Security Affairs

DECEMBER 26, 2023

Researchers at NCC Group reported that in November they observed the return of the infamous banking malware Carbanak in ransomware attacks. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks. ” reads the report published by NCC Group.

Malware 141

Malware Ransomware Banking Healthcare 141

Security Affairs

OCTOBER 27, 2024

Four former members of the REvil ransomware group were sentenced in Russia for hacking and money laundering, marking a rare case of Russian gang members being convicted in the country. They were convicted of illegal payment handling, with Puzyrevsky and Khansvyarov also found guilty of malware use and distribution. in March 2022.

Ransomware 144

Ransomware Hacking Malware Cybercrime 144

Krebs on Security

FEBRUARY 9, 2023

Initially a stealthy trojan horse program delivered via email and used to steal passwords, Trickbot evolved into “a highly modular malware suite that provides the Trickbot Group with the ability to conduct a variety of illegal cyber activities, including ransomware attacks,” the Treasury Department said. The Forbes.ru

Hacking 208

Hacking Cybercrime Ransomware Government 208

Security Affairs

DECEMBER 1, 2022

Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. In March 2022, the U.S. ” reads the analysis published by AquaSec.

Malware 145

Malware DDOS Architecture Cryptocurrency 145

Security Affairs

OCTOBER 15, 2024

North Korea-linked actors deploy a new Linux variant of FASTCash malware to target financial systems, researcher HaxRob revealed. The cybersecurity researcher HaxRob analyzed a new variant of the FASTCash “payment switch” malware which targets Linux systems. post-April 2022. LTS distributions.

Malware 138

Malware Banking Hacking Accountability 138

Security Affairs

MAY 21, 2024

The Blackbasta extortion group claims to have hacked Atlas, one of the largest national distributors of fuel in the United States. The gang published a series of documents as proof of the hack, including people’s ID cards, data sheets, payroll payment requesters and a picture of the folder exfiltrated from the victim’s systems.

Hacking 144

Hacking Ransomware Phishing Malware 144

Joseph Steinberg

JANUARY 22, 2024

Hacking et Cybersécurité Mégapoche pour les Nuls , a single-volume book containing French versions of the latest editions of both the best selling CyberSecurity for Dummies by Joseph Steinberg, and Hacking For Dummies by Kevin Beaver, is now available to the public.

Hacking 161

Hacking Cybersecurity Penetration Testing Artificial Intelligence 161

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware 211

Malware VPN Internet Internet 211

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware 322

Malware Software Technology Accountability 322

SecureList

JUNE 15, 2023

Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercriminal community. A MaaS operator is typically a team consisting of several people with distinct roles.

Malware 145

Malware Ransomware Cybercrime Hacking 145

Security Affairs

AUGUST 28, 2024

million reward for information leading to the arrest of a Belarusian cybercriminal involved in the mass malware distribution. million reward for information leading to the arrest of Volodymyr Kadariya (38), a Belarusian national allegedly involved in a significant malware organization. The US Department of State offers a $2.5

Malware 137

Malware Computers and Electronics Cybercrime Internet 137

Malwarebytes

JANUARY 31, 2024

Nitrogen is the name given to a campaign and associated malware that have been distributed via malicious search ads. The threat actors seem to have a preference for hosting their payloads on compromised WordPress sites, many of which are already hacked with malicious PHP shell scripts.

Malware 105

Malware Hacking System Administration Ransomware 105

Security Affairs

SEPTEMBER 8, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 123

Malware Insurance Ransomware Government 123

Security Affairs

AUGUST 25, 2024

Researchers spotted a new stealthy Linux malware named sedexp that uses Linux udev rules to achieve persistence and evade detection. Aon’s Cyber Solutions spotted a new malware family, called sedexp, that relies on a lesser-known Linux persistence technique. Sedexp uses udev rules to maintain persistence. ” concludes the report.

Malware 144

Malware Hacking Ransomware Cybercrime 144

Security Affairs

JUNE 5, 2024

The malware spreads through direct messages within the app and only requires the user to open a message. Semafor first reported that CNN’s TikTok account had been hacked, forcing the broadcaster to take down its account for several days. Microsoft reported the issue to TikTok in February 2022, and the company quickly addressed it.

Accountability 140

Accountability Hacking Malware Information Security 140

Krebs on Security

SEPTEMBER 13, 2023

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “ USDoD ” had infiltrated the FBI ‘s vetted information sharing network InfraGard , and was selling the contact information for all 80,000 members. Microsoft Corp. government inboxes. USDoD’s InfraGard sales thread on Breached.

Cybercrime 323

Cybercrime Passwords Authentication Malware 323

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. NerbianRAT for Windows was first spotted in 2022, however the Linux variant employed by Magnet Goblin has been in circulation since May 2022. 4 Run a Linux command in a separate thread.

Malware 139

Malware VPN Encryption Hacking 139

Security Affairs

APRIL 22, 2024

Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028. The vulnerability CVE-2022-38028 was reported by the U.S.

Government 144

Government Education Phishing Malware 144

SecureList

NOVEMBER 10, 2022

Cryptocurrency prices were dropping from the end of 2021 and throughout the first half of 2022. Cybercriminals pay neither for equipment, nor for electricity, which is rather expensive in 2022. If the cryptomining malware is installed successfully on the victim’s computer, it delivers its operator stable earnings.

Cryptocurrency 142

Cryptocurrency Malware Software Ransomware 142

Security Affairs

FEBRUARY 6, 2024

China-linked APT group breached the Dutch Ministry of Defence last year and installed malware on compromised systems. The RAT is used as second-stage malware, the experts pointed out that it doesn’t exploit a new vulnerability. COATHANGER is a stealthy malware that hooks system calls that could reveal its presence.

