2011, Hacking, Information Security and Malware

PyMICROPSIA Windows malware includes checks for Linux and macOS

Security Affairs

DECEMBER 15, 2020

Experts from Palo Alto Networks’s Unit 42 discovered a new Windows info-stealing malware, named PyMICROPSIA, that might be used soon to also target Linux and macOS systems. AridViper is an Arabic speaking APT group that is active in the Middle East since at least 2011. SecurityAffairs – hacking, Arid Viper).

Malware

Malware Hacking Information Security

YTStealer info-stealing malware targets YouTube content creators

Security Affairs

JUNE 29, 2022

Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators. solutions.

Malware

Malware Authentication Software Accountability

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Security Affairs

APRIL 21, 2022

Security researchers at Check Point Research have discovered a critical remote code execution that affects the implementation of the Apple Lossless Audio Codec (ALAC) in Android devices running on Qualcomm and MediaTek chipsets. ALAC was developed in 2004 and Apple open-sourced it in 2011, since then many third-party vendors used it.

Hacking

Hacking Media Malware Cybersecurity

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. These included PClock, CryptoLocker 2.0, Crypt0L0cker, and TorrentLocker.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Windows Defender identified Chromium, Electron apps as Hive Ransomware

Security Affairs

SEPTEMBER 5, 2022

Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus to identify Chromium, Electron, as malware. Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus software to identify the app based on the Chromium browser engine or the Electron JavaScript framework as malware.

Antivirus

Antivirus Ransomware Malware Software

US DoJ indicts four members of China-linked APT40 cyberespionage group

Security Affairs

JULY 19, 2021

US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. Three of the defendants are said to be officers in a provincial arm of the MSS and one was an employee of a front company that was used to obfuscate the government’s role in the hacking campaigns.

Hacking

Hacking Technology Government Malware

Russia-linked threat actors targets critical infrastructure, US authorities warn

Security Affairs

JANUARY 12, 2022

The alert remarks that Russian nation-state actors have demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing custom malware. Some of the hacking campaigns that were publicly attributed to Russian state-sponsored APT actors by U.S.

Malware

Malware Cyber threats Cybersecurity Government

Google obtained a temporary court order against CryptBot distributors

Security Affairs

APRIL 28, 2023

Google announced that a federal judge in the Southern District of New York unsealed its civil action against the operators of the information stealer Cryptbot. to disrupt the operations of the CryptBot malware, which experts estimate infected approximately 670,000 computers this past year. ” concludes the announcemebt.

Malware

Malware Cybercrime Cryptocurrency Media

Security Affairs newsletter Round 284

Security Affairs

OCTOBER 4, 2020

SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 284 appeared first on Security Affairs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . Pierluigi Paganini.

Ransomware

Ransomware Firmware Advertising Insurance

Google disrupts the Glupteba botnet

Security Affairs

DECEMBER 7, 2021

The blockchain-enabled botnet has been active since at least 2011, researchers estimate that the Glupteba botnet is currently composed of more than 1 million Windows PCs around the world. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. Pierluigi Paganini.

Backups

Backups Advertising Accountability Malware

US man sentenced to 4 years in prison for his role in Infraud scheme

Security Affairs

MAY 29, 2022

The transnational cybercrime ring was engaged in the mass acquisition and sale of fraud-related goods and services, including stolen identities, compromised credit card data, and computer malware. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS.

Cybercrime

Cybercrime Hacking Malware Cybersecurity

Happy 10th Birthday, Security Affairs

Security Affairs

NOVEMBER 15, 2021

I launched Security Affairs for passion in 2011 and millions of readers walked with me. Ten years ago I launched Security Affairs, the blog over the past decade obtained important successes in the cyber security community, but the greatest one is your immense affection. SecurityAffairs – hacking, Security Affairs).

Cybercrime

Cybercrime Hacking Cybersecurity Data breaches

US indicted 4 Russian government employees for attacks on critical infrastructure

Security Affairs

MARCH 25, 2022

“In total, these hacking campaigns targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries.” The group also attempted to hack the systems of a US company operating critical infrastructure in the United States. SecurityAffairs – hacking, Russian government employees).

Government

Government Energy and Utilities Malware Hacking

Copycat Criminals mimicking Lockbit gang in northern Europe

Security Affairs

JANUARY 28, 2023

One of the most recent attacks was reported by Computerland in Belgium against SMBs in the country, but according to the company they were targeted by a group of cybercriminals who appeared to be using a variant of the LockBit locker malware.

