Security Affairs

APRIL 30, 2025

The RAT supports advanced evasion techniques, including living-off-the-land ( LOTL ) tactics and encrypted command and control (C2) communications. opendnsapi.net), and uses IPFS to retrieve encrypted modules. Since mid-2022, theyve deployed RomCom via spear-phishing for espionage, lateral movement, and data theft.

Encryption 97

Encryption Ransomware Malware Phishing 97

Security Affairs

JANUARY 10, 2025

The malicious code was advertised on cybercrime forums for $3,000 per month. A version discovered by Check Point in September relied on Apple’s XProtect encryption algorithm for obfuscation, allowing it to evade antivirus detection until its source code leak in November.

Malware 118

Malware Advertising Antivirus Cybercrime 118

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. ” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. . ” reads the post published by Microsoft.

Encryption 136

Encryption Ransomware Cybercrime Malware 136

Security Affairs

MARCH 8, 2025

The Akira ransomware gang exploited an unsecured webcam to bypass EDR and launch encryption attacks on a victim’s network. The ransomware group used an unsecured webcam to encrypt systems within atarget’s network, bypassing Endpoint Detection and Response (EDR). Akira successfully encrypted files across the network.

Ransomware 127

Ransomware IoT Encryption Passwords 127

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. The availability of the source in the cybercrime ecosystem can allow threat actors to develop their own version of the Hello Kitty ransomware. The HelloKitty gang has been active since January 2021.

Cybercrime 139

Cybercrime Ransomware DDOS Encryption 139

Security Affairs

JUNE 24, 2024

The cybercrime group ExCobalt targeted Russian organizations in multiple sectors with a previously unknown backdoor known as GoRed. Positive Technologies researchers reported that a cybercrime gang called ExCobalt targeted Russian organizations in multiple sectors with a previously unknown Golang-based backdoor known as GoRed.

Cybercrime 116

Cybercrime Telecommunications DNS Technology 116

Krebs on Security

OCTOBER 8, 2020

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” ” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in.

Cybercrime 349

Cybercrime Malware VPN Ransomware 349

Security Affairs

MARCH 21, 2025

Strategic Cyber Warfare In geopolitical conflicts, access to Telegram accounts and devices could provide military and intelligence advantages, such as intercepting sensitive communications, and identifying informants. Gaining access without cooperation from Telegram itself could be highly valuable.

Government 144

Government Surveillance Mobile Hacking 144

Security Affairs

OCTOBER 13, 2024

CISA adds Synacor Zimbra Collaboration flaw to its Known Exploited Vulnerabilities catalog China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems Google Pixel 9 supports new security features to mitigate baseband attacks International Press – Newsletter Cybercrime Indiana Man Pleads Guilty to Conspiracies Involving (..)

Data breaches 115

Data breaches Cryptocurrency Cybercrime Artificial Intelligence 115

Security Affairs

MARCH 15, 2025

The malware, dubbed PackerE, downloads an encrypted DLL (PackerD1) that employs multiple anti-analysis techniques. It uses a configuration file with regex patterns to detect cryptocurrency wallet addresses and C2 addresses for downloading encrypted wallet lists (recovery.dat and recoverysol.dat).

Software 116

Software Cryptocurrency Malware Encryption 116

Security Affairs

NOVEMBER 17, 2024

CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog Hackers target critical flaw CVE-2024-10914 in EOL D-Link NAS Devices China-linked threat actors compromised multiple telecos and spied on a limited number of U.S.

Cryptocurrency 110

Cryptocurrency Malware Hacking Ransomware 110

Security Affairs

FEBRUARY 13, 2025

The researchers pointed out that tools belonging to the arsenal of China-linked APT groups are often shared resources, however, many arent publicly available and arent usually associated with cybercrime activity. It also resembles Trend Micros documented PlugX type 2 variant, also linked to Fireant.

Ransomware 117

Ransomware Software Cybercrime Encryption 117

Security Affairs

DECEMBER 3, 2024

Securities and Exchange Commission (SEC), the company discovered the attack on November 25. The threat actors had access to the company’s information technology systems and encrypted some of its data files. “On November 25, 2024, ENGlobal Corporation (the “Company”) became aware of a cybersecurity incident. .

