2010, Hacking, Information Security and Malware

Payment solutions giant Edenred announces malware infection

Security Affairs

NOVEMBER 22, 2019

The Payment solutions giant Edenred disclosed a malware incident that affected some of its computing systems, it immediately started an investigation. The Payment solutions giant Edenred announced that some of its computing systems have been infected with malware, the company is currently investigating the incident. Pierluigi Paganini.

Malware

Malware Mobile Advertising Government

REMnux 7, a Linux toolkit for malware analysts released

Security Affairs

JULY 26, 2020

A new version of the REMnux Linux toolkit for malware analysts is available for download, it includes a huge set of tools for professionals. REMnux is a Linux toolkit for reverse-engineering and dissecting software, it includes a collection of free tools created by the community that allows researchers to investigate malware.

Malware

Malware Advertising Software Engineering

The author of FastPOS PoS malware pleads guilty

Security Affairs

AUGUST 1, 2020

A 30-year-old Moldovan man pleaded guilty this week for creating the FastPOS malware that infected PoS systems worldwide. The Moldovan citizen Valerian Chiochiu (30), aka Onassis, pleaded guilty on Friday for creating the infamous FastPOS Point-of-Sale (POS) malware. SecurityAffairs – hacking, FastPOS). and infraud.ws.

Malware

Malware Advertising Cybercrime Hacking

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. “Thanks to you, we are now developing in the field of information security and anonymity!,”

Cybercrime

Cybercrime Advertising IoT Malware

ChromeLoader campaign uses VHD files disguised as cracked games and pirated software

Security Affairs

FEBRUARY 27, 2023

Threat actors behind the ChromeLoader malware campaign are using VHD files disguised as popular games, experts warn. Researchers from Ahnlab Security Emergency Response Center ( ASEC ) recently uncovered a malware campaign distributing the ChromeLoader using VHD files. ” concludes the report.

Software

Software Malware Advertising Hacking

CIA elite hacking unit was not able to protect its tools and cyber weapons

Security Affairs

JUNE 17, 2020

A CIA elite hacking unit that developed cyber-weapons failed in protecting its operations, states an internal report on the Vault 7 data leak. In March, Joshua Schulte , a former CIA software engineer that was accused of stealing the agency’s hacking tools and leaking them to WikiLeaks, was convicted of only minor charges.

Hacking

Hacking Engineering Data breaches Advertising

PoC Released for Critical CVE-2020-1147 flaw, SharePoint servers exposed to hack

Security Affairs

JULY 23, 2020

depending on the Windows version), SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016 , SharePoint Server 2010 Service Pack 2, SharePoint Server 2019, Visual Studio 2017 version 15.9, SecurityAffairs – hacking, CVE-2020-1147). The CVE-2020-1147 vulnerability impacts.NET Core 2.1,NET NET Framework 2.0

Hacking

Hacking Advertising Software Information Security

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

SEPTEMBER 24, 2022

Denis Emelyantsev , as the apparent owner of RSOCKS, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. “Thanks to you, we are now developing in the field of information security and anonymity!

Cybercrime

Cybercrime Data breaches Malware Ransomware

Colombian authorities arrested hacker behind the Gozi Virus

Security Affairs

JUNE 30, 2021

The Gozi banking Trojan is not a new threat, it was first spotted by security researchers in 2007. According to the experts, the Gozi Banking Malware infected more than 1 million computers worldwide, causing tens of millions of dollars in losses. SecurityAffairs – hacking, Gozi ). Pierluigi Paganini.

Banking

Banking Malware Hacking Information Security

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

Security Affairs

OCTOBER 22, 2023

BlackTech is a Chinese APT group that has been active since at least 2010 and that known for conducting cyber espionage campaigns in Asia aimed at entities in Hong Kong, Japan, and Taiwan. The researchers observed Flax Typhoon gaining and maintaining long-term access to Taiwanese organizations’ networks with minimal use of malware.

