2010, Information Security and Malware - Cyber Security Informer

REMnux 7, a Linux toolkit for malware analysts released

Security Affairs

JULY 26, 2020

A new version of the REMnux Linux toolkit for malware analysts is available for download, it includes a huge set of tools for professionals. REMnux is a Linux toolkit for reverse-engineering and dissecting software, it includes a collection of free tools created by the community that allows researchers to investigate malware.

Malware

Malware Advertising Software Engineering

Payment solutions giant Edenred announces malware infection

Security Affairs

NOVEMBER 22, 2019

The Payment solutions giant Edenred disclosed a malware incident that affected some of its computing systems, it immediately started an investigation. The Payment solutions giant Edenred announced that some of its computing systems have been infected with malware, the company is currently investigating the incident. Pierluigi Paganini.

Malware

Malware Mobile Advertising Government

The author of FastPOS PoS malware pleads guilty

Security Affairs

AUGUST 1, 2020

A 30-year-old Moldovan man pleaded guilty this week for creating the FastPOS malware that infected PoS systems worldwide. The Moldovan citizen Valerian Chiochiu (30), aka Onassis, pleaded guilty on Friday for creating the infamous FastPOS Point-of-Sale (POS) malware. and infraud.ws. Pierluigi Paganini.

Malware

Malware Advertising Cybercrime Hacking

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. “Thanks to you, we are now developing in the field of information security and anonymity!,”

Cybercrime

Cybercrime Advertising IoT Malware

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

SEPTEMBER 24, 2022

A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog , which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.”

Cybercrime

Cybercrime Data breaches Malware Ransomware

ChromeLoader campaign uses VHD files disguised as cracked games and pirated software

Security Affairs

FEBRUARY 27, 2023

Threat actors behind the ChromeLoader malware campaign are using VHD files disguised as popular games, experts warn. Researchers from Ahnlab Security Emergency Response Center ( ASEC ) recently uncovered a malware campaign distributing the ChromeLoader using VHD files. ” concludes the report.

Software

Software Malware Advertising Hacking

Colombian authorities arrested hacker behind the Gozi Virus

Security Affairs

JUNE 30, 2021

The Gozi banking Trojan is not a new threat, it was first spotted by security researchers in 2007. According to the experts, the Gozi Banking Malware infected more than 1 million computers worldwide, causing tens of millions of dollars in losses.

Banking

Banking Malware Hacking Information Security

Experts linked ransomware attacks to China-linked APT27

Security Affairs

JANUARY 4, 2021

The APT group has been active since 2010, targeted organizations worldwide, including U.S. The cyber espionage group leverage both readily available tools and custom malware in their operations, many tools are available for years, but in recent attacks, their code was updated. They also uncovered the ASPXSpy webshell.

Ransomware

Ransomware Malware Financial Services Encryption

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

Security Affairs

OCTOBER 22, 2023

BlackTech is a Chinese APT group that has been active since at least 2010 and that known for conducting cyber espionage campaigns in Asia aimed at entities in Hong Kong, Japan, and Taiwan. The researchers observed Flax Typhoon gaining and maintaining long-term access to Taiwanese organizations’ networks with minimal use of malware.

Telecommunications

Telecommunications Technology Government Firmware

German intelligence agency warns of China-linked APT27 targeting commercial organizations

Security Affairs

JANUARY 26, 2022

. “The Federal Office for the Protection of the Constitution ( BfV ) has information about an ongoing cyber espionage campaign by the cyber attack group APT27 using the malware variant HYPERBRO against German commercial companies.” ” reads the advisory published by the German intelligence.