Penetration Testing

Penetration Testing Ransomware Firewall Social Engineering

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

At the time of this writing, no ransomware group has claimed responsibility for the security breach. CDHE provides free access to the identify theft monitoring Experian IdentityWorks SM for 24 months.

Education

Education Data breaches Ransomware Hacking

Silent Night Zeus botnet available for sale in underground forums

Security Affairs

MAY 23, 2020

The source code of the Zeus Trojan is available in the cybercrime underground since 2011 allowing crooks to develop their own release since. Experts found multiple variants in the wild, many of them belonging to the Terdot Zbot/Zloader malware family. The malware is able to infect all operating systems. Pierluigi Paganini.

Banking

Banking Advertising Malware Cybercrime

Glupteba botnet is back after Google disrupted it in December 2021

Security Affairs

DECEMBER 19, 2022

The blockchain-enabled botnet has been active since at least 2011, researchers estimated that the Glupteba botnet was composed of more than 1 million Windows PCs around the world as of December 2021. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. Pierluigi Paganini.

DNS

DNS Antivirus Cryptocurrency Software

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since at least 2011. Then the DePriMon malware uses Schannel for the communication. Pierluigi Paganini.

Malware

Malware Telecommunications Advertising Encryption

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

Security Affairs

OCTOBER 16, 2021

FinCEN analyzed a data set composed of 2,184 SARs filed between 1 January 2011 and 30 June 2021 and identified 177 CVC (convertible virtual currency) wallets addresses that were used in ransomware operations associated with the above ransomware variants. SecurityAffairs – hacking, FinCEN). Pierluigi Paganini.

Ransomware

Ransomware Cryptocurrency Hacking Cybercrime

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Security Affairs

MAY 15, 2020

The Tropic Trooper APT that has been active at least since 2011, it was first spotted in 2015 by security experts at Trend Micro when it targeted government ministries and heavy industries in Taiwan and the military in the Philippines. ” reads the analysis published by Trend Micro. ” continues the report.

Government

Government Malware Advertising Architecture

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

Since 2011 it was employed in attacks aimed at Human Rights Defenders (HRDs) in many countries, including Bahrain, Ethiopia, UAE, and more. The new versions of FinSpy spyware were used by a new unknown hacking group, Amnesty International speculates the involvement of a nation-state actor that employed them since September 2019.

Spyware

Spyware Surveillance Mobile Advertising

Antlion APT group used a custom backdoor that allowed them to fly under the radar for months

Security Affairs

FEBRUARY 3, 2022

The malware was also used by the attackers to browse the web, likely using it as a proxy to mask their IP address. “The xPack malware and its associated payload seems to be used for initial access; it appears that xPack was predominantly used to execute system commands, drop subsequent malware and tools, and stage data for exfiltration.

Manufacturing

Manufacturing Malware Data collection Encryption

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Security Affairs

OCTOBER 19, 2020

Alexander Vinnik allegedly headed the Bitcoin exchange BTC-e, he is charged with different hacking crimes in Russia, France, and the United States. The authorities reported that since 2011, 7 million Bitcoin went into the BTC-e exchange and 5.5 SecurityAffairs – hacking, cybercrime). million withdrawn. Pierluigi Paganini.

Advertising

Advertising Cybercrime Hacking Cryptocurrency

Command injection flaw in PHP Composer allowed supply-chain attacks

Security Affairs

APRIL 29, 2021

According to the researchers who discovered the issue, the flaw was introduced in November 2011. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, PHP Composer). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Hacking

Hacking Software Information Security Malware

German authorities raid the offices of the FinFisher surveillance firm

Security Affairs

OCTOBER 14, 2020

Since 2011 it was employed in attacks aimed at Human Rights Defenders (HRDs) in many countries, including Bahrain, Ethiopia, UAE, and more. The new versions of FinSpy spyware were used by a new unknown hacking group, Amnesty International speculates the involvement of a nation-state actor that employed them since September 2019.

Surveillance

Surveillance Spyware Software Advertising

Hunting the ICEFOG APT group after years of silence

Security Affairs

JUNE 8, 2019

This week, Chi-en (Ashley) Shen presented at the CONFidence cybersecurity conference held in Poland her analysis on new samples of malware associated with the ICEFOG group. ICEFOG-M is the latest variant, it is a fileless malware that supports the same features of the ICEFOG-P but leverages HTTPs for communications. Pierluigi Paganini.

