2011, Hacking and Malware - Cyber Security Informer

XDSpy APT remained undetected since at least 2011

Security Affairs

OCTOBER 2, 2020

Researchers from ESET uncovered the activity of a new APT group, tracked as XDSpy, that has been active since at least 2011. XDSpy is the name used by ESET researchers to track a nation-state actor that has been active since at least 2011. ” reads the abstract from the talk. ” concludes the report.

Malware

Malware Government Advertising Phishing

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz WHO RUNS CRYPTOR[.]BIZ?

Malware

Malware Antivirus Cybercrime Hacking

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. Image: spur.us. as a media sharing device on a local network that was somehow exposed to the Internet.

Malware

Malware Passwords Accountability Advertising

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. AWMproxy, the storefront for renting access to infected PCs, circa 2011.

Passwords

Passwords Malware Internet Internet

PyMICROPSIA Windows malware includes checks for Linux and macOS

Security Affairs

DECEMBER 15, 2020

Experts from Palo Alto Networks’s Unit 42 discovered a new Windows info-stealing malware, named PyMICROPSIA, that might be used soon to also target Linux and macOS systems. AridViper is an Arabic speaking APT group that is active in the Middle East since at least 2011. SecurityAffairs – hacking, Arid Viper).

Malware

Malware Hacking Information Security

Why is ‘Juice Jacking’ Suddenly Back in the News?

Krebs on Security

APRIL 14, 2023

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about “ juice jacking ,” a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk.

Mobile

Mobile Software Backups Technology

YTStealer info-stealing malware targets YouTube content creators

Security Affairs

JUNE 29, 2022

Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators. solutions.

Malware

Malware Authentication Software Accountability

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Security Affairs

APRIL 21, 2022

ALAC was developed in 2004 and Apple open-sourced it in 2011, since then many third-party vendors used it. “The impact of an RCE vulnerability can range from malware execution to an attacker gaining control over a user’s multimedia data, including streaming from a compromised machine’s camera.” To nominate, please visit:?

Hacking

Hacking Media Malware Cybersecurity

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

Windows Defender identified Chromium, Electron apps as Hive Ransomware

Security Affairs

SEPTEMBER 5, 2022

Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus to identify Chromium, Electron, as malware. Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus software to identify the app based on the Chromium browser engine or the Electron JavaScript framework as malware.

Antivirus

Antivirus Ransomware Malware Software

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. These included PClock, CryptoLocker 2.0, Crypt0L0cker, and TorrentLocker.

Ransomware

Ransomware Hacking Encryption Penetration Testing

US DoJ indicts four members of China-linked APT40 cyberespionage group

Security Affairs

JULY 19, 2021

US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. Three of the defendants are said to be officers in a provincial arm of the MSS and one was an employee of a front company that was used to obfuscate the government’s role in the hacking campaigns.

Hacking

Hacking Technology Government Malware

The Belgacom hack was the work of the UK GCHQ intelligence agency

Security Affairs

OCTOBER 28, 2018

Belgian newspaper reported that investigators had found proof that the Belgacom hack was the work of the UK GCHQ intelligence agency. Back to September 2013, Belgacom (now Proximus), the largest telecommunications company in Belgium and primarily state-owned, announced its IT infrastructure had suffered a malware-based attack.

Hacking

Hacking Spyware Telecommunications Malware

Russia-linked threat actors targets critical infrastructure, US authorities warn

Security Affairs

JANUARY 12, 2022

The alert remarks that Russian nation-state actors have demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing custom malware. Some of the hacking campaigns that were publicly attributed to Russian state-sponsored APT actors by U.S.

Malware

Malware Cyber threats Cybersecurity Government

Google obtained a temporary court order against CryptBot distributors

Security Affairs

APRIL 28, 2023

to disrupt the operations of the CryptBot malware, which experts estimate infected approximately 670,000 computers this past year. Google targeted the distributors of the malware who are paid to spread and deliver the malicious code and infect a larger number of systems as possible. ” reads the announcement published by Google.

Malware

Malware Cybercrime Cryptocurrency Media

Google disrupts the Glupteba botnet

Security Affairs

DECEMBER 7, 2021

The blockchain-enabled botnet has been active since at least 2011, researchers estimate that the Glupteba botnet is currently composed of more than 1 million Windows PCs around the world. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. Pierluigi Paganini.

