Hacking, Information, Information Security and Security Intelligence

DEF CON 31 Packet Hacking Village – Mike Raggo’s, Chet Hosmer’s ‘OSINT for Physical Security Intelligence’

Security Boulevard

NOVEMBER 3, 2023

Permalink The post DEF CON 31 Packet Hacking Village – Mike Raggo’s, Chet Hosmer’s ‘OSINT for Physical Security Intelligence’ appeared first on Security Boulevard. Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada ; via the organizations YouTube channel.

Security Intelligence

Security Intelligence Hacking Architecture Education

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Security Affairs

JANUARY 11, 2022

The ransomware gang started its operations on December 27, 2021, and has already hacked the corporate networks of two organizations from Bangladesh and Japan respectively. link] — Microsoft Security Intelligence (@MsftSecIntel) January 11, 2022. — Microsoft Security Intelligence (@MsftSecIntel) January 11, 2022.

Ransomware

Ransomware Hacking Internet Internet

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Security Affairs

DECEMBER 17, 2023

On December 6, The Akamai Security Intelligence Response Team (SIRT) published the first update to the InfectedSlurs advisory series. The security firm revealed that threat actors were exploiting a vulnerability, tracked as CVE-2023-49897 (CVSS score 8.0) and earlier. and earlier.

Firmware

Firmware Wireless DDOS IoT

Russia-linked Nobelium APT targets orgs in the global IT supply chain

Security Affairs

OCTOBER 25, 2021

The recent large scale campaign uncovered by Microsoft aimed at the service providers was uncovered by Microsoft researchers, in order to avoid detection, threat actors repetitively changed tactics and used a broad range of hacking tools and malware. SecurityAffairs – hacking, cyber security). ” states Microsoft.

Telecommunications

Telecommunications Technology Hacking Malware

A new Magecart campaign hides the malicious code in 404 error page

Security Affairs

OCTOBER 12, 2023

Researchers from the Akamai Security Intelligence Group uncovered a Magecart web skimming campaign that is manipulating the website’s default 404 error page to hide malicious code. The loader retrieves this string from the comment, decodes it, and initiates the attack, stealing the personal information provided by users.

Retail

Retail Security Intelligence Hacking Software

Microsoft warns of attacks targeting MSSQL servers using the tool sqlps

Security Affairs

MAY 18, 2022

Microsoft warns of a new hacking campaign aimed at MSSQL servers, threat actors are launching brute-forcing attacks against poorly protected instances. pic.twitter.com/Tro0NfMD0j — Microsoft Security Intelligence (@MsftSecIntel) May 17, 2022. — Microsoft Security Intelligence (@MsftSecIntel) May 17, 2022.

Security Intelligence

Security Intelligence Hacking Accountability Malware

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Security Affairs

MAY 20, 2023

Researchers at Microsoft Security Intelligence team published a series of tweets to warn of a new wave of attacks aimed at distributing the Clop ransomware and linked it to the financially motivated cybercriminal group Sangria Tempest (ELBRUS, FIN7 ).

Cybercrime

Cybercrime Ransomware Security Intelligence Hacking

A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers

Security Affairs

JULY 1, 2022

Microsoft Security Intelligence experts are warning of a long-running campaign conducted by a cloud threat actor group, tracked as 8220, that is now targeting Linux servers to install crypto miners. — Microsoft Security Intelligence (@MsftSecIntel) June 29, 2022. SecurityAffairs – hacking, 8220).

Security Intelligence

Security Intelligence Malware Hacking Information Security

Microsoft Defender can now protect servers against ProxyLogon attacks

Security Affairs

MARCH 21, 2021

. “Today, we have taken an additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, Microsoft Defender). Pierluigi Paganini.

Antivirus

Antivirus Small Business Security Intelligence Hacking

Finnish intelligence warns of Russia’s cyberespionage activities

Security Affairs

OCTOBER 3, 2022

The Finnish Security Intelligence Service ( SUPO ) warns Russia will highly likely intensify its cyber activity over the winter. The Finnish Security Intelligence Service ( Suojelupoliisi or SUPO ) warn of a highly likely intensification of cyberespionage activities conducted by Russia-linked threat actors over the winter.

Security Intelligence

Security Intelligence Manufacturing Cyber threats Accountability

Emotet operators are running Halloween-themed campaigns

Security Affairs

OCTOBER 31, 2020

Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents. Researchers from Microsoft Security Intelligence are also warning of the ongoing Halloween-themed Emotet campaign.