Telecommunications

Telecommunications Technology Government Firmware

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

Security Affairs

OCTOBER 23, 2020

A joint security advisory published by The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) revealed that Russia-linked APT group Energetic Bear has breached US government networks and exfiltrated data. SecurityAffairs – hacking, Energetic Bear). Pierluigi Paganini.

Government

Government Hacking Advertising Passwords

Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group

Security Affairs

DECEMBER 7, 2021

APT15 has been active since at least 2010, it conducted cyber espionage campaigns against targets worldwide in several industries, including defense, high tech, energy, government, aerospace, and manufacturing. “The Microsoft Digital Crimes Unit (DCU) has disrupted the activities of a China-based hacking group that we call Nickel.

VPN

VPN Manufacturing Government Hacking

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

last week said they dismantled the “ RSOCKS ” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. Authorities in the United States, Germany, the Netherlands and the U.K.

Advertising

Advertising Cybercrime System Administration Hacking

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Security Affairs

SEPTEMBER 27, 2023

US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries. BlackTech is a Chinese APT group that has been active since at least 2010 and that known for conducting cyber espionage campaigns in Asia aimed at entities in Hong Kong, Japan, and Taiwan.

Firmware

Firmware Telecommunications System Administration Malware

Experts linked ransomware attacks to China-linked APT27

Security Affairs

JANUARY 4, 2021

The APT group has been active since 2010, targeted organizations worldwide, including U.S. The cyber espionage group leverage both readily available tools and custom malware in their operations, many tools are available for years, but in recent attacks, their code was updated. They also uncovered the ASPXSpy webshell.

Ransomware

Ransomware Malware Financial Services Encryption

German intelligence agency warns of China-linked APT27 targeting commercial organizations

Security Affairs

JANUARY 26, 2022

. “The Federal Office for the Protection of the Constitution ( BfV ) has information about an ongoing cyber espionage campaign by the cyber attack group APT27 using the malware variant HYPERBRO against German commercial companies.” SecurityAffairs – hacking, APT27). Pierluigi Paganini.

Financial Services

Financial Services Surveillance Malware Cyber Attacks

The cybersecurity researcher Dan Kaminsky has died

Security Affairs

APRIL 24, 2021

Dan Kaminsky was very active in the cyber security community, he was a regular speaker at major cybersecurity and hacking conferences, including Black Hat and DEFCON. On June 16, 2010, he was named by Internet Corporation for Assigned Names and Numbers (ICANN) as one of the Trusted Community Representatives for the DNSSEC root.

Cybersecurity

Cybersecurity InfoSec DNS Hacking

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. The threat actors behind the campaigns used two Android spyware to spy on the victims and steal sensitive information. The malware is able to steal sensitive data, record audio, and download arbitrary files.

Surveillance

Surveillance Spyware Malware Mobile

Dragon Breath APT uses double-dip DLL sideloading strategy

Security Affairs

MAY 7, 2023

Most of the victims are Chinese-speaking Windows users engaged in online gambling, the APT group relies on Telegram to distribute the malware. The malware is also able to steal cryptocurrency from the MetaMask crypto (Ethereum) wallet extension for Google Chrome. Sophos discovered a web site (telegramos[.]org)

Malware

Malware Cryptocurrency Encryption Phishing

Magecart hackers hide stolen credit card data into images and bogus CSS files

Security Affairs

JULY 12, 2021

Magecart hackers have devised a new technique to obfuscating the malware within comment blocks and hide stolen credit card data into images evading detection. Security firms have monitored the activities of a dozen groups at least since 2010. SecurityAffairs – hacking, credit card data). php echo ""."h"."e"."".""."llo"."w"."o"."".""."r"."l"."d"."";

Malware

Malware Software Marketing Hacking

Volvo Cars suffers a data breach. Is it a ransomware attack?

