECEMBER 3, 2023

Threat actors are using the Agent Raccoon malware in attacks against organizations in the Middle East, Africa and the U.S. The malware was used in attacks against multiple industries, including education, real estate, retail, non-profit organizations, telecom companies, and governments.

Malware 145

Malware DNS Retail Education 145

Security Affairs

APRIL 19, 2021

XCSSET, a Mac malware targeting Xcode developers, was now re-engineered and employed in a campaign aimed at Apple’s new M1 chips. Experts from Trend Micro have uncovered a Mac malware campaign targeting Xcode developers that employed a re-engineered version of the XCSSET malware to support Apple’s new M1 chips.

Malware 142

Malware Cryptocurrency Architecture Engineering 142

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. RCE CVE-2020-5902 F5 BigIP RCE No CVE (vulnerability published on 2019) ThinkPHP 5.X RCE CVE-2020-5902 F5 BigIP RCE No CVE (vulnerability published on 2019) ThinkPHP 5.X RCE CVE-2020-5902 F5 BigIP RCE No CVE (vulnerability published on 2019) ThinkPHP 5.X

Malware 145

Malware DDOS IoT Cybercrime 145

Security Affairs

MARCH 19, 2021

The Russian national who attempted to convince a Tesla employee to plant malware on Tesla systems has pleaded guilty. Justice Department announced on Thursday that the Russian national Egor Igorevich Kriuchkov (27), who attempted to convince a Tesla employee to install malware on the company’s computers, has pleaded guilty.

Malware 145

Malware Surveillance Hacking Technology 145

Security Affairs

AUGUST 26, 2021

Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. ” reads CISA’s advisory.

Malware 143

Malware VPN Authentication Hacking 143

Security Affairs

DECEMBER 10, 2021

Malware researchers from Recorded Future and MalwareHunterTeam discovered ALPHV (aka BlackCat), the first professional ransomware strain that was written in the Rust programming language. Unlike other malware, ALPHV (BlackCat) is the first Rust ransomware that was used in attacks in the wild by a cybercrime organization.

Ransomware 129

Ransomware Malware Cybercrime Encryption 129

Security Affairs

JANUARY 8, 2022

Researchers warn of new campaigns distributing a new improved version of the FluBot malware posing as Flash Player. Researchers from F5 security are warning of a new enhanced version of the FluBot Android malware that that spread posed as Flash Player. cy do klikni?cia cia w link z rzekomo ciekawym filmem? In version 4.9,

Malware 133

Malware DNS Banking Hacking 133

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In some cases, this allows the intruders to profit even if their malware somehow fails to do its job. ”

Hacking 361

Hacking Ransomware Banking Accountability 361

Security Affairs

JANUARY 12, 2022

CVE-2020-5902 F5 Big-IP CVE-2020-14882 Oracle WebLogic CVE-2021-26855 Microsoft Exchange (Note: this vulnerability is frequently observed used in conjunction with CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065). Some of the hacking campaigns that were publicly attributed to Russian state-sponsored APT actors by U.S.

Malware 144

Malware Cyber threats Government Hacking 144

Security Affairs

AUGUST 2, 2022

Gootkit access-as-a-service (AaaS) malware is back with tactics and fileless delivery of Cobalt Strike beacons. In the past, Gootkit distributed malware masquerading as freeware installers, now it uses legal documents to trick users into downloading these files. . ” reads the analysis published by Trend Micro. Pierluigi Paganini.

Malware 116

Malware Encryption Engineering Hacking 116

Security Affairs

NOVEMBER 11, 2021

Below is the list of exploits used by the bot: Vulnerability Affected devices CVE-2020-8515 DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices CVE-2015-2051 D-Link DIR-645 Wired/Wireless Router Rev. CVE-2020-10173 Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m

IoT 143

IoT Firmware Malware Wireless 143

Security Affairs

JUNE 22, 2021

DirtyMoe is a Windows botnet that is rapidly growing, it passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. “Both PurpleFox and DirtyMoe are still active malware and gaining strength.”

DNS 145

DNS Internet Internet Malware 145

Security Affairs

SEPTEMBER 21, 2023

The recently discovered Free Download Manager (FDM) supply chain attack, which distributed Linux malware, started back in 2020. The maintainers of Free Download Manager (FDM) confirmed that the recently discovered supply chain attack dates back to 2020. org subdomain. reported Kasperksy. It’s estimated that much less than 0.1%

Malware 133

Malware Backups Software Passwords 133

Security Affairs

MAY 1, 2021

.” QNAP NAS devices continue to be under attack, earlier March, researchers at 360Netlab warned of a cryptocurrency malware campaign targeting unpatched QNAP network-attached storage (NAS) devices. The malware was designed to abuse NAS resources and mine cryptocurrency.

Ransomware 145

Ransomware Cryptocurrency Malware Internet 145

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Malware 145

Malware Phishing Antivirus Hacking 145

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. In early 2020, several cybercriminals groups followed suit.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

FEBRUARY 21, 2024

Upon opening the reports, the infection process starts leading to the deployment of malware on the victim’s system. In the recent campaign, threat actors used a customized PlugX malware that includes a completed backdoor command module, the researchers named it DOPLUGS. ” reads the report published by Trend Micro.

Malware 144

Malware Phishing Government Passwords 144

Security Affairs

MAY 1, 2023

Iranian authorities have been spotted using the BouldSpy Android malware to spy on minorities and traffickers. The researchers are tracking the spyware since March 2020, starting in 2023, multiple security experts [ 1 , 2 ] started monitoring its activity.

Surveillance 98

Surveillance Malware Spyware Accountability 98

Daniel Miessler

MAY 19, 2021

Internal actors moved significantly towards External in 2020. Top actions in breaches were: phishing (social), use of stolen credentials (hacking), other, ransomware (malware), pretexting (social), misconfiguration (error), misdelivery (error), brute force (hacking), C2 (malware), and backdoor (malware).

Data breaches 192

Data breaches Social Engineering Ransomware Phishing 192

Security Affairs

JULY 6, 2024

Researchers warn that the malware GootLoader is still active and threat actors are still using it in their campaigns. Threat actors continue to use GootLoader malware in their campaigns, Cybereason researchers warn. The malware has evolved, resulting in several versions, with GootLoader 3 currently in use. “GootLoader 1.0

Malware 137

Malware Engineering Hacking Ransomware 137

Security Affairs

JUNE 20, 2024

The threat actors used tools associated with Chinese espionage groups, they planted multiple backdoors on the networks of targeted companies to steal credentials. “The attacks have been underway since at least 2021, with evidence to suggest that some of this activity may even date as far back as 2020. ” concludes the report.”

DNS 141

DNS Malware Media Encryption 141