2008, Information Security and Malware - Cyber Security Informer

A zero-day in Windows 7 and Windows Server 2008 has yet to be fixed

Security Affairs

NOVEMBER 26, 2020

Researcher discovers a zero-day vulnerability in Windows 7 and Windows Server 2008 while he was working on a Windows security tool. The French security researcher Clément Labro discovered a zero-day vulnerability was discovered while the security researcher was working on an update Windows security tool.

Hacking

Hacking Information Security Malware

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

PlugX malware delivered by exploiting flaws in Chinese programs

Security Affairs

MARCH 11, 2023

Researchers observed threat actors deploying PlugX malware by exploiting flaws in Chinese remote control programs Sunlogin and Awesun. Researchers at ASEC (AhnLab Security Emergency response Center) observed threat actors deploying the PlugX malware by exploiting vulnerabilities in the Chinese remote control software Sunlogin and Awesun.

Malware

Malware Software Hacking Information Security

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

Security Affairs

JUNE 3, 2022

An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. The activity of the group was first documented by TeamT5 researchers that also reported the use of three malware families: SpyDealer, Demsty and WinDealer. To nominate, please visit:?.

Malware

Malware Telecommunications Internet Internet

Threat actors leverages DLL-SideLoading to spread Qakbot malware

Security Affairs

JULY 26, 2022

Qakbot malware operators are using the Windows Calculator to side-load the malicious payload on target systems. Security expert ProxyLife and Cyble researchers recently uncovered a Qakbot campaign that was leveraging the Windows 7 Calculator app for DLL side-loading attacks. SecurityAffairs – hacking, malware).

Malware

Malware Passwords Hacking Information Security

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Security Affairs

JUNE 19, 2020

New AcidBox Malware employed in targeted attacks leverages an exploit previously associated with the Russian-linked Turla APT group. Palo Alto Networks researchers analyzed a new malware, dubbed AcidBox, that was employed in targeted attacks and that leverages an exploit previously associated with the Russian-linked Turla APT group.

Malware

Malware InfoSec Advertising Hacking

Qakbot is back and targets the Hospitality industry

Security Affairs

DECEMBER 18, 2023

Experts warn of a new phishing campaign distributing the QakBot malware, months after law enforcement dismantled its infrastructure. Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. ” concludes Microsoft.

Malware

Malware Phishing Ransomware Hacking

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

QakBot threat actors are still operational after the August takedown

Security Affairs

OCTOBER 7, 2023

Threat actors behind the QakBot malware are still active, since August they are carrying out a phishing campaign delivering Ransom Knight ransomware and Remcos RAT. Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. Duck Hunt is one of the largest U.S. .

Malware

Malware Ransomware Phishing Hacking

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

Microsoft is recommending administrators to disable the SMBv1 network communication protocol on Exchange servers to prevent malware attacks. Microsoft is urging administrators to disable the SMBv1 protocol on Exchange servers as a countermeasure against malware threats like TrickBot and Emotet. Get-WindowsFeature FS-SMB1).Installed

Authentication

Authentication Malware Advertising Hacking

FBI: Operation ‘Duck Hunt’ dismantled the Qakbot botnet

Security Affairs

AUGUST 30, 2023

’ Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware spreads via malspam campaigns, it inserts replies in active email threads. The Duck Hunt operation involved law enforcement agencies from the U.S., and abroad.

Malware

Malware Manufacturing Data breaches Cyber threats

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

Security Affairs

DECEMBER 1, 2023

Some of the victims’ ransom payments were sent by both Conti and Black Basta groups to gang behind the Qakbot malware. Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware spreads via malspam campaigns, it inserts replies in active email threads.

Ransomware

Ransomware Retail Malware Insurance

Qakbot operations continue to evolve to avoid detection

Security Affairs

JULY 13, 2022

Experts warn that operators behind the Qakbot malware operation are improving their attack chain in an attempt to avoid detection. Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. SecurityAffairs – hacking, malware). Pierluigi Paganini.

Malware

Malware Hacking Cybercrime Information Security

Expert developed a MetaSploit module for the BlueKeep flaw

Security Affairs

JUNE 5, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. osum0x0 also published a video PoC that shows how to exploit the BlueKeep vulnerability on a Windows 2008 system.

Penetration Testing

Penetration Testing Advertising Malware Authentication

Black Basta ransomware operators leverage QBot for lateral movements

Security Affairs

JUNE 7, 2022

The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation.

