2008, Hacking and Malware - Cyber Security Informer

A zero-day in Windows 7 and Windows Server 2008 has yet to be fixed

Security Affairs

NOVEMBER 26, 2020

Researcher discovers a zero-day vulnerability in Windows 7 and Windows Server 2008 while he was working on a Windows security tool. “If you have ever run this script on Windows 7 or Windows Server 2008 R2 , you probably noticed a weird recurring result and perhaps thought that it was a false positive just as I did.

Hacking

Hacking Information Security Malware

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz WHO RUNS CRYPTOR[.]BIZ?

Malware

Malware Antivirus Cybercrime Hacking

The Olympics: a timeline of scams, hacks, and malware

Malwarebytes

JULY 28, 2021

And while actual, measurable cyberrattacks and hacks surrounding The Olympics did not truly get rolling until 2008 in Beijing, The Olympic games have traditionally been quite the target for malicious acts of all kinds, dating back years. It was also the first major Olympics event where organizers braced for hacking related impact.

Scams

Scams Hacking Malware Mobile

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. ru in 2008.

Malware

Malware Cybercrime Software Antivirus

Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2

Threatpost

NOVEMBER 13, 2018

Microsoft’s November Patch Tuesday fixes include mitigation against a zero-day vulnerability leaving Windows 7, Server 2008 and Server 2008 R2 open to attack.

Malware

Malware Hacking

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

PlugX malware delivered by exploiting flaws in Chinese programs

Security Affairs

MARCH 11, 2023

Researchers observed threat actors deploying PlugX malware by exploiting flaws in Chinese remote control programs Sunlogin and Awesun. Researchers at ASEC (AhnLab Security Emergency response Center) observed threat actors deploying the PlugX malware by exploiting vulnerabilities in the Chinese remote control software Sunlogin and Awesun.

Malware

Malware Software Hacking Information Security

When Your Smart ID Card Reader Comes With Malware

Krebs on Security

MAY 17, 2022

The consensus seems to be that the ZIP file currently harbors a malware threat known as Ramnit , a fairly common but dangerous trojan horse that spreads by appending itself to other files. He said Saicoo did not address his concern that the driver package on its website was bundled with malware. Image: Virustotal.com.

Malware

Malware Government Internet Internet

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

Security Affairs

JUNE 3, 2022

An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. The activity of the group was first documented by TeamT5 researchers that also reported the use of three malware families: SpyDealer, Demsty and WinDealer. SecurityAffairs – hacking, LuoYu).

Malware

Malware Telecommunications Internet Internet

Threat actors leverages DLL-SideLoading to spread Qakbot malware

Security Affairs

JULY 26, 2022

Qakbot malware operators are using the Windows Calculator to side-load the malicious payload on target systems. In such attacks, malware places a spoofed malicious DLL file in a Windows’ WinSxS directory so that the operating system loads it instead of the legitimate file. SecurityAffairs – hacking, malware).

Malware

Malware Passwords Hacking Information Security

From Cybercrime Saul Goodman to the Russian GRU

Krebs on Security

FEBRUARY 7, 2024

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The forum’s member roster includes a Who’s Who of top Russian cybercriminals, and it featured sub-forums for a wide range of cybercrime specialities, including malware, spam, coding and identity theft. Some of those photos date back to 2008.

Cybercrime

Cybercrime Accountability Identity Theft Hacking

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Security Affairs

JUNE 19, 2020

New AcidBox Malware employed in targeted attacks leverages an exploit previously associated with the Russian-linked Turla APT group. Palo Alto Networks researchers analyzed a new malware, dubbed AcidBox, that was employed in targeted attacks and that leverages an exploit previously associated with the Russian-linked Turla APT group.

Malware

Malware InfoSec Advertising Hacking

Qakbot is back and targets the Hospitality industry

Security Affairs

DECEMBER 18, 2023

Experts warn of a new phishing campaign distributing the QakBot malware, months after law enforcement dismantled its infrastructure. Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. ” concludes Microsoft.

Malware

Malware Phishing Ransomware Hacking

Hacking Nespresso machines to have unlimited funds to purchase coffee

Security Affairs

FEBRUARY 7, 2021

Some commercial Nespresso machines that are used in Europe could be hacked to add unlimited funds to purchase coffee. Some Nespresso Pro machines in Europe could be hacked to add unlimited funds to purchase coffee. SecurityAffairs – hacking, Nespresso). The vulnerability was disclosed by the security researcher Polle Vanhoof.