Backups

Backups Advertising Accountability Malware

US man sentenced to 4 years in prison for his role in Infraud scheme

Security Affairs

MAY 29, 2022

The transnational cybercrime ring was engaged in the mass acquisition and sale of fraud-related goods and services, including stolen identities, compromised credit card data, and computer malware. SecurityAffairs – hacking, cybercrime). The fraudulent activities conducted by the gang cost victims more than $568 million dollars. .

Cybercrime

Cybercrime Hacking Malware Cybersecurity

Happy 10th Birthday, Security Affairs

Security Affairs

NOVEMBER 15, 2021

I launched Security Affairs for passion in 2011 and millions of readers walked with me. SecurityAffairs – hacking, Security Affairs). Ten years together! I’m very excited. Over the past decade, I have recovered tens of thousand stories focusing mainly on cybercrime, information warfare, hacktivism and computer security.

Cybercrime

Cybercrime Hacking Cybersecurity Data breaches

The analysis of the code reuse revealed many links between North Korea malware

Security Affairs

AUGUST 10, 2018

Security researchers at Intezer and McAfee have conducted a joint investigation that allowed them to collect evidence that links malware families attributed to North Korean APT groups such as the notorious Lazarus Group and Group 123. Each node represents a malware family or a hacking tool (“ Brambul ,” “ Fallchill ,” etc.)

Malware

Malware Hacking Advertising Accountability

From Cybercrime Saul Goodman to the Russian GRU

Krebs on Security

FEBRUARY 7, 2024

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The forum’s member roster includes a Who’s Who of top Russian cybercriminals, and it featured sub-forums for a wide range of cybercrime specialities, including malware, spam, coding and identity theft. One representation of the leaked Mazafaka database.

Cybercrime

Cybercrime Accountability Identity Theft Hacking

Security Affairs newsletter Round 284

Security Affairs

OCTOBER 4, 2020

SecurityAffairs – hacking, newsletter). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware

Ransomware Firmware Advertising Insurance

Copycat Criminals mimicking Lockbit gang in northern Europe

Security Affairs

JANUARY 28, 2023

One of the most recent attacks was reported by Computerland in Belgium against SMBs in the country, but according to the company they were targeted by a group of cybercriminals who appeared to be using a variant of the LockBit locker malware.

Penetration Testing

Penetration Testing Ransomware Firewall Social Engineering

US indicted 4 Russian government employees for attacks on critical infrastructure

Security Affairs

MARCH 25, 2022

“In total, these hacking campaigns targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries.” The group also attempted to hack the systems of a US company operating critical infrastructure in the United States. SecurityAffairs – hacking, Russian government employees).

Government

Government Energy and Utilities Malware Hacking

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, data breach) The post Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack appeared first on Security Affairs.

Education

Education Data breaches Ransomware Hacking

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since at least 2011. Then the DePriMon malware uses Schannel for the communication. Pierluigi Paganini.

Malware

Malware Telecommunications Advertising Encryption

Silent Night Zeus botnet available for sale in underground forums

Security Affairs

MAY 23, 2020

The source code of the Zeus Trojan is available in the cybercrime underground since 2011 allowing crooks to develop their own release since. Experts found multiple variants in the wild, many of them belonging to the Terdot Zbot/Zloader malware family. The malware is able to infect all operating systems. Pierluigi Paganini.

Banking

Banking Advertising Malware Cybercrime

Glupteba botnet is back after Google disrupted it in December 2021

Security Affairs

DECEMBER 19, 2022

The blockchain-enabled botnet has been active since at least 2011, researchers estimated that the Glupteba botnet was composed of more than 1 million Windows PCs around the world as of December 2021. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. Pierluigi Paganini.

DNS

DNS Antivirus Cryptocurrency Software

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Security Affairs

MAY 15, 2020

The Tropic Trooper APT that has been active at least since 2011, it was first spotted in 2015 by security experts at Trend Micro when it targeted government ministries and heavy industries in Taiwan and the military in the Philippines. ” reads the analysis published by Trend Micro. ” continues the report.

Government

Government Malware Advertising Architecture

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

Security Affairs

OCTOBER 16, 2021

FinCEN analyzed a data set composed of 2,184 SARs filed between 1 January 2011 and 30 June 2021 and identified 177 CVC (convertible virtual currency) wallets addresses that were used in ransomware operations associated with the above ransomware variants. SecurityAffairs – hacking, FinCEN). Pierluigi Paganini.

