2011, Information Security and Malware - Cyber Security Informer

PyMICROPSIA Windows malware includes checks for Linux and macOS

Security Affairs

DECEMBER 15, 2020

Experts from Palo Alto Networks’s Unit 42 discovered a new Windows info-stealing malware, named PyMICROPSIA, that might be used soon to also target Linux and macOS systems. AridViper is an Arabic speaking APT group that is active in the Middle East since at least 2011. ” reads the analysis published by Palo Alto Networks.

Malware

Malware Hacking Information Security

YTStealer info-stealing malware targets YouTube content creators

Security Affairs

JUNE 29, 2022

Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators. solutions.

Malware

Malware Authentication Software Accountability

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

Windows Defender identified Chromium, Electron apps as Hive Ransomware

Security Affairs

SEPTEMBER 5, 2022

Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus to identify Chromium, Electron, as malware. Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus software to identify the app based on the Chromium browser engine or the Electron JavaScript framework as malware.

Antivirus

Antivirus Ransomware Malware Software

Google obtained a temporary court order against CryptBot distributors

Security Affairs

APRIL 28, 2023

Google announced that a federal judge in the Southern District of New York unsealed its civil action against the operators of the information stealer Cryptbot. to disrupt the operations of the CryptBot malware, which experts estimate infected approximately 670,000 computers this past year. ” concludes the announcemebt.

Malware

Malware Cybercrime Cryptocurrency Media

Russia-linked threat actors targets critical infrastructure, US authorities warn

Security Affairs

JANUARY 12, 2022

The alert remarks that Russian nation-state actors have demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing custom malware. Russian state-sponsored APT actors’ global Energy Sector intrusion campaign, 2011 to 2018.

Malware

Malware Cyber threats Cybersecurity Government

US DoJ indicts four members of China-linked APT40 cyberespionage group

Security Affairs

JULY 19, 2021

US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. The fourth defendant, named Wu Shurong, was hired by Hainan Xiandun Technology Development to create malware, and hack into computer systems operated by foreign governments, companies and universities.

Hacking

Hacking Technology Government Malware

Google disrupts the Glupteba botnet

Security Affairs

DECEMBER 7, 2021

The blockchain-enabled botnet has been active since at least 2011, researchers estimate that the Glupteba botnet is currently composed of more than 1 million Windows PCs around the world. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes.

Backups

Backups Advertising Accountability Malware

Security Affairs newsletter Round 284

Security Affairs

OCTOBER 4, 2020

Ransomware

Ransomware Firmware Advertising Insurance

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Security Affairs

APRIL 21, 2022

Security researchers at Check Point Research have discovered a critical remote code execution that affects the implementation of the Apple Lossless Audio Codec (ALAC) in Android devices running on Qualcomm and MediaTek chipsets. ALAC was developed in 2004 and Apple open-sourced it in 2011, since then many third-party vendors used it.

Hacking

Hacking Media Malware Cybersecurity

US man sentenced to 4 years in prison for his role in Infraud scheme

Security Affairs

MAY 29, 2022

The transnational cybercrime ring was engaged in the mass acquisition and sale of fraud-related goods and services, including stolen identities, compromised credit card data, and computer malware. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS.

Cybercrime

Cybercrime Hacking Malware Cybersecurity

Copycat Criminals mimicking Lockbit gang in northern Europe

Security Affairs

JANUARY 28, 2023

One of the most recent attacks was reported by Computerland in Belgium against SMBs in the country, but according to the company they were targeted by a group of cybercriminals who appeared to be using a variant of the LockBit locker malware.

Penetration Testing

Penetration Testing Ransomware Firewall Social Engineering

Silent Night Zeus botnet available for sale in underground forums

Security Affairs

MAY 23, 2020

The source code of the Zeus Trojan is available in the cybercrime underground since 2011 allowing crooks to develop their own release since. Experts found multiple variants in the wild, many of them belonging to the Terdot Zbot/Zloader malware family. The malware is able to infect all operating systems.

Banking

Banking Advertising Malware Cybercrime

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since at least 2011. We believe DePriMon is the first example of malware using this technique ever publicly described.”

Malware

Malware Telecommunications Advertising Encryption

Happy 10th Birthday, Security Affairs

Security Affairs

NOVEMBER 15, 2021

I launched Security Affairs for passion in 2011 and millions of readers walked with me. Ten years ago I launched Security Affairs, the blog over the past decade obtained important successes in the cyber security community, but the greatest one is your immense affection. Ten years together! I’m very excited.