Banking

Banking Malware Security Intelligence Advertising

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. — Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. — Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. SecurityAffairs – hacking, Zerologon). states Microsoft.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs

SEPTEMBER 24, 2020

— Microsoft Security Intelligence (@MsftSecIntel) September 24, 2020. We strongly recommend customers to immediately apply security updates for CVE-2020-1472. We strongly recommend customers to immediately apply security updates for CVE-2020-1472. SecurityAffairs – hacking, ZeroLogon). Pierluigi Paganini.

Security Intelligence

Security Intelligence Authentication Advertising Passwords

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents. pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020.

Government

Government Banking Advertising Malware

New InfectedSlurs Mirai-based botnet exploits two zero-days

Security Affairs

NOVEMBER 22, 2023

In October, Akamai’s Security Intelligence Response Team (SIRT) noticed an anomalous activity to the company’s honeypots targeting a rarely used TCP port. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, botnet)

DDOS

DDOS Wireless Security Intelligence Authentication

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security Affairs

FEBRUARY 2, 2020

pic.twitter.com/mcRyEBUmQH — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. pic.twitter.com/1qnx3NmwiB — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020.

Malware

Malware Security Intelligence Banking Phishing

Microsoft warns about ongoing PonyFinal ransomware attacks

Security Affairs

MAY 27, 2020

pic.twitter.com/Q3BMs7fSvx — Microsoft Security Intelligence (@MsftSecIntel) May 27, 2020. Learn how to build organizational security hygiene to prevent human-operated attacks: [link] — Microsoft Security Intelligence (@MsftSecIntel) May 27, 2020. SecurityAffairs – Ponyfinal ransomware, hacking).

Ransomware

Ransomware Security Intelligence Encryption Advertising

STRRAT RAT spreads masquerading as ransomware

Security Affairs

MAY 20, 2021

Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. pic.twitter.com/mGow2sJupN — Microsoft Security Intelligence (@MsftSecIntel) May 19, 2021. SecurityAffairs – hacking, STRRAT RAT). Pierluigi Paganini.

Ransomware

Ransomware Malware Encryption Security Intelligence

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Security Affairs

MAY 15, 2022

Microsoft Security Intelligence team Microsoft reported that a new variant of the Sysrv botnet, tracked as Sysrv-K, now includes exploits for vulnerabilities in the Spring Framework and WordPress. — Microsoft Security Intelligence (@MsftSecIntel) May 13, 2022. SecurityAffairs – hacking, Sysrv botnet).

Security Intelligence

Security Intelligence Malware Architecture Backups

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

It is capable of providing an attacker with basic information about the infected system and executing a received payload.” Across the years, the researchers found analyzed multiple backdoors and hacking tools composing the arsenal of the cyberespionage group. .” states the APT trends report Q1 2021 published by Kaspersky.

Malware

Malware Hacking Government Telecommunications

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020. Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents.

Malware

Malware Passwords Advertising Cybercrime

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Security Affairs

AUGUST 15, 2022

Microsoft disrupted a hacking operation linked conducted by Russia-linked APT SEABORGIUM aimed at NATO countries. Microsoft has disrupted activity by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage. SecurityAffairs – hacking, NATO).

Phishing

Phishing Accountability Hacking Surveillance

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices. Researchers spotted an updated version of the KmsdBot botnet that is now targeting Internet of Things (IoT) devices.

IoT

IoT DDOS Architecture Internet

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

Our researchers are closely monitoring the campaign and will share additional info and investigation guidance through Microsoft 365 security center and Microsoft Threat Experts. — Microsoft Security Intelligence (@MsftSecIntel) May 11, 2021. SecurityAffairs – hacking, malware). ” concludes the experts.

Malware

Malware Phishing DNS Cybercrime

Microsoft found Shrootless bug in macOS that could bypass System Integrity Protection

Security Affairs

OCTOBER 28, 2021

Get details: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 28, 2021. System Integrity Protection (also referred to as rootless) is a macOS security feature introduced in OS X El Capitan (2015) (OS X 10.11). . SecurityAffairs – hacking, Apple). Pierluigi Paganini.

Security Intelligence

Security Intelligence Hacking Technology Software

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Security Affairs

MARCH 12, 2021

This week, the independent security researcher Nguyen Jang published on GitHub a proof-of-concept tool to hack Microsoft Exchange servers. The availability of the exploit online was immediately noticed by several cyber security experts, including Marcus Hutchins. SecurityAffairs – hacking, Microsoft Exchange).

