Architecture, Cybercrime, Hacking and Information Security

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

Microsoft has uncovered Zerologon attacks that were allegedly conducted by the infamous TA505 Russia-linked cybercrime group. Microsoft spotted a series of Zerologon attacks allegedly launched by the Russian cybercrime group tracked as TA505 , CHIMBORAZO and Evil Corp. SecurityAffairs – hacking, Zerologon). Pierluigi Paganini.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. The Raccoon stealer is written in C++ by Russian-speaking developers that initially promoted it exclusively on Russian-speaking hacking forums. SecurityAffairs – hacking, malware).

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter ) The post Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Cybercrime

Cybercrime Malware Hacking Accountability

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

BlackMatter ransomware group claims to be Darkside and REvil succesor

Security Affairs

JULY 28, 2021

The birth of the BlackMatter ransomware was first spotted by researchers at Recorded Future who also reported that the gang is setting up a network of affiliates using ads posted on two cybercrime forums, such as Exploit and XSS. SecurityAffairs – hacking, ransomware). ” reported The Record. Pierluigi Paganini.

Ransomware

Ransomware Architecture Healthcare Encryption

Lastpass discloses the second security breach this year

Security Affairs

NOVEMBER 30, 2022

Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.” ” reads the notice of security incident published by the company. The company pointed out that customers’ passwords were not compromised due to LastPass’s Zero Knowledge architecture. . Pierluigi Paganini.

Architecture

Architecture Passwords Data breaches Password Management

Nurturing Our Cyber Talent

IT Security Guru

SEPTEMBER 25, 2023

Attacks such as hacking, phishing, ransomware and social engineering are on the rise. Businesses and other organisations are being pushed both by customers and regulators to evidence how they are keeping their information secure. In the eyes of many, the war on cybercrime is being lost. Luckily, I was very determined.

CISO

CISO Identity Theft Cybercrime Cybersecurity

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

Security Affairs

MARCH 8, 2024

Government experts discovered sensitive information, including personal data, technical information, classified details, and passwords, in approximately half of the Federal Administration’s files (5,182). ” Follow me on Twitter: @securityaffairs and Facebook Pierluigi Paganini ( SecurityAffairs – hacking, Xplain)

Ransomware

Ransomware Data breaches Unstructured Data Architecture

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. It was this first time that the operators adopted this tactic.

Ransomware

Ransomware Encryption Antivirus VPN

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. Then the script downloads the actual Enemybot binary which is compiled for the target device’s architecture. To nominate, please visit:?

DDOS

DDOS Architecture Malware Cybercrime

45,654 VMware ESXi servers reached End of Life on Oct. 15

Security Affairs

OCTOBER 17, 2022

There will be no architectural, performance improvements, or feature additions. Security patches are limited to one roll-up per year.” Let’s remember that it is very important to keep VMware ESXi servers up to date, numerous cybercrime and ransomware gangs (i.e. SecurityAffairs – hacking, VMware).

Architecture

Architecture Cybercrime Software Internet

Amadey malware spreads via software cracks laced with SmokeLoader

Security Affairs

JULY 25, 2022

The malware is available for sale in illegal forums, in the past, it was used by cybercrime gangs like TA505 to install GandCrab ransomware or the FlawedAmmyy RAT. Then the malware contacts the C2 and sends system information (i.e. SecurityAffairs – hacking, malware). ” Follow me on Twitter: @securityaffairs and Facebook.

Software

Software Malware Cybercrime VPN

IDAT Loader used to infect a Ukraine entity in Finland with Remcos RAT

Security Affairs

FEBRUARY 27, 2024

The modular architecture of the IDAT loader allows it to easily add new features. Follow me on Twitter: @securityaffairs and Facebook Pierluigi Paganini ( SecurityAffairs – hacking, cyberattack) The loader already supports code injection and execution modules, distinguishing it from conventional loaders.

Malware

Malware Architecture Phishing Hacking

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

Security Affairs

FEBRUARY 10, 2024

The malware impersonates a Visual Studio update and was designed to support Intel and Arm architectures. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, backdoor) RustDoor is written in Rust language and supports multiple features. ” concludes the report.