Cybercrime

Cybercrime Hacking Cybersecurity Data breaches

Glupteba botnet is back after Google disrupted it in December 2021

Security Affairs

DECEMBER 19, 2022

The blockchain-enabled botnet has been active since at least 2011, researchers estimated that the Glupteba botnet was composed of more than 1 million Windows PCs around the world as of December 2021. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes.

DNS

DNS Antivirus Cryptocurrency Software

Who Wants to Become a Guest Blogger At This Blog?

Security Boulevard

NOVEMBER 2, 2022

Dear blog readers, Do you know a lot about information security cybercrime research OSINT and threat intelligence gathering including cyber threat actors research? Intelligence Community and Law Enforcement agencies and organizations?

Cybercrime

Cybercrime InfoSec Cyber threats Accountability

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

At the time of this writing, no ransomware group has claimed responsibility for the security breach. CDHE provides free access to the identify theft monitoring Experian IdentityWorks SM for 24 months.

Education

Education Data breaches Ransomware Hacking

Antlion APT group used a custom backdoor that allowed them to fly under the radar for months

Security Affairs

FEBRUARY 3, 2022

The malware was also used by the attackers to browse the web, likely using it as a proxy to mask their IP address. “The xPack malware and its associated payload seems to be used for initial access; it appears that xPack was predominantly used to execute system commands, drop subsequent malware and tools, and stage data for exfiltration.

Manufacturing

Manufacturing Malware Data collection Encryption

US indicted 4 Russian government employees for attacks on critical infrastructure

Security Affairs

MARCH 25, 2022

. “According to the indictment, between May and September 2017, the defendant and co-conspirators hacked the systems of a foreign refinery and installed malware, which cyber security researchers have referred to as “Triton” or “Trisis,” on a safety system produced by Schneider Electric, a multinational corporation.

Government

Government Energy and Utilities Malware Hacking

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Security Affairs

MAY 15, 2020

The Tropic Trooper APT that has been active at least since 2011, it was first spotted in 2015 by security experts at Trend Micro when it targeted government ministries and heavy industries in Taiwan and the military in the Philippines. ” reads the analysis published by Trend Micro. ” continues the report.

Government

Government Malware Advertising Architecture

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

Security Affairs

OCTOBER 16, 2021

FinCEN analyzed a data set composed of 2,184 SARs filed between 1 January 2011 and 30 June 2021 and identified 177 CVC (convertible virtual currency) wallets addresses that were used in ransomware operations associated with the above ransomware variants.

Ransomware

Ransomware Cryptocurrency Hacking Cybercrime

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. These included PClock, CryptoLocker 2.0, Crypt0L0cker, and TorrentLocker.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Hunting the ICEFOG APT group after years of silence

Security Affairs

JUNE 8, 2019

This week, Chi-en (Ashley) Shen presented at the CONFidence cybersecurity conference held in Poland her analysis on new samples of malware associated with the ICEFOG group. ICEFOG-M is the latest variant, it is a fileless malware that supports the same features of the ICEFOG-P but leverages HTTPs for communications.

Malware

Malware Government Advertising Banking

Command injection flaw in PHP Composer allowed supply-chain attacks

Security Affairs

APRIL 29, 2021

According to the researchers who discovered the issue, the flaw was introduced in November 2011. The vulnerability stems from improper sanitization of URLs for repositories in root composer.json files and package source download URLs that could be interpreted as options for system commands executed by Composer.

Hacking

Hacking Software Information Security Malware

Russian Government-owned research institute linked to Triton attacks

Security Affairs

OCTOBER 23, 2018

Security experts from FireEye found evidence that links the development of the Triton malware (aka Trisis and HatMan) to a Russian government research institute. In December 2017, experts from FireEye discovered a new strain of malware dubbed Triton that was specifically designed to target industrial control systems (ICS).

Government

Government Malware Advertising Software

NUVOLA: the new Cloud Security tool

Security Affairs

SEPTEMBER 28, 2022

Beyond the technological aspects, another compendium of Cloud Security Alliance (The State of Cloud Security Risk, Compliance, and Misconfigurations, 2022) states that the lack of knowledge and expertise are well-known issues within the information security industry. Follow me on Twitter: @securityaffairs and Facebook.

