Security Affairs

JANUARY 3, 2025

Over 3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. With POP3, the e-mails are downloaded to the local device and often deleted from the server. We see around 3.3M

Encryption 70

Encryption Passwords Internet Internet 70

Security Affairs

MARCH 31, 2025

Russia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. The threat actor is using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a.

Phishing 111

Phishing Antivirus Encryption Hacking 111

Security Affairs

JANUARY 4, 2025

The campaign is still ongoing and the malicious packages collectively totaled more than one thousand downloads. The attack has led to the identification of 20 malicious packages published by three primary authors, with the most downloaded package, @nomicsfoundation/sdk-test , accumulating 1,092 downloads.”

Encryption 132

Encryption Hacking Cybercrime Information Security 132

Security Affairs

JANUARY 5, 2025

The backdoor is distributed through: Phishing emails with themes such as code of conduct to trick users into downloading the malware. Upon executing the archive, it drops a malicious Windows executable, which eventually downloads and executesthe PLAYFULGHOST payloadfrom a remote server. sys driver.

Malware 129

Malware Encryption Phishing Hacking 129

Schneier on Security

JANUARY 24, 2020

That file shows an image of the Saudi Arabian flag and Swedish flags and arrived with an encrypted downloader. Because the downloader was encrypted this delayed or further prevented "study of the code delivered along with the video.".

Hacking 273

Hacking Backups Spyware Encryption 273

Schneier on Security

JANUARY 21, 2022

China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes.

Surveillance 362

Surveillance Encryption Wireless Government 362

SecureList

APRIL 23, 2025

Variants of Lazarus’ malicious tools, such as ThreatNeedle, Agamemnon downloader, wAgent, SIGNBT, and COPPERHEDGE, were discovered with new features. A one-day vulnerability in Innorix Agent was also used for lateral movement. We reported the issues to the Korea Internet & Security Agency (KrCERT) and the vendor.

Malware 144

Malware Software Encryption Internet 144

SecureList

FEBRUARY 5, 2025

The infected apps in Google Play had been downloaded more than 242,000 times. When initialized, it downloads a JSON configuration file from a GitLab URL embedded in the malware body. It encrypts data with AES-256 in CBC mode before sending and decrypts server responses with AES-128 in CBC mode.

Malware 144

Malware Encryption Mobile Cryptocurrency 144

The Last Watchdog

MARCH 28, 2025

Ransomware attacks typically involve tricking victims into downloading and installing the ransomware, which copies, encrypts, and/or deletes critical data on the device, only to be restored upon the ransom payment. Traditionally, the primary target of ransomware has been the victims device. .

Antivirus 147

Antivirus Ransomware Social Engineering Engineering 147

Krebs on Security

JUNE 7, 2021

In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. Federal Bureau of Investigation (FBI).

Antivirus 327

Antivirus VPN Encryption Malware 327

Security Affairs

NOVEMBER 26, 2024

The ZIP file is then XOR encrypted, base64 encoded, and sent via a POST request to a specified URL using the built-in cURL command. We’ve archived the leak and made it available for download on GitHub.” We've archived the leak and made it available for download on GitHub. concludes the report.

Malware 143

Malware Cryptocurrency Encryption Passwords 143

SecureList

OCTOBER 15, 2024

The document or LNK file starts a multi-stage infection chain with various JavaScript and.NET downloaders, which ends with the installation of the StealerBot espionage tool. All the documents use the remote template injection technique to download an RTF file that is stored on a remote server controlled by the attacker.

Malware 143

Malware Encryption Architecture Phishing 143

Malwarebytes

NOVEMBER 6, 2024

The problem is described as a “cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.” The “start encryption command” is a special instruction that tells Bluetooth devices to begin scrambling their communications.

Encryption 134

Encryption Mobile Technology Software 134

Troy Hunt

DECEMBER 25, 2022

Hope yours has been amazing too, see you from home next week 😊 References LastPass has added an update re their recent security incident (if keychains have been downloaded - even fully encrypted ones - that's bad news) Personally, I quite like the public view count on all tweets (if you dislike it just purely because it was introduced (..)