Ransomware

Ransomware Architecture Malware Passwords

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Security Affairs

JULY 14, 2023

Lumen Black Lotus Labs uncovered a long-running hacking campaign targeting SOHO routers with a strain of malware dubbed AVrecon. The experts discovered that the malicious code had been compiled for different architectures. The AVrecon malware was written in C to ensure portability and designed to target ARM-embedded devices.

Malware

Malware Advertising Cybercrime Passwords

New P2PInfect bot targets routers and IoT devices

Security Affairs

DECEMBER 4, 2023

Researchers at Cado Security Labs discovered a new variant of the P2Pinfect botnet that targets routers, IoT devices, and other embedded devices. This variant has been compiled for the Microprocessor without Interlocked Pipelined Stages (MIPS) architecture. ” The new bot targets devices embedded with 32-bit MIPS processor. .

IoT

IoT Architecture Malware Hacking

DCRat, only $5 for a fully working remote access trojan

Security Affairs

MAY 9, 2022

Researchers warn of a remote access trojan called DCRat (aka DarkCrystal RAT) that is available for sale on Russian cybercrime forums. Cybersecurity researchers from BlackBerry are warning of a remote access trojan called DCRat (aka DarkCrystal RAT) that is available for sale on Russian cybercrime forums. To nominate, please visit:?

Cybercrime

Cybercrime Malware Surveillance DDOS

Security Affairs newsletter Round 380

Security Affairs

AUGUST 20, 2022

SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 380 appeared first on Security Affairs. If you want to also receive for free the newsletter with the international press subscribe here. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

DDOS

DDOS Architecture Malware Cybercrime

Experts found a macOS version of the sophisticated LightSpy spyware

Security Affairs

MAY 30, 2024

” The plugins for the macOS version are different from those for other platforms, reflecting the architecture of the target systems. Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, malware)

Spyware

Spyware Malware Surveillance Mobile

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

KmsdBot supports multiple architectures, including as Winx86, Arm64, and mips64, x86_64, and does not stay persistent to avoid detection. Since mid-July 2023, the binary observed in the attacks includes support for telnet scanning and support for more CPU architectures.

IoT

IoT DDOS Architecture Internet

LastPass data breach: threat actors stole a portion of source code

Security Affairs

AUGUST 25, 2022

We utilize an industry standard Zero Knowledge architecture that ensures LastPass can never know or gain access to our customers’ Master Password. SecurityAffairs – hacking, data breach). The post LastPass data breach: threat actors stole a portion of source code appeared first on Security Affairs. Pierluigi Paganini.

Data breaches

Data breaches Password Management Passwords Architecture

FBI warns of dual ransomware attacks

Security Affairs

SEPTEMBER 30, 2023

The FBI’s PIN provides recommendations to network defenders for being prepared to respond to cyber incidents, optimizing identity and access management, implementing protective controls and architecture, and enhancing vulnerability and configuration management.

Ransomware

Ransomware Architecture Encryption Malware

The ultimate guide to Cyber risk management

CyberSecurity Insiders

FEBRUARY 2, 2022

Ambitious information security experts serve as a critical part of cyber risk management. The corporation is responsible for structuring IT and information security activities to protect its data resources, such as hardware, software, and procedures. This blog was written by an independent guest blogger. Risk assessment.

Cyber Risk

Cyber Risk Risk Architecture Identity Theft

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Security Affairs

NOVEMBER 9, 2021

Threat actors also scan the web for ports 2375, 2376, 2377, 4243, 4244, and attempt to gather server info such as the OS type, container registry, architecture, number of CPU cores, and the current swarm participation status. SecurityAffairs – hacking, Dockers). Experts noticed that the IP address 45[.]9[.]148[.]182

Cryptocurrency

Cryptocurrency Malware Cybercrime Architecture

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices.

Mobile

Mobile Advertising Malware Cybercrime

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 30, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. The IT giant urged Windows administrators to install the released security updates as soon as possible. Pierluigi Paganini.

Authentication

Authentication Advertising Architecture Cybercrime

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

Researchers from Black Lotus Labs at Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed to target devices based on multiple architectures, including Windows and Linux. SecurityAffairs – hacking, Chaos malware). ” concludes the report. Pierluigi Paganini.

