Security Affairs

JUNE 20, 2024

A China-linked cyber espionage group has compromised telecom operators in an Asian country since at least 2021. The Symantec Threat Hunter Team reported that an alleged China-linked APT group has infiltrated several telecom operators in a single, unnamed, Asian country at least since 2021. In addition to utilizing custom backdoors.

DNS 135

DNS Malware Media Encryption 135

SecureList

DECEMBER 13, 2021

CVE-2021-44228 summary. Last week information security media reported the discovery of the critical vulnerability CVE-2021-44228 in the Apache Log4j library (CVSS severity level 10 out of 10). Kaspersky is aware of PoCs in the public domain and of the possible exploitation of CVE-2021-44228 by cybercriminals.

DNS 145

DNS Media Information Security Software 145

Security Affairs

AUGUST 4, 2024

A China-linked APT, tracked as StormBamboo, compromised an internet service provider (ISP) to poison software update mechanisms with malware. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines. The company linked the attacks to StormBamboo APT group.

Malware 143

Malware DNS Firewall Software 143

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their credentials have been stolen. The malicious code can also act as a first-stage malware.

Accountability 145

Accountability Malware Data breaches Passwords 145

Daniel Miessler

MAY 19, 2021

Top actions in breaches were: phishing (social), use of stolen credentials (hacking), other, ransomware (malware), pretexting (social), misconfiguration (error), misdelivery (error), brute force (hacking), C2 (malware), and backdoor (malware). Top three for middle: malware, hacking, social.

Data breaches 192

Data breaches Social Engineering Ransomware Phishing 192

Security Affairs

DECEMBER 8, 2021

The Mirai -based Moobot botnet is rapidly spreading by exploiting a critical command injection flaw, tracked as CVE-2021-36260 , in the webserver of several Hikvision products. The Moobot was first documented by Palo Alto Unit 42 researchers in February 2021, the recent attacks demonstrated that its authors are enhancing their malware.

Firmware 144

Firmware DDOS Malware IoT 144

Security Affairs

NOVEMBER 9, 2024

The vulnerabilities impact the Mazda Connect Connectivity Master Unit (CMU) system installed in multiple car models, including the Mazda 3 model year 2014-2021. This quick compromise allows vehicles to be targeted during valet service, ride-sharing, or through USB malware. ” reads the advisory. ” concludes the report.

Hacking 128

Hacking Firmware Software Manufacturing 128

Security Affairs

SEPTEMBER 7, 2022

A new Linux malware dubbed Shikitega leverages a multi-stage infection chain to target endpoints and IoT devices. Researchers from AT&T Alien Labs discovered a new piece of stealthy Linux malware, dubbed Shikitega, that targets endpoints and IoT devices. ” reads the analysis published by AT&T Alien Labs.

Malware 137

Malware IoT Cryptocurrency Engineering 137

Security Affairs

FEBRUARY 13, 2025

On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware. “ Since 2021, Seashell Blizzard’s subgroup has exploited vulnerable infrastructure using scanning tools, evolving TTPs for persistence and lateral movement.

Telecommunications 107

Telecommunications DNS Passwords Hacking 107

Security Affairs

DECEMBER 27, 2021

Researchers analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco that spreads through fake Google Play Store pages. Threat actors spread the malware using fake Google Play Store pages hosting malicious applications under the name ‘ sincronizador.apk.’ SecurityAffairs – hacking, Android banking malware).

Banking 144

Banking Malware Hacking Mobile 144

Security Affairs

FEBRUARY 3, 2025

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. Victim losses range from $0.10

Scams 83

Scams Media Cryptocurrency Cybercrime 83

Security Affairs

NOVEMBER 19, 2021

million from ransom payments since July 2021. A study conducted by Swiss security firm Prodaft with the support of blockchain analysis firm Elliptic revealed that the operators of the Conti ransomware have earned at least $25.5 million from attacks and subsequent ransoms carried out since July 2021. million, of which $6.2

Ransomware 143

Ransomware Cybercrime Malware Hacking 143

Security Affairs

JULY 7, 2024

Today marks the launch of the Security Affairs newsletter, specializing in Malware. Each week, it will feature a collection of the best articles and research on malware. This newsletter complements the weekly one you already receive.