Ransomware 117

Ransomware Encryption Technology Cybersecurity 117

Security Affairs

APRIL 25, 2025

. “On April 12, 2025, DaVita became aware of a ransomware incident affecting and encrypting certain on-premises systems. The group claimed the theft of 1510 GB of sensitive data, including patient records, insurance, and financial information. The DaVita network was encrypted by InterLock Ransomware.

Ransomware 98

Ransomware Encryption Insurance Marketing 98

Security Boulevard

FEBRUARY 14, 2025

Meanwhile, an informal Tenable poll looks at cloud security challenges. And get the latest on ransomware trends and on cybercrime legislation and prevention! government is urging software makers to adopt secure application-development practices that help prevent buffer overflow attacks.

Banking 64

Banking Cybercrime Cybersecurity Ransomware 64

Security Affairs

NOVEMBER 18, 2024

The healthcare center discovered that a threat actor accessed and encrypted files on their systems between September 5, 2024 and September 8, 2024. We secured our systems and began an investigation with the help of a cybersecurity firm. ” reads the notice of security incident published by the organization.

Ransomware 123

Ransomware Insurance Encryption Healthcare 123

Security Affairs

MAY 4, 2025

“The ransomware either encrypted data from victims computer networks or claimed to take that data from the networks. Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents.

Ransomware 85

Ransomware Encryption VPN Malware 85

Security Affairs

APRIL 17, 2025

Rolling XOR Key: Utilized for encrypting communications with the command-and-control (C2) server, with key sizes varying among variants. Once active, it proxies traffic between infected devices and command-and-control servers using TCP sockets and FakeTLS, encrypting data with a custom XOR-based algorithm. ” concludes the report.

Encryption 113

Encryption Government Malware Hacking 113

Security Affairs

MARCH 2, 2025

3 cyberattack led to unauthorized access, file withdrawals, and encryption of critical applications. “Preliminary investigations indicate that threat actors unlawfully accessed the Companys network, encrypted critical applications, and exfiltrated certain files. The company reported to the SEC that a Feb.

Ransomware 75

Ransomware Cybercrime Encryption Healthcare 75

Security Affairs

APRIL 6, 2025

Oracle confirms a data breach and started informing customers while downplaying the impact of the incident. A threat actor using the moniker rose87168 claimed to possess millions of data lines tied to over 140,000 Oracle Cloud tenants, including encrypted credentials. Oracle has since taken the server offline. “Oracle Corp.

Data breaches 123

Data breaches Encryption Hacking Passwords 123

Security Affairs

OCTOBER 21, 2021

Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. The Macaw Locker ransomware encrypts victims’ files and append the .macaw macaw extension to the file name of the encrypted files. In 2019, the U.S.

Ransomware 141

Ransomware Cybercrime Banking Encryption 141

SecureWorld News

NOVEMBER 14, 2024

Attackers are not only encrypting systems but also targeting sensitive data, including Protected Health Information (PHI) and Personally Identifiable Information (PII), such as diagnoses, therapy records, genetic data, and Social Security numbers.

Healthcare 121

Healthcare Ransomware Identity Theft Data breaches 121

Security Affairs

JUNE 30, 2021

Law enforcement seized the servers and customer logs for DoubleVPN, a double-encryption service widely used by threat actors for malicious purposes. “International law enforcement continues to work collectively against facilitators of cybercrime, wherever and however it is committed. SecurityAffairs – hacking, cybercrime ).

VPN 141

VPN Cybercrime Encryption Advertising 141

Security Affairs

APRIL 10, 2025

No OCI service has been interrupted or compromised in any way,” Last week, Oracle confirmed a data breach and started informing customers while downplaying the impact of the incident. The hacker has published 10,000 customer records, a file showing Oracle Cloud access, user credentials, and an internal video as proof of the hack.

Hacking 118

Hacking Data breaches Encryption Passwords 118

Security Affairs

FEBRUARY 11, 2025

“They allegedly used the Phobos malware to encrypt information on the networks, blocking the companies from accessing the data unless a ransom was paid and a decryption key was provided by the gang. Generation of target list of extensions and folders to encrypt. ” reported the website Nation Thailand.

Ransomware 69

Ransomware Encryption Backups Malware 69

Security Affairs

APRIL 13, 2025

Unlike other extortion group, the gang doesnt encrypt data, but focuses on data theft to speed up its activity. Cell C has also shared fraud prevention resources, including guidance on registering with SAFPS for extra protection. RansomHouse is a data extortion group that has been active since Dec 2021. Victims include AMD and Keralty.