Financial Services

Financial Services Surveillance Malware Cyber Attacks

Dragon Breath APT uses double-dip DLL sideloading strategy

Security Affairs

MAY 7, 2023

Most of the victims are Chinese-speaking Windows users engaged in online gambling, the APT group relies on Telegram to distribute the malware. The malware is also able to steal cryptocurrency from the MetaMask crypto (Ethereum) wallet extension for Google Chrome. Sophos discovered a web site (telegramos[.]org)

Malware

Malware Cryptocurrency Encryption Phishing

A new variant of Asruex Trojan exploits very old Office, Adobe flaws

Security Affairs

AUGUST 23, 2019

Malware researchers at Trend Micro discovered a new variant of the Asruex Trojan that exploits old Microsoft Office and Adobe vulnerabilities to infect Windows and Mac systems. CVE-2010-2883 is a stack buffer overflow flaw that could be exploited by attackers to execute arbitrary code or trigger a denial of service condition. .

Malware

Malware Spyware Advertising Encryption

Magecart hackers hide stolen credit card data into images and bogus CSS files

Security Affairs

JULY 12, 2021

Magecart hackers have devised a new technique to obfuscating the malware within comment blocks and hide stolen credit card data into images evading detection. Security firms have monitored the activities of a dozen groups at least since 2010. php echo ""."h"."e"."".""."llo"."w"."o"."".""."r"."l"."d"."";

Malware

Malware Software Marketing Hacking

Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group

Security Affairs

DECEMBER 7, 2021

APT15 has been active since at least 2010, it conducted cyber espionage campaigns against targets worldwide in several industries, including defense, high tech, energy, government, aerospace, and manufacturing. “The Microsoft Digital Crimes Unit (DCU) has disrupted the activities of a China-based hacking group that we call Nickel.

VPN

VPN Manufacturing Government Hacking

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Security Affairs

SEPTEMBER 27, 2023

BlackTech is a Chinese APT group that has been active since at least 2010 and that known for conducting cyber espionage campaigns in Asia aimed at entities in Hong Kong, Japan, and Taiwan. The nation-state actors employed multiple custom malware families targeting Windows, Linux, and FreeBSD operating systems.

Firmware

Firmware Telecommunications System Administration Malware

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. The threat actors behind the campaigns used two Android spyware to spy on the victims and steal sensitive information. The malware is able to steal sensitive data, record audio, and download arbitrary files.

Surveillance

Surveillance Spyware Malware Mobile

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

RUSdot is the successor forum to Spamdot , a far more secretive and restricted forum where most of the world’s top spammers, virus writers and cybercriminals collaborated for years before the community’s implosion in 2010. “Thanks to you, we are now developing in the field of information security and anonymity!,”

Advertising

Advertising Cybercrime System Administration Hacking

China-linked Budworm APT returns to target a US entity

Security Affairs

OCTOBER 13, 2022

The China-linked APT27 group has been active since 2010, it targeted organizations worldwide, including U.S. The cyber espionage group leverage both readily available tools and custom malware in their operations, many tools are available for years, but in recent attacks, their code was updated. based organization.

Penetration Testing

Penetration Testing Financial Services Surveillance Manufacturing

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

Security Affairs

APRIL 28, 2021

The Naikon APT group is a China-linked cyber espionage group that has been active at least since 2010 and that remained under the radar since 2015 while targeting entities in Asia-Pacific (APAC) region. . The malware gains persistence by adding a new registry key to automatically execute the malicious code on system restarts after login.

Backups

Backups Malware Mobile Passwords

British Court rejects the US’s request to extradite Julian Assange

Security Affairs

JANUARY 4, 2021

Wikileaks founder is currently facing extradition to the United States for his role in one of the largest compromises of classified information in the history of the United States. He published thousands of classified diplomatic and military documents on WikiLeaks in 2010.

Government

Government Risk Passwords Hacking

The cybersecurity researcher Dan Kaminsky has died

Security Affairs

APRIL 24, 2021

Dan Kaminsky was very active in the cyber security community, he was a regular speaker at major cybersecurity and hacking conferences, including Black Hat and DEFCON. On June 16, 2010, he was named by Internet Corporation for Assigned Names and Numbers (ICANN) as one of the Trusted Community Representatives for the DNSSEC root.