Malware 141

Malware Firmware VPN Backups 141

Security Affairs

DECEMBER 13, 2022

LockBit ransomware gang hacked the California Department of Finance and threatens to leak data stolen from its systems. The images published by the gang as proof of the hack include spreadsheets containing financial data, a contract, 2022 budget details, and more. SecurityAffairs – hacking, California).

Hacking 144

Hacking Ransomware Technology Cybersecurity 144

Security Affairs

OCTOBER 30, 2023

A sophisticated malware tracked as StripedFly remained undetected for five years and infected approximately one million devices. Researchers from Kaspersky discovered a sophisticated malware, dubbed StripedFly, that remained under the radar for five years masquerading as a cryptocurrency miner. “What was the real purpose?

Malware 142

Malware Cryptocurrency Ransomware Hacking 142

Security Affairs

DECEMBER 2, 2022

Below are the details of the critical vulnerabilities: CVE-2022-45477 Telepad allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. This is the timeline for these vulnerabilities: August 13, 2022: Initial disclosure. Pierluigi Paganini.

Hacking 145

Hacking Authentication Mobile Passwords 145

Krebs on Security

MAY 28, 2024

Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5 , an online anonymity service that for many years was the easiest and cheapest way to route one’s Web traffic through malware-infected computers around the globe. The 911 S5 botnet-powered proxy service, circa July 2022.

VPN 259

VPN Banking Cybercrime Internet 259

Security Affairs

JANUARY 23, 2024

The Black Basta ransomware gang claimed to have hacked the UK water utility Southern Water, a major player in the UK water industry. The Black Basta ransomware group has been active since April 2022 , like other ransomware operations, it implements a double-extortion attack model. continues the researchers.

Hacking 144

Hacking Encryption Ransomware Insurance 144

Security Affairs

SEPTEMBER 15, 2023

The Russian national Dariy Pankov (28), aka dpxaker, is the author of the NLBrute malware. The NLBrute malware allows operators to compromise protected computers by decrypting login credentials. The powerful malware was capable of compromising protected computers by decrypting login credentials, such as passwords.

Malware 133

Malware Marketing Passwords Hacking 133

Security Affairs

JUNE 3, 2024

Russia-linked APT28 used the HeadLace malware and credential-harvesting web pages in attacks against networks across Europe. In December 2023, researchers from Proofpoint and IBM detailed a new wave of APT spear-phishing attacks relying on multiple lure content to deliver Headlace malware.

Malware 144

Malware Phishing Surveillance Internet 144

Security Affairs

MARCH 17, 2024

RisePro is a C++ info-stealer that has been active since at least 2022, it allows to gathering sensitive data from the infected system. The malware exfiltrates gathered data to two Telegram channels. “The malware collects a variety of valuable information. All unique passwords are stored in a file named “brute.txt”. .

Malware 143

Malware Passwords Software Hacking 143

Security Affairs

DECEMBER 12, 2023

The North Korea-linked APT group Lazarus is behind a new hacking campaign that exploits Log4j vulnerabilities to deploy previously undocumented remote access trojans (RATs). Cisco Talos researchers tracked the campaign as Operation Blacksmith, the nation-state actors are employing at least three new DLang -based malware families.

Malware 137

Malware Data collection Manufacturing Healthcare 137

SecureList

DECEMBER 14, 2022

At this point, it has become cliché to say that nothing in 2022 turned out the way we expected. Similarly, at the beginning of February 2022, we noticed a huge spike in the amount of activity related to Gamaredon C&C servers. Key insights. Low-level destructive capabilities can be bootstrapped in a matter of days.

DDOS 144

DDOS Ransomware Government Energy and Utilities 144

Krebs on Security

APRIL 18, 2022

” On April 13, Microsoft said it executed a legal sneak attack against Zloader , a remote access trojan and malware platform that multiple ransomware groups have used to deploy their malware inside victim networks. I asked the source. It’s more like one a day,” the source confided.

Healthcare 317

Healthcare Ransomware Cybersecurity Malware 317

Krebs on Security

JANUARY 25, 2024

But cybercrooks are constantly figuring out ingenious ways to fly beneath Google’s anti-abuse radar, and new examples of bad ads leading to malware are still too common. My guess it’s still continuing because of the up-and-down [of the] domains hosting malware and then looking legitimate.” Google says it removed 5.2

Software 301

Software Advertising Malware Accountability 301

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. The experts noticed that the threat actors have rewritten many functions of the malware to run on Linux systems. Additional analysis led to the discovery of a previously unknown Linux backdoor tracked as SprySOCKS.

Malware 134

Malware Encryption Telecommunications Authentication 134

Security Affairs

SEPTEMBER 14, 2023

Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than three years. Researchers from Kaspersky discovered a free download manager site that has been compromised to serve Linux malware. org domain and they were not containing any malware. org subdomain.

Malware 139

Malware Software Cryptocurrency Passwords 139

Krebs on Security

DECEMBER 4, 2024

In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “ Wazawaka ,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies.

Cybercrime 201

Cybercrime Ransomware Cryptocurrency Government 201

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software.

Malware 137

Malware Cybercrime Banking Hacking 137

Krebs on Security

OCTOBER 1, 2022

CVE-2022-41040 , is a Server-Side Request Forgery (SSRF) vulnerability that can enable an authenticated attacker to remotely trigger the second zero-day vulnerability — CVE-2022-41082 — which allows remote code execution (RCE) when PowerShell is accessible to the attacker.

Hacking 189

Hacking Passwords Internet Internet 189