Engineering

Engineering Technology Architecture Accountability

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

Since 2011 it was employed in attacks aimed at Human Rights Defenders (HRDs) in many countries, including Bahrain, Ethiopia, UAE, and more. FinSpy can spy on most popular desktop and mobile operating systems, including Android, iOS, Windows, macOS, and Linux.

Spyware

Spyware Surveillance Mobile Advertising

Hyundai and Kia to patch a flaw that allows the theft of the cars with a USB cable

Security Affairs

FEBRUARY 16, 2023

The carmakers will reimburse the purchase of steering wheel locks, to the owners of some 2011-2022 model-year vehicles without engine immobilizers that cannot install the software upgrade. The upgrade will be performed by Hyundai dealers, and the carmaker ensures that the process will take less than one hour to be completed.

Software

Software Media Engineering Hacking

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Security Affairs

OCTOBER 19, 2020

The authorities reported that since 2011, 7 million Bitcoin went into the BTC-e exchange and 5.5 In 2017, Greek Police arrested the Russian national Alexander Vinnik and they accused the man of running the BTC-e Bitcoin exchange to launder more than US$4bn worth of the cryptocurrency. million withdrawn.

Advertising

Advertising Cybercrime Hacking Cryptocurrency

German authorities raid the offices of the FinFisher surveillance firm

Security Affairs

OCTOBER 14, 2020

Since 2011 it was employed in attacks aimed at Human Rights Defenders (HRDs) in many countries, including Bahrain, Ethiopia, UAE, and more. FinSpy can spy on most popular desktop and mobile operating systems, including Android, iOS, Windows, macOS, and Linux.

Surveillance

Surveillance Spyware Software Advertising

KashmirBlack, a new botnet in the threat landscape that rapidly grows

Security Affairs

OCTOBER 26, 2020

“During our research we witnessed its evolution from a medium-volume botnet with basic abilities to a massive infrastructure that is here to stay,” Imperva concludes.

Advertising

Advertising Cryptocurrency Internet Internet

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

Security Affairs

APRIL 15, 2021

The issue affects SAP Commerce versions 1808, 1811, 1905, 2005, 2011. ” April 2021 Security Patch Day includes two other Hot News security notes, which are updates to previously released notes. ” reads the advisory published by NIST.

Engineering

Engineering Software Hacking Information Security

Checkra1n, a working iPhone Jailbreak, was released

Security Affairs

NOVEMBER 16, 2019

In September, the security expert Axi0mX released a new jailbreak, dubbed Checkm8 , that works on all iOS devices running on A5 to A11 chipsets. The jailbreak works with all Apple products released between 2011 and 2017, including iPhone models from 4S to 8 and X.

Surveillance

Surveillance Advertising Risk Media

Checkm8: unpatchable iOS exploit could lead to permanent jailbreak for iOS devices running A5 to A11 chips

Security Affairs

SEPTEMBER 27, 2019

The security expert Axi0mX has released a new jailbreak, dubbed Checkm8 , that works on all iOS devices running on A5 to A11 chipsets. The jailbreak works with all Apple products released between 2011 and 2017, including iPhone models from 4S to 8 and X.

Advertising

Advertising Hacking Software Engineering

Iran-linked APT35 accidentally exposed 40 GB associated with their operations

Security Affairs

JULY 17, 2020

Iran-linked Charming Kitten group, (aka APT35 , Phosphorus , Newscaster , and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media. continues IBM.

Advertising

Advertising Media Authentication Hacking

Dissecting the malicious arsenal of the Makop ransomware gang

Security Affairs

MARCH 14, 2023

Indicators of Compromise and Yara Rules are available in the original post published by Luca Mella [link] About the author: Luca Mella , Cyber Security Expert, Response & Threat Intel | Manager In 2019, Luca was mentioned as one of the “32 Influential Malware Research Professionals”.

Ransomware

Ransomware Software System Administration Encryption

Russian Alexander Vinnik sentenced in Paris to five years in prison for money laundering

Security Affairs

DECEMBER 8, 2020

The authorities reported that since 2011, 7 million Bitcoin went into the BTC-e exchange and 5.5 In 2017, Greek Police arrested the Russian national Alexander Vinnik and they accused the man of running the BTC-e Bitcoin exchange to launder more than US$4bn worth of the cryptocurrency. million withdrawn.

Cryptocurrency

Cryptocurrency Hacking Ransomware Cybercrime

Iran-linked Phosphorus group hit a 2020 presidential campaign

Security Affairs

OCTOBER 6, 2019

Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011. . The experts revealed that the recent campaign carried out by the APT group took place between August and September. ” reads the analysis published by Microsoft.