Cybersecurity

Cybersecurity InfoSec DNS Hacking

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

The company added that the incident may have impacted those that attended a public institution of higher education in Colorado between 2007-2020, attended a Colorado public high school between 2004-2020, individuals with a Colorado K-12 public school educator license between 2010-2014, participated in the Dependent Tuition Assistance Program from 2009-2013, (..)

Education

Education Data breaches Ransomware Hacking

US and UK sanctioned seven Russian members of Trickbot gang

Security Affairs

FEBRUARY 9, 2023

-based financial institutions that occurred in 2009 and 2010, predating his involvement in Dyre or the Trickbot Group. Valentin Karyagin has been involved in the development of ransomware and other malware projects. Maksim Mikhailov has been involved in development activity for the Trickbot Group.

Banking

Banking Ransomware Cybercrime Malware

NATO Chief calls for a new strategic to address new challenges

Security Affairs

OCTOBER 9, 2020

. “My thought is that the existing Strategic Concept, which we agreed in 2010, has served NATO well. Having said that, I think we all have to realise that since we agreed the Strategic Concept back in 2010, the world has fundamentally changed.” And it has actually served us well for many years.

Artificial Intelligence

Artificial Intelligence Technology Advertising Marketing

Iron Tiger APT is behind a supply chain attack that employed messaging app MiMi

Security Affairs

AUGUST 15, 2022

The Iron Tiger APT (aka Panda Emissary , APT27 , Bronze Union , Lucky Mouse , and TG-3390) is active at least since 2010 and targeted organizations in APAC, but since 2013 it is attacking high-technology targets in the US. Trend Micro experts discovered a server hosting both a HyperBro sample and a malicious Mach-O executable named “rshell.”

Malware

Malware Hacking Technology Information Security

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Security Affairs

APRIL 23, 2020

The name ‘Nazar’ comes from the debug paths he found in the dump alongside Farsi resources in some of the malware droppers. The analysis of the submissions times in VirusTotal for the artifacts employed in the Nazar campaign allowed the expert to date the campaign between 2010 and 2013. ” continues the expert. .

Hacking

Hacking Advertising Malware Engineering

China-linked cyberspies Turbine PANDA targeted aerospace firms for years

Security Affairs

OCTOBER 18, 2019

Security researchers at Crowdstrike conducted long-running cyber-espionage operations aimed at various aerospace firms. According to the experts the cyber espionage operations begun in January 2010, after the state-owned enterprise Commercial Aircraft Corporation of China (COMAC) selected U. Office of Personnel Management (OPM) breach.

Engineering

Engineering Manufacturing Malware Advertising

Volvo Cars suffers a data breach. Is it a ransomware attack?

Security Affairs

DECEMBER 10, 2021

In 2010, Volvo Cars became a subsidiary of the Chinese manufacturer Geely Holding Group, which confirmed that it “has become aware that one of its file repositories has been illegally accessed by a third party.” Swedish automotive manufacturer Volvo Cars revealed that threat actors have stolen R&D data from its systems.

Data breaches

Data breaches Ransomware Manufacturing Hacking

Russia-linked Energetic Bear APT behind San Francisco airport attacks

Security Affairs

APRIL 15, 2020

The Energetic Bear APT group has been active since at least 2010 most of the victims of the group are organizations in the energy and industrial sectors. The Energetic Bear APT group has been active since at least 2010 most of the victims of the group are organizations in the energy and industrial sectors.

Data breaches

Data breaches Passwords Telecommunications Advertising

China-Linked APT15 group is using a previously undocumented backdoor

Security Affairs

JULY 23, 2019

APT15 has been active since at least 2010, it conducted cyber espionage campaigns against targets worldwide in several industries, including the defense, high tech, energy, government, aerospace, and manufacturing. ” reads the report published by ESET. ” reads the report published by ESET. ” continues the report.

