Security Affairs

MAY 23, 2020

The source code of the Zeus Trojan is available in the cybercrime underground since 2011 allowing crooks to develop their own release since. Experts found multiple variants in the wild, many of them belonging to the Terdot Zbot/Zloader malware family.

Banking 133

Banking Advertising Malware Cybercrime 133

Security Affairs

JANUARY 27, 2021

the attacker does not need to know the user’s password). The privilege escalation issue is a heap-based buffer overflow that was discovered by security researchers from Qualys. The vulnerability was introduced in July 2011 ( commit 8255ed69 ), and affects all versions from 1.8.2 to 1.9.5p1, in their default configuration.

Authentication 112

Authentication Passwords Hacking Information Security 112

Security Affairs

FEBRUARY 3, 2022

The decryption password is provided as a command-line argument (Base64 encoded string), and the xPack backdoor can run as a standalone application or as a service (xPackSvc variant). Symantec speculates Antlion is has been active since at least 2011, its TTP overlaps the ones associated with China-linked nation-state actors.

Manufacturing 87

Manufacturing Malware Data collection Encryption 87

Security Affairs

SEPTEMBER 5, 2019

“But because the server wasn’t protected with a password, anyone could find and access the database.” Facebook disabled the API that shares users’ mobile phone and address details with developers back in 2011. -based Facebook users, 18 million records of users in the U.K., ” states Techcrunch.

Advertising 94

Advertising Accountability Mobile Passwords 94

SC Magazine

FEBRUARY 4, 2021

Yet, there was still a bevy of security surprises for anyone who installed the system without first testing the device. The Raspbian installation contained an odd assortment of files both related and unrelated to the camera, including an MP3 of the 2011 Bruno Mars hit “The Lazy Song.”

IoT 121

IoT Media Marketing Retail 121

Security Affairs

OCTOBER 6, 2019

Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011. . The hackers initially breached into the victim’s secondary email inbox associated with their Microsoft account, then used them to reset the password.

Accountability 72

Accountability Passwords Advertising Government 72

The Last Watchdog

JUNE 21, 2020

The Archiveus Trojan from 2006 was the first one to use RSA cipher, but it was reminiscent of a proof of concept and used a static 30-digit decryption password that was shortly cracked. David Balaban is a computer security researcher with over 17 years of experience in malware analysis and antivirus software evaluation.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

MARCH 14, 2023

Figure.NET flags (left) and obfuscation pattern (right) The tool is designed for two main purposes: generating comb lists of local windows user names and potential passwords, and testing them locally. The tool is able to automatically retrieve local users from groups, filter for administration, and then test the password.

Ransomware 81

Ransomware Software System Administration Encryption 81

Security Affairs

DECEMBER 23, 2019

The APT20 group has been active since at least 2011, but experts did not associate any campaign with this threat actors between 2016 and 2017. In order to move laterally within the target networks, hackers used well-known techniques, such as dumping credentials from memory and accessing password managers on compromised systems.

VPN 65

VPN Hacking Software Advertising 65

Security Affairs

MARCH 27, 2023

If you want to have Indicators of Compromise and Yara Rules for this threat give a look at the original post published on Medium: [link] About the author: Luca Mella , Cyber Security Expert, Response & Threat Intel | Manager In 2019, Luca was mentioned as one of the “32 Influential Malware Research Professionals”.

Malware 82

Malware Social Engineering Encryption Marketing 82

Security Affairs

MAY 8, 2020

bypass corporate security systems in H2 2019, cybercriminals continued to archive their malicious attachments. Threat actors included the passwords for accessing the archives’ contents in the subject of the email, the name of the archive, or in their subsequent correspondence with the victim.

Phishing 56

Phishing Spyware Banking Malware 56

Malwarebytes

MAY 21, 2023

Why ChatGPT security concerns are both overblown and valid Artificial intelligence (AI) was once a science fiction cautionary tale—stories consistently warned against designing machines capable of surpassing human ingenuity. The program can help close the security knowledge gap by assisting in employee training.

Cybersecurity 79

Cybersecurity Artificial Intelligence Social Engineering Engineering 79

Cisco Security

AUGUST 28, 2023

In some instances, it was possible to observe clear-text LDAP bind attempts which disclosed which organization the device belonged to or direct exposure of the username and password combination through protocols such as POP3, LDAP, HTTP (Hyper Text Transfer Protocol) or FTP. Cleartext passwords and usernames disclosed in traffic.

Wireless 61

Wireless DNS Mobile Technology 61

McAfee

SEPTEMBER 19, 2019

In 2015, a former Morgan Stanley financial advisor pleaded guilty to stealing 730,000 account records from 2011 to 2014 and saving them on a personal server at home. An employee with account credentials compromised in a phishing attack or with weak or shared passwords loses data. The Global State of Information Security Survey 2018.

Threat Detection 40

Threat Detection Accountability Risk Data breaches 40