Schneier on Security

APRIL 2, 2024

Anyone in possession of a predetermined encryption key could stash any code of their choice in an SSH login certificate, upload it, and execute it on the backdoored device. In theory, the code could allow for just about anything, including stealing encryption keys or installing malware. It was an incredibly complex backdoor.

Social Engineering 353

Social Engineering Engineering Software Encryption 353

Krebs on Security

JUNE 7, 2021

In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. The FSB headquarters at Lubyanka Square, Moscow.

Antivirus 327

Antivirus VPN Encryption Malware 327

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. According to a report published by blockchain analytics company Chainalysis, the Hive ransomware is one of the top 10 ransomware strains by revenue in 2021. key files.

Encryption 138

Encryption Ransomware Cybercrime Malware 138

Security Affairs

JULY 29, 2021

ransomware is now able to encrypt Windows domains by using Active Directory group policies. Researchers from MalwareHunterTeam and BleepingComputer, along with the malware expert Vitali Kremez reported spotted a new version of the LockBit 2.0 ransomware that encrypts Windows domains by using Active Directory group policies.

Encryption 145

Encryption Ransomware Malware Hacking 145

Hacker Combat

MAY 10, 2022

A researcher has demonstrated how a vulnerability common to several ransomware families can help take control of the malware and stop it from encrypting files on infected devices. Malvuln is a project developed by the researcher that catalogs vulnerabilities uncovered in various malware.

Encryption 132

Encryption Ransomware Malware Cyber Attacks 132

eSecurity Planet

SEPTEMBER 22, 2022

To accelerate the ransomware encryption process and make it harder to detect, cybercriminal groups have begun using a new technique: intermittent encryption. Intermittent encryption allows the ransomware encryption malware to encrypt files partially or only encrypt parts of the files.

Encryption 135

Encryption Ransomware Backups Advertising 135

Security Affairs

AUGUST 31, 2021

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. Sophos researchers discovered that the group is now leveraging a new technique called “intermittent encryption” to speed up the encryption process.

Encryption 143

Encryption Ransomware Financial Services Engineering 143

Security Affairs

JANUARY 12, 2022

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. The malicious code can also act as a first-stage malware. Upon executing the Omicron Stats.exe, it unpacks resources encrypted with triple DES using ciphermode ECB and padding mode PKCS7.

Malware 145

Malware Manufacturing Cryptocurrency Cybercrime 145

Security Affairs

JUNE 20, 2024

A China-linked cyber espionage group has compromised telecom operators in an Asian country since at least 2021. The Symantec Threat Hunter Team reported that an alleged China-linked APT group has infiltrated several telecom operators in a single, unnamed, Asian country at least since 2021. In addition to utilizing custom backdoors.

DNS 136

DNS Malware Media Encryption 136

Security Affairs

JANUARY 3, 2022

Which are the cyber attacks of 2021 that had the major impact on organizations worldwide in terms of financial losses and disruption of the operations? Microsoft confirmed the attacks against the Exchange servers that aimed at stealing emails and install malware to gain persistence in the target networks.

Cyber Attacks 141

Cyber Attacks Ransomware Hacking Insurance 141

SecureList

JUNE 8, 2022

During 2020 and 2021, more than 500 router vulnerabilities were found. The nvd.nist.gov website presents different figures, but they too show a significant increase in the number of router vulnerabilities found in 2020 and 2021. Distribution of router vulnerabilities by priority, 2021 ( download ). Router-targeting malware.

DDOS 134

DDOS Passwords IoT Firmware 134

Security Affairs

OCTOBER 4, 2024

perfctl malware targets misconfigured Linux servers to deploy cryptocurrency miners and proxyjacking software in an ongoing campaign. Aqua Nautilus researchers shed light on a Linux malware, dubbed perfctl malware, that over the past 3-4 years targeted misconfigured Linux servers. ” reads the report.

Malware 135

Malware Cryptocurrency Encryption Software 135

SecureList

APRIL 7, 2025

Schematic of DLL proxying However, this is not enough to launch malware. ToddyCat created the TCESB DLL on its basis, modifying the original code to extend the malware’s functionality. sys driver, which contains the CVE-2021-36276 vulnerability. Kaspersky solutions detect it with the verdict HEUR:HackTool.Win64.EDRSandblast.a.