Malware 119

Malware Spyware Cybercrime Ransomware 119

Security Affairs

OCTOBER 4, 2024

perfctl malware targets misconfigured Linux servers to deploy cryptocurrency miners and proxyjacking software in an ongoing campaign. Aqua Nautilus researchers shed light on a Linux malware, dubbed perfctl malware, that over the past 3-4 years targeted misconfigured Linux servers. ” reads the report.

Malware 134

Malware Cryptocurrency Encryption Software 134

Security Affairs

FEBRUARY 2, 2024

The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. ” reads the alert published by CERT-UA.

Malware 135

Malware Internet Internet DDOS 135

Security Affairs

NOVEMBER 29, 2024

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. On April 26, 2021, Matveev and his Babuk coconspirators hit the Metropolitan Police Department in Washington, D.C.

Ransomware 117

Ransomware Healthcare Hacking Malware 117

Security Affairs

APRIL 1, 2024

Vultur was first spotted in late March 2021, it gains full visibility on victims’ devices via VNC (Virtual Network Computing) implementation taken from AlphaVNC. In July 2021, ThreatFabric researchers discovered the Android version of Vultur, which uses screen recording and keylogging to capture login credentials.

Malware 136

Malware Banking Engineering Encryption 136

Security Affairs

JUNE 9, 2022

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. “Symbiote is a malware that is highly evasive. appeared first on Security Affairs.

Malware 145

Malware DNS Antivirus Passwords 145

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” ” Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Pierluigi Paganini.

Malware 145

Malware DDOS IoT Cybercrime 145

Security Affairs

DECEMBER 29, 2021

China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. ” reads the analysis published by NTT Security.

Malware 144

Malware Phishing Passwords Media 144

Security Affairs

JANUARY 26, 2024

The Russian national malware developer Vladimir Dunaev was sentenced to more than 5 years in prison for his role in the TrickBot operation. The Russian national Vladimir Dunaev (40) has been sentenced in the US to 64 months in prison for his role in the development and distribution of the TrickBot malware. in October 2021.

Malware 133

Malware Identity Theft Banking Ransomware 133

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Recommendations provided in these rankings are general in nature and based on information security best practices standards and guidelines, such as OWASP and NIST.

Passwords 140

Passwords Authentication Architecture Risk 140

Security Affairs

DECEMBER 12, 2023

Cisco Talos researchers tracked the campaign as Operation Blacksmith, the nation-state actors are employing at least three new DLang -based malware families. Two of these malware strains are remote access trojans (RATs), respectively tracked as NineRAT and “DLRAT” The former relies on Telegram bots and channels for C2 communications.

Malware 130

Malware Data collection Manufacturing Healthcare 130

Security Affairs

MARCH 18, 2024

Technology giant Fujitsu announced it had suffered a cyberattack that may have resulted in the theft of customer information. Japanese technology giant Fujitsu on Friday announced it had suffered a malware attack, threat actors may have stolen personal and customer information.

Data breaches 135

Data breaches Malware Technology Hacking 135

Security Affairs

JANUARY 14, 2022

A weakness in the Microsoft Defender antivirus can allow attackers to retrieve information to use to avoid detection. Threat actors can leverage a weakness in Microsoft Defender antivirus to determine in which folders plant malware to avoid the AV scanning. SecurityAffairs – hacking, malware). Pierluigi Paganini.

Malware 145

Malware Antivirus Hacking Information Security 145

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. The experts noticed that the threat actors have rewritten many functions of the malware to run on Linux systems. Additional analysis led to the discovery of a previously unknown Linux backdoor tracked as SprySOCKS.

