Krebs on Security

APRIL 14, 2020

Nineteen of the weaknesses fixed on this Patch Tuesday were assigned Microsoft’s most-dire “critical” rating, meaning malware or miscreants could exploit them to gain complete, remote control over vulnerable computers without any help from users. Further reading: Qualys breakdown on April 2020 Patch Tuesday.

Backups 306

Backups Software Internet Internet 306

Krebs on Security

SEPTEMBER 8, 2020

None of the flaws are known to be currently under active exploitation, but 23 of them could be exploited by malware or malcontents to seize complete control of Windows computers with little or no help from users. “We have seen the previously patched Exchange bug CVE-2020-0688 used in the wild, and that requires authentication. .

Software 304

Software Backups Authentication Internet 304

Krebs on Security

MARCH 10, 2020

Twenty-six of those earned Microsoft’s most-dire “critical” rating, meaning malware or miscreants could exploit them to gain complete, remote control over vulnerable computers without any help from users. CVE-2020-0852 is one just four remote execution flaws Microsoft patched this month in versions of Word.

Backups 304

Backups Hacking Software Malware 304

Krebs on Security

DECEMBER 8, 2020

Microsoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load.

DNS 332

DNS Backups Malware Software 332

Troy Hunt

JUNE 9, 2021

I've had a couple of cases to date where email addresses compromised by malware then discovered in the course of investigations have been provided to Have I Been Pwned (HIBP). NordLocker has written about the nameless malware that stole 1.2 For guidance on how protecting against malware, read NordLocker's report on the incident.

Malware 363

Malware 363

Krebs on Security

JANUARY 14, 2020

As first reported Monday by KrebsOnSecurity, Microsoft addressed a severe bug ( CVE-2020-0601 ) in Windows 10 and Windows Server 2016/19 reported by the NSA that allows an attacker to spoof the digital signature tied to a specific piece of software.

Software 276

Software Backups Malware Banking 276

Krebs on Security

JANUARY 13, 2020

14, the first Patch Tuesday of 2020. Such a weakness could be exploited by attackers to make malware appear to be a benign program that was produced and signed by a legitimate software company. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. Equally concerning, a flaw in crypt32.dll

Internet 275

Internet Internet Software Media 275

Tech Republic Security

OCTOBER 11, 2022

Attacks using ATM or PoS malware are on the rise again in 2022 after the COVID-19 lockdowns. The post The 2020-2022 ATM/PoS malware landscape appeared first on TechRepublic.

Malware 148

Malware 148

Schneier on Security

JUNE 30, 2022

Wired is reporting on a new remote-access Trojan that is able to infect at least eighty different targets: So far, researchers from Lumen Technologies’ Black Lotus Labs say they’ve identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and DrayTek.

Malware 244

Malware DNS Architecture Hacking 244

Schneier on Security

MAY 18, 2020

A new malware, called Ramsey, can jump air gaps : ESET said they've been able to track down three different versions of the Ramsay malware, one compiled in September 2019 (Ramsay v1), and two others in early and late March 2020 (Ramsay v2.a Seems likely.

Malware 220

Malware Government 220

Tech Republic Security

APRIL 18, 2024

Nearly 10 million devices were infected with data-stealing malware in 2023, with criminals stealing an average of 50.9 credentials per device.

Malware 215

Malware Big data Data breaches Ransomware 215

Penetration Testing

NOVEMBER 27, 2024

This advanced malware exhibits a plethora of customization... The post Elpaco Ransomware: A New Threat Actor Leverages CVE-2020-1472 for Global Attacks appeared first on Cybersecurity News.

Ransomware 73

Ransomware Malware Cybersecurity 73

Krebs on Security

AUGUST 16, 2020

A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem. In fact, CVE-2020-1464 was first spotted in attacks used in the wild back in August 2018.

Antivirus 363

Antivirus Malware Software 363

SecureList

APRIL 23, 2025

We found that the malware was running in the memory of a legitimate SyncHost. Although the exact method by which Cross EX was exploited to deliver malware remains unclear, we believe that the attackers escalated their privileges during the exploitation process as we confirmed the process was executed with high integrity level in most cases.

Malware 144

Malware Software Encryption Internet 144

Krebs on Security

JULY 14, 2020

Top of the heap this month in terms of outright scariness is CVE-2020-1350 , which concerns a remotely exploitable bug in more or less all versions of Windows Server that attackers could use to install malicious software simply by sending a specially crafted DNS request.

DNS 328

DNS Backups Software System Administration 328

Security Affairs

MARCH 26, 2025

New ReaderUpdate malware variants, now written in Crystal, Nim, Rust, and Go, targets macOS users, SentinelOne warns. SentinelOne researchers warn that multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages, are targeting macOS users. The malware maintains persistence via a.plist file.

Malware 71

Malware Adware Antivirus Marketing 71

Schneier on Security

NOVEMBER 20, 2020

The group is using living-off-the-land tools as well as custom malware in this attack campaign, including a custom malware — Backdoor.Hartip — that Symantec has not seen being used by the group before. Cicada has historically been known to target Japan-linked organizations, and has also targeted MSPs in the past.

Malware 349

Malware 349

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware 299

Malware Cybercrime Software Accountability 299

Tech Republic Security

DECEMBER 23, 2020

Jack Wallen takes one more opportunity to remind Android device owners to use those phones with a great deal of caution; otherwise, they could become victims of malware.