Malware

Malware Government Advertising Banking

Hyundai and Kia to patch a flaw that allows the theft of the cars with a USB cable

Security Affairs

FEBRUARY 16, 2023

The carmakers will reimburse the purchase of steering wheel locks, to the owners of some 2011-2022 model-year vehicles without engine immobilizers that cannot install the software upgrade. The upgrade will be performed by Hyundai dealers, and the carmaker ensures that the process will take less than one hour to be completed.

Software

Software Media Engineering Hacking

The Hacker Mind Podcast: Hacking Healthcare

ForAllSecure

JANUARY 15, 2021

In this episode, Mike Ahmadi draws on his years of experience in infosec, his years hacking medical devices. Listen to EP 12: Hacking Healthcare. It’s about challenging our expectations about people who hack for a living. ” So it’s not surprising that this recording coincided with another major security event.

Healthcare

Healthcare Hacking InfoSec Software

The Hacker Mind Podcast: Hacking Healthcare

ForAllSecure

JANUARY 15, 2021

In this episode, Mike Ahmadi draws on his years of experience in infosec, his years hacking medical devices. Listen to EP 12: Hacking Healthcare. It’s about challenging our expectations about people who hack for a living. ” So it’s not surprising that this recording coincided with another major security event.

Healthcare

Healthcare Hacking InfoSec Software

KashmirBlack, a new botnet in the threat landscape that rapidly grows

Security Affairs

OCTOBER 26, 2020

SecurityAffairs – hacking, KashmirBlack botnet). The post KashmirBlack, a new botnet in the threat landscape that rapidly grows appeared first on Security Affairs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Advertising

Advertising Cryptocurrency Internet Internet

Russian Alexander Vinnik sentenced in Paris to five years in prison for money laundering

Security Affairs

DECEMBER 8, 2020

Alexander Vinnik allegedly headed the Bitcoin exchange BTC-e, he is charged with different hacking crimes in Russia, France, and the United States. The authorities reported that since 2011, 7 million Bitcoin went into the BTC-e exchange and 5.5 SecurityAffairs – hacking, Alexander Vinnik). million withdrawn.

Cryptocurrency

Cryptocurrency Hacking Ransomware Cybercrime

NUVOLA: the new Cloud Security tool

Security Affairs

SEPTEMBER 28, 2022

Beyond the technological aspects, another compendium of Cloud Security Alliance (The State of Cloud Security Risk, Compliance, and Misconfigurations, 2022) states that the lack of knowledge and expertise are well-known issues within the information security industry. SecurityAffairs – hacking, cloud computing).

Engineering

Engineering Technology Architecture Accountability

Russian Government-owned research institute linked to Triton attacks

Security Affairs

OCTOBER 23, 2018

Security experts from FireEye found evidence that links the development of the Triton malware (aka Trisis and HatMan) to a Russian government research institute. In December 2017, experts from FireEye discovered a new strain of malware dubbed Triton that was specifically designed to target industrial control systems (ICS).

Government

Government Malware Advertising Software

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

Security Affairs

APRIL 15, 2021

The issue affects SAP Commerce versions 1808, 1811, 1905, 2005, 2011. ” April 2021 Security Patch Day includes two other Hot News security notes, which are updates to previously released notes. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini.

Engineering

Engineering Software Hacking Information Security

Checkm8: unpatchable iOS exploit could lead to permanent jailbreak for iOS devices running A5 to A11 chips

Security Affairs

SEPTEMBER 27, 2019

The security expert Axi0mX has released a new jailbreak, dubbed Checkm8 , that works on all iOS devices running on A5 to A11 chipsets. The jailbreak works with all Apple products released between 2011 and 2017, including iPhone models from 4S to 8 and X. SecurityAffairs – Checkm8, hacking). Pierluigi Paganini.

Advertising

Advertising Hacking Software Engineering

Dissecting the malicious arsenal of the Makop ransomware gang

Security Affairs

MARCH 14, 2023

In particular, recent investigations were able to identify four of them: the ARestore escalation tool, the backdoor, and other publicly available toolkits such as Advanced_Port_Scanner and a particular popular Chinese hack tool. He is a former member of the ANeSeC CTF team, one of the firsts Italian cyber wargame teams born back in 2011.

Ransomware

Ransomware Software System Administration Encryption

Iran-linked Phosphorus group hit a 2020 presidential campaign

Security Affairs

OCTOBER 6, 2019

Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011. . Microsoft notified all the impacted users about the hacks and provided supports to the victims to secure their accounts. SecurityAffairs – Iran, hacking).