Security Affairs

DECEMBER 10, 2021

In 2010, Volvo Cars became a subsidiary of the Chinese manufacturer Geely Holding Group, which confirmed that it “has become aware that one of its file repositories has been illegally accessed by a third party.” SecurityAffairs – hacking, IKEA). appeared first on Security Affairs. percent in Stockholm, to 72.44

Data breaches

Data breaches Ransomware Manufacturing Hacking

China-linked Budworm APT returns to target a US entity

Security Affairs

OCTOBER 13, 2022

The China-linked APT27 group has been active since 2010, it targeted organizations worldwide, including U.S. The cyber espionage group leverage both readily available tools and custom malware in their operations, many tools are available for years, but in recent attacks, their code was updated. SecurityAffairs – hacking, Budworm APT).

Penetration Testing

Penetration Testing Financial Services Surveillance Manufacturing

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Security Affairs

APRIL 23, 2020

A security expert uncovered an old APT operation, tracked Nazar, by analyzing the NSA hacking tools included in the dump leaked by Shadow Brokers in 2017. The name ‘Nazar’ comes from the debug paths he found in the dump alongside Farsi resources in some of the malware droppers. SecurityAffairs – Nazar, hacking).

Hacking

Hacking Advertising Malware Engineering

British Court rejects the US’s request to extradite Julian Assange

Security Affairs

JANUARY 4, 2021

Wikileaks founder is currently facing extradition to the United States for his role in one of the largest compromises of classified information in the history of the United States. He published thousands of classified diplomatic and military documents on WikiLeaks in 2010. SecurityAffairs – hacking, Julian Assange).

Government

Government Risk Passwords Hacking

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

Security Affairs

APRIL 28, 2021

The Naikon APT group is a China-linked cyber espionage group that has been active at least since 2010 and that remained under the radar since 2015 while targeting entities in Asia-Pacific (APAC) region. . The malware gains persistence by adding a new registry key to automatically execute the malicious code on system restarts after login.

Backups

Backups Malware Mobile Passwords

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

At the time of this writing, no ransomware group has claimed responsibility for the security breach.

Education

Education Data breaches Ransomware Hacking

US and UK sanctioned seven Russian members of Trickbot gang

Security Affairs

FEBRUARY 9, 2023

-based financial institutions that occurred in 2009 and 2010, predating his involvement in Dyre or the Trickbot Group. Valentin Karyagin has been involved in the development of ransomware and other malware projects. Maksim Mikhailov has been involved in development activity for the Trickbot Group.

Banking

Banking Ransomware Cybercrime Malware

NATO Chief calls for a new strategic to address new challenges

Security Affairs

OCTOBER 9, 2020

. “My thought is that the existing Strategic Concept, which we agreed in 2010, has served NATO well. Having said that, I think we all have to realise that since we agreed the Strategic Concept back in 2010, the world has fundamentally changed.” SecurityAffairs – hacking, K-Electric). Pierluigi Paganini.

Artificial Intelligence

Artificial Intelligence Technology Advertising Marketing

Iron Tiger APT is behind a supply chain attack that employed messaging app MiMi

Security Affairs

AUGUST 15, 2022

The Iron Tiger APT (aka Panda Emissary , APT27 , Bronze Union , Lucky Mouse , and TG-3390) is active at least since 2010 and targeted organizations in APAC, but since 2013 it is attacking high-technology targets in the US. SecurityAffairs – hacking, Iron Tiger). The researchers also found samples compiled to infect Linux systems.

Malware

Malware Hacking Technology Information Security

Russia-linked Energetic Bear APT behind San Francisco airport attacks

Security Affairs

APRIL 15, 2020

Security researchers from ESET revealed that the infamous Russian hacker group known as Energetic Bear is behind the hack of two San Francisco International Airport (SFO) websites. The Energetic Bear APT group has been active since at least 2010 most of the victims of the group are organizations in the energy and industrial sectors.