Ransomware

Ransomware Backups Malware Firewall

New QBot campaign delivered hijacking business correspondence

Security Affairs

APRIL 17, 2023

Kaspersky researchers warn of a new QBot campaign leveraging hijacked business emails to deliver malware. In early April, Kaspersky experts observed a surge in attacks that QBot malware attacks (aka Qakbot , QuackBot, and Pinkslipbot ). Its modular structure allows operators to implement new features to extend their capabilities.

Malware

Malware Education Banking Media

Chinese APT IronHusky use Win zero-day in recent wave of attacks

Security Affairs

OCTOBER 13, 2021

Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10 (build 14393) Microsoft Windows Server 2016 (build 14393) Microsoft Windows 10 (build 17763) Microsoft Windows Server 2019 (build 17763). ” concludes Kaspersky.

Hacking

Hacking Malware Government Technology

Avast released a free decryptor for the Windows version of the Akira ransomware

Security Affairs

JULY 1, 2023

In June 2023, the malware analyst rivitna published a sample of the ransomware that is compiled for Linux. Files are encrypted by Chacha 2008 ( D. Cybersecurity firm Avast released a free decryptor for the Akira ransomware that can allow victims to recover their data without paying the ransom. Bernstein’s implementation ).”

Ransomware

Ransomware Encryption Malware Hacking

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Security Affairs

MAY 23, 2023

In October 2022, Kaspersky researchers uncovered a malware campaign aimed at infecting government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions with a previously undetected framework dubbed CommonMagic. This means that the threat actor was able to avoid detection for more than 15 years.

Malware

Malware Spyware Encryption Phishing

DHS also issued an alert for the Windows BlueKeep flaw

Security Affairs

JUNE 18, 2019

Enable Network Level Authentication in Windows 7, Windows Server 2008, and Windows Server 2008 R2. BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003.

Authentication

Authentication Advertising Malware Firewall

NSA urges Windows Users and admins to Patch BlueKeep flaw

Security Affairs

JUNE 5, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Many security experts have already developed their own exploit code for this issue without publicly disclosing it for obvious reasons. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003.

Penetration Testing

Penetration Testing Firewall Authentication Advertising

Security Affairs newsletter Round 291

Security Affairs

NOVEMBER 29, 2020

A cyberattack crippled the IT infrastructure of the City of Saint John Hundreds of female sports stars and celebrities have their naked photos and videos leaked online Romanians arrested for running underground malware services Threat actor shared a list of 49,577 IPs vulnerable Fortinet VPNs Computer Security and Data Privacy, the perfect alliance (..)

Data breaches

Data breaches Social Engineering Ransomware Malware

First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild

Security Affairs

NOVEMBER 3, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Over the last months, many security experts have developed their own exploit code for this issue without publicly disclosing it for obvious reasons. ” concludes the expert.

Cyber Attacks

Cyber Attacks Penetration Testing Cryptocurrency Hacking

Experts add a BlueKeep exploit module to MetaSploit

Security Affairs

SEPTEMBER 7, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. It has been developed to target only the 64-bit versions of Windows 7 and Windows 2008 R2. The initial PR of the exploit module targets 64-bit versions of Windows 7 and Windows 2008 R2.”

Penetration Testing

Penetration Testing Advertising Malware Engineering

Microsoft Patch Tuesday addresses dangerous RDS flaw that opens to WannaCry-like attacks

Security Affairs

MAY 15, 2019

The vulnerability tracked as CVE-2019-0863 could be exploited by an attacker with low-privileged access to the targeted system to deliver a malware. As explained by Microsoft, this vulnerability could be exploited by malware with wormable capabilities. ” It is important to highlight that the RDP itself is not vulnerable.

Malware

Malware Authentication Advertising Accountability

Microsoft warns for the second time of applying BlueKeep patch

Security Affairs

MAY 31, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Many security experts have already developed their own exploit code for this issue without publicly disclosing it for obvious reasons. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003.

Internet

Internet Internet Malware Advertising

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Security Affairs

JANUARY 18, 2022

VPNLab was launched in 2008 and was offering online anonymity to criminal organizations. Law enforcement took interest in the provider after multiple investigations uncovered criminals using the VPNLab.net service to facilitate illicit activities such as malware distribution.

VPN

VPN Cybercrime Ransomware Advertising

Experts bypassed Microsoft’s emergency patch for the PrintNightmare

Security Affairs

JULY 8, 2021

Shortly after the release of the patch, the popular researcher Matthew Hickey noticed that the fix is incomplete and that threat actors and malware can still locally exploit the vulnerability to gain SYSTEM privileges. 2008 and 2012 but require Point&Print configured for Windows 2016,2019,10 & 11(?).