Hacking

Hacking Technology Software Engineering

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. PPI programs) to generate new installations of their malware.”

Passwords

Passwords Malware Internet Internet

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

Microsoft is recommending administrators to disable the SMBv1 network communication protocol on Exchange servers to prevent malware attacks. Microsoft is urging administrators to disable the SMBv1 protocol on Exchange servers as a countermeasure against malware threats like TrickBot and Emotet. Get-WindowsFeature FS-SMB1).Installed

Authentication

Authentication Malware Advertising Hacking

QakBot threat actors are still operational after the August takedown

Security Affairs

OCTOBER 7, 2023

Threat actors behind the QakBot malware are still active, since August they are carrying out a phishing campaign delivering Ransom Knight ransomware and Remcos RAT. Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. Duck Hunt is one of the largest U.S. .

Malware

Malware Ransomware Phishing Hacking

Microsoft Issues Emergency Fix for IE Zero Day

Krebs on Security

DECEMBER 19, 2018

Satnam Narang , senior research engineer at Tenable , said the vulnerability affects the following installations of IE: Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012, 2016 and 2019; IE 9 on Windows Server 2008; and IE 10 on Windows Server 2012.

Internet

Internet Internet Engineering Software

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

Security Affairs

DECEMBER 1, 2023

Some of the victims’ ransom payments were sent by both Conti and Black Basta groups to gang behind the Qakbot malware. Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware spreads via malspam campaigns, it inserts replies in active email threads.

Ransomware

Ransomware Retail Malware Insurance

FBI: Operation ‘Duck Hunt’ dismantled the Qakbot botnet

Security Affairs

AUGUST 30, 2023

’ Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware spreads via malspam campaigns, it inserts replies in active email threads. The Duck Hunt operation involved law enforcement agencies from the U.S., and abroad.

Malware

Malware Manufacturing Data breaches Cyber threats

Chinese APT IronHusky use Win zero-day in recent wave of attacks

Security Affairs

OCTOBER 13, 2021

A Chinese-speaking hacking group exploited a Windows zero-day vulnerability in a wave of attacks on defense and IT businesses. A Chinese-speaking hacking group exploited a zero-day vulnerability in the Windows Win32k kernel driver to deploy a new remote access trojan (RAT), tracked as MysterySnail. SecurityAffairs – hacking, Windows).

Hacking

Hacking Malware Government Technology

DarkPulsar and other NSA hacking tools used in hacking operations in the wild

Security Affairs

OCTOBER 21, 2018

Attackers are targeting high-value servers using a three of hacking tools from NSA arsenal, including DarkPulsar, that were leaked by the Shadow Brokers hacker group. It shows how hackers combined the tool to carry out high sophisticated hacking operations. Security Affairs – NSA hacking tools, DarkPulsar ).

Hacking

Hacking Energy and Utilities Advertising Authentication

Qakbot operations continue to evolve to avoid detection

Security Affairs

JULY 13, 2022

Experts warn that operators behind the Qakbot malware operation are improving their attack chain in an attempt to avoid detection. Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. SecurityAffairs – hacking, malware). Pierluigi Paganini.

Malware

Malware Hacking Cybercrime Information Security

Microsoft Patch Tuesday, March 2021 Edition

Krebs on Security

MARCH 9, 2021

Ten of these earned Microsoft’s “critical” rating, meaning they can be exploited by malware or miscreants with little or no help from users. Top of the heap this month (apart from the ongoing, global Exchange Server mass-compromise ) is a patch for an Internet Explorer bug that is seeing active exploitation.

DNS

DNS Internet Internet Software

Avast released a free decryptor for the Windows version of the Akira ransomware

Security Affairs

JULY 1, 2023

In June 2023, the malware analyst rivitna published a sample of the ransomware that is compiled for Linux. Files are encrypted by Chacha 2008 ( D. Cybersecurity firm Avast released a free decryptor for the Akira ransomware that can allow victims to recover their data without paying the ransom. Bernstein’s implementation ).”