Ransomware

Ransomware Cryptocurrency Hacking Cybercrime

The Origins and History of the Dark Web

Identity IQ

FEBRUARY 8, 2024

But the dark web is also associated with illegal activities including the trafficking of drugs, weapons, and illegal pornography, hacking and cybercrime, terrorism, and the sale of stolen data or personal information. The hidden service gained traction in 2011 and then hit the mainstream when a Gawker article about the site was published.

Identity Theft

Identity Theft Cryptocurrency Government Engineering

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

Since 2011 it was employed in attacks aimed at Human Rights Defenders (HRDs) in many countries, including Bahrain, Ethiopia, UAE, and more. The new versions of FinSpy spyware were used by a new unknown hacking group, Amnesty International speculates the involvement of a nation-state actor that employed them since September 2019.

Spyware

Spyware Surveillance Mobile Advertising

Antlion APT group used a custom backdoor that allowed them to fly under the radar for months

Security Affairs

FEBRUARY 3, 2022

The malware was also used by the attackers to browse the web, likely using it as a proxy to mask their IP address. “The xPack malware and its associated payload seems to be used for initial access; it appears that xPack was predominantly used to execute system commands, drop subsequent malware and tools, and stage data for exfiltration.

Manufacturing

Manufacturing Malware Data collection Encryption

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Security Affairs

OCTOBER 19, 2020

Alexander Vinnik allegedly headed the Bitcoin exchange BTC-e, he is charged with different hacking crimes in Russia, France, and the United States. The authorities reported that since 2011, 7 million Bitcoin went into the BTC-e exchange and 5.5 SecurityAffairs – hacking, cybercrime). million withdrawn. Pierluigi Paganini.

Advertising

Advertising Cybercrime Hacking Cryptocurrency

Command injection flaw in PHP Composer allowed supply-chain attacks

Security Affairs

APRIL 29, 2021

According to the researchers who discovered the issue, the flaw was introduced in November 2011. SecurityAffairs – hacking, PHP Composer). “This problem alone does not yet allow command execution, as the values are appropriately escaped. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Hacking

Hacking Software Information Security Malware

German authorities raid the offices of the FinFisher surveillance firm

Security Affairs

OCTOBER 14, 2020

Since 2011 it was employed in attacks aimed at Human Rights Defenders (HRDs) in many countries, including Bahrain, Ethiopia, UAE, and more. The new versions of FinSpy spyware were used by a new unknown hacking group, Amnesty International speculates the involvement of a nation-state actor that employed them since September 2019.

Surveillance

Surveillance Spyware Software Advertising

Hunting the ICEFOG APT group after years of silence

Security Affairs

JUNE 8, 2019

This week, Chi-en (Ashley) Shen presented at the CONFidence cybersecurity conference held in Poland her analysis on new samples of malware associated with the ICEFOG group. ICEFOG-M is the latest variant, it is a fileless malware that supports the same features of the ICEFOG-P but leverages HTTPs for communications. Pierluigi Paganini.

Malware

Malware Government Advertising Banking

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

The Last Watchdog

JUNE 20, 2018

Bilogorskiy: Before 2013 a lot of malware was focused on spam, DDoS and monetizing through malicious advertising and ad fraud. In 2011, total cryptocurrency value was about $10 billion. Bilogorskiy: One other kind of attack that we’ve seen is where companies get hacked and those computers have mining malware put on them.

Cryptocurrency

Cryptocurrency Passwords Ransomware Malware

The Hacker Mind Podcast: Hacking Healthcare

ForAllSecure

JANUARY 15, 2021

In this episode, Mike Ahmadi draws on his years of experience in infosec, his years hacking medical devices. Listen to EP 12: Hacking Healthcare. It’s about challenging our expectations about people who hack for a living. there's three reasons why people hack: one is for just notoriety, that's what script kiddies do.

Healthcare

Healthcare Hacking InfoSec Software

The Hacker Mind Podcast: Hacking Healthcare

ForAllSecure

JANUARY 15, 2021

In this episode, Mike Ahmadi draws on his years of experience in infosec, his years hacking medical devices. Listen to EP 12: Hacking Healthcare. It’s about challenging our expectations about people who hack for a living. there's three reasons why people hack: one is for just notoriety, that's what script kiddies do.

