Security Affairs

JULY 7, 2024

This newsletter complements the weekly one you already receive. Each week, it will feature a collection of the best articles and research on malware.

Malware 118

Malware Spyware Cybercrime Ransomware 118

Malwarebytes

JANUARY 25, 2024

Currently only state sponsored groups, professional spyware vendors, and the large criminal operations have access to, and know how to use advanced AI tools to increase the effectivity of their attacks. Professional spyware vendors have deep enough pockets to invest in new tools, training, and development.

Ransomware 79

Ransomware Government Social Engineering Spyware 79

SecureWorld News

MARCH 29, 2024

This ends up executing sketchy code that installs viruses, ransomware, spyware, or adware behind the victim's back. A stepping stone to impactful cybercrime This tactic has tangible real-world implications. If a user gets on the hook, they are redirected to a landing page or prompted to download an ostensibly innocuous file.

Cybercrime 83

Cybercrime Advertising Engineering Antivirus 83

Security Affairs

NOVEMBER 24, 2024

CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office US DoJ charges five alleged members of the Scattered Spider cybercrime gang Threat actor (..)

Cybercrime 70

Cybercrime Artificial Intelligence Hacking VPN 70

Security Affairs

SEPTEMBER 15, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 118

Malware Spyware Banking Ransomware 118

Security Affairs

AUGUST 11, 2024

CISA adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog Russian cyber spies stole data and emails from UK government systems 0.0.0.0 CISA adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog Russian cyber spies stole data and emails from UK government systems 0.0.0.0

Spyware 117

Spyware Ransomware Hacking Government 117

Security Affairs

SEPTEMBER 14, 2024

CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M

Data breaches 121

Data breaches Computers and Electronics Spyware Cybercrime 121

Security Affairs

DECEMBER 11, 2018

Group-IB, an international company that specializes in preventing cyberattacks , has detected more than 40 000 compromised user credentials of online government services in 30 countries around the world. Group-IB Threat Intelligence has detected government websites’ user accounts compromised by cyber criminals in 30 countries.

Government 110

Government Cybercrime Accountability Advertising 110

Security Affairs

FEBRUARY 25, 2024

Iran Crisis Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign U.S.

Spyware 128

Spyware Cyber Insurance Hacking Advertising 128

Security Affairs

MARCH 24, 2024

Government’s Antitrust Case Against Apple Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Ramadan ) Is it a Russia’s weapon? Players hacked during the matches of Apex Legends Global Series.

Malware 124

Malware Cybercrime Hacking Cyber threats 124

Security Affairs

FEBRUARY 11, 2024

Gov imposes visa restrictions on individuals misusing Commercial Spyware HPE is investigating claims of a new security breach Experts warn of a surge of attacks targeting Ivanti SSRF flaw How to hack the Airbus NAVBLUE Flysmart+ Manager Crooks stole $25.5

Spyware 123

Spyware Surveillance DDOS Identity Theft 123

SecureWorld News

AUGUST 25, 2022

Israeli spyware company NSO Group has experienced quite a bit of controversy in the last few years. Its spyware product, Pegasus, has been used by various criminals and nation states to target individuals of interest, such as activists, politicians, and business leaders. After being blacklisted by the U.S.,

Spyware 83

Spyware Government Marketing Surveillance 83

Security Affairs

JUNE 2, 2024

OpenAI’s Altman Sidesteps Questions About Governance, Johansson at UN AI Summit Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter)

Data breaches 122

Data breaches VPN Cloud Migration Malware 122

Security Affairs

DECEMBER 16, 2021

Tens of thousands of devices worldwide, including many industrial control systems (ICS), have been hit by the PseudoManuscrypt spyware. Kaspersky researchers reported that tens of thousands of devices belonging to industrial and government organizations worldwide have been hit by the PseudoManuscrypt spyware.

Spyware 137

Spyware Energy and Utilities Malware Engineering 137

Security Affairs

JULY 15, 2023

Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise The source code of the BlackLotus UEFI Bootkit was leaked on GitHub US CISA warns of Rockwell Automation ControlLogix flaws Indexing Over 15 Million WordPress Websites with PWNPress New AVrecon botnet remained under the radar for two (..)