Software 107

Software Encryption Malware Firmware 107

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware 237

Malware VPN Internet Internet 237

SecureList

APRIL 18, 2022

Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files. Geography of the Yanluowang attacks, December 4th, 2021 – April 8th, 2022 ( download ). The encryption code for big files. Yanluowang description.

Encryption 145

Encryption Ransomware Backups VPN 145

SecureList

APRIL 18, 2022

Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files. Geography of the Yanluowang attacks, December 4th, 2021 – April 8th, 2022 ( download ). The encryption code for big files. Yanluowang description.

Encryption 145

Encryption Ransomware Backups VPN 145

CyberSecurity Insiders

JUNE 9, 2022

Cybersecurity researchers from Blackberry and Intezer labs have discovered a new Linux malware that is hard to detect. They have dubbed the malware Symbiote and are said to be mostly targeting backdoor infected systems. In this modus operandi, people buy file-encrypting malware to infect victims of their choice.

Malware 130

Malware Encryption Ransomware Cybersecurity 130

Security Affairs

JULY 16, 2021

The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. In April 2021, more than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store. dex file as before.

Malware 145

Malware Mobile Spyware Encryption 145

SecureList

MARCH 31, 2022

We recently discovered a Trojanized DeFi application that was compiled in November 2021. This malware is a full-featured backdoor containing sufficient capabilities to control the compromised victim. This malware is a full-featured backdoor containing sufficient capabilities to control the compromised victim. Infection timeline.

Malware 145

Malware Encryption Cryptocurrency Architecture 145

SecureList

NOVEMBER 6, 2024

It also uses stealer malware to extract the victim’s credit card data as well as details about the infected device. Technical Details Background In August 2024, we stumbled upon a massive infection caused by an unknown bundle consisting of miner and stealer malware. SteelFox.gen , Trojan.Win64.SteelFox.*. SteelFox.*.

Software 124

Software Cryptocurrency Malware DNS 124

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group.

Malware 127

Malware Encryption Telecommunications Authentication 127

SecureList

NOVEMBER 28, 2024

However, P8 contains many built-in functions and redesigns of the communication protocol and encryption algorithm, making it a well-designed and powerful espionage platform. The access management software facilitates access to the encrypted partition of the drive.

Malware 119

Malware Government Software Spyware 119

SecureList

NOVEMBER 29, 2024

Ransomware Quarterly trends and highlights Progress in law enforcement In August, Spain arrested a cybercriminal who founded Ransom Cartel in 2021 and set up a malvertizing campaign. This type of cyberextortion predated Trojans, which encrypt the victim’s files. Reveton was among the most notorious PC screen lockers.

Mobile 106

Mobile Adware Ransomware Malware 106

SecureWorld News

JANUARY 16, 2025

These plans should include: Regular backups of critical data Disaster recovery exercises to test response readiness Colonial Pipeline attack (2021) One of the most significant incidents highlighting vulnerabilities in the oil and gas sector was the Colonial Pipeline ransomware attack in May 2021.

Energy and Utilities 109

Energy and Utilities IoT Artificial Intelligence Backups 109

eSecurity Planet

APRIL 10, 2025

A cybercriminal group linked to a series of attacks across Asia has been exploiting a security vulnerability in ESETs security software to deploy a previously unknown malware strain called TCESB. The malware was linked to ToddyCat, a known advanced persistent threat (APT) group believed to be operating out of China. What has been done?

Malware 65

Malware Software Encryption Cybersecurity 65

Security Affairs

APRIL 13, 2025

RansomHouse is a data extortion group that has been active since Dec 2021. Unlike other extortion group, the gang doesnt encrypt data, but focuses on data theft to speed up its activity. Cell C has also shared fraud prevention resources, including guidance on registering with SAFPS for extra protection. Victims include AMD and Keralty.