Engineering

Engineering Hacking Malware Information Security

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Security Affairs

APRIL 23, 2020

Guerrero-Saade discovered that the SIG37 campaign references hacking activities dated back as far as 2008 that was carried out by an unknown threat actor, the expert tracked it as Nazar. The name ‘Nazar’ comes from the debug paths he found in the dump alongside Farsi resources in some of the malware droppers.

Hacking

Hacking Advertising Malware Engineering

Regin spyware involved in attack against the Russian tech giant Yandex

Security Affairs

JUNE 28, 2019

Allegedly Western nation-state actors breached the systems of Russian tech giant Yandex in 2018, the attack involved a new variant of the Regin malware. According to the Reuters, Western state-sponsored hackers breached the systems of the Russian tech giant Yandex in 2018, the attack involved a new variant of the Regin malware.

Spyware

Spyware Malware Advertising Authentication

Qbot uses a new email collector module in the latest campaign

Security Affairs

AUGUST 31, 2020

QBot, aka Qakbot and Pinkslipbot , has been active since 2008, it is used by malware for collecting browsing data and banking credentials and other financial information from the victims. The attackers could hijack the email threads to propagate the malware.

Banking

Banking Advertising Passwords Malware

Security Affairs newsletter Round 254

Security Affairs

MARCH 8, 2020

CIA Hacking unit APT-C-39 hit China since 2008. Malware campaign employs fake security certificate updates. The North Korean Kimsuky APT threatens South Korea evolving its TTPs. US officials charge two Chinese men for laundering cryptocurrency for North Korea. Iranian government blocked Wikipedia Farsi due Coronavirus outbreak.

Data breaches

Data breaches Mobile Advertising Ransomware

IETF deprecates TLS 1.0 and TLS 1.1, update to latest versions

Security Affairs

MARCH 31, 2021

The Internet Engineering Task Force (IETF) formally deprecates Transport Layer Security (TLS) versions 1.0 (RFC was recommended for IETF protocols in 2008 and became obsolete with the introduction of TLS version 1.3 RFC 2246) and 1.1 (RFC Both versions lack support for current and recommended cryptographic algorithms and mechanisms.

Internet

Internet Internet Engineering Hacking

Actively exploited CVE-2020-1464 Windows Spoofing flaw was known since 2018

Security Affairs

AUGUST 19, 2020

“In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.”. The flaw affects many Windows OSs, including Windows 7 and Windows Server 2008, for which the IT giant will not provide security updates because the reached the end-of-life.

Advertising

Advertising Malware Internet Internet

Security Affairs newsletter Round 233

Security Affairs

SEPTEMBER 29, 2019

Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. 0patch will provide micropatches for Windows 7 and Server 2008 after EoS. North Korea-linked malware ATMDtrack infected ATMs in India. Once again thank you!

Data breaches

Data breaches Advertising Malware VPN

NSA Equation Group tool was used by Chinese hackers years before it was leaked online

Security Affairs

FEBRUARY 22, 2021

In 2015, Kaspersky first spotted the NSA Equation Group, it revealed it was operating since at least 2001 and targeted almost any industry with sophisticated zero-day malware. We cannot exclude that APT31 has stolen the tool from Equation Group servers. .

Hacking

Hacking Malware Software Information Security

Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues

Security Affairs

AUGUST 14, 2019

A wormable flaw could be exploited by malware to propagate from vulnerable computer to vulnerable computer without any user interaction. The flaws affect Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows XP, Windows Server 2003, and Windows Server 2008 are not affected.

Authentication

Authentication Advertising Internet Internet

New Turla ComRAT backdoor uses Gmail for Command and Control

Security Affairs

MAY 26, 2020

Cybersecurity researchers discovered a new version of the ComRAT backdoor, also known as Agent.BTZ , which is a malware that was employed in past campaigns attributed to the Turla APT group. Earlier versions of Agent.BTZ were used to compromise US military networks in the Middle East in 2008.

Advertising

Advertising Malware Encryption Authentication

Microsoft says that the emergency patch recently released correctly fix the PrintNightmare flaw

Security Affairs

JULY 9, 2021

Shortly after the release of the patch, the popular researcher Matthew Hickey noticed that the fix is incomplete and that threat actors and malware can still locally exploit the vulnerability to gain SYSTEM privileges. 2008 and 2012 but require Point&Print configured for Windows 2016,2019,10 & 11(?).

