Krebs on Security

FEBRUARY 11, 2020

A dozen of the vulnerabilities Microsoft patched today are rated “critical,” meaning malware or miscreants could exploit them remotely to gain complete control over an affected system with little to no help from the user. That vulnerability, assigned as CVE-2020-0674 , has been patched with this month’s release.

Backups 64

Backups Malware Internet Internet 64

Krebs on Security

APRIL 14, 2020

Nineteen of the weaknesses fixed on this Patch Tuesday were assigned Microsoft’s most-dire “critical” rating, meaning malware or miscreants could exploit them to gain complete, remote control over vulnerable computers without any help from users. Further reading: Qualys breakdown on April 2020 Patch Tuesday.

Backups 308

Backups Software Internet Internet 308

Krebs on Security

SEPTEMBER 8, 2020

None of the flaws are known to be currently under active exploitation, but 23 of them could be exploited by malware or malcontents to seize complete control of Windows computers with little or no help from users. “We have seen the previously patched Exchange bug CVE-2020-0688 used in the wild, and that requires authentication. .

Software 308

Software Backups Authentication Internet 308

Krebs on Security

MARCH 10, 2020

Twenty-six of those earned Microsoft’s most-dire “critical” rating, meaning malware or miscreants could exploit them to gain complete, remote control over vulnerable computers without any help from users. CVE-2020-0852 is one just four remote execution flaws Microsoft patched this month in versions of Word.

Backups 304

Backups Hacking Software Malware 304

Krebs on Security

DECEMBER 8, 2020

Microsoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load.

DNS 335

DNS Backups Malware Software 335

Krebs on Security

JANUARY 14, 2020

As first reported Monday by KrebsOnSecurity, Microsoft addressed a severe bug ( CVE-2020-0601 ) in Windows 10 and Windows Server 2016/19 reported by the NSA that allows an attacker to spoof the digital signature tied to a specific piece of software.

Software 279

Software Backups Malware Banking 279

Troy Hunt

JUNE 9, 2021

I've had a couple of cases to date where email addresses compromised by malware then discovered in the course of investigations have been provided to Have I Been Pwned (HIBP). NordLocker has written about the nameless malware that stole 1.2 For guidance on how protecting against malware, read NordLocker's report on the incident.

Malware 363

Malware 363

Krebs on Security

JANUARY 13, 2020

14, the first Patch Tuesday of 2020. Such a weakness could be exploited by attackers to make malware appear to be a benign program that was produced and signed by a legitimate software company. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. Equally concerning, a flaw in crypt32.dll

Internet 278

Internet Internet Software Media 278

Tech Republic Security

OCTOBER 11, 2022

Attacks using ATM or PoS malware are on the rise again in 2022 after the COVID-19 lockdowns. The post The 2020-2022 ATM/PoS malware landscape appeared first on TechRepublic.

Malware 145

Malware 145

Tech Republic Security

APRIL 18, 2024

Nearly 10 million devices were infected with data-stealing malware in 2023, with criminals stealing an average of 50.9 credentials per device.

Malware 212

Malware Big data Data breaches Ransomware 212

Schneier on Security

JUNE 30, 2022

Wired is reporting on a new remote-access Trojan that is able to infect at least eighty different targets: So far, researchers from Lumen Technologies’ Black Lotus Labs say they’ve identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and DrayTek.

Malware 245

Malware DNS Architecture Hacking 245

Schneier on Security

MAY 18, 2020

A new malware, called Ramsey, can jump air gaps : ESET said they've been able to track down three different versions of the Ramsay malware, one compiled in September 2019 (Ramsay v1), and two others in early and late March 2020 (Ramsay v2.a Seems likely.

Malware 221

Malware Government 221

Security Affairs

MARCH 26, 2025

New ReaderUpdate malware variants, now written in Crystal, Nim, Rust, and Go, targets macOS users, SentinelOne warns. SentinelOne researchers warn that multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages, are targeting macOS users. The malware maintains persistence via a.plist file.

Malware 70

Malware Adware Antivirus Marketing 70

SecureList

OCTOBER 6, 2022

During the pandemic, lockdowns forced people to stay at home and do their shopping online, which was mirrored in point-of-sale (PoS) and ATM malware activity, as certain regions saw malicious transactions drop significantly. Perpetrators continue to spread already-existing, widely used malware to attack PoS terminals and ATMs.

Malware 143

Malware Banking Software Cybercrime 143

Penetration Testing

NOVEMBER 27, 2024

This advanced malware exhibits a plethora of customization... The post Elpaco Ransomware: A New Threat Actor Leverages CVE-2020-1472 for Global Attacks appeared first on Cybersecurity News.

Ransomware 68

Ransomware Malware Cybersecurity 68

Krebs on Security

AUGUST 16, 2020

A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem. In fact, CVE-2020-1464 was first spotted in attacks used in the wild back in August 2018.

Antivirus 363

Antivirus Malware Software 363

Krebs on Security

JULY 14, 2020

Top of the heap this month in terms of outright scariness is CVE-2020-1350 , which concerns a remotely exploitable bug in more or less all versions of Windows Server that attackers could use to install malicious software simply by sending a specially crafted DNS request.

