Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware 145

Malware Encryption Advertising Passwords 145

The Last Watchdog

FEBRUARY 18, 2020

It was just a few short years ago that the tech sector, led by Google, Mozilla and Microsoft, commenced a big push to increase the use of HTTPS – and its underlying TLS authentication and encryption protocol. Related: Why Google’s HTTPS push is a good thing At the time, just 50 % of Internet traffic used encryption.

Encryption 168

Encryption Firewall Risk IoT 168

Security Affairs

DECEMBER 27, 2024

The script uses various methods like “wget,” “ftpget,” “curl,” and “tftp” to download the malware. It first terminates processes with the same file extension as “FICORA” and then downloads and executes the malware targeting multiple Linux architectures.

Architecture 68

Architecture Malware DNS DDOS 68

SecureList

APRIL 22, 2025

exe: a small malicious executable an encrypted file containing the payload (the name varies between archives) The ViPNet developer confirmed targeted attacks against some of their users and issued security updates and recommendations for customers (page in Russian). exe file is a loader that reads the encrypted payload file.

Software 82

Software Encryption Architecture Malware 82

Security Affairs

NOVEMBER 12, 2020

Cybersecurity researchers spotted a new modular PoS malware, dubbed ModPipe, that targets PoS restaurant management software from Oracle. ESET has been aware of the existence of modules since the end of 2019 when its experts first spotted the “basic” components of the malware. ” reads the analysis published by ESET.

Malware 142

Malware Architecture Passwords Software 142

SecureWorld News

FEBRUARY 20, 2025

Ghost ransomware actors, identified as operating from China, have been targeting unpatched systems and stolen credentials to infiltrate networks, encrypt data, and demand ransom payments. Persistent exploitation of legacy systems One of the most alarming aspects of Ghost ransomware is its focus on legacy IoT and OT environments.

Ransomware 113

Ransomware IoT Encryption Social Engineering 113

The Last Watchdog

DECEMBER 18, 2024

Quantum computing advances are making traditional encryption obsolete, and adversaries are stockpiling data for future decryption. FIPS-203 enables legal PQC deployment, prompting CISOs to overhaul encryption strategies. While fully agentic AI malware remains years away, the industry must prepare now.

Risk 173

Risk Threat Detection Technology Phishing 173

Security Affairs

APRIL 19, 2021

XCSSET, a Mac malware targeting Xcode developers, was now re-engineered and employed in a campaign aimed at Apple’s new M1 chips. Experts from Trend Micro have uncovered a Mac malware campaign targeting Xcode developers that employed a re-engineered version of the XCSSET malware to support Apple’s new M1 chips.

Malware 137

Malware Cryptocurrency Architecture Engineering 137

SecureList

MARCH 31, 2022

This malware is a full-featured backdoor containing sufficient capabilities to control the compromised victim. The malware operator exclusively used compromised web servers located in South Korea for this attack. Then, the spawned malware overwrites the legitimate application with the Trojanized application. Backdoor creation.

Malware 145

Malware Encryption Cryptocurrency Architecture 145

SecureList

APRIL 17, 2025

Day after day, threat actors create new malware to use in cyberattacks. Each of these new implants is developed in its own way, and as a result gets its own destiny while the use of some malware families is reported for decades, information about others disappears after days, months or several years.

Malware 94

Malware Encryption Architecture Engineering 94

SecureList

APRIL 25, 2025

While external malware now faces greater permission restrictions, pre-installed malware within system partitions has become impossible to remove. The modular architecture of the malware gives attackers virtually unlimited control over the system, enabling them to tailor functionality to specific applications.

Malware 84

Malware Cryptocurrency Firmware Accountability 84

Security Affairs

AUGUST 16, 2024

Russian cybercriminals are advertising a new macOS malware called Banshee Stealer with a monthly subscription price of $3,000. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. ” concludes the report. ” concludes the report.

Malware 128

Malware Cryptocurrency Advertising Architecture 128

Security Affairs

SEPTEMBER 8, 2024

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. The attack starts with a shell script that downloads binaries for various architectures (ARM, MIPS, X86), extracts a command-and-control (C2) server from an encrypted configuration, and connects to it.

