2012, Encryption and Information Security

Russian govn blocked Tutanota service in Russia to stop encrypted communication

Security Affairs

FEBRUARY 17, 2020

Tutanota , the popular free and open-source end-to-end encrypted email software, has been blocked by Russian authorities. The popular free and open-source end-to-end encrypted email service Tutanota has been blocked in Russia on Friday evening. ” states Tutanota. reported the Associated Press. Pierluigi Paganini.

Encryption

Encryption VPN Government Internet

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Security Affairs

SEPTEMBER 24, 2023

Stealth Falcon is a nation-state actor active since at least 2012, the group targeted political activists and journalists in the Middle East in past campaigns. The remaining components are encrypted and stored within a binary registry value.”

Spyware

Spyware Malware Architecture Encryption

A cyber attack hit Thyssenkrupp Automotive Body Solutions business unit

Security Affairs

FEBRUARY 26, 2024

In 2012, the company was targeted by another cyber attack that was classified as “heavy” and of “exceptional quality.” In In January 2021, a ThyssenKrupp subsidiary was a victim of a ransomware cyberattack that caused the encryption of its servers and employee workstations.

Cyber Attacks

Cyber Attacks Ransomware Engineering Banking

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

Since 2016, Microsoft is urging admins to stop using SMBv1, later versions of the protocol implemented security enhancements, such as encryption, pre- authentication integrity checks to prevent man-in-the-middle (MiTM) attacks, and insecure guest authentication blocking. Get-SmbServerConfiguration | Select EnableSMB1Protocol.

Authentication

Authentication Malware Advertising Hacking

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. FBI spoofs 2012 – 2013. It surfaced in November 2012 and was making thousands of victims a day. File encryption 2013 – 2015. None of these early threats went pro.

Ransomware

Ransomware Hacking Encryption Penetration Testing

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Security Affairs

APRIL 1, 2020

In malspam attacks, attackers could encrypt the Excel file by setting up a password, