Security Affairs

NOVEMBER 13, 2024

Bitdefender released a decryptor for the ShrinkLocker ransomware, which modifies BitLocker configurations to encrypt a system’s drives. Unlike modern ransomware it doesn’t rely on sophisticated encryption algorithms and modifies BitLocker configurations to encrypt a system’s drives.

Ransomware 123

Ransomware Encryption Passwords Backups 123

Security Affairs

JANUARY 3, 2025

Over 3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. ShadowServer researchers reported that around 3.3 We see around 3.3M It's time to retire those! ” reported ShadowServer.

Encryption 71

Encryption Passwords Internet Internet 71

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Tianfeng worked at Sichuan Silence Information Technology Co., ” The U.S.

Firewall 76

Firewall Hacking Malware Passwords 76

Security Affairs

MARCH 15, 2025

The malware, dubbed PackerE, downloads an encrypted DLL (PackerD1) that employs multiple anti-analysis techniques. It uses a configuration file with regex patterns to detect cryptocurrency wallet addresses and C2 addresses for downloading encrypted wallet lists (recovery.dat and recoverysol.dat).

Software 116

Software Cryptocurrency Malware Encryption 116

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

DECEMBER 3, 2024

Securities and Exchange Commission (SEC), the company discovered the attack on November 25. The threat actors had access to the company’s information technology systems and encrypted some of its data files. “On November 25, 2024, ENGlobal Corporation (the “Company”) became aware of a cybersecurity incident. .

Ransomware 119

Ransomware Encryption Technology Cybersecurity 119

Security Affairs

MARCH 21, 2025

Given Telegrams end-to-end encryption and widespread use, an exploit that bypasses its security could be a game-changer for cyber espionage. Zero-day prices have risen as the level of security of messaging apps and mobile devices becomes harder to hack.

Government 144

Government Surveillance Mobile Hacking 144

Security Affairs

NOVEMBER 18, 2024

The healthcare center discovered that a threat actor accessed and encrypted files on their systems between September 5, 2024 and September 8, 2024. We secured our systems and began an investigation with the help of a cybersecurity firm. ” reads the notice of security incident published by the organization.

Ransomware 125

Ransomware Insurance Encryption Healthcare 125

Security Affairs

FEBRUARY 4, 2025

AMD released security patches to fix a flaw that could bypass SEV protection, letting attackers load malicious microcode. Researchers from Google disclosed an improper signature verification vulnerability, tracked asCVE-2024-56161 (CVSS score of 7.2), in AMD’s Secure Encrypted Virtualization (SEV).

Encryption 98

Encryption Firmware Hacking Information Security 98

Security Affairs

OCTOBER 22, 2024

The security breach exposed low-sensitivity performance monitoring data, including customer usernames, account info, and encrypted internal credentials. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, CISA ) Rackspace helped ScienceLogic address this issue.

Encryption 123

Encryption Hacking Accountability Cybersecurity 123

Security Affairs

OCTOBER 20, 2024

CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog Nation-state actor exploited three Ivanti CSA zero-days Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’ macOS HM Surf flaw in TCC allows bypass Safari privacy settings Iran-linked actors target critical infrastructure organizations (..)

Data breaches 117

Data breaches Cybercrime Cyber Insurance Marketing 117

Security Affairs

OCTOBER 20, 2024

Expanding the Investigation: Deep Dive into Latest TrickMo Samples HijackLoader evolution: abusing genuine signing certificates FASTCash for Linux Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware Technical Analysis of DarkVision RAT Encrypted Symphony: Infiltrating the Cicada3301 Ransomware-as-a-Service (..)

Malware 124

Malware Ransomware Encryption Phishing 124

Security Affairs

APRIL 2, 2025

The backdoor, targeting Windows, uses AES-CBC encryption with base64 encoding and loads the payload via the exec function. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Anubis backdoor)

Antivirus 128

Antivirus Cybercrime Malware Encryption 128

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. The fact that there are so many different APIs is the main challenge for enterprises when it comes to API security.

Hacking 222

Hacking Penetration Testing Data breaches Authentication 222

Security Affairs

NOVEMBER 19, 2024

Evgenii Ptitsyn and others allegedly ran an international hacking scheme since November 2020, deploying Phobos ransomware to extort victims. Ptitsyn reportedly sold the ransomware on darknet forums under aliases like “derxan” and “zimmermanx,” enabling other criminals to encrypt data and demand ransom.

Cybercrime 115

Cybercrime Ransomware Healthcare Education 115

Security Affairs

MARCH 4, 2024

The Main Intelligence Directorate (GUR) of Ukraine’s Ministry of Defense claims that it hacked the Russian Ministry of Defense. software used by the Russian Ministry of Defense to encrypt and protect its data. software used by the Russian Ministry of Defense to encrypt and protect its data.

Hacking 141

Hacking Data breaches Encryption Government 141

Security Affairs

MARCH 30, 2025

It creates secure tunnels for threat actors via SSH, proxies, and encrypted keys, enabling covert system access. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, CISA) It acts as a rootkit, dropper, backdoor, bootkit, proxy, and tunneler.

Malware 121

Malware Authentication Cybersecurity Encryption 121

Security Affairs

JANUARY 4, 2025

Attackers steal sensitive data like mnemonics and private keys from Hardhat, encrypt it with AES, and exfiltrate it to endpoints under their control. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,npm packages) ” continues the report.

Encryption 134

Encryption Hacking Cybercrime Information Security 134

Security Affairs

JANUARY 30, 2024

Kroll researchers reported that the ransomware strain outstands for the use of encryption to protect the ransomware binary. Cactus uses the Rclone tool for data exfiltration and used a PowerShell script called TotalExec, which was used in the past by BlackBasta ransomware operators, to automate the deployment of the encryption process.

Ransomware 141

Ransomware Hacking Data breaches Digital transformation 141

Security Affairs

JANUARY 23, 2024

The Black Basta ransomware gang claimed to have hacked the UK water utility Southern Water, a major player in the UK water industry. In early January, independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor.

Hacking 143

Hacking Encryption Ransomware Insurance 143

Security Affairs

NOVEMBER 26, 2024

The ZIP file is then XOR encrypted, base64 encoded, and sent via a POST request to a specified URL using the built-in cURL command. Banshee Stealer can also steal cryptocurrency from different wallets, including Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic and Ledger.

Malware 143

Malware Cryptocurrency Encryption Passwords 143

Security Affairs

MARCH 10, 2025

authorities seized $23M in crypto tied to a $150M Ripple hack, suspected to have been carried out by hackers from the 2022 LastPass breach. Security researcher ZachXBT identified the victim as Ripple co-founder Chris Larsen. The governments latest action officially secures the recovered funds. ” reads the complaint.

Password Management 86

Password Management Cryptocurrency Passwords Data breaches 86

Security Affairs

JUNE 24, 2024

. — Dominic Alvieri (@AlvieriD) June 23, 2024 In early June, the FBI informed victims of LockBit ransomware it had obtained over 7,000 LockBit decryption keys that could allow some of them to decrypt their data. said Bryan Vorndran, the Assistant Director at the FBI Cyber Division, during the 2024 Boston Conference on Cyber Security.

Hacking 145

Hacking Banking Ransomware Encryption 145

Security Affairs

JANUARY 10, 2025

A version discovered by Check Point in September relied on Apple’s XProtect encryption algorithm for obfuscation, allowing it to evade antivirus detection until its source code leak in November. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Banshee Stealer)

Malware 120

Malware Advertising Antivirus Cybercrime 120

Security Affairs

OCTOBER 13, 2024

The Mexican Drug Cartels Want You Casio: Notice of Partial Service Outage and Information Leak Caused by Ransomware Attack He founded a “startup” to access sanctioned Russian websites: the cyber police of Khmelnytskyi region exposed the hacker Hacked ‘AI Girlfriend’ Data Shows Prompts Describing Child Sexual Abuse Malware Over 300,000!

Data breaches 116

Data breaches Cryptocurrency Artificial Intelligence Cybercrime 116

Security Affairs

JANUARY 24, 2025

The reverse shell issued a challenge by sending an encrypted string using a hard-coded certificate. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,newsletter)

Malware 121

Malware VPN Encryption Hacking 121

Security Affairs

MARCH 31, 2025

This DLL acts as a loader, decrypting and executing the final Remcos payload from encrypted files within the ZIP. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Ukraine)

Phishing 112

Phishing Antivirus Encryption Hacking 112

Security Affairs

MARCH 17, 2025

The tool doesn’t work like traditional decryptors but instead brute-forces encryption keys using timestamp-based methods. Nugroho’s decryptor brute-forces encryption keys by exploiting Akira ransomwares use of timestamp-based seeds. The malware encrypts files using KCipher2 and Chacha8. Brute-forcing a 4.5

Ransomware 68

Ransomware Encryption Malware Hacking 68

Security Affairs

MARCH 18, 2025

StilachiRAT can extract Chromes encrypted encryption_key and decrypts it using Windows APIs to access stored credentials. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,malware) It retrieves login data from SQLite databases and sends it to the attacker.

Malware 112

Malware Cryptocurrency Encryption Passwords 112

Security Affairs

MARCH 25, 2025

It evades detection using multi-stage dynamic loading, encrypting and loading its malicious payload in three steps. The malware also manipulates AndroidManifest.xml with excessive permissions to disrupt analysis and uses encrypted socket communication to hide stolen data. This initial file acts as a loader for the next stage.

Malware 73

Malware Encryption Banking Cyber threats 73

Security Affairs

DECEMBER 8, 2024

Now He Wants to Help You Escape, Too Dozens of Countries Hit in Chinese Telecom Hacking Campaign, Top U.S. officials urge Americans to use encrypted apps amid unprecedented cyberattack The Great Pokmon Go Spy Panic Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,newsletter)

Artificial Intelligence 103

Artificial Intelligence Spyware Hacking Ransomware 103

Security Affairs

FEBRUARY 11, 2025

“They allegedly used the Phobos malware to encrypt information on the networks, blocking the companies from accessing the data unless a ransom was paid and a decryption key was provided by the gang. Generation of target list of extensions and folders to encrypt. ” reported the website Nation Thailand.

Ransomware 71

Ransomware Encryption Backups Malware 71

Security Affairs

MARCH 13, 2025

Upon execution, the spyware retrieves an encrypted configuration from Firebase Firestore, controlling activation and the C2 server address. The configuration request, sent as an encrypted JSON, controls parameters like C2 ping frequency, plugin URLs, and victim messages. ” concludes the report.

Spyware 78

Spyware Surveillance Encryption Malware 78

Security Affairs

JANUARY 5, 2025

TIM.exe then loads a malicious launcher DLL libcurl.dll whichwilldecrypt and load the PLAYFULGHOST payload from an encrypted file named Debug.log.” Google researchers provided event rules within Google Security Operations to dete ctPLAYFULGHOST activity.

Malware 130

Malware Encryption Phishing Hacking 130

Security Affairs

MARCH 9, 2025

Cellebrite zero-day exploit used to target phone of Serbian student activist One in Four Cyberattacks in 2024 Traced to Infostealers, Huntress Reports Uncovering.NET Malware Obfuscated by Encryption and Virtualization Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal Satori Threat Intelligence Disruption: BADBOX 2.0

Malware 66

Malware DDOS Hacking Ransomware 66

Security Affairs

JANUARY 5, 2024

To each encrypted file, it appends a randomized nine-digit hexadecimal number as an extension. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, ransomware) Zeppelin is typically deployed as a.dll or.exe file within a PowerShell loader.

Ransomware 132

Ransomware Hacking Encryption Malware 132

The Last Watchdog

MARCH 17, 2021

Brent Waters, a rock star computer scientist at the University of Texas, enthusiastically accepted a distinguished scientist post to continue his award-winning studies on a couple of breakthrough areas of cryptography: attribute-based encryption and functional encryption. More about these paradigm shifters below. Need to know basis.

Digital transformation 222

Digital transformation Encryption Technology Mobile 222