2019, Antivirus, Information Security and Passwords

The Hidden Cost of Ransomware: Wholesale Password Theft

Krebs on Security

JANUARY 6, 2020

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. In mid-November 2019, Wisconsin-based Virtual Care Provider Inc. ” WHOLESALE PASSWORD THEFT. In our Dec.

Passwords

Passwords Ransomware Password Management Malware

Shitcoin Wallet Chrome extension steals crypto-wallet private keys and passwords

Security Affairs

JANUARY 2, 2020

Security expert discovered a Google Chrome extension named Shitcoin Wallet that steals passwords and wallet private keys. Harry Denley, director of security at the MyCrypto , discovered that the Google Chrome extension named Shitcoin Wallet is stealing passwords and wallet private keys. sniko_) December 31, 2019.

Passwords

Passwords Cryptocurrency Advertising Antivirus

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. lazydocker : A simple terminal UI for both docker and docker-compose : [link] pic.twitter.com/HsK17rzg8m — Binni Shah (@binitamshah) July 1, 2019. Graham Cluley | @gcluley.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. More than 80% of all malicious files were disguised as .zip rar archive files.

Ransomware

Ransomware Antivirus Malware Banking

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. The joint alert also states that attackers scanning also enumerated devices for the CVE-2020-12812 and CVE-2019-5591 flaws. Implement the shortest acceptable timeframe for password changes.

Passwords

Passwords Government Firmware Accountability

Kaspersky addressed multiple issues in online protection solutions

Security Affairs

NOVEMBER 26, 2019

Kaspersky has fixed several flaws affecting the web protection features implemented in some of its security products. The vulnerabilities were found by the security researcher Wladimir Palant that reported them to Kaspersky in December 2018. “Kaspersky reported these issues to be resolved as of July 2019.

Antivirus

Antivirus Advertising Password Management Passwords

DOJ indicts Fxmsp hacker for selling access to hacked businesses

Security Affairs

JULY 8, 2020

Turchin obtained credentials to target networks by launching spear-phishing attacks and brute-forcing the passwords of remote desktop servers exposed online. Once the hacker gained access to the network, the deployed password-stealing malware and remote access trojans (RATs) to harvest credentials and establish persistence in the system.

Hacking

Hacking Antivirus Advertising Cybercrime

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Security Affairs

MARCH 17, 2021

According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. New #Mespinoza #Ransomware [link] Ext: locked R/n: Readme.README Affected users, contact the support forum of @BleepinComputer pic.twitter.com/SbKxVEIXUd — Amigo-A (@Amigo_A_) October 25, 2019.

Education

Education Ransomware Encryption Antivirus

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

Security Affairs

MARCH 18, 2023

” The Lockbit gang has been active since at least 2019 and today it is one of the most active ransomware groups offering a Ransomware-as-a-Service (RaaS) model. ransomware, then a password argument is mandatory during the execution of the ransomware.” ransomware appeared first on Security Affairs. and LockBit.”

Ransomware

Ransomware Penetration Testing Encryption Accountability

Ezuri memory loader used in Linux and Windows malware

Security Affairs

JANUARY 8, 2021

The loader observed by the researchers in the attacks is written in Golang and borrows the Ezuri code published on GitHub by the user guitmz in March 2019. Upon executing the code, it will ask the user the path for the payload to be encrypted and the password to be used for AES encryption to hide the malware within the loader.

Malware

Malware Encryption Antivirus Passwords

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Security Affairs

FEBRUARY 14, 2020

US agencies also updated information included in a MARs report on the HOPLIGHT proxy-based backdoor trojan that was first analyzed in April 2019. If these services are required, use strong passwords or Active Directory authentication. Enforce a strong password policy and implement regular password changes.