Malware 215

Malware 215

Security Affairs

DECEMBER 27, 2024

charges for allegedly threatening to release data stolen from a company in a March 2020 security breach. government has charged the Brazilian citizen Junior Barros De Oliveira, 29, with allegedly threatening to release data stolen from a company during a March 2020 security breach. A Brazilian citizen faces U.S. Sellinger announced.”

Hacking 67

Hacking Government Data breaches Information Security 67

Krebs on Security

AUGUST 14, 2020

It’s unclear when the intruders first breached R1’s networks, but the ransomware was unleashed more than a week ago, right around the time the company was set to release its 2nd quarter financial results for 2020. Sources close to the investigation tell KrebsOnSecurity the malware is known as Defray.

Ransomware 363

Ransomware Healthcare Insurance Phishing 363

Krebs on Security

FEBRUARY 26, 2023

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking 322

Hacking Social Engineering Phishing Scams 322

Schneier on Security

FEBRUARY 16, 2021

Interesting story about a barcode scanner app that has been pushing malware on to Android phones. But a December 2020 update included some new features: However, a rash of malicious activity was recently traced back to the app. It is baffling to me that an app developer with a popular app would turn it into malware.

Advertising 314

Advertising Malware 314

Adam Levin

FEBRUARY 8, 2021

An Android app with over 10 million installations spread malware to its users in a recent update. A December 2020 update infected users with a Trojan-style malware that bombards users with unwanted advertising. Barcode Scanner is an app available in the Google Play store for Android devices.

Mobile 303

Mobile Advertising Malware Risk 303

Security Affairs

FEBRUARY 17, 2024

CISA warns that the Akira Ransomware gang is exploiting the Cisco ASA/FTD vulnerability CVE-2020-3259 (CVSS score: 7.5) Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco ASA and FTD bug, tracked as CVE-2020-3259 (CVSS score: 7.5), to its Known Exploited Vulnerabilities catalog. in attacks in the wild.

Ransomware 141

Ransomware VPN Education Hacking 141

Krebs on Security

JANUARY 12, 2021

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company’s software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. Image: SolarWinds.

Software 354

Software Malware Government 354

Krebs on Security

NOVEMBER 19, 2024

“The threat actor did not deploy malware or tamper with any customer files within the environment,” the notice reads. In March 2020, Finastra suffered a ransomware attack that sidelined a number of the company’s core businesses for days.

Data breaches 290

Data breaches Banking Cybercrime Advertising 290

Krebs on Security

FEBRUARY 17, 2021

million in a 2018 ATM cash out scheme targeting a Pakistani bank; and a total of $112 million in virtual currencies stolen between 2017 and 2020 from cryptocurrency companies in Slovenia, Indonesia and New York. In reality, prosecutors say, the programs were malware or downloaded malware after the applications were installed.

Cryptocurrency 326

Cryptocurrency Financial Services Banking Government 326

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.

Accountability 347

Accountability Advertising Passwords Phishing 347

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware 325

Malware Software Technology Accountability 325

The Last Watchdog

APRIL 21, 2021

From January through March 2021, TLS concealed 45 percent of the malware Sophos analysts observed circulating on the Internet; that’s double the rate – 23 percent – seen in early 2020, Dan Schiappa, Sophos’ chief product officer, told me in a briefing. And then they may use off-the-shelf malware to carry out their attack.

Malware 214

Malware Firewall Encryption Digital transformation 214

Security Affairs

FEBRUARY 2, 2024

The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. ” reads the alert published by CERT-UA.

Malware 135

Malware Internet Internet DDOS 135

Krebs on Security

DECEMBER 16, 2020

13, cyber incident response firm FireEye published a detailed writeup on the malware infrastructure used in the SolarWinds compromise, presenting evidence that the Orion software was first compromised back in March 2020. ” The statement continues: “Depending on the IP address returned when the malware resolves avsvmcloud[.]com,

Hacking 361

Hacking Malware Software Cybercrime 361

Security Affairs

DECEMBER 17, 2024

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. The Federal Bureau of Investigation (FBI) released a Private Industry Notification (PIN) to warn of HiatusRAT malware campaigns targeting Chinese-branded web cameras and DVRs. ” reads the PIN report.

Architecture 107

Architecture Internet Internet Malware 107

Krebs on Security

MARCH 20, 2020

This week, security researchers said they spotted that same vulnerability being exploited by a new variant of Mirai , a malware strain that targets vulnerable Internet of Things (IoT) devices for use in large-scale attacks and as proxies for other cybercrime activity. A joint advisory on CVE-2020-9054 from the U.S.

IoT 281

IoT DDOS VPN Firewall 281

Krebs on Security

APRIL 18, 2022

” On April 13, Microsoft said it executed a legal sneak attack against Zloader , a remote access trojan and malware platform that multiple ransomware groups have used to deploy their malware inside victim networks. alone by October 2020.

Healthcare 337

Healthcare Ransomware Cybersecurity Malware 337

Malwarebytes

OCTOBER 18, 2024

The vulnerability, tracked as CVE-2024-44133 was fixed in the September 16 update for Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later).

Adware 144

Adware Spyware Mobile Technology 144