DNS

DNS Malware Advertising Manufacturing

330K stolen payment cards and 895K stolen gift cards sold on dark web

Security Affairs

APRIL 8, 2021

.” The investigation of the cybercriminal actor selling the gift cards and payment cards revealed that he is a prolific Russian-speaking hacker who was engaged in similar activities since 2010.

Cybercrime

Cybercrime Hacking Banking Information Security

Bulletproof VPN services took down in a global police operation

Security Affairs

DECEMBER 22, 2020

VPN bulletproof services are widely adopted by cybercrime organizations to carry out malicious activities, including ransomware and malware attacks, e-skimming breaches, spear-phishing campaigns, and account takeovers. ” reads the press release published by the Europol. The services were offered for prices ranging from $1.3/day

VPN

VPN Cybercrime Advertising Accountability

Machete cyber-espionage group targets Latin America military

Security Affairs

AUGUST 5, 2019

The group has been active since 2010 and hit military organizations and other high-profile targets worldwide. Experts noticed the group regularly upgrade the malware in its arsenal and its infrastructure. ” continues the report.

Advertising

Advertising Malware Hacking Government

Crooks leverages.htaccess injector on Joomla and WordPress sites for malicious redirects

Security Affairs

MAY 27, 2019

The website was used by attackers to redirect traffic to advertising sites that attempted to deliver malware. Sucuri spotted threat actors abusing the URL redirect function of the.htaccess file to redirect visitors of compromised websites to phishing sites, sites delivering malware, or simply to generate impressions.

Advertising

Advertising Malware Antivirus Software

APT41 actors charged for attacks on more than 100 victims globally

Security Affairs

SEPTEMBER 17, 2020

The attacks also aimed at carrying out other criminal activities, such as the deployment of ransomware and cryptocurrency malware. In August 2010, the same federal jury announced an indictment that charges Malaysian businessmen Wong Ong Hua, 46, and Ling Yang Ching, 32, for conspiring with two of the Chinese hackers.

Identity Theft

Identity Theft Advertising Government Technology

Microsoft sued North Korea-linked Thallium group

Security Affairs

DECEMBER 30, 2019

The APT group has been active since at least 2010, Microsoft revealed that the hackers launched spear-phishing using legitimate services, including Gmail, Yahoo, and Hotmail. ” Through Thallium.

Computers and Electronics

Computers and Electronics Phishing Accountability Malware

US-based children’s clothing maker Hanna Andersson discloses a data breach

Security Affairs

JANUARY 21, 2020

Security firms have monitored the activities of a dozen groups at least since 2010. . The malware was completely removed on November 11, 2019. “We have taken steps to re-secure the online purchasing platform on our website and to further harden it against compromise.

Data breaches

Data breaches Retail Identity Theft eCommerce

The Satan Ransomware adds new exploits to its arsenal

Security Affairs

MAY 21, 2019

The Satan ransomware first appeared in the threat landscape in January 2017 when the independent malware research @Xylit0l discovered it. Since its discovery, the malware was costantly updated, in one of the campaigns monitored by Fortinet, it utilized a cryptominer as an additional payload to maximize its profits. .

Ransomware

Ransomware Advertising Malware Encryption

The OpenSSL Project addressed three vulnerabilities

Security Affairs

FEBRUARY 18, 2021

In 2010, the Open SSL project addressed three vulnerabilities, including two DDoS issues rated high severity. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. The flaw was reported to OpenSSL Project on 21st January 2021 by D. Katz and Joel Luellwitz from Trustwave.

DDOS

DDOS Encryption Hacking Information Security

PoC Released for Critical CVE-2020-1147 flaw, SharePoint servers exposed to hack

Security Affairs

JULY 23, 2020

depending on the Windows version), SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016 , SharePoint Server 2010 Service Pack 2, SharePoint Server 2019, Visual Studio 2017 version 15.9, The CVE-2020-1147 vulnerability impacts.NET Core 2.1,NET NET Framework 2.0 and Visual Studio 2019 versions 16.0,

Hacking

Hacking Advertising Software Information Security

Naikon APT is flying under the radar since 2015

Security Affairs

MAY 7, 2020

The Naikon APT group is a China-linked cyber espionage group that has been active at least since 2010 and that remained under the radar over the past five years while targeting entities in Asia-Pacific (APAC) region. ” reads a report published by CheckPoint. ” continues the report.