Healthcare

Healthcare Hacking InfoSec Software

Hyundai and Kia to patch a flaw that allows the theft of the cars with a USB cable

Security Affairs

FEBRUARY 16, 2023

The carmakers will reimburse the purchase of steering wheel locks, to the owners of some 2011-2022 model-year vehicles without engine immobilizers that cannot install the software upgrade. The upgrade will be performed by Hyundai dealers, and the carmaker ensures that the process will take less than one hour to be completed.

Software

Software Media Engineering Hacking

Breach Exposes Users of Microleaves Proxy Service

Krebs on Security

JULY 28, 2022

In a 2011 post on Hackforums, Acidut said they were building a botnet using an “exploit kit,” a set of browser exploits made to be stitched into hacked websites and foist malware on visitors. 1, 2021: 15-Year-Old Malware Proxy Network VIP72 Goes Dark. ” A teaser from Irish Tech News. “Online[.]io

Advertising

Advertising Software Computers and Electronics Internet

Russian Alexander Vinnik sentenced in Paris to five years in prison for money laundering

Security Affairs

DECEMBER 8, 2020

Alexander Vinnik allegedly headed the Bitcoin exchange BTC-e, he is charged with different hacking crimes in Russia, France, and the United States. The authorities reported that since 2011, 7 million Bitcoin went into the BTC-e exchange and 5.5 SecurityAffairs – hacking, Alexander Vinnik). million withdrawn.

Cryptocurrency

Cryptocurrency Hacking Ransomware Cybercrime

Prilex: the pricey prickle credit card complex

SecureList

SEPTEMBER 28, 2022

Prilex is a Brazilian threat actor that has evolved out of ATM-focused malware into modular point-of-sale malware. Active since 2014, in 2016, the group decided to give up ATM malware and focus all of their attacks on PoS systems, targeting the core of the payment industry. Evolving into PoS malware.

Malware

Malware Banking Software Encryption

KashmirBlack, a new botnet in the threat landscape that rapidly grows

Security Affairs

OCTOBER 26, 2020

SecurityAffairs – hacking, KashmirBlack botnet). “During our research we witnessed its evolution from a medium-volume botnet with basic abilities to a massive infrastructure that is here to stay,” Imperva concludes. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Advertising

Advertising Cryptocurrency Internet Internet

XDSpy APT remained undetected since at least 2011

Why Malware Crypting Services Deserve More Scrutiny

Trending Sources

Giving a Face to the Malware Proxy Service ‘Faceless’

The Link Between AWM Proxy & the Glupteba Botnet

PyMICROPSIA Windows malware includes checks for Linux and macOS

Why is ‘Juice Jacking’ Suddenly Back in the News?

YTStealer info-stealing malware targets YouTube content creators

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Purple Lambert, a new malware of CIA-linked Lambert APT group

Windows Defender identified Chromium, Electron apps as Hive Ransomware

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

US DoJ indicts four members of China-linked APT40 cyberespionage group

The Belgacom hack was the work of the UK GCHQ intelligence agency

Russia-linked threat actors targets critical infrastructure, US authorities warn

Google obtained a temporary court order against CryptBot distributors

Google disrupts the Glupteba botnet

US man sentenced to 4 years in prison for his role in Infraud scheme

Happy 10th Birthday, Security Affairs

The analysis of the code reuse revealed many links between North Korea malware

From Cybercrime Saul Goodman to the Russian GRU

Security Affairs newsletter Round 284

Copycat Criminals mimicking Lockbit gang in northern Europe

US indicted 4 Russian government employees for attacks on critical infrastructure

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

DePriMon downloader uses a never seen installation technique

Silent Night Zeus botnet available for sale in underground forums

Glupteba botnet is back after Google disrupted it in December 2021

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

The Origins and History of the Dark Web

Unknown FinSpy Mac and Linux versions found in Egypt

Antlion APT group used a custom backdoor that allowed them to fly under the radar for months

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Command injection flaw in PHP Composer allowed supply-chain attacks

German authorities raid the offices of the FinFisher surveillance firm

Hunting the ICEFOG APT group after years of silence

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

The Hacker Mind Podcast: Hacking Healthcare

The Hacker Mind Podcast: Hacking Healthcare

Hyundai and Kia to patch a flaw that allows the theft of the cars with a USB cable

Breach Exposes Users of Microleaves Proxy Service

Russian Alexander Vinnik sentenced in Paris to five years in prison for money laundering

Prilex: the pricey prickle credit card complex

KashmirBlack, a new botnet in the threat landscape that rapidly grows

Stay Connected