Malware 134

Malware Telecommunications Encryption DDOS 134

SecureList

OCTOBER 31, 2022

The following chart shows the evolution timeline of this malware since its discovery. multiple encryption for C2 communication with ancient crypto algorithm. The encryption function used to send data was also modified, making it even more complicated. XORed size of encrypted data. and v0.6.5, LODEINFO v0.5.6: Description.

Encryption 145

Encryption Architecture Malware Engineering 145

SecureList

MAY 4, 2022

Dropper modules also patch Windows native API functions, related to event tracing (ETW) and anti-malware scan interface (AMSI), to make the infection process stealthier. Keeps Cobalt Strike module encoded several times, and AES256 CBC encrypted blob. Besides event logs there are numerous other techniques in the actor’s toolset.

Malware 145

Malware Encryption Architecture Technology 145

Malwarebytes

AUGUST 3, 2022

Before initialization, the malware effectively suppresses all error reporting by calling SetErrorMode with 0x8007 as parameter. As we will see later, that malware uses multiple threads and so it allocates a global object and assigns a mutex to it to make sure no two clashing operations can take place at the same time. main function.

Malware 136

Malware Encryption Antivirus Architecture 136

Security Affairs

MARCH 13, 2021

Kaspersky researchers spotted a new variant of the XCSSET Mac malware that compiled for devices running on Apple M1 chips. The malware also allows attackers to capture screenshots and exfiltrate stolen documents to the attackers’ server. Recently experts spotted other malware specifically designed to infect Mac running on M1 chips.

Malware 118

Malware Adware Architecture Antivirus 118

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” reads the report published by CyberArk.

Cybercrime 130

Cybercrime Malware Cryptocurrency Advertising 130

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware 105

Malware Encryption Advertising Passwords 105

Centraleyes

DECEMBER 16, 2024

Zero Trust Architecture (ZTA) Expands The Zero Trust model, which focuses on verifying every person and device attempting to access a system, is gaining ground as a best practice in cybersecurity. Expect to see more investments in privacy-enhancing technologies (PETs) such as encryption, anonymization, and data masking.

Cybersecurity 98

Cybersecurity Insurance Cyber Insurance Technology 98

eSecurity Planet

MARCH 1, 2022

Symantec this week reported a highly sophisticated malware called “Backdoor.Daxin” that “appears to be used in a long-running espionage campaign against select governments and other critical infrastructure targets” and appears to be linked to China. The malware then sends information back to remote servers.

Malware 121

Malware Government Encryption Architecture 121

SecureList

JANUARY 6, 2025

Depending on the configuration, it may use the SCHANNEL security package, which supports SSL and TLS encryption on Windows. Analysis of the DLL reveals that it is a Core Module of multi-plugin malware developed by CoughingDown in late September 2020 and that there is indeed a significant code overlap (same RC4 key, same command numbers).

Malware 141

Malware Architecture Passwords Accountability 141

SecureList

APRIL 21, 2025

Introduction The evolution of Malware-as-a-Service (MaaS) has significantly lowered the barriers to entry for cybercriminals, with information stealers becoming one of the most commercially successful categories in this underground economy. txt The script performs the following actions: Downloads the malware. Extracts the malware.

Malware 88

Malware Cryptocurrency Software Phishing 88

SecureList

NOVEMBER 28, 2024

However, P8 contains many built-in functions and redesigns of the communication protocol and encryption algorithm, making it a well-designed and powerful espionage platform. The access management software facilitates access to the encrypted partition of the drive. Later that year, we discovered a new set of activities.

Malware 118

Malware Government Software Spyware 118

Security Boulevard

JANUARY 31, 2025

The cyberthreat landscape of 2024 was rife with increasingly sophisticated threats, and encryption played a pivotal rolea staggering 87.2% billion attempted encrypted attacks, a clear demonstration of the growing risk posed by cybercriminals leveraging encryption to evade detection. of threats were hidden in TLS/SSL traffic.