Government

Government Advertising Technology Hacking

DoJ sentenced Russian ‘King of Fraud’ behind the fraud scheme 3ve to 10 years

Security Affairs

NOVEMBER 11, 2021

Zhukov, aka Nastra, was arrested in Bulgaria, where he had lived since 2010, in November 2018 and was extradited to the US on January 18. . million computers with malware, attackers used thousands of servers and more than 10,000 counterfeit websites to impersonate legitimate web publishers. 2—The KOVTER Malware Scheme.

Advertising

Advertising Mobile Internet Internet

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

SEPTEMBER 10, 2018

Security experts from Kaspersky have observed the LuckyMouse APT group (aka Emissary Panda , APT27 and Threat Group 3390) using a digitally signed 32- and 64-bit network filtering driver NDISProxy in recent attacks. The APT group has been active since at least 2010, the crew targeted U.S.

Advertising

Advertising Financial Services Malware Government

CIA elite hacking unit was not able to protect its tools and cyber weapons

Security Affairs

JUNE 17, 2020

According to his LinkedIn profile , Schulte worked for the NSA for five months in 2010 as a systems engineer, after this experience, he joined the CIA as a software engineer and he left the CIA in November 2016. Schulte was identified a few days after WikiLeaks started leaking the precious dumps.

Hacking

Hacking Engineering Data breaches Advertising

REMnux 7, a Linux toolkit for malware analysts released

Payment solutions giant Edenred announces malware infection

Trending Sources

The author of FastPOS PoS malware pleads guilty

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

ChromeLoader campaign uses VHD files disguised as cracked games and pirated software

Colombian authorities arrested hacker behind the Gozi Virus

Experts linked ransomware attacks to China-linked APT27

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

German intelligence agency warns of China-linked APT27 targeting commercial organizations

Dragon Breath APT uses double-dip DLL sideloading strategy

A new variant of Asruex Trojan exploits very old Office, Adobe flaws

Magecart hackers hide stolen credit card data into images and bogus CSS files

Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Meet the Administrators of the RSOCKS Proxy Botnet

China-linked Budworm APT returns to target a US entity

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

British Court rejects the US’s request to extradite Julian Assange

The cybersecurity researcher Dan Kaminsky has died

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

US and UK sanctioned seven Russian members of Trickbot gang

NATO Chief calls for a new strategic to address new challenges

Iron Tiger APT is behind a supply chain attack that employed messaging app MiMi

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

China-linked cyberspies Turbine PANDA targeted aerospace firms for years

Volvo Cars suffers a data breach. Is it a ransomware attack?

Russia-linked Energetic Bear APT behind San Francisco airport attacks

China-Linked APT15 group is using a previously undocumented backdoor

330K stolen payment cards and 895K stolen gift cards sold on dark web

Bulletproof VPN services took down in a global police operation

Machete cyber-espionage group targets Latin America military

Crooks leverages.htaccess injector on Joomla and WordPress sites for malicious redirects

APT41 actors charged for attacks on more than 100 victims globally

Microsoft sued North Korea-linked Thallium group

US-based children’s clothing maker Hanna Andersson discloses a data breach

The Satan Ransomware adds new exploits to its arsenal

The OpenSSL Project addressed three vulnerabilities

PoC Released for Critical CVE-2020-1147 flaw, SharePoint servers exposed to hack

Naikon APT is flying under the radar since 2015

DoJ sentenced Russian ‘King of Fraud’ behind the fraud scheme 3ve to 10 years

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

CIA elite hacking unit was not able to protect its tools and cyber weapons

Stay Connected