Ransomware

Ransomware Encryption Malware Hacking

Canada Charges Its “Most Prolific Cybercriminal”

Krebs on Security

DECEMBER 8, 2021

According to cyber intelligence firm Intel 471 , that dark_cl0ud6@hotmail.com address has been used in conjunction with the handle “ DCReavers2 ” to register user accounts on a half-dozen English-language cybercrime forums since 2008, including Hackforums , Blackhatworld, and Ghostmarket. An advertisement for the ButterFly Bot.

Cybercrime

Cybercrime Ransomware Accountability Advertising

Black Basta ransomware operators leverage QBot for lateral movements

Security Affairs

JUNE 7, 2022

The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation. SecurityAffairs – hacking, Black Basta ransomware).

Ransomware

Ransomware Backups Malware Firewall

New QBot campaign delivered hijacking business correspondence

Security Affairs

APRIL 17, 2023

Kaspersky researchers warn of a new QBot campaign leveraging hijacked business emails to deliver malware. In early April, Kaspersky experts observed a surge in attacks that QBot malware attacks (aka Qakbot , QuackBot, and Pinkslipbot ). Its modular structure allows operators to implement new features to extend their capabilities.

Malware

Malware Education Banking Media

Expert developed a MetaSploit module for the BlueKeep flaw

Security Affairs

JUNE 5, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. osum0x0 also published a video PoC that shows how to exploit the BlueKeep vulnerability on a Windows 2008 system.

Penetration Testing

Penetration Testing Advertising Malware Authentication

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Security Affairs

MAY 23, 2023

In October 2022, Kaspersky researchers uncovered a malware campaign aimed at infecting government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions with a previously undetected framework dubbed CommonMagic. This means that the threat actor was able to avoid detection for more than 15 years.

Malware

Malware Spyware Encryption Phishing

Security Affairs newsletter Round 291

Security Affairs

NOVEMBER 29, 2020

SecurityAffairs – hacking, newsletter). Pierluigi Paganini. The post Security Affairs newsletter Round 291 appeared first on Security Affairs.

Data breaches

Data breaches Social Engineering Ransomware Malware

DHS also issued an alert for the Windows BlueKeep flaw

Security Affairs

JUNE 18, 2019

Enable Network Level Authentication in Windows 7, Windows Server 2008, and Windows Server 2008 R2. BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. Pierluigi Paganini.

Authentication

Authentication Advertising Malware Firewall

NSA urges Windows Users and admins to Patch BlueKeep flaw

Security Affairs

JUNE 5, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. SecurityAffairs – BlueKeep, hacking). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Penetration Testing

Penetration Testing Firewall Authentication Advertising

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Security Affairs

APRIL 23, 2020

A security expert uncovered an old APT operation, tracked Nazar, by analyzing the NSA hacking tools included in the dump leaked by Shadow Brokers in 2017. Guerrero-Saade discovered that the SIG37 campaign references hacking activities dated back as far as 2008 that was carried out by an unknown threat actor, the expert tracked it as Nazar.

Hacking

Hacking Advertising Malware Engineering

Patch Tuesday, December 2019 Edition

Krebs on Security

DECEMBER 10, 2019

The patches include fixes for seven critical bugs — those that can be exploited by malware or miscreants to take control over a Windows system with no help from users — as well as another flaw in most versions of Windows that is already being exploited in active attacks.

Backups

Backups Software Malware Marketing

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Security Affairs

JANUARY 18, 2022

VPNLab was launched in 2008 and was offering online anonymity to criminal organizations. VPNLab operators were advertising their platform on several hacking forums and dark web forums. SecurityAffairs – hacking, VPNLab). The authorities seized 15 VPNLab.net servers across 10 countries. Pierluigi Paganini.

VPN

VPN Cybercrime Ransomware Advertising

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

As detailed in my 2014 book, Spam Nation , Spamdot was home to crooks controlling some of the world’s nastiest botnets, global malware contagions that went by exotic names like Rustock , Cutwail , Mega-D , Festi , Waledac , and Grum. 2008, wherein he addresses forum members with the salutation, “Hello Gentlemen Scammers.”

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

Experts add a BlueKeep exploit module to MetaSploit

Security Affairs

SEPTEMBER 7, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. It has been developed to target only the 64-bit versions of Windows 7 and Windows 2008 R2. The initial PR of the exploit module targets 64-bit versions of Windows 7 and Windows 2008 R2.”