Data breaches 128

Data breaches Unstructured Data Identity Theft Healthcare 128

Security Affairs

MARCH 10, 2025

@chicagotribune @ABC7Chicago pic.twitter.com/bwRCHqCS9o — Dominic Alvieri (@AlvieriD) March 10, 2025 RansomHouse is a data extortion group that has been active since Dec 2021. Unlike other extortion group, the gang doesnt encrypt data, but focuses on data theft to speed up its activity. Victims include AMD and Keralty.

Hacking 116

Hacking Healthcare Backups Ransomware 116

Security Affairs

APRIL 1, 2024

Vultur was first spotted in late March 2021, it gains full visibility on victims’ devices via VNC (Virtual Network Computing) implementation taken from AlphaVNC. In July 2021, ThreatFabric researchers discovered the Android version of Vultur, which uses screen recording and keylogging to capture login credentials.

Malware 136

Malware Banking Engineering Encryption 136

Security Affairs

NOVEMBER 19, 2024

Ptitsyn reportedly sold the ransomware on darknet forums under aliases like “derxan” and “zimmermanx,” enabling other criminals to encrypt data and demand ransom. Ptitsyn and his conspirators used a ransomware-as-a-service (RaaS) model to distribute their malware to a network of affiliates.

Cybercrime 115

Cybercrime Ransomware Healthcare Education 115

SecureList

MAY 4, 2022

Dropper modules also patch Windows native API functions, related to event tracing (ETW) and anti-malware scan interface (AMSI), to make the infection process stealthier. Keeps Cobalt Strike module encoded several times, and AES256 CBC encrypted blob. The earliest phase of attack we observed took place in September 2021.

Malware 145

Malware Encryption Architecture Technology 145

eSecurity Planet

AUGUST 13, 2021

The solution includes cloud sandboxing technology, preventing zero-day threats, and full disk encryption capability for enhanced data protection. ESET Protect Advanced complies with data regulation thanks to full disk encryption capabilities on Windows and macOS. Get started today! Learn more about ESET PROTECT Advanced. Visit website.

Cybersecurity 145

Cybersecurity Firewall Marketing Encryption 145

SecureList

NOVEMBER 29, 2024

The malware utilizes cloud resources for its C2 (command and control) servers, which it accesses via APIs using authentication tokens. While the modus operandi of the threat actor is reminiscent of the CloudWizard APT that we reported on in 2023, the malware code is completely different.

Energy and Utilities 107

Energy and Utilities Ransomware Malware Government 107

SecureList

JUNE 1, 2023

Forensic methodology It is important to note, that, although the malware includes portions of code dedicated specifically to clear the traces of compromise, it is possible to reliably identify if the device was compromised. WIFI OUT: 0.0 - WWAN IN: 76281896.0, WWAN OUT: 100956502.0 WIFI OUT: 0.0 - WWAN IN: 734459.0, WWAN OUT: 287912.0

Malware 145

Malware Backups Mobile DNS 145

CyberSecurity Insiders

SEPTEMBER 21, 2022

Coming to the third news related to malware, Vmware and Microsoft have jointly issued a warning against Chromeloader Malware that has evolved into a major threat in recent times. Hackers are seen using this malware to exploit browsers leading to advertising and affiliate frauds. Last is the news about the Russian-Ukraine war.

Malware 121

Malware Telecommunications Insurance Ransomware 121

Security Affairs

NOVEMBER 13, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. The malware is developed through Apache Maven, it was built on June 3, 2024, and attaches itself to the Apache Tomcat process on execution.

VPN 123

VPN Government Malware Manufacturing 123

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. SQL Injection Most high-risk vulnerabilities in 2021–2023 were associated with SQL Injection. More than a third (39%) used the microservice architecture.

Passwords 140

Passwords Authentication Architecture Risk 140

SecureList

OCTOBER 20, 2021

We also review what pushed cybercriminals to transform their operations into the now well-known malware-as-a-service model — the use of cloud servers, the decreasing relevance of custom malware and the subsequent emergence of small, agile teams. Malware developers — no longer hiring. Client-side attacks on the wane.

Cybercrime 145

Cybercrime Banking Malware Ransomware 145