Hacking and Security Intelligence - Cyber Security Informer

Black Hat Fireside Chat: The impactful role crowdsourced security intelligence must play

The Last Watchdog

SEPTEMBER 13, 2023

Sharing intel for a greater good Now one distinctive type of crowdsourcing — ethical hacking – is positioned to become a much more impactful component of securing modern networks. From Kickstarter to Wikipedia, crowdsourcing has become a part of everyday life.

Security Intelligence

Security Intelligence Marketing Risk Internet

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Security Affairs

JANUARY 11, 2022

The ransomware gang started its operations on December 27, 2021, and has already hacked the corporate networks of two organizations from Bangladesh and Japan respectively. link] — Microsoft Security Intelligence (@MsftSecIntel) January 11, 2022. — Microsoft Security Intelligence (@MsftSecIntel) January 11, 2022.

Ransomware

Ransomware Hacking Internet Internet

South Korean ERP Vendor's Server Hacked to Spread Xctdoor Malware

The Hacker News

JULY 2, 2024

The AhnLab Security Intelligence Center (ASEC), which identified the attack in May 2024, did not attribute it to a known threat actor or group, but noted that the tactics overlap with that of Andariel, a sub-cluster within the

Hacking

Hacking Malware Security Intelligence

Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

Security Affairs

MARCH 10, 2025

Cybersecurity and Infrastructure Security Agency (CISA) added the the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. “ Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,PHP-CGI OS Command Injection Vulnerability) In June, the U.S.

DDOS

DDOS Security Intelligence Malware Hacking

DEF CON 31 Packet Hacking Village – Mike Raggo’s, Chet Hosmer’s ‘OSINT for Physical Security Intelligence’

Security Boulevard

NOVEMBER 3, 2023

Permalink The post DEF CON 31 Packet Hacking Village – Mike Raggo’s, Chet Hosmer’s ‘OSINT for Physical Security Intelligence’ appeared first on Security Boulevard. Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada ; via the organizations YouTube channel.

Security Intelligence

Security Intelligence Hacking Architecture Education

French Firms Rocked by Kasbah Hacker?

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. com , an Arabic-language computer hacking forum. 001 for his security research and bug hunting.

DNS

DNS Penetration Testing Malware Hacking

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

In November 2024, the Akamai Security Intelligence Research Team (SIRT) observed increased activity targeting the URI /cgi-bin/cgi_main.cgi , linked to a Mirai-based malware campaign exploiting an unassigned RCE vulnerability in DVR devices, including DigiEver DS-2105 Pro. ” reads the analysis published by Akamai.

Manufacturing

Manufacturing Malware Firmware IoT

North Korea-linked APT Emerald Sleet is using a new tactic

Security Affairs

FEBRUARY 12, 2025

. — Microsoft Threat Intelligence (@MsftSecIntel) February 11, 2025 Microsoft notifies its customers who have been targeted or compromised by the North Korea-linked APT group. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, Emerald Sleet)

Phishing

Phishing Malware Security Intelligence Hacking

Iran-linked Phosphorous APT hacked emails of security conference attendees

Security Affairs

OCTOBER 29, 2020

Iran-linked APT group Phosphorus successfully hacked into the email accounts of multiple high-profile individuals and security conference attendees. “Phosphorus, an Iranian actor, has targeted with this scheme potential attendees of the upcoming Munich Security Conference and the Think 20 (T20) Summit in Saudi Arabia.”

Hacking

Hacking Security Intelligence Advertising Accountability

North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials

The Hacker News

FEBRUARY 6, 2025

The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center (ASEC).

Malware

Malware Phishing Security Intelligence Hacking

Russian hackers use PowerShell USB malware to drop backdoors

Bleeping Computer

JUNE 15, 2023

The Russian state-sponsored hacking group Gamaredon (aka Armageddon, or Shuckworm) continues to target critical organizations in Ukraine's military and security intelligence sectors, employing a refreshed toolset and new infection tactics. [.]