Malware 126

Malware Encryption Telecommunications Authentication 126

Security Affairs

AUGUST 25, 2022

Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked NOBELIUM APT group to maintain persistent access to compromised environments.

Malware 134

Malware Authentication Telecommunications Government 134

Krebs on Security

MARCH 1, 2022

27, a new Twitter account “ Contileaks ” posted links to an archive of chat messages taken from Conti’s private communications infrastructure, dating from January 29, 2021 to the present day. Conti is one of several cybercrime groups that has regularly used Trickbot to deploy malware. On Sunday, Feb.

Ransomware 303

Ransomware Healthcare Cybercrime Government 303

Krebs on Security

OCTOBER 31, 2021

As the researchers point out, this fact has previously been exploited to disguise the file extensions of malware disseminated via email. “Such code copying is a significant source of real-world security exploits.” Additional security advisories from other affected languages will be added as updates here.

Software 364

Software Information Security Encryption Government 364

Security Affairs

APRIL 13, 2022

The Apache Software Foundation urges organizations to address a vulnerability, tracked as CVE-2021-31805, affecting Struts versions ranging 2.0.0 The post CVE-2021-31805 RCE bug in Apache Struts was finally patched appeared first on Security Affairs. To nominate, please visit:? Pierluigi Paganini.

Software 145

Software Hacking Cybersecurity Information Security 145

Security Affairs

JANUARY 19, 2024

China-linked group UNC3886 has been exploiting vCenter Server zero-day vulnerability CVE-2023-34048 since at least late 2021. Mandiant researchers reported that China-linked APT group UNC3886 has been exploiting vCenter Server zero-day vulnerability CVE-2023-34048 since at least late 2021. ” concludes the report.

Firewall 132

Firewall Accountability Malware Hacking 132

Security Affairs

JULY 31, 2022

The researchers discovered over a dozen Android Apps on Google Play Store, collectively dubbed DawDropper, that were dropping Banking malware. “In the latter part of 2021, we found a malicious campaign that uses a new dropper variant that we have dubbed as DawDropper. ” reads the report published by Trend Micro.

Banking 133

Banking Malware VPN Hacking 133

Security Affairs

SEPTEMBER 2, 2022

Researchers attribute the Raspberry Robin malware to the Russian cybercrime group known as Evil Corp group. IBM Security X-Force researchers discovered similarities between a component used in the Raspberry Robin malware and a Dridex malware loader, which was part of the malicious operations of the cybercrime gang Evil Corp.

Cybercrime 123

Cybercrime Malware Backups Manufacturing 123

Security Affairs

OCTOBER 26, 2021

“Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021. The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.”

Ransomware 143

Ransomware Firmware Antivirus Accountability 143

Security Affairs

FEBRUARY 2, 2025

The Saim Raza group run multiple marketplaces that advertised and facilitated the sale of hacking and fraud tools, including malware, phishing kits and email extractors. By 2021, key members had founded WeCodeSolutions in Lahore, seemingly to legitimize their earnings from HeartSender.

Cybercrime 109

Cybercrime Advertising Phishing Hacking 109

Security Affairs

JULY 19, 2022

Google blocked dozens of malicious apps from the official Play Store that were spreading Joker, Facestealer, and Coper malware families. Google has removed dozens of malicious apps from the official Play Store that were distributing Joker, Facestealer, and Coper malware families. ” reads the analysis published by Zscaler.

Malware 133

Malware Spyware Banking Mobile 133

Security Affairs

JANUARY 21, 2025

Researchers found over 100 servers distributing Mirai malware and communicating with compromised IPs, indicating the campaign is ongoing. “Mirai malware, here dubbed as Murdoc Botnet, is a prominent malware family for *nix systems. Most of the infected systems are in Malaysia, Thailand, Mexico, and Indonesia.

IoT 82

IoT Malware Hacking Cybercrime 82