Cyber Attacks

Cyber Attacks Cybercrime Authentication Hacking

VMware urges customers to patch VMware Horizon servers against Log4j attacks

Security Affairs

JANUARY 26, 2022

link] — Microsoft Security Intelligence (@MsftSecIntel) January 11, 2022. The security team at the UK National Health Service (NHS) also announced to have spotted threat actors exploiting the Log4Shell vulnerability to hack VMWare Horizon servers and install web shells. “An Pierluigi Paganini.

Internet

Internet Internet Ransomware Hacking

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Security Affairs

NOVEMBER 11, 2022

Get TTPs and protection info: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 14, 2022. SecurityAffairs – hacking, Prestige ransomware). The post Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine appeared first on Security Affairs. Pierluigi Paganini.

Ransomware

Ransomware Telecommunications DNS Hacking

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

Security Affairs

JANUARY 26, 2023

Microsoft has disrupted activity by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage.

Phishing

Phishing Media Hacking Education

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Security Affairs

JUNE 14, 2021

— Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. pic.twitter.com/cBeTfteyGl — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. SecurityAffairs – hacking, seo poisoning).

Antivirus

Antivirus Security Intelligence Malware Insurance

IT giants warn of ongoing Chromeloader malware campaigns

Security Affairs

SEPTEMBER 20, 2022

pic.twitter.com/v6sexKgDSg — Microsoft Security Intelligence (@MsftSecIntel) September 16, 2022. SecurityAffairs – hacking, malware). The post IT giants warn of ongoing Chromeloader malware campaigns appeared first on Security Affairs. Microsoft attributes the attack to a threat actor tracked as DEV-0796.

Malware

Malware Adware Ransomware Security Intelligence

A new Astaroth Trojan Campaign uncovered by Microsoft

Security Affairs

JULY 9, 2019

Microsoft Defender ATP Research Team discovered a fileless malware campaign that was spreading the information stealing Astaroth Trojan. Experts at the Microsoft Defender ATP Research Team discovered a fileless malware campaign that is delivering the information stealing Astaroth Trojan. SecurityAffairs – hacking, Astaroth Trojan).

Antivirus

Antivirus Malware Advertising Security Intelligence

Coronavirus-themed attacks May 17 ? May 23, 2020

Security Affairs

MAY 24, 2020

Experts from the Microsoft Security Intelligence team provided some details on a new “massive campaign” using COVID-19 themed emails. SecurityAffairs – COVID-19, hacking). The post Coronavirus-themed attacks May 17 – May 23, 2020 appeared first on Security Affairs. Pierluigi Paganini.

Advertising

Advertising Security Intelligence Hacking Information Security

HTML Smuggling technique used in phishing and malspam campaigns

Security Affairs

NOVEMBER 12, 2021

— Microsoft Security Intelligence (@MsftSecIntel) July 23, 2021. “Therefore, organizations need a true “defense in depth” strategy and a multi-layered security solution that inspects email delivery, network activity, endpoint behavior, and follow-on attacker activities.” SecurityAffairs – hacking, phishing).

Phishing

Phishing Banking Passwords Firewall

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

Learn how the group tried to stay under the radar using threats perceived to be less alarming: [link] — Microsoft Security Intelligence (@MsftSecIntel) November 30, 2020. SecurityAffairs – hacking, BISMUTH). ” Microsoft said. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Antivirus Manufacturing Government

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Security Affairs

OCTOBER 30, 2020

Even so, organizations’ work to secure their Kubernetes architecture doesn’t end there. For information on how to secure that part of a Kubernetes cluster, click here. About the Author: David Bisson is an information security writer and security junkie. SecurityAffairs – hacking, Kubernetes).

Advertising

Advertising Internet Internet VPN

Microsoft partnered with other security firms to takedown TrickBot botnet

Security Affairs

OCTOBER 12, 2020

The TrickBot botnet was considered by security experts one of the biggest botnets. The information gathered by the security firm was used by Microsoft to receive a warrant to takedown the TrickBot servers. link] — Microsoft Security Intelligence (@MsftSecIntel) October 12, 2020. Pierluigi Paganini.

Banking

Banking Malware Advertising Financial Services

Mysterious Prestige ransomware targets organizations in Ukraine and Poland

Security Affairs

OCTOBER 16, 2022

Get TTPs and protection info: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 14, 2022. SecurityAffairs – hacking, DEV-0960). The post Mysterious Prestige ransomware targets organizations in Ukraine and Poland appeared first on Security Affairs. ” concludes the report. Pierluigi Paganini.

Ransomware

Ransomware Encryption Backups Security Intelligence

Cybercrime Forum Data Set for 2019 and 2021 – Free Direct Download Technical Collection Copy Available! Grab a Copy Today!