Malware

Malware DDOS Architecture Financial Services

New Go-based botnet Zerobot exploits dozens of flaws

Security Affairs

DECEMBER 7, 2022

Zerobot targets multiple architectures, including i386, amd64, arm, arm64, mips, mips64, mips64le, mipsle, ppc64, ppc64le, riscv64, and s390x. SecurityAffairs – hacking, Zerobot). The post New Go-based botnet Zerobot exploits dozens of flaws appeared first on Security Affairs. The bot is saved using the filename “zero.”.

IoT

IoT Architecture Internet Internet

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

The most interesting characteristic of the Triada Trojan apart is its modular architecture, which gives it theoretically a wide range of abilities. Triada was designed with the specific intent to implement financial frauds, typically hijacking the financial SMS transactions. ” concludes the report.

Firmware

Firmware Mobile Malware Retail

Cisco and Netflix execs: The pandemic brought good, and some bad changes in security standards

SC Magazine

MAY 17, 2021

Robbins and Jimmy Sanders, head of information security at Netflix, both noted during the RSA Conference the degree of change in security driven by the pandemic. If cybercrime were a country, Robbins said, the $6 trillion dollar a year industry would have the third highest GDP in the world after the U.S.

Architecture

Architecture Cybercrime Information Security Mobile

Golang-Based Botnet GoBruteforcer targets web servers

Security Affairs

MARCH 13, 2023

The botnet targets x86, x64 and ARM processor architectures, experts noticed that it relies on an internet relay chat (IRC) bot on the victim server to communicate with the attacker’s server. “Once a host is found, GoBruteforcer tries to get access to the server via brute force.

Passwords

Passwords Malware Architecture Authentication

Talos wars of customizations of the open-source info stealer SapphireStealer

Security Affairs

SEPTEMBER 1, 2023

SapphireStealer is an open-source information stealer written in.NET, which is available in multiple public malware repositories since its public release in December 2022. SapphireStealer allows operators to gather system data (i.e. The malware is also able to siphon files stored with specific extensions and take screenshots.

Malware

Malware Data collection Architecture Hacking

Fortinet warns of a spike of the activity linked to AndoryuBot DDoS botnet

Security Affairs

MAY 9, 2023

” The variant analyzed by the researchers targets multiple architectures, including arm, m68k, mips, mpsl, sh4, spc, and x86. . “Users should be aware of this new threat and actively apply patches on affected devices as soon as they become available.”

DDOS

DDOS Wireless Architecture Advertising

Ransomware Toolkit Cryptonite turning into an accidental wiper

Security Affairs

DECEMBER 6, 2022

“This sample demonstrates how a ransomware’s weak architecture and programming can quickly turn it into a wiper that does not allow data recovery. SecurityAffairs – hacking, cryptonite ransomware toolkit). The post Ransomware Toolkit Cryptonite turning into an accidental wiper appeared first on Security Affairs.

Ransomware

Ransomware Encryption Malware Architecture

Experts found the first LockBit encryptor that targets macOS systems

Security Affairs

APRIL 16, 2023

BleepingComputer confirmed that the zip archive contained “previously unknown encryptors for macOS, ARM, FreeBSD, MIPS, and SPARC” architectures. The experts pointed out that the archive has been bundled as March 20, 2023, it also includes builds for PowerPC CPUs, which are used in older macOS systems.

Encryption

Encryption Architecture Ransomware Education

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. SecurityAffairs – hacking, EnemyBot).

Malware

Malware DDOS IoT Cybercrime

Taiwanese vendor QNAP issues advisory on Zerologon flaw

Security Affairs

OCTOBER 22, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. SecurityAffairs – hacking, QNap). The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon.

Authentication

Authentication Advertising Architecture Cybercrime

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

Security Affairs

NOVEMBER 4, 2023

. “He further clarifies that the exploit is grounded in the exploitation methodology detailed in the Qualys writeup, asserting its compatibility with x86(_64) and aarch64 architectures, and highlighting its potential for extension through the addition of new target offsets. The script is accessible for review here.

Architecture

Architecture Cryptocurrency Hacking Cybercrime

Experts discovered a previously undocumented initial access vector used by P2PInfect worm

Security Affairs

JULY 31, 2023

Replication allows instances of Redis to be run in a distributed architecture, aka leader/follower topology. This variant exploiting the replication feature to compromises exposed instances of the Redis data store. ” The report includes Indicators of Compromise (IoCs) and Yara rules for binary detection.