Password Management 291

Password Management Encryption Passwords 291

Troy Hunt

NOVEMBER 13, 2024

But in all likelihood, there will be more than a handful of domain subscribers who take issue with that volume of people data sitting there in one corpus easily downloadable via a clear web hacking forum.

Data breaches 323

Data breaches Passwords B2B Technology 323

Security Affairs

JULY 30, 2024

A new version of the Mandrake Android spyware has been found in five apps on Google Play, which have been downloaded over 32,000 times since 2022. Researchers from Kaspersky discovered a new version of the Mandrake Android spyware in five app on Google Play, totaling over 32,000 downloads between 2022 and 2024.

Spyware 125

Spyware Malware Mobile Marketing 125

Security Affairs

APRIL 24, 2025

The feature blocks chat exports, auto-media downloads, and the use of messages in AI features, ensuring conversations stay private and within the app. “When the setting is on, you can block others from exporting chats, auto-downloading media to their phone, and using messages for AI features. .”

Media 90

Media Encryption Hacking Accountability 90

SecureList

OCTOBER 29, 2024

Inside this content is an obfuscated PowerShell script that ultimately downloads the malicious payload. Payload: Lumma stealer Initially, the malicious PowerShell script downloaded and executed an archive with the Lumma stealer. One of the modules can also take screenshots.

Adware 130

Adware Malware Cryptocurrency Password Management 130

Security Boulevard

DECEMBER 16, 2024

However, unlike RisePro which has primarily been used for information stealing, this new malware specializes in downloading and executing second-stage payloads. After establishing the encryption keys for the session, the client sends either a SEND_ID_NEW_VICTIM or SEND_ID message. mi: Minor version.mj: Major version.

Malware 97

Malware Cryptocurrency Encryption Software 97

Security Affairs

MARCH 24, 2025

Initially, the group published screenshots of stolen data as proof of the attack, now the whole archive can be downloaded from the leak page. ” The group uses an ARCrypter ransomware variant, derived from Babuks leaked code , to encrypt files after infiltrating a network.

Ransomware 100

Ransomware Hacking Social Engineering VPN 100

Krebs on Security

JULY 19, 2021

. “Suddenly the victim notices they have a couple of petabytes of data to restore over the Internet, and they realize that even with their fast connections it’s going to take three months to download all these backup files. We have backups, the data is there, but the application to actually do the restoration is encrypted.’

Backups 359

Backups Ransomware Encryption Insurance 359

SecureList

NOVEMBER 29, 2024

This type of cyberextortion predated Trojans, which encrypt the victim’s files. New ransomware modifications, Q3 2023 — Q3 2024 ( download ) Number of users attacked by ransomware Trojans Despite the decrease in new variants, the number of users encountering ransomware has increased compared to the second quarter. 2 China 0.95

Mobile 106

Mobile Adware Ransomware Malware 106

Adam Levin

AUGUST 21, 2020

In an 8-K filing with the Securities and Exchange Commission (SEC), the company announced that it had “detected a ransomware attack that accessed and encrypted a portion of one [their] brand’s information technology systems,” adding that the hackers responsible downloaded “certain” data files.

Data breaches 263

Data breaches Ransomware Encryption Technology 263

Security Affairs

APRIL 21, 2025

The emails contained links that downloaded a malicious file (wine.zip). GRAPELOADER is a 64-bit DLL (ppcore.dll) used as an initial-stage downloader, triggered via its PPMain function through DLL side-loading by wine.exe. The phishing campaign used domains like bakenhof[.]com com and silry[.]com

Malware 103

Malware Phishing Encryption Hacking 103

Krebs on Security

NOVEMBER 25, 2019

Jogodka said although this pump’s PIN pad is encrypted, the hidden camera sidesteps that security feature. “The PIN pad is encrypted, so this is a NEW way to capture the PIN,” Jogodka wrote in a message to a mailing list about skimming devices found on Arizona fuel pumps.

Banking 347

Banking Wireless Encryption Mobile 347

SecureList

APRIL 8, 2025

Instead of the description copied from GitHub, the visitor is presented with an imposing list of office applications complete with version numbers and “Download” buttons. io/download. Page for downloading the suspicious archive Clicking that button finally downloads a roughly seven-megabyte archive named vinstaller.zip.