Penetration Testing

Penetration Testing Advertising Malware Engineering

First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild

Security Affairs

NOVEMBER 3, 2019

Experts have spotted the first mass-hacking campaign exploiting the BlueKeep exploit , crooks leverage the exploit to install a cryptocurrency miner. Security researchers have spotted the first mass-hacking campaign exploiting the BlueKeep exploit , the attack aims at installing a cryptocurrency miner on the infected systems.

Cyber Attacks

Cyber Attacks Penetration Testing Cryptocurrency Hacking

Microsoft warns for the second time of applying BlueKeep patch

Security Affairs

MAY 31, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. ” Microsoft also pointed out that workstations not connected to the Internet are also exposed to the risk of a hack.

Internet

Internet Internet Malware Advertising

Security Affairs newsletter Round 254

Security Affairs

MARCH 8, 2020

SurfingAttack – hacking phones via ultrasonic waves. CIA Hacking unit APT-C-39 hit China since 2008. Malware campaign employs fake security certificate updates. SecurityAffairs – hacking, newsletter). . $1B to help telecom carriers to rip and replace Huawei and ZTE equipment. Pierluigi Paganini.

Data breaches

Data breaches Mobile Advertising Ransomware

NSA Equation Group tool was used by Chinese hackers years before it was leaked online

Security Affairs

FEBRUARY 22, 2021

The Chinese APT group had access to an NSA Equation Group, NSA hacking tool and used it years before it was leaked online by Shadow Brokers group. used a tool dubbed Jian, which is a clone of NSA Equation Group ‘s “EpMe” hacking tool years before it was leaked online by Shadow Brokers hackers.

Hacking

Hacking Malware Software Information Security

Experts bypassed Microsoft’s emergency patch for the PrintNightmare

Security Affairs

JULY 8, 2021

Shortly after the release of the patch, the popular researcher Matthew Hickey noticed that the fix is incomplete and that threat actors and malware can still locally exploit the vulnerability to gain SYSTEM privileges. 2008 and 2012 but require Point&Print configured for Windows 2016,2019,10 & 11(?). Pierluigi Paganini.

Engineering

Engineering Hacking Malware Information Security

A zero-day in Windows 7 and Windows Server 2008 has yet to be fixed

Why Malware Crypting Services Deserve More Scrutiny

Trending Sources

The Olympics: a timeline of scams, hacks, and malware

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2

Who and What is Behind the Malware Proxy Service SocksEscort?

PlugX malware delivered by exploiting flaws in Chinese programs

When Your Smart ID Card Reader Comes With Malware

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

Threat actors leverages DLL-SideLoading to spread Qakbot malware

From Cybercrime Saul Goodman to the Russian GRU

Purple Lambert, a new malware of CIA-linked Lambert APT group

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Qakbot is back and targets the Hospitality industry

Hacking Nespresso machines to have unlimited funds to purchase coffee

The Link Between AWM Proxy & the Glupteba Botnet

Microsoft recommends Exchange admins to disable the SMBv1 protocol

QakBot threat actors are still operational after the August takedown

Microsoft Issues Emergency Fix for IE Zero Day

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

FBI: Operation ‘Duck Hunt’ dismantled the Qakbot botnet

Chinese APT IronHusky use Win zero-day in recent wave of attacks

DarkPulsar and other NSA hacking tools used in hacking operations in the wild

Qakbot operations continue to evolve to avoid detection

Microsoft Patch Tuesday, March 2021 Edition

Avast released a free decryptor for the Windows version of the Akira ransomware

Canada Charges Its “Most Prolific Cybercriminal”

Black Basta ransomware operators leverage QBot for lateral movements

New QBot campaign delivered hijacking business correspondence

Expert developed a MetaSploit module for the BlueKeep flaw

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Security Affairs newsletter Round 291

DHS also issued an alert for the Windows BlueKeep flaw

NSA urges Windows Users and admins to Patch BlueKeep flaw

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Patch Tuesday, December 2019 Edition

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Experts add a BlueKeep exploit module to MetaSploit

First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild

Microsoft warns for the second time of applying BlueKeep patch

Security Affairs newsletter Round 254

NSA Equation Group tool was used by Chinese hackers years before it was leaked online

Experts bypassed Microsoft’s emergency patch for the PrintNightmare

Stay Connected