Malware

Malware Passwords Advertising Antivirus

Security Affairs newsletter Round 227

Security Affairs

AUGUST 18, 2019

Adobe Patch Tuesday for August 2019 fixed 119 flaws in 8 products. Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues. Security Patch Day for August includes the most critical Note released by SAP in 2019. A flaw in Kaspersky Antivirus allowed tracking its users online.

Banking

Banking Password Management Advertising Antivirus

CERT France – Pysa ransomware is targeting local governments

Security Affairs

MARCH 19, 2020

” According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. “ “The password database was leaked shortly before the attack. The malicious code appended the extension. locked to the filename of the encrypted files.

Government

Government Ransomware Encryption Penetration Testing

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln

Security Affairs

JUNE 23, 2020

Fxmsp gained worldwide fame in May 2019, after it was reported that the networks belonging to leading antivirus software companies had been compromised. In mid-March 2019, the co-conspirators resumed their activity on forums. Fxmsp’s public activity culminated in April 2019. Geography and victims. The big fish.

Antivirus

Antivirus Advertising Hacking Banking

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

” The SMOKEDHAM backdoor was associated by FireEye to the activity of the UNC2465 group that dates back to at least April 2019 and is considered a DARKSIDE RaaS affiliate. Figure 2 shows an image of the download page used for SmartPSS software.” ” concludes the report.

Cybercrime

Cybercrime Ransomware Antivirus Software

ZoneAlarm forum site hack exposed data of thousands of users

Security Affairs

NOVEMBER 11, 2019

ZonaAlarm , the popular security software firm owned by Check Point Technologies, has suffered a data breach. According to the post published by The Hacker News, the security breach exposed the data of ZonaAlarm discussion forum users. You will be requested to reset your password once joining the forum.”

Hacking

Hacking Data breaches Passwords Advertising

Hundreds of C-level executives credentials available for $100 to $1500 per account

Security Affairs

NOVEMBER 28, 2020

Once the hacker gained access to the network, they deployed password-stealing malware and remote access trojans (RATs) to harvest credentials and establish persistence in the system. The name Fxmsp refers a high-profile Russian- and English-speaking hacking group focused on breaching high-profile private corporate and government information.

Accountability

Accountability Cybercrime Hacking Retail

A new trojan Lampion targets Portugal

Security Affairs

DECEMBER 29, 2019

New trojan called ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax during the last days of 2019. Last days of 2019 were the perfect time to spread phishing campaigns using email templates based on the Portuguese Government Finance & Tax. zip) called: FacturaNovembro-4492154-2019-10_8.zip.

Malware

Malware Internet Internet Antivirus

PYSA ransomware gang is the most active group in November

Security Affairs

DECEMBER 22, 2021

According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. Once compromised the target network, attackers attempt to exfiltrate the company’s accounts and passwords database. The malicious code appended the extension.

Ransomware

Ransomware Penetration Testing Healthcare Government

AMT Games data breach: Millions of Users’ Messages, Account IDs, and IP Addresses Exposed

Security Affairs

JUNE 2, 2021

There was no need for a password or login credentials to access the information, and the data was not encrypted. The leak has since been secured. Fortnite’s practices were so egregious that its publisher, Epic Games, was sued in 2019 and settled by giving away 1,000 of its in-game V-Bucks currency to claimants.

Data breaches

Data breaches Accountability Mobile Phishing

Epic Manchego gang uses Excel docs that avoid detection

Security Affairs

SEPTEMBER 7, 2020

.” The library can generate files in multiple spreadsheet formats, it also supports Excel 2019. Some antivirus solutions specifically analyze this section look for malicious VBA code in the Excel docs. The lack of this section makes the Excel files generated by Epic Manchego gang hard to detect.

Cybercrime

Cybercrime Phishing Advertising Antivirus

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Security Affairs

SEPTEMBER 20, 2019

“Amadey is a relatively new botnet , first noted late in Q1 of 2019. In classic social engineering attack, the phishing message presents a “one time username and password” to the victims and urges the user to click the “Login Right Here” button. ” reads the analysis published by Cofense.