Accountability

Accountability Passwords Advertising Government

Checkra1n, a working iPhone Jailbreak, was released

Security Affairs

NOVEMBER 16, 2019

In September, the security expert Axi0mX released a new jailbreak, dubbed Checkm8 , that works on all iOS devices running on A5 to A11 chipsets. The jailbreak works with all Apple products released between 2011 and 2017, including iPhone models from 4S to 8 and X.

Surveillance

Surveillance Advertising Risk Media

Iran-linked APT35 accidentally exposed 40 GB associated with their operations

Security Affairs

JULY 17, 2020

Iran-linked Charming Kitten group, (aka APT35 , Phosphorus , Newscaster , and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media. SecurityAffairs – hacking, APT35). continues IBM. .

Advertising

Advertising Media Authentication Hacking

US authorities behind $1 billion Bitcoin transaction of Silk Road funds

Security Affairs

NOVEMBER 6, 2020

According to FBI, between February of 2011 and July 2013, Silk Road managed $1.2 “At the time it was taken down in 2013, Silk Road had nearly 13,000 listings for controlled substances and many more listings offering illegal services, such as computer hacking and murder for hire, which generated sales revenue totaling over 9.5

Cryptocurrency

Cryptocurrency Advertising Marketing Government

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Security Affairs

APRIL 27, 2023

Iran-linked APT group Charming Kitten employed a new malware dubbed BellaCiao in attacks against victims in the U.S., The Charming Kitten used a new custom malware, dubbed BellaCiao, that is tailored to suit individual targets and is very sophisticated. Europe, the Middle East and India. Israel, Iraq, and Saudi Arabia.

Malware

Malware DNS Media Architecture

Updates from the MaaS: new threats delivered through NullMixer

Security Affairs

MARCH 27, 2023

A technical analysis of NullMixer malware operation revealed Italy and France are the favorite European countries from the attackers’ perspective. Executive Summary Our insights into a recent NullMixer malware operation revealed Italy and France are the favorite European countries from the opportunistic attackers’ perspective.

Malware

Malware Social Engineering Encryption Marketing

Iran-linked Charming Kitten APT enhanced its POWERSTAR Backdoor

Security Affairs

JUNE 30, 2023

Iran-linked Charming Kitten group, (aka APT35 , Phosphorus , Newscaster , and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media. ” reads the report published by Volexity.

Phishing

Phishing Malware Passwords Media

PyMICROPSIA Windows malware includes checks for Linux and macOS

YTStealer info-stealing malware targets YouTube content creators

Webinars

Trending Sources

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Webinars

Purple Lambert, a new malware of CIA-linked Lambert APT group

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Windows Defender identified Chromium, Electron apps as Hive Ransomware

US DoJ indicts four members of China-linked APT40 cyberespionage group

Russia-linked threat actors targets critical infrastructure, US authorities warn

Google obtained a temporary court order against CryptBot distributors

Security Affairs newsletter Round 284

Google disrupts the Glupteba botnet

US man sentenced to 4 years in prison for his role in Infraud scheme

Happy 10th Birthday, Security Affairs

US indicted 4 Russian government employees for attacks on critical infrastructure

Copycat Criminals mimicking Lockbit gang in northern Europe

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Silent Night Zeus botnet available for sale in underground forums

Glupteba botnet is back after Google disrupted it in December 2021

DePriMon downloader uses a never seen installation technique

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Unknown FinSpy Mac and Linux versions found in Egypt

Antlion APT group used a custom backdoor that allowed them to fly under the radar for months

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Command injection flaw in PHP Composer allowed supply-chain attacks

German authorities raid the offices of the FinFisher surveillance firm

Hunting the ICEFOG APT group after years of silence

Hyundai and Kia to patch a flaw that allows the theft of the cars with a USB cable

The Hacker Mind Podcast: Hacking Healthcare

The Hacker Mind Podcast: Hacking Healthcare

KashmirBlack, a new botnet in the threat landscape that rapidly grows

Russian Alexander Vinnik sentenced in Paris to five years in prison for money laundering

NUVOLA: the new Cloud Security tool

Russian Government-owned research institute linked to Triton attacks

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

Checkm8: unpatchable iOS exploit could lead to permanent jailbreak for iOS devices running A5 to A11 chips

Dissecting the malicious arsenal of the Makop ransomware gang

Iran-linked Phosphorus group hit a 2020 presidential campaign

Checkra1n, a working iPhone Jailbreak, was released

Iran-linked APT35 accidentally exposed 40 GB associated with their operations

US authorities behind $1 billion Bitcoin transaction of Silk Road funds

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Updates from the MaaS: new threats delivered through NullMixer

Iran-linked Charming Kitten APT enhanced its POWERSTAR Backdoor

Stay Connected