Hacking

Hacking Malware Information Security Cybersecurity

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

Security Affairs

AUGUST 20, 2020

Microsoft released this week an out-of-band security update for Windows 8.1 Both vulnerabilities were addressed by Microsoft in August, the August 2020 Patch Tuesday security updates fixed the flaws in Windows 10, Windows 7, and Windows Server 2008, 2012, 2016, 2019, and Windows Server versions 1903, 1909, and 2004.

Advertising

Advertising Hacking Information Security Malware

PoC Exploits for CVE-2019-0708 wormable Windows flaw released online

Security Affairs

MAY 23, 2019

As explained by Microsoft, this vulnerability could be exploited by malware with wormable capabilities, it could be exploited without user interaction, making it possible for malware to spread in an uncontrolled way into the target networks. Enabling NLA mitigates the bug. Patch now or GFY!

Advertising

Advertising Malware Authentication Risk

New Kraken botnet is allowing operators to earn USD 3,000 every month

Security Affairs

FEBRUARY 17, 2022

Experts pointed out that despite having the same name, this botnet should not be confused with the Kraken botnet that was spotted in 2008. Kraken is a new Golang-based botnet discovered in late October 2021 by researchers from threat intelligence firm ZeroFox Intelligence.

VPN

VPN Cryptocurrency Hacking Cybercrime

PurpleFox botnet variant uses WebSockets for more secure C2 communication

Security Affairs

OCTOBER 20, 2021

” The MSI package first removes registry keys associated with the old Purple Fox installations if any are present, then it replaces the components of the malware with new ones. “The goal is to install the MSI package as an admin without any user interaction.”

Encryption

Encryption DNS Architecture Firewall

Zoom is working on a patch for a zero-day in Windows client

Security Affairs

JULY 9, 2020

The zero vulnerability was reported to ACROS by a security researcher who wanted to remain anonymous. The vulnerability affects Windows client running on old versions of Windows OS, including Windows 7 and Windows Server 2008 R2 and earlier. Clients running on Windows 8 or Windows 10 are not affected.

Advertising

Advertising Hacking Software Information Security

A zero-day in Windows 7 and Windows Server 2008 has yet to be fixed

Who and What is Behind the Malware Proxy Service SocksEscort?

Trending Sources

PlugX malware delivered by exploiting flaws in Chinese programs

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

Threat actors leverages DLL-SideLoading to spread Qakbot malware

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Qakbot is back and targets the Hospitality industry

Purple Lambert, a new malware of CIA-linked Lambert APT group

QakBot threat actors are still operational after the August takedown

Microsoft recommends Exchange admins to disable the SMBv1 protocol

FBI: Operation ‘Duck Hunt’ dismantled the Qakbot botnet

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

Qakbot operations continue to evolve to avoid detection

Expert developed a MetaSploit module for the BlueKeep flaw

Black Basta ransomware operators leverage QBot for lateral movements

New QBot campaign delivered hijacking business correspondence

Chinese APT IronHusky use Win zero-day in recent wave of attacks

Avast released a free decryptor for the Windows version of the Akira ransomware

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

DHS also issued an alert for the Windows BlueKeep flaw

NSA urges Windows Users and admins to Patch BlueKeep flaw

Security Affairs newsletter Round 291

First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild

Experts add a BlueKeep exploit module to MetaSploit

Microsoft Patch Tuesday addresses dangerous RDS flaw that opens to WannaCry-like attacks

Microsoft warns for the second time of applying BlueKeep patch

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Experts bypassed Microsoft’s emergency patch for the PrintNightmare

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Regin spyware involved in attack against the Russian tech giant Yandex

Qbot uses a new email collector module in the latest campaign

Security Affairs newsletter Round 254

IETF deprecates TLS 1.0 and TLS 1.1, update to latest versions

Actively exploited CVE-2020-1464 Windows Spoofing flaw was known since 2018

Security Affairs newsletter Round 233

NSA Equation Group tool was used by Chinese hackers years before it was leaked online

Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues

New Turla ComRAT backdoor uses Gmail for Command and Control

Microsoft says that the emergency patch recently released correctly fix the PrintNightmare flaw

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

PoC Exploits for CVE-2019-0708 wormable Windows flaw released online

New Kraken botnet is allowing operators to earn USD 3,000 every month

PurpleFox botnet variant uses WebSockets for more secure C2 communication

Zoom is working on a patch for a zero-day in Windows client

Stay Connected