Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 98

Data breaches Malware Mobile Spyware 98

Malwarebytes

MARCH 29, 2021

Your phone traffic is routed through the tunnel, where it’s protected from surveillance, before joining the internet. Whilst lots of web pages are served over HTTPS (the secure form of HTTP) many are not, and most DNS lookups—which reveal the names of the websites you’re visiting—are vulnerable to snooping.

VPN 129

VPN Mobile Internet Internet 129

SecureList

MAY 31, 2021

Judging from the main features of the P8RAT and SodaMaster backdoors, we believe these modules are downloaders responsible for downloading further malware which we have so far been unable to obtain. It then downloads and installs the miner. The sample extracts a URL from the “downloadURL” field for the next download.

Malware 140

Malware Adware Encryption Architecture 140

SecureWorld News

DECEMBER 23, 2020

Pegasus spyware is a phone surveillance solution that enables customers to remotely exploit and monitor devices. The company sells its surveillance technology to governments around the world. And watchdog groups say its products are often found to be used in surveillance abuses.

Spyware 54

Spyware Surveillance Hacking Media 54

SecureList

NOVEMBER 26, 2021

The attackers obtain initial access to a system by sending a spear-phishing email to the victim containing a Dropbox download link. If the victim opens the document, Microsoft Office downloads the script and runs it using the MSHTML engine. After this, they were tricked into downloading previously unknown malware.

Malware 136

Malware Banking Energy and Utilities Accountability 136

SecureList

JUNE 3, 2024

This RAT allows an attacker to surveil and harvest sensitive data from a target computer. However, some of the things the malware authors came up with, such as placing their Python script inside a domain TXT record on the DNS server, were ingenious.

Banking 119

Banking Malware Computers and Electronics Mobile 119

Malwarebytes

MAY 9, 2023

Although the infection chain is similar to what was already reported, the attackers were using a slightly different process back in 2020: OP#1 Infection phase An MSI file is downloaded from hxxp://91.234.33.185/f8f44e5de5b4d954a83961e8990af655/update.msi. MSI files usage is a known signature from the group. Note the common pattern in urls.

Surveillance 86

Surveillance Accountability DNS Encryption 86

SecureList

APRIL 27, 2021

Although Lyceum still prefers taking advantage of DNS tunneling, it appears to have replaced the previously documented.NET payload with a new C++ backdoor and a PowerShell script that serve the same purpose. Our telemetry revealed that the threat group’s latest endeavors are focused on going after entities within one country – Tunisia.

Malware 145

Malware Government Spyware Social Engineering 145

Digital Shadows

DECEMBER 16, 2024

By exploiting users trust in CAPTCHA systems, this effective and deceptive tactic entices individuals into unknowingly bypassing standard security measures designed to prevent malicious file downloads. The command uses the MSHTA.exe binary to download the file Ray-verify[.]html. This obfuscation was designed to evade detection.

Malware 40

Malware Passwords Education Identity Theft 40

SecureList

OCTOBER 26, 2021

In June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control – probably achieved by obtaining credentials to the control panel of the victims’ registrar.

Malware 145

Malware Government Surveillance Spyware 145

SecureList

APRIL 27, 2022

We have previously seen DustSquad use third-party post-exploitation tools, such as the password dumping utility fgdump; but we have now observed new custom C modules, a first for DustSquad, and Delphi downloaders acting as post-exploitation facilitators, able to gather documents of interest for the actor.

Malware 145

Malware Firmware Government Phishing 145

Security Affairs

JULY 19, 2020

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS 120

DNS Advertising Surveillance Malware 120