Malware

Malware Architecture Firewall Passwords

Maastricht University finally paid a 30 bitcoin ransom to crooks

Security Affairs

FEBRUARY 9, 2020

According to security experts at Fox-IT, the ransomware attack is compatible with other attacks carried out by the TA505 cybercrime gang. TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. “It is a decision that was not taken lightly by the Executive Board.

Ransomware

Ransomware Cyber Attacks Architecture Backups

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. SecurityAffairs – hacking, Zerologon). The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon.

VPN

VPN Government Authentication Advertising

New ransomware trends in 2023

SecureList

MAY 11, 2023

Security researchers discovered an archive that contained test builds of the malware for a number of less common platforms, including macOS and FreeBSD, as well as for various non-standard processor architectures, such as MIPS and SPARC. As for the second trend, we saw that BlackCat adjusted their TTPs midway through the year.

Ransomware

Ransomware Malware Architecture Telecommunications

Experts link AVRecon bot to the malware proxy service SocksEscort

Security Affairs

JULY 31, 2023

The experts discovered that the malicious code had been compiled for different architectures. On infected a router, the malware enumerates the victim’s SOHO router and sends that information back to a C2 server whose address is embedded in the code. Usually, these users have no idea their systems are compromised.”

Malware

Malware Small Business Advertising Passwords

New Go-based Redigo malware targets Redis servers

Security Affairs

DECEMBER 1, 2022

“The first use of the command is activated to receive information about the CPU architecture. SecurityAffairs – hacking, Redis). The post New Go-based Redigo malware targets Redis servers appeared first on Security Affairs. ” reads the analysis published by AquaSec. Pierluigi Paganini.

Malware

Malware DDOS Architecture Cryptocurrency

KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks

Security Affairs

NOVEMBER 14, 2022

Akamai Security Research discovered a new evasive Golang-based malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak login credentials. KmsdBot supports multiple architectures, including as Winx86, Arm64, and mips64, x86_64, and does not stay persistent to avoid detection. ” Pierluigi Paganini.

DDOS

DDOS Malware Cryptocurrency Architecture

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Raccoon Malware, a success case in the cybercrime ecosystem

Webinars

Trending Sources

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Webinars

BlackMatter ransomware group claims to be Darkside and REvil succesor

Lastpass discloses the second security breach this year

Nurturing Our Cyber Talent

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

Akira ransomware received $42M in ransom payments from over 250 victims

Enemybot, a new DDoS botnet appears in the threat landscape

45,654 VMware ESXi servers reached End of Life on Oct. 15

Amadey malware spreads via software cracks laced with SmokeLoader

IDAT Loader used to infect a Ukraine entity in Finland with Remcos RAT

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

New P2PInfect bot targets routers and IoT devices

DCRat, only $5 for a fully working remote access trojan

Security Affairs newsletter Round 380

Experts found a macOS version of the sophisticated LightSpy spyware

Updated Kmsdx botnet targets IoT devices

LastPass data breach: threat actors stole a portion of source code

FBI warns of dual ransomware attacks

The ultimate guide to Cyber risk management

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

New Go-based botnet Zerobot exploits dozens of flaws

Android devices shipped with backdoored firmware as part of the BADBOX network

Cisco and Netflix execs: The pandemic brought good, and some bad changes in security standards

Golang-Based Botnet GoBruteforcer targets web servers

Talos wars of customizations of the open-source info stealer SapphireStealer

Fortinet warns of a spike of the activity linked to AndoryuBot DDoS botnet

Ransomware Toolkit Cryptonite turning into an accidental wiper

Experts found the first LockBit encryptor that targets macOS systems

EnemyBot malware adds new exploits to target CMS servers and Android devices

Taiwanese vendor QNAP issues advisory on Zerologon flaw

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

Experts discovered a previously undocumented initial access vector used by P2PInfect worm

Maastricht University finally paid a 30 bitcoin ransom to crooks

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

New ransomware trends in 2023

Experts link AVRecon bot to the malware proxy service SocksEscort

New Go-based Redigo malware targets Redis servers

KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks

Stay Connected