Accountability

Accountability Passwords Advertising Government

US authorities behind $1 billion Bitcoin transaction of Silk Road funds

Security Affairs

NOVEMBER 6, 2020

According to FBI, between February of 2011 and July 2013, Silk Road managed $1.2 In October 2013, the FBI has shut down the popular black market Silk Road after many years of investigation, the website was hosted in the Tor Network and was seized by US law enforcement.

Cryptocurrency

Cryptocurrency Advertising Marketing Government

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Security Affairs

APRIL 27, 2023

Iran-linked APT group Charming Kitten employed a new malware dubbed BellaCiao in attacks against victims in the U.S., The Charming Kitten used a new custom malware, dubbed BellaCiao, that is tailored to suit individual targets and is very sophisticated. Europe, the Middle East and India. Israel, Iraq, and Saudi Arabia.

Malware

Malware DNS Media Architecture

Updates from the MaaS: new threats delivered through NullMixer

Security Affairs

MARCH 27, 2023

A technical analysis of NullMixer malware operation revealed Italy and France are the favorite European countries from the attackers’ perspective. Executive Summary Our insights into a recent NullMixer malware operation revealed Italy and France are the favorite European countries from the opportunistic attackers’ perspective.

Malware

Malware Social Engineering Encryption Marketing

Iran-linked Charming Kitten APT enhanced its POWERSTAR Backdoor

Security Affairs

JUNE 30, 2023

Iran-linked Charming Kitten group, (aka APT35 , Phosphorus , Newscaster , and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media. ” reads the report published by Volexity.

Phishing

Phishing Malware Passwords Media

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Security Affairs

OCTOBER 3, 2023

On August 2023, the security researcher 0xToxin documented an infection chain leveraging AutoIT scripts to deliver the DarkGate malware, a particular stealer supporting also HVNC and HAnyDesk, and the C2 he decoded was using the same hostname too. This hostname connection is particularly heterogeneous, but it technically makes sense.

Scams

Scams Ransomware System Administration Malware

PyMICROPSIA Windows malware includes checks for Linux and macOS

YTStealer info-stealing malware targets YouTube content creators

Trending Sources

Purple Lambert, a new malware of CIA-linked Lambert APT group

Windows Defender identified Chromium, Electron apps as Hive Ransomware

Google obtained a temporary court order against CryptBot distributors

Russia-linked threat actors targets critical infrastructure, US authorities warn

US DoJ indicts four members of China-linked APT40 cyberespionage group

Google disrupts the Glupteba botnet

Security Affairs newsletter Round 284

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

US man sentenced to 4 years in prison for his role in Infraud scheme

Copycat Criminals mimicking Lockbit gang in northern Europe

Silent Night Zeus botnet available for sale in underground forums

DePriMon downloader uses a never seen installation technique

Happy 10th Birthday, Security Affairs

Glupteba botnet is back after Google disrupted it in December 2021

Who Wants to Become a Guest Blogger At This Blog?

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Antlion APT group used a custom backdoor that allowed them to fly under the radar for months

US indicted 4 Russian government employees for attacks on critical infrastructure

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Hunting the ICEFOG APT group after years of silence

Command injection flaw in PHP Composer allowed supply-chain attacks

Russian Government-owned research institute linked to Triton attacks

NUVOLA: the new Cloud Security tool

Unknown FinSpy Mac and Linux versions found in Egypt

Hyundai and Kia to patch a flaw that allows the theft of the cars with a USB cable

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

German authorities raid the offices of the FinFisher surveillance firm

KashmirBlack, a new botnet in the threat landscape that rapidly grows

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

Checkra1n, a working iPhone Jailbreak, was released

Checkm8: unpatchable iOS exploit could lead to permanent jailbreak for iOS devices running A5 to A11 chips

Iran-linked APT35 accidentally exposed 40 GB associated with their operations

Dissecting the malicious arsenal of the Makop ransomware gang

Russian Alexander Vinnik sentenced in Paris to five years in prison for money laundering

Iran-linked Phosphorus group hit a 2020 presidential campaign

US authorities behind $1 billion Bitcoin transaction of Silk Road funds

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Updates from the MaaS: new threats delivered through NullMixer

Iran-linked Charming Kitten APT enhanced its POWERSTAR Backdoor

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Stay Connected