Security Boulevard

MAY 25, 2021

I've decided to make my Cybercrime Forum Data Set for 2019 and 2021 exclusively available online for free in order for me to speed the dissemination process and to possibly empower security researchers and vendors with the necessary information to help them stay on the top of their game in terms of current and emerging cyber threats including U.S

Cybercrime

Cybercrime Cyber threats Hacking Software

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

Security Affairs

JUNE 24, 2019

pic.twitter.com/PQ2g7rvDQm — Microsoft Security Intelligence (@MsftSecIntel) June 21, 2019. — Microsoft Security Intelligence (@MsftSecIntel) June 21, 2019. The final payload is the remote access Trojan FlawedAmmyy,” reads a Tweet published by Microsoft Security Intelligence.

Security Intelligence

Security Intelligence Advertising Malware Banking

Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

Security Affairs

MAY 4, 2020

pic.twitter.com/EbI8kxICQG — Microsoft Security Intelligence (@MsftSecIntel) May 4, 2020. The attachment is a ZIP archive containing the familiar ISO file carrying a malicious SCR file with misleading icon pic.twitter.com/o1FbMUbTBs — Microsoft Security Intelligence (@MsftSecIntel) May 4, 2020.

Small Business

Small Business Malware Manufacturing Security Intelligence

Microsoft warns of more disruptive BlueKeep attacks and urges patch installation

Security Affairs

NOVEMBER 8, 2019

Recently, researchers warned of the first mass-hacking campaign exploiting the BlueKeep exploit , the attack aimed at installing a cryptocurrency miner on the infected systems. Read our latest blog w/ assist from @GossiTheDog & @MalwareTechBlog [link] — Microsoft Security Intelligence (@MsftSecIntel) November 7, 2019.

Penetration Testing

Penetration Testing Malware Advertising Spyware

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

Security Affairs

JUNE 10, 2019

pic.twitter.com/Ac6dYG9vvw — Microsoft Security Intelligence (@MsftSecIntel) June 7, 2019. — Microsoft Security Intelligence (@MsftSecIntel) June 7, 2019. “In the new campaign, the RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the payload.

Security Intelligence

Security Intelligence Advertising Malware Information Security

New Echobot Botnet targets Oracle, VMware Apps and includes 26 Exploits

Security Affairs

JUNE 16, 2019

The popular expert Larry Cashdollar, from Akamai’s Security Intelligence Response Team (SIRT), spotted a new version of the Echobot botnet that counts 26 different exploits. The first binary I found was compiled for ARM and still had the debugging information intact, which made it a little easier to analyze.

IoT

IoT Wireless Advertising Malware

DEF CON 31 Packet Hacking Village – Mike Raggo’s, Chet Hosmer’s ‘OSINT for Physical Security Intelligence’

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Trending Sources

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Russia-linked Nobelium APT targets orgs in the global IT supply chain

A new Magecart campaign hides the malicious code in 404 error page

Microsoft warns of attacks targeting MSSQL servers using the tool sqlps

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers

Microsoft Defender can now protect servers against ProxyLogon attacks

Finnish intelligence warns of Russia’s cyberespionage activities

Emotet operators are running Halloween-themed campaigns

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Hackers are using Zerologon exploits in attacks in the wild

CISA alert warns of Emotet attacks on US govt entities

New InfectedSlurs Mirai-based botnet exploits two zero-days

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Microsoft warns about ongoing PonyFinal ransomware attacks

STRRAT RAT spreads masquerading as ransomware

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Purple Lambert, a new malware of CIA-linked Lambert APT group

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Updated Kmsdx botnet targets IoT devices

Threat actor has been targeting the aviation industry since at least 2018

Microsoft found Shrootless bug in macOS that could bypass System Integrity Protection

Researchers warn of a surge in cyber attacks against Microsoft Exchange

VMware urges customers to patch VMware Horizon servers against Log4j attacks

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

SEO poisoning campaign aims at delivering RAT, Microsoft warns

IT giants warn of ongoing Chromeloader malware campaigns

A new Astaroth Trojan Campaign uncovered by Microsoft

Coronavirus-themed attacks May 17 ? May 23, 2020

HTML Smuggling technique used in phishing and malspam campaigns

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Microsoft partnered with other security firms to takedown TrickBot botnet

Mysterious Prestige ransomware targets organizations in Ukraine and Poland

Cybercrime Forum Data Set for 2019 and 2021 – Free Direct Download Technical Collection Copy Available! Grab a Copy Today!

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

Microsoft warns of more disruptive BlueKeep attacks and urges patch installation

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

New Echobot Botnet targets Oracle, VMware Apps and includes 26 Exploits

Stay Connected