Data breaches

Data breaches Passwords Telecommunications Advertising

A new variant of Asruex Trojan exploits very old Office, Adobe flaws

Security Affairs

AUGUST 23, 2019

Malware researchers at Trend Micro discovered a new variant of the Asruex Trojan that exploits old Microsoft Office and Adobe vulnerabilities to infect Windows and Mac systems. CVE-2010-2883 is a stack buffer overflow flaw that could be exploited by attackers to execute arbitrary code or trigger a denial of service condition. .

Malware

Malware Spyware Advertising Encryption

330K stolen payment cards and 895K stolen gift cards sold on dark web

Security Affairs

APRIL 8, 2021

A crook has sold 895,000 gift cards and over 300,000 payment cards, for a total of US$38 million, on a top-tier Russian-language hacking forum on the dark web. The actor has offered in the past large lots of stolen payment card data, compromised databases, and the personally identifiable information (PII) of United States residents.

Cybercrime

Cybercrime Hacking Banking Information Security

APT41 actors charged for attacks on more than 100 victims globally

Security Affairs

SEPTEMBER 17, 2020

US Department of Justice announced indictments against 5 Chinese nationals alleged members of a state-sponsored hacking group known as APT41. The attacks also aimed at carrying out other criminal activities, such as the deployment of ransomware and cryptocurrency malware. SecurityAffairs – hacking, APT41 ). Pierluigi Paganini.

Identity Theft

Identity Theft Advertising Government Technology

Bulletproof VPN services took down in a global police operation

Security Affairs

DECEMBER 22, 2020

VPN bulletproof services are widely adopted by cybercrime organizations to carry out malicious activities, including ransomware and malware attacks, e-skimming breaches, spear-phishing campaigns, and account takeovers. SecurityAffairs – hacking, VPN). ” reads the press release published by the Europol. day to $190/year.

VPN

VPN Cybercrime Advertising Accountability

Microsoft sued North Korea-linked Thallium group

Security Affairs

DECEMBER 30, 2019

Microsoft sued Thallium North Korea-linked APT for hacking into its customers’ accounts and networks via spear-phishing attacks. Microsoft sued a North Korea-linked cyber espionage group tracked as Thallium for hacking into its customers’ accounts and networks via spear-phishing attacks. 27 in the U.S. Pierluigi Paganini.

Computers and Electronics

Computers and Electronics Phishing Accountability Malware

Crooks leverages.htaccess injector on Joomla and WordPress sites for malicious redirects

Security Affairs

MAY 27, 2019

Security researchers are monitoring a new hacking campaign aimed at Joomla and WordPress websites, attackers used.htaccess injector for malicious redirect. The website was used by attackers to redirect traffic to advertising sites that attempted to deliver malware. htaccess, hacking). htaccess code injection.

Advertising

Advertising Malware Antivirus Software

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs

JUNE 27, 2019

. “Teams of hackers connected to the Chinese Ministry of State Security had penetrated HPE’s cloud computing service and used it as a launchpad to attack customers, plundering reams of corporate and government secrets for years in what U.S. “The hacking campaign, known as “ Cloud Hopper ,” was the subject of a U.S.

Identity Theft

Identity Theft Hacking System Administration Advertising

China-Linked APT15 group is using a previously undocumented backdoor

Security Affairs

JULY 23, 2019

APT15 has been active since at least 2010, it conducted cyber espionage campaigns against targets worldwide in several industries, including the defense, high tech, energy, government, aerospace, and manufacturing. ” reads the report published by ESET. ” reads the report published by ESET. ” continues the report.

DNS

DNS Malware Advertising Manufacturing

The OpenSSL Project addressed three vulnerabilities

Security Affairs

FEBRUARY 18, 2021

In 2010, the Open SSL project addressed three vulnerabilities, including two DDoS issues rated high severity. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, encryption). The issue affects servers using OpenSSL 1.0.2 Pierluigi Paganini.

DDOS

DDOS Encryption Hacking Information Security

Machete cyber-espionage group targets Latin America military

Security Affairs

AUGUST 5, 2019

The group has been active since 2010 and hit military organizations and other high-profile targets worldwide. Experts noticed the group regularly upgrade the malware in its arsenal and its infrastructure. SecurityAffairs – Machete cyberespionage, hacking). ” continues the report. Pierluigi Paganini.