Spyware 98

Spyware Hacking Data breaches Mobile 98

Security Affairs

JULY 7, 2024

GootLoader is still active and efficient Hackers stole OpenAI secrets in a 2023 security breach Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes Polyfill.io GootLoader is still active and efficient Hackers stole OpenAI secrets in a 2023 security breach Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes Polyfill.io

Data breaches 118

Data breaches Hacking Banking Spyware 118

Security Affairs

SEPTEMBER 3, 2023

ransomware builder used by multiple threat actors Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software Cybercrime Unpacking the MOVEit Breach: Statistics and Analysis Cl0p Ups The Ante With Massive MOVEit Transfer Supply-Chain Exploit FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown U.S.

Social Engineering 124

Social Engineering Spyware Data breaches Surveillance 124

Security Affairs

JUNE 25, 2023

Someone is sending mysterious smartwatches to the US Military personnel CISA orders govt agencies to fix recently disclosed flaws in Apple devices VMware fixed five memory corruption issues in vCenter Server Fortinet fixes critical FortiNAC RCE, install updates asap More than a million GitHub repositories potentially vulnerable to RepoJacking New Mirai (..)

DDOS 98

DDOS Cybercrime Spyware Malware 98

Security Affairs

SEPTEMBER 1, 2024

CISA adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog Critical flaw in WPML WordPress plugin impacts 1M websites China-linked APT Volt Typhoon exploited a zero-day in Versa Director Researchers unmasked the notorious threat actor USDoD The Dutch Data Protection Authority (DPA) has fined Uber a record €290M Google addressed the tenth (..)

Surveillance 118

Surveillance Malware Firewall Phishing 118

Security Affairs

NOVEMBER 25, 2020

Group-IB supported an INTERPOL-led operation Falcon targeting business email compromise cybercrime gang from Nigeria, dubbed TMT. Group-IB , a global threat hunting and intelligence company, supported an INTERPOL-led operation Falcon targeting business email compromise (BEC) cybercrime gang from Nigeria, dubbed TMT by Group-IB.

Cybercrime 137

Cybercrime Phishing Social Engineering Spyware 137

Security Affairs

APRIL 21, 2024

PoC publicly available Linux variant of Cerber ransomware targets Atlassian servers Ivanti fixed two critical flaws in its Avalanche MDM Researchers released exploit code for actively exploited Palo Alto PAN-OS bug Cisco warns of large-scale brute-force attacks against VPN and SSH services PuTTY SSH Client flaw allows of private keys recovery A renewed (..)

Data breaches 129

Data breaches Ransomware Phishing Malware 129

Security Affairs

AUGUST 7, 2022

affiliate sideloads Cobalt Strike through Windows Defender Gootkit AaaS malware is still active and uses updated tactics Austria investigates DSIRF firm for allegedly developing Subzero spyware ALPHV/BlackCat ransomware gang claims to have stolen data from Creos Luxembourg S.A.

Spyware 141

Spyware Manufacturing Small Business Surveillance 141

Security Affairs

OCTOBER 1, 2023

Patch your TeamCity instance to avoid server hack Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Artificial Intelligence 126

Artificial Intelligence Firmware Data breaches Hacking 126

Malwarebytes

FEBRUARY 16, 2021

Around the world, governments tried to stop their hospitals from being overwhelmed by ordering lockdowns, stay-in-place orders, and school closures. If 2020 taught us anything, it’s that cybercrime stops for nothing. By April 2020, half the world’s population had been asked or ordered to stay at home.

Malware 122

Malware Scams Spyware Healthcare 122

Security Affairs

MAY 29, 2022

Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks The strange link between Industrial Spy and the Cuba ransomware operation Reuters: Russia-linked APT behind Brexit leak website GitHub: Nearly 100,000 NPM Users’ credentials stolen in the April OAuth token attack Android pre-installed apps are affected by high-severity (..)

InfoSec 133

InfoSec Spyware DDOS Firewall 133

SecureList

NOVEMBER 23, 2021

For instance, we see a new trend emerging in the criminal ecosystem of spyware-based authentication data theft, with each individual attack being directed at a very small number of targets (from single digits to several dozen). Such attacks are likely to comprise an even larger portion of the threat landscape next year.