DNS 328

DNS Backups Software System Administration 328

Schneier on Security

NOVEMBER 20, 2020

The group is using living-off-the-land tools as well as custom malware in this attack campaign, including a custom malware — Backdoor.Hartip — that Symantec has not seen being used by the group before. Cicada has historically been known to target Japan-linked organizations, and has also targeted MSPs in the past.

Malware 344

Malware 344

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware 303

Malware Cybercrime Software Accountability 303

Tech Republic Security

DECEMBER 23, 2020

Jack Wallen takes one more opportunity to remind Android device owners to use those phones with a great deal of caution; otherwise, they could become victims of malware.

Malware 214

Malware 214

Security Affairs

DECEMBER 27, 2024

charges for allegedly threatening to release data stolen from a company in a March 2020 security breach. government has charged the Brazilian citizen Junior Barros De Oliveira, 29, with allegedly threatening to release data stolen from a company during a March 2020 security breach. A Brazilian citizen faces U.S. Sellinger announced.”

Hacking 67

Hacking Government Data breaches Information Security 67

Krebs on Security

AUGUST 14, 2020

It’s unclear when the intruders first breached R1’s networks, but the ransomware was unleashed more than a week ago, right around the time the company was set to release its 2nd quarter financial results for 2020. Sources close to the investigation tell KrebsOnSecurity the malware is known as Defray.

Ransomware 363

Ransomware Healthcare Insurance Phishing 363

Krebs on Security

FEBRUARY 26, 2023

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking 326

Hacking Social Engineering Phishing Scams 326

Schneier on Security

FEBRUARY 16, 2021

Interesting story about a barcode scanner app that has been pushing malware on to Android phones. But a December 2020 update included some new features: However, a rash of malicious activity was recently traced back to the app. It is baffling to me that an app developer with a popular app would turn it into malware.

Advertising 309

Advertising Malware 309

Adam Levin

FEBRUARY 8, 2021

An Android app with over 10 million installations spread malware to its users in a recent update. A December 2020 update infected users with a Trojan-style malware that bombards users with unwanted advertising. Barcode Scanner is an app available in the Google Play store for Android devices.

Mobile 303

Mobile Advertising Malware Risk 303

Krebs on Security

NOVEMBER 19, 2024

“The threat actor did not deploy malware or tamper with any customer files within the environment,” the notice reads. In March 2020, Finastra suffered a ransomware attack that sidelined a number of the company’s core businesses for days.

Data breaches 293

Data breaches Banking Cybercrime Advertising 293

Security Affairs

FEBRUARY 17, 2024

CISA warns that the Akira Ransomware gang is exploiting the Cisco ASA/FTD vulnerability CVE-2020-3259 (CVSS score: 7.5) Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco ASA and FTD bug, tracked as CVE-2020-3259 (CVSS score: 7.5), to its Known Exploited Vulnerabilities catalog. in attacks in the wild.

Ransomware 141

Ransomware VPN Education Hacking 141

Krebs on Security

JANUARY 12, 2021

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company’s software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. Image: SolarWinds.

Malware 353

Malware Software Government 353

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.

Accountability 351

Accountability Advertising Passwords Phishing 351

The Hacker News

APRIL 22, 2024

The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg.

Malware 140

Malware 140

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware 330

Malware Software Technology Accountability 330

The Last Watchdog

APRIL 21, 2021

From January through March 2021, TLS concealed 45 percent of the malware Sophos analysts observed circulating on the Internet; that’s double the rate – 23 percent – seen in early 2020, Dan Schiappa, Sophos’ chief product officer, told me in a briefing. And then they may use off-the-shelf malware to carry out their attack.

Malware 214

Malware Firewall Encryption Digital transformation 214

Security Affairs

FEBRUARY 2, 2024

The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. ” reads the alert published by CERT-UA.

Malware 135

Malware Internet Internet DDOS 135

Krebs on Security

APRIL 18, 2022

” On April 13, Microsoft said it executed a legal sneak attack against Zloader , a remote access trojan and malware platform that multiple ransomware groups have used to deploy their malware inside victim networks. alone by October 2020.

Healthcare 339

Healthcare Ransomware Cybersecurity Malware 339

Krebs on Security

MARCH 20, 2020

This week, security researchers said they spotted that same vulnerability being exploited by a new variant of Mirai , a malware strain that targets vulnerable Internet of Things (IoT) devices for use in large-scale attacks and as proxies for other cybercrime activity. A joint advisory on CVE-2020-9054 from the U.S.

IoT 282

IoT DDOS VPN Firewall 282

Krebs on Security

DECEMBER 16, 2020

13, cyber incident response firm FireEye published a detailed writeup on the malware infrastructure used in the SolarWinds compromise, presenting evidence that the Orion software was first compromised back in March 2020. ” The statement continues: “Depending on the IP address returned when the malware resolves avsvmcloud[.]com,

Hacking 362

Hacking Malware Software Cybercrime 362

Malwarebytes

OCTOBER 18, 2024

The vulnerability, tracked as CVE-2024-44133 was fixed in the September 16 update for Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later).

Adware 144

Adware Spyware Mobile Technology 144