Advertising

Advertising Malware Hacking Government

Naikon APT is flying under the radar since 2015

Security Affairs

MAY 7, 2020

The Naikon APT group is a China-linked cyber espionage group that has been active at least since 2010 and that remained under the radar over the past five years while targeting entities in Asia-Pacific (APAC) region. SecurityAffairs – Naikon, hacking). ” reads a report published by CheckPoint. ” continues the report.

Government

Government Advertising Technology Hacking

US-based children’s clothing maker Hanna Andersson discloses a data breach

Security Affairs

JANUARY 21, 2020

Security firms have monitored the activities of a dozen groups at least since 2010. . The malware was completely removed on November 11, 2019. “We have taken steps to re-secure the online purchasing platform on our website and to further harden it against compromise. . Pierluigi Paganini.

Data breaches

Data breaches Retail Identity Theft eCommerce

Cyber Security Roundup for April 2021

Security Boulevard

MARCH 31, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021. How not to disclosure a Hack. UK fashion retailer FatFace angered customers in its handling of a customer data theft hack.

Energy and Utilities

Energy and Utilities Ransomware Banking Hacking

China-linked cyberspies Turbine PANDA targeted aerospace firms for years

Security Affairs

OCTOBER 18, 2019

Security researchers at Crowdstrike conducted long-running cyber-espionage operations aimed at various aerospace firms. According to the experts the cyber espionage operations begun in January 2010, after the state-owned enterprise Commercial Aircraft Corporation of China (COMAC) selected U. Office of Personnel Management (OPM) breach.

Engineering

Engineering Manufacturing Malware Advertising

Payment solutions giant Edenred announces malware infection

REMnux 7, a Linux toolkit for malware analysts released

Trending Sources

The author of FastPOS PoS malware pleads guilty

Administrator of RSOCKS Proxy Botnet Pleads Guilty

ChromeLoader campaign uses VHD files disguised as cracked games and pirated software

CIA elite hacking unit was not able to protect its tools and cyber weapons

PoC Released for Critical CVE-2020-1147 flaw, SharePoint servers exposed to hack

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Colombian authorities arrested hacker behind the Gozi Virus

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group

Meet the Administrators of the RSOCKS Proxy Botnet

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Experts linked ransomware attacks to China-linked APT27

German intelligence agency warns of China-linked APT27 targeting commercial organizations

The cybersecurity researcher Dan Kaminsky has died

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Dragon Breath APT uses double-dip DLL sideloading strategy

Magecart hackers hide stolen credit card data into images and bogus CSS files

Volvo Cars suffers a data breach. Is it a ransomware attack?

China-linked Budworm APT returns to target a US entity

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

British Court rejects the US’s request to extradite Julian Assange

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

US and UK sanctioned seven Russian members of Trickbot gang

NATO Chief calls for a new strategic to address new challenges

Iron Tiger APT is behind a supply chain attack that employed messaging app MiMi

Russia-linked Energetic Bear APT behind San Francisco airport attacks

A new variant of Asruex Trojan exploits very old Office, Adobe flaws

330K stolen payment cards and 895K stolen gift cards sold on dark web

APT41 actors charged for attacks on more than 100 victims globally

Bulletproof VPN services took down in a global police operation

Microsoft sued North Korea-linked Thallium group

Crooks leverages.htaccess injector on Joomla and WordPress sites for malicious redirects

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

China-Linked APT15 group is using a previously undocumented backdoor

The OpenSSL Project addressed three vulnerabilities

Machete cyber-espionage group targets Latin America military

Naikon APT is flying under the radar since 2015

US-based children’s clothing maker Hanna Andersson discloses a data breach

Cyber Security Roundup for April 2021

China-linked cyberspies Turbine PANDA targeted aerospace firms for years

Stay Connected