Malware

Malware Security Intelligence Hacking

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. — Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. — Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. SecurityAffairs – hacking, Zerologon). states Microsoft.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Microsoft Defender can now protect servers against ProxyLogon attacks

Security Affairs

MARCH 21, 2021

. “Today, we have taken an additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, Microsoft Defender). Pierluigi Paganini.

Antivirus

Antivirus Small Business Security Intelligence Hacking

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs

SEPTEMBER 24, 2020

— Microsoft Security Intelligence (@MsftSecIntel) September 24, 2020. We strongly recommend customers to immediately apply security updates for CVE-2020-1472. We strongly recommend customers to immediately apply security updates for CVE-2020-1472. SecurityAffairs – hacking, ZeroLogon). Pierluigi Paganini.

Security Intelligence

Security Intelligence Authentication Advertising Passwords

STRRAT RAT spreads masquerading as ransomware

Security Affairs

MAY 20, 2021

Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. pic.twitter.com/mGow2sJupN — Microsoft Security Intelligence (@MsftSecIntel) May 19, 2021. SecurityAffairs – hacking, STRRAT RAT). Pierluigi Paganini.

Ransomware

Ransomware Malware Encryption Security Intelligence

Microsoft warns of attacks targeting MSSQL servers using the tool sqlps

Security Affairs

MAY 18, 2022

Microsoft warns of a new hacking campaign aimed at MSSQL servers, threat actors are launching brute-forcing attacks against poorly protected instances. pic.twitter.com/Tro0NfMD0j — Microsoft Security Intelligence (@MsftSecIntel) May 17, 2022. — Microsoft Security Intelligence (@MsftSecIntel) May 17, 2022.

Security Intelligence

Security Intelligence Hacking Accountability Malware

Microsoft warns about ongoing PonyFinal ransomware attacks

Security Affairs

MAY 27, 2020

pic.twitter.com/Q3BMs7fSvx — Microsoft Security Intelligence (@MsftSecIntel) May 27, 2020. Learn how to build organizational security hygiene to prevent human-operated attacks: [link] — Microsoft Security Intelligence (@MsftSecIntel) May 27, 2020. SecurityAffairs – Ponyfinal ransomware, hacking).

Ransomware

Ransomware Security Intelligence Encryption Advertising

Microsoft warns of “massive campaign” using COVID-19 themed emails

Security Affairs

MAY 22, 2020

Experts from the Microsoft Security Intelligence team provided some details on a new “massive campaign” using COVID-19 themed emails. Researchers from the Microsoft Security Intelligence team provided some details on a new massive phishing campaign using COVID-19 themed emails. macros in malware campaigns.

Security Intelligence

Security Intelligence Advertising Phishing Malware

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

Security Affairs

FEBRUARY 8, 2025

Researchers from AhnLab Security Intelligence Center (ASEC) observed North Korea’s Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,North Korea)

Malware

Malware Phishing Security Intelligence Hacking

Microsoft blocked Polonium attacks against Israeli organizations

Security Affairs

JUNE 3, 2022

Microsoft blocked an attack activity aimed at Israeli organizations attributed to a previously unknown Lebanon-based hacking group tracked as POLONIUM. Microsoft announced to have blocked a series of attacks targeting Israeli organizations that have been conducted by a previously unknown Lebanon-based hacking group tracked as POLONIUM.

Security Intelligence

Security Intelligence Hacking Antivirus Authentication

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security Affairs

FEBRUARY 2, 2020

pic.twitter.com/mcRyEBUmQH — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. pic.twitter.com/1qnx3NmwiB — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. Pierluigi Paganini.