Encryption 71

Encryption Architecture Risk Artificial Intelligence 71

Security Affairs

DECEMBER 19, 2022

The main reasons to rewrite malware in Rust is to have lower AV detection rates, compared to malware written in most common languages, and to target multiple architectures. ” Upon executing the malware, the Rust binary prompts an error requiring a password to be passed as an argument. ” continues the analysis.

Ransomware 142

Ransomware Encryption Healthcare Education 142

Security Affairs

DECEMBER 6, 2022

Fortinet researchers discovered a sample of malware generated with the publicly available open-source ransomware toolkit Cryptonite that never offers the decryption window, turning it as a wiper. The sample analyzed by the expert masquerades as a software update, it shows a progress bar that represents the progress of encryption.

Ransomware 140

Ransomware Encryption Malware Architecture 140

The Last Watchdog

NOVEMBER 8, 2021

Access controls are the nexus of security and the expanding perimeter, and zero trust is the architecture that encompasses it. Zero trust is an all-inclusive security and privacy architecture. The network security perimeter is dynamically created and policy-based, and must be guarded by secure and highly managed access controls.

Healthcare 268

Healthcare Technology Architecture IoT 268

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. LastPass disclosed that criminal hackers had compromised encrypted copies of some password vaults, as well as other personal information.

Cryptocurrency 360

Cryptocurrency Passwords Encryption Accountability 360

Cisco Security

APRIL 6, 2022

No one enjoys forking out gobs of money and spending sleepless implementation hours every few years in exchange for a shiny new box with largely the same architecture as the old one, save for maybe a slightly faster CPU. It’s All About Encryption. That said, some hardware upgrades are certainly worth it.

Firewall 145

Firewall Architecture Encryption VPN 145

Security Affairs

APRIL 21, 2024

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. The Akira ransomware operators implement a double extortion model by exfiltrating victims’ data before encrypting it.

Ransomware 140

Ransomware Encryption Antivirus VPN 140

SecureList

JUNE 22, 2023

We wrote about malware targeting Brazil, about CEO fraud attempts, Andariel, LockBit and others. KTAE shows similarities between LockBit Green and Conti Three pieces of adopted code really stand out: the ransomware note, the command line options and the encryption scheme. Also, the string encryption method was simple: one byte XOR.

Phishing 130

Phishing Encryption Cybercrime Ransomware 130

Security Affairs

SEPTEMBER 28, 2022

North Korea-linked Lazarus APT group continues to target macOS with a malware campaign using job opportunities as a lure. The SentinelOne investigation is based on a previous one conducted by ESET in August , when Lazarus APT has been observed targeting job seekers with macOS malware working also on Intel and M1 chipsets.

Malware 103

Malware Cryptocurrency Architecture Advertising 103

Security Affairs

SEPTEMBER 25, 2024

The malware was hidden in popular applications and game mods. ” The researchers believe that the malware found its way to the Play Store through a tainted software developer kit (SDK) used to integrate advertising capabilities into the apps. Happy SDK : Combines the NProxy and Web modules with minor differences.

Architecture 133

Architecture Malware Mobile Advertising 133

Malwarebytes

AUGUST 31, 2022

A rather unique approach to spread malware using the popularity of the James Webb telescope images has been identified by the Securonix threat research team. The malware is being spread by a phishing campaign that includes a Microsoft Office attachment. VBA macros should be disabled unless there are compelling reasons not to.

Malware 98

Malware Engineering Architecture Encryption 98

eSecurity Planet

MARCH 4, 2022

Privilege and other vulnerabilities in Microsoft Windows, Exchange Server, Excel, Office, PowerPoint, Malware Protection Engine, Internet Explorer and more (27 in all). Purdue network architecture. Network Architecture and Design. Network Architecture and Design. Limit and encrypt VPNs. Remove backdoor connections.

Network Security 141

Network Security Architecture Authentication Firewall 141

Security Affairs

NOVEMBER 21, 2019

The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. The group is very sophisticated and used zero-day exploits and complex malware to conduct targeted attacks against governments and organizations in almost every industry, including financial, energy, telecommunications, and education, aerospace.

Malware 135

Malware Advertising Telecommunications Encryption 135