Spyware 130

Spyware Phishing Cybercrime Energy and Utilities 130

Security Affairs

APRIL 22, 2024

The threat actors shared a portion of the stolen data with TechCrunch as proof of the hack, it includes records on current and former government officials, diplomats, and politically exposed people. The list also includes criminals, suspected terrorists, intelligence operatives and a European spyware firm.

Risk 138

Risk Spyware Hacking Accountability 138

SecureWorld News

JULY 11, 2022

The United States government has attributed the hack to a North Korean state-sponsored advanced persistent threat (APT) known as the Lazarus Group. The offer was emailed as a PDF document, and once it was downloaded, spyware infected the company's systems.

Social Engineering 76

Social Engineering Hacking Cryptocurrency Engineering 76

SecureWorld News

NOVEMBER 23, 2021

The steps we’re taking today will send a clear message: In a free society, it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place.". Being on this list effectively blocks the government or its vendors from doing business with NSO. And he didn't stop there.

Spyware 71

Spyware Surveillance Engineering Software 71

Security Affairs

FEBRUARY 28, 2021

Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com Experts warn of threat actors abusing Google Alerts to deliver unwanted programs FBI warns of the consequences of telephony denial-of-service (TDoS) attacks An attacker was able to siphon audio feeds from multiple Clubhouse rooms Georgetown County has yet to recover from a sophisticated (..)

Spyware 109

Spyware Backups Manufacturing Data breaches 109

Security Affairs

MARCH 5, 2020

According to the CrowdStrike 2020 Global Threat Report, the telecommunications and government sectors were the most targeted by the threat actors. Chinese hackers also targeted several organizations in the healthcare sector, government and defense sectors of countries in Asia. ” reads the report published by CrowdStrike.

Telecommunications 119

Telecommunications Advertising Mobile Spyware 119

SecureList

MAY 27, 2022

Subsequently, DDoS attacks hit some government websites. The following day, Microsoft reported that it had found destructive malware , dubbed WhisperGate, on the systems of government bodies and agencies that work closely with the Ukrainian government. Other malware. Noreboot: faking an iPhone restart. Lapsus$ group hacks Okta.

Phishing 128

Phishing Spyware Firmware Malware 128

Security Affairs

APRIL 9, 2020

Spyware turned out to be the most common malware class hiding in fraudulent COVID-19 emails, with AgentTesla topping the list of phishers’ favorite strains. Spyware: the most likely COVID-19 payload. Most COVID-19-related phishing emails analyzed had different spyware strains embedded as attachments. Source: CERT-GIB.

Phishing 139

Phishing Malware Spyware DDOS 139

Security Affairs

NOVEMBER 17, 2019

TA505 Cybercrime targets system integrator companies. New TA2101 threat actor poses as government agencies to distribute malware. WhatsApp flaw CVE-2019-11931 could be exploited to install spyware. Experts warn of spike in TCP DDoS reflection attacks targeting Amazon, SoftLayer and telco infrastructure.

DDOS 62

DDOS Spyware Advertising Ransomware 62

Security Affairs

OCTOBER 27, 2019

TA505 cybercrime group use SDBbot RAT in recent campaigns. Autoclerk travel reservations platform data leak also impacts US Government and military. Swedish Government grants police the use of spyware against violent crime suspects. Fake UpdraftPlus WordPress Plugins used to backdoor sites. Winnti APT group uses skip-2.0

Spyware 49

Spyware Advertising Hacking DDOS 49

Security Affairs

NOVEMBER 8, 2021

Government experts state that the group uses multiple mechanisms to compromise networks of the victims, including phishing emails with malicious attachments to gain access and Remote Desktop Protocol (RDP) to move laterally once on the network. The Hive ransomware adds the.hive extension to the filename of encrypted files.

Computers and Electronics 133

Computers and Electronics Ransomware Retail Spyware 133

Security Affairs

FEBRUARY 13, 2022

Organizations are addressing zero-day vulnerabilities more quickly, says Google CISA, FBI, NSA warn of the increased globalized threat of ransomware Croatian phone carrier A1 Hrvatska discloses data breach FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities (..)

Spyware 97

Spyware Ransomware Surveillance Hacking 97