Malware

Malware Security Intelligence Banking Phishing

Finnish intelligence warns of Russia’s cyberespionage activities

Security Affairs

OCTOBER 3, 2022

The Finnish Security Intelligence Service ( SUPO ) warns Russia will highly likely intensify its cyber activity over the winter. The Finnish Security Intelligence Service ( Suojelupoliisi or SUPO ) warn of a highly likely intensification of cyberespionage activities conducted by Russia-linked threat actors over the winter.

Security Intelligence

Security Intelligence Manufacturing Cyber threats Accountability

Anubis, a new info-stealing malware spreads in the wild

Security Affairs

AUGUST 27, 2020

— Microsoft Security Intelligence (@MsftSecIntel) August 26, 2020. SecurityAffairs – hacking, malware). The post Anubis, a new info-stealing malware spreads in the wild appeared first on Security Affairs. The new malware shares a name with an unrelated family of Android banking malware. Pierluigi Paganini.

Malware

Malware Advertising Cryptocurrency Cybercrime

Russia-linked Nobelium APT targets orgs in the global IT supply chain

Security Affairs

OCTOBER 25, 2021

The recent large scale campaign uncovered by Microsoft aimed at the service providers was uncovered by Microsoft researchers, in order to avoid detection, threat actors repetitively changed tactics and used a broad range of hacking tools and malware. SecurityAffairs – hacking, cyber security). Pierluigi Paganini.

Telecommunications

Telecommunications Technology Hacking Malware

Office 365 phishing campaign uses redirector URLs and detects sandboxes to evade detection

Security Affairs

NOVEMBER 18, 2020

pic.twitter.com/YpUVEfmlUH — Microsoft Security Intelligence (@MsftSecIntel) November 16, 2020. — Microsoft Security Intelligence (@MsftSecIntel) November 16, 2020. SecurityAffairs – hacking, Office 365). This unique subdomain is added to a set of base domains, typically compromised sites.

Phishing

Phishing Social Engineering Passwords Security Intelligence

Organizations in aerospace and travel sectors under attack, Microsoft warns

Security Affairs

MAY 13, 2021

pic.twitter.com/aeMfUUoVvf — Microsoft Security Intelligence (@MsftSecIntel) May 11, 2021. pic.twitter.com/9r0OTmZQJb — Microsoft Security Intelligence (@MsftSecIntel) May 11, 2021. pic.twitter.com/9r0OTmZQJb — Microsoft Security Intelligence (@MsftSecIntel) May 11, 2021.

Security Intelligence

Security Intelligence Phishing Malware Hacking

A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers

Security Affairs

JULY 1, 2022

Microsoft Security Intelligence experts are warning of a long-running campaign conducted by a cloud threat actor group, tracked as 8220, that is now targeting Linux servers to install crypto miners. — Microsoft Security Intelligence (@MsftSecIntel) June 29, 2022. SecurityAffairs – hacking, 8220).

Security Intelligence

Security Intelligence Malware Hacking Information Security

SolarWinds Serv-U bug exploited for Log4j attacks

Security Affairs

JANUARY 19, 2022

We reported our discovery to SolarWinds, and security updates have been released. More info: [link] — Microsoft Security Intelligence (@MsftSecIntel) January 19, 2022. SecurityAffairs – hacking, SolarWinds). The post SolarWinds Serv-U bug exploited for Log4j attacks appeared first on Security Affairs.

Authentication

Authentication Hacking Ransomware Security Intelligence

SHARING INTEL: Here’s why it has become so vital to prioritize the security-proofing of APIs

The Last Watchdog

NOVEMBER 30, 2021

API hacking escapades. Over the past couple of years, good-guy researchers and malicious hackers alike have steadily scaled up their hacking activities to flush them out. Over the past couple of years, good-guy researchers and malicious hackers alike have steadily scaled up their hacking activities to flush them out.

Big data

Big data Digital transformation Accountability Hacking

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Security Affairs

MARCH 12, 2021

This week, the independent security researcher Nguyen Jang published on GitHub a proof-of-concept tool to hack Microsoft Exchange servers. The availability of the exploit online was immediately noticed by several cyber security experts, including Marcus Hutchins. SecurityAffairs – hacking, Microsoft Exchange).