Phishing

Phishing Social Engineering Malware Advertising

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. Startup Est Headquarters Staff Funding Funding Type Abnormal Security 2018 San Francisco, CA 261 $74.0 Series B Apiiro Security 2019 Tel Aviv, Israel 65 $35.0

Cybersecurity

Cybersecurity Threat Detection Artificial Intelligence Risk

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The Archiveus Trojan from 2006 was the first one to use RSA cipher, but it was reminiscent of a proof of concept and used a static 30-digit decryption password that was shortly cracked. In November 2019, the criminals behind a ransomware species called Maze started a new trend that is currently gaining momentum on the dark web.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Cyber Security Roundup for April 2021

Security Boulevard

MARCH 31, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021. review Active Directory password policy. PA Unit 42 found that the average ransom paid by organisations nearly tripled over the past year, from $115,123 in 2019 to $312,493.

Energy and Utilities

Energy and Utilities Ransomware Banking Hacking

Phishers prefer Tesla, top 3 malware strains in Coronavirus phishing campaigns

Security Affairs

APRIL 9, 2020

It’s worth noting that.rar also became the second commonly used format to deliver archived malware in H1 2019 and accounted for 25% of all archived malicious files detected by Group-IB’s CERT in the first half of 2019.

Phishing

Phishing Malware Spyware DDOS

A month later Gamaredon is still active in Eastern Europe

Security Affairs

JUNE 4, 2019

The infection chain is composed by different stages of password protected SFX (self extracting archive), each containing vbs or batch scripts. Execution of “ winupd.exe ” (SFX) and relative password (uyjqystgblfhs). cmd” that renames the “win.jpg” into “win.exe” , another password protected SFX. Technical Analysis.

Passwords

Passwords DNS Engineering Malware

Tomiris called, they want their Turla malware back

SecureList

APRIL 24, 2023

Operators routinely mix and match the various families, trying to deploy tools (often repeatedly) with little regard for stealth until one doesn’t get caught by antivirus software. As a result, we (still) believe with high confidence that TunnusSched and KopiLuwak are both part of similar toolsets , starting from 2019 at the latest.

Malware

Malware DNS Government Software

7 Cyber Security Courses Online For Everybody

Spinone

NOVEMBER 21, 2019

“Cyber Security is so much more than a matter of IT.” ” ― Stephane Nappo The amount of compromised data in August 2019 composed 114,686,290 breached records. This course covers a broad range of security topics, explaining it with a simple language.

Social Engineering

Social Engineering Accountability Phishing Cybersecurity

Cyber Security Informer

The Hidden Cost of Ransomware: Wholesale Password Theft

Shitcoin Wallet Chrome extension steals crypto-wallet private keys and passwords

Webinars

Trending Sources

Top Cybersecurity Accounts to Follow on Twitter

Webinars

Ransomware Revival: Troldesh becomes a leader by the number of attacks

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Kaspersky addressed multiple issues in online protection solutions

DOJ indicts Fxmsp hacker for selling access to hacked businesses

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

Ezuri memory loader used in Linux and Windows malware

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Security Affairs newsletter Round 227

CERT France – Pysa ransomware is targeting local governments

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

ZoneAlarm forum site hack exposed data of thousands of users

Hundreds of C-level executives credentials available for $100 to $1500 per account

A new trojan Lampion targets Portugal

PYSA ransomware gang is the most active group in November

AMT Games data breach: Millions of Users’ Messages, Account IDs, and IP Addresses Exposed

Epic Manchego gang uses Excel docs that avoid detection

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Top Cybersecurity Startups to Watch in 2022

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Cyber Security Roundup for April 2021

Phishers prefer Tesla, top 3 malware strains in Coronavirus phishing campaigns

A month later Gamaredon is still active in Eastern Europe

Tomiris called, they want their Turla malware back

7 Cyber Security Courses Online For Everybody

Stay Connected