Passwords 85

Passwords Cryptocurrency Software Antivirus 85

Security Affairs

DECEMBER 26, 2024

The experts pointed out that this Mirai variant has been modified to use improved encryption algorithms. The malware maintains persistence using a cron job that downloads a shell script from “hailcocks[.]ru.” TheMiraivariant incorporates ChaCha20 and XOR decryption algorithms. ” reads the analysis published by Akamai.

Manufacturing 88

Manufacturing Malware Firmware IoT 88

Krebs on Security

OCTOBER 26, 2020

The latest cracks in Widevine concern the encryption technology’s protection for L3 streams, which is used for low-quality video and audio streams only. Google says the weakness does not affect L1 and L2 streams, which encompass more high-definition video and audio content.

Software 322

Software Technology Mobile Media 322

Security Affairs

MARCH 28, 2025

Attackers also employ encrypted or password-protected files to evade security detection. Clicking the “Download PDF” button leads to a zip payload from MediaFire. Attackers use Contabo-hosted links to deliver obfuscated Visual Basic scripts and disguised EXE payloads for credential theft. contaboserver[.]net.

Banking 86

Banking Phishing Malware Passwords 86

SecureList

MARCH 5, 2025

Dynamics of Windows Packet Divert detections ( download ) The growing popularity of tools using Windows Packet Divert has attracted cybercriminals. The counter at the time of posting the video showed more than 40,000 downloads. After the download, it saves the payload named t.py com , which hosted the infected archive.

Malware 117

Malware Cryptocurrency Antivirus Technology 117

Malwarebytes

APRIL 3, 2025

That’s according to a report from the non-profit Tech Transparency Project (TTP), who investigated the top 100 mobile VPN apps downloaded from Apple’s App Store as documented by mobile intelligence company AppMagic. In at least one case, the owner is on a US blacklist.

VPN 136

VPN Mobile Government Technology 136

SecureList

APRIL 22, 2025

exe: a small malicious executable an encrypted file containing the payload (the name varies between archives) The ViPNet developer confirmed targeted attacks against some of their users and issued security updates and recommendations for customers (page in Russian). Downloadable payload The msinfo32.exe

Software 81

Software Encryption Architecture Malware 81

SecureList

APRIL 25, 2025

Similar to previous versions, the backdoor downloads and executes other payloads. Neither payload is encrypted. Loading the configuration All field values within the configuration are encrypted using AES-128 in ECB mode and then encoded with Base64. Crypto stealer or dropper? Immediately upon starting, the binder.

Malware 83

Malware Cryptocurrency Firmware Accountability 83

Malwarebytes

FEBRUARY 26, 2025

I use end-to-end-encrypted (E2EE) messaging for a reason. Keep threats off your mobile devices by downloading Malwarebytes for iOS , and Malwarebytes for Android today. Im not oblivious to the many users that would be better off with such a service, but Im not so sure theyd appreciate it.

Artificial Intelligence 134

Artificial Intelligence Encryption Manufacturing Risk 134

Krebs on Security

JUNE 16, 2021

First debuting in early 2019, CLOP is one of several ransomware groups that hack into organizations, launch ransomware that encrypts files and servers, and then demand an extortion payment in return for a digital key needed to unlock access. ? /. CLOP’s victim shaming blog on the deep web.

Ransomware 357

Ransomware Cybercrime Malware Encryption 357

SecureList

APRIL 17, 2025

Unzip the downloaded archive and place the legitimate DOCX file into the %AppData%CiscoPluginsX86binetcUpdate folder Start the CiscoCollabHost.exe file dropped from the ZIP archive. Open the downloaded lure document for the victim. This file is encrypted with a single-byte XOR and is loaded at runtime. io public file storage.

Malware 92

Malware Encryption Architecture Engineering 92

Security Affairs

MARCH 30, 2025

It creates secure tunnels for threat actors via SSH, proxies, and encrypted keys, enabling covert system access. BusyBox enables threat actors to perform various functions such as download and execute payloads on compromised devices.” It acts as a rootkit, dropper, backdoor, bootkit, proxy, and tunneler.

Malware 120

Malware Authentication Encryption Cybersecurity 120