Cyber Attacks

Cyber Attacks Cybercrime Authentication Hacking

Chinese Cyber Threat to Indian Defense and Telecom Sector

CyberSecurity Insiders

JUNE 18, 2021

Recorded Future that offers Enterprise Security Intelligence to American companies has revealed that there has been a persistent cyber threat to Indian Defense and Telecom sector from Chinese Military Intelligence since 2014.

Cyber threats

Cyber threats Security Intelligence Media Malware

Coronavirus-themed attacks May 17 ? May 23, 2020

Security Affairs

MAY 24, 2020

Experts from the Microsoft Security Intelligence team provided some details on a new “massive campaign” using COVID-19 themed emails. SecurityAffairs – COVID-19, hacking). The post Coronavirus-themed attacks May 17 – May 23, 2020 appeared first on Security Affairs. Pierluigi Paganini.

Advertising

Advertising Security Intelligence Hacking Information Security

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Security Affairs

JUNE 14, 2021

— Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. pic.twitter.com/cBeTfteyGl — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. SecurityAffairs – hacking, seo poisoning).

Antivirus

Antivirus Security Intelligence Malware Insurance

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Security Affairs

DECEMBER 17, 2023

On December 6, The Akamai Security Intelligence Response Team (SIRT) published the first update to the InfectedSlurs advisory series. The security firm revealed that threat actors were exploiting a vulnerability, tracked as CVE-2023-49897 (CVSS score 8.0) and earlier. .

Firmware

Firmware Wireless DDOS IoT

Microsoft found Shrootless bug in macOS that could bypass System Integrity Protection

Security Affairs

OCTOBER 28, 2021

Get details: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 28, 2021. System Integrity Protection (also referred to as rootless) is a macOS security feature introduced in OS X El Capitan (2015) (OS X 10.11). . SecurityAffairs – hacking, Apple). Pierluigi Paganini.

Security Intelligence

Security Intelligence Hacking Technology Software

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Security Affairs

JULY 11, 2024

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. ” Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, PHP flaw CVE-2024-4577) ” reported Akamai. .

Malware

Malware DDOS Internet Internet

Iran-linked APT groups continue to evolve

Security Affairs

NOVEMBER 17, 2021

Over the past year, Microsoft Threat Intelligence Center (MSTIC) has observed an evolution of the tools, techniques, and procedures employed by Iranian nation-state actors. Learn more from this blog summarizing these trends, as presented at #CyberWarCon : [link] — Microsoft Security Intelligence (@MsftSecIntel) November 16, 2021.

VPN

VPN Accountability Social Engineering Media

A week in security (June 28 – June 4)

Malwarebytes

JULY 5, 2021

Researchers explore the insecure world of the subdomain (Source: Can i take your subdomain) Cyber insurance model is broken, consider banning ransomware payments (Source: The Register) How facial recognition solutions can safeguard the hybrid workplace (Source: Help Net Security) Capital One hacker faces fresh charges for 2019 hacking spree (Source: (..)

Cyber Insurance

Cyber Insurance Social Engineering Scams Insurance

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Security Affairs

MAY 15, 2022

Microsoft Security Intelligence team Microsoft reported that a new variant of the Sysrv botnet, tracked as Sysrv-K, now includes exploits for vulnerabilities in the Spring Framework and WordPress. — Microsoft Security Intelligence (@MsftSecIntel) May 13, 2022. SecurityAffairs – hacking, Sysrv botnet).

Security Intelligence

Security Intelligence Malware Backups Architecture

Staying a Step Ahead of the Hack

Webroot

DECEMBER 11, 2020

As it turns out, it’s easier to hack our trust than our computers. Webroot Security Intelligence Director, Grayson Milbourne, offers several suggestions that companies can do to increase their security posture. The post Staying a Step Ahead of the Hack appeared first on Webroot Blog. Perfecting Your Posture.