Data breaches 126

Data breaches Unstructured Data Identity Theft Healthcare 126

Security Affairs

DECEMBER 8, 2024

Hackers stole millions of dollars from Uganda Central Bank International Press Newsletter Cybercrime INTERPOL financial crime operation makes record 5,500 arrests, seizures worth over USD 400 million Hackers Stole $1.49

Artificial Intelligence 101

Artificial Intelligence Spyware Hacking Ransomware 101

Security Affairs

OCTOBER 20, 2024

Expanding the Investigation: Deep Dive into Latest TrickMo Samples HijackLoader evolution: abusing genuine signing certificates FASTCash for Linux Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware Technical Analysis of DarkVision RAT Encrypted Symphony: Infiltrating the Cicada3301 Ransomware-as-a-Service (..)

Malware 122

Malware Ransomware Encryption Phishing 122

Security Affairs

NOVEMBER 26, 2024

The ZIP file is then XOR encrypted, base64 encoded, and sent via a POST request to a specified URL using the built-in cURL command. Banshee Stealer can also steal cryptocurrency from different wallets, including Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic and Ledger. concludes the report.

Malware 142

Malware Cryptocurrency Encryption Passwords 142

Security Affairs

SEPTEMBER 2, 2024

Since June, the operators behind Cicada3301 have started recruiting affiliates on the RAMP cybercrime forum. ui : Displays real-time progress and statistics of the encryption process, such as the number of files encrypted. The Cicada3301 ransomware generates a symmetric key for encryption using the OsRng random number generator.

Ransomware 134

Ransomware Encryption Malware Cybercrime 134

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. It’s just some kind of sabotage.”

Ransomware 299

Ransomware Healthcare Cybercrime Government 299

Security Affairs

JANUARY 4, 2025

Attackers steal sensitive data like mnemonics and private keys from Hardhat, encrypt it with AES, and exfiltrate it to endpoints under their control. .” Threat actors behind this campaign mimicked the names of legitimate packages and organizations to trick developed into using them. ” continues the report.

Encryption 132

Encryption Hacking Cybercrime Information Security 132

Security Affairs

JULY 2, 2021

Wizard Spider, the cybercrime gang behind the TrickBot botnet, is believed to be the author of a new ransomware family dubbed Diavol, Fortinet researchers report. Researchers from Fortinet reported that a new ransomware family, tracked as Diavol, might have been developed by Wizard Spider , the cybercrime gang behind the TrickBot botnet.

Ransomware 142

Ransomware Cybercrime Encryption Malware 142

Security Affairs

MARCH 6, 2024

Researchers warn that the cybercrime groups GhostSec and Stormous have joined forces in a new ransomware campaign. The group is not linked to the hacktivist group Ghost Security Group, which primarily focuses on counterterrorism efforts and targets pro-ISIS websites. ransomware, a Golang variant of the GhostLocker ransomware.

Ransomware 140

Ransomware Encryption Cybercrime Hacking 140

Security Affairs

DECEMBER 1, 2023

The Turtle ransomware reads files into memory, encrypt them with AES (in CTR mode), rename the files, then overwrites the original contents of the files with the encrypted data. The malware adds the extension “ TURTLERANSv0 ” to the filenames of encrypted files. The binary also lacks of obfuscation.

Ransomware 140

Ransomware Encryption Malware Cybercrime 140

Security Affairs

MARCH 10, 2025

Unlike other extortion group, the gang doesnt encrypt data, but focuses on data theft to speed up its activity. @chicagotribune @ABC7Chicago pic.twitter.com/bwRCHqCS9o — Dominic Alvieri (@AlvieriD) March 10, 2025 RansomHouse is a data extortion group that has been active since Dec 2021. Victims include AMD and Keralty.

Hacking 114

Hacking Healthcare Backups Ransomware 114

Security Affairs

FEBRUARY 28, 2025

Vo1d botnet has enhanced its stealth and resilience with RSA encryption to secure communication, preventing C2 takeover. Payload delivery is optimized with unique Downloaders using XXTEA encryption and RSA-protected keys, making analysis and detection significantly harder. .

Antivirus 63

Antivirus Firmware Encryption Manufacturing 63