Hacking

Hacking Social Engineering Engineering Phishing

Corona Mirai botnet spreads via AVTECH CCTV zero-day

Security Affairs

AUGUST 29, 2024

Akamai’s Security Intelligence and Response Team (SIRT) has detected a botnet campaign exploiting multiple previously known vulnerabilities and a newly discovered zero-day, tracked as CVE-2024-7029 (CVSS score: 8.7), in AVTECH CCTV cameras. .

Firmware

Firmware Malware Security Intelligence Authentication

New InfectedSlurs Mirai-based botnet exploits two zero-days

Security Affairs

NOVEMBER 22, 2023

In October, Akamai’s Security Intelligence Response Team (SIRT) noticed an anomalous activity to the company’s honeypots targeting a rarely used TCP port. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, botnet)

DDOS

DDOS Wireless Security Intelligence Malware

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020. SecurityAffairs – hacking, CISA). The post CISA alert warns of Emotet attacks on US govt entities appeared first on Security Affairs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Government

Government Banking Advertising Malware

HTML Smuggling technique used in phishing and malspam campaigns

Security Affairs

NOVEMBER 12, 2021

— Microsoft Security Intelligence (@MsftSecIntel) July 23, 2021. “Therefore, organizations need a true “defense in depth” strategy and a multi-layered security solution that inspects email delivery, network activity, endpoint behavior, and follow-on attacker activities.” SecurityAffairs – hacking, phishing).

Phishing

Phishing Banking Passwords Malware

Black Hat Fireside Chat: The impactful role crowdsourced security intelligence must play

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Trending Sources

South Korean ERP Vendor's Server Hacked to Spread Xctdoor Malware

Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

DEF CON 31 Packet Hacking Village – Mike Raggo’s, Chet Hosmer’s ‘OSINT for Physical Security Intelligence’

French Firms Rocked by Kasbah Hacker?

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

North Korea-linked APT Emerald Sleet is using a new tactic

Iran-linked Phosphorous APT hacked emails of security conference attendees

North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials

Russian hackers use PowerShell USB malware to drop backdoors

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Microsoft Defender can now protect servers against ProxyLogon attacks

Hackers are using Zerologon exploits in attacks in the wild

STRRAT RAT spreads masquerading as ransomware

Microsoft warns of attacks targeting MSSQL servers using the tool sqlps

Microsoft warns about ongoing PonyFinal ransomware attacks

Microsoft warns of “massive campaign” using COVID-19 themed emails

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

Microsoft blocked Polonium attacks against Israeli organizations

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Finnish intelligence warns of Russia’s cyberespionage activities

Anubis, a new info-stealing malware spreads in the wild

Russia-linked Nobelium APT targets orgs in the global IT supply chain

Office 365 phishing campaign uses redirector URLs and detects sandboxes to evade detection

Organizations in aerospace and travel sectors under attack, Microsoft warns

A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers

SolarWinds Serv-U bug exploited for Log4j attacks

SHARING INTEL: Here’s why it has become so vital to prioritize the security-proofing of APIs

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Chinese Cyber Threat to Indian Defense and Telecom Sector

Coronavirus-themed attacks May 17 ? May 23, 2020

SEO poisoning campaign aims at delivering RAT, Microsoft warns

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Microsoft found Shrootless bug in macOS that could bypass System Integrity Protection

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Iran-linked APT groups continue to evolve

A week in security (June 28 – June 4)

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Staying a Step Ahead of the Hack

Corona Mirai botnet spreads via AVTECH CCTV zero-day

New InfectedSlurs Mirai-based botnet exploits two zero-days

CISA alert warns of Emotet attacks on US govt entities

HTML Smuggling technique used in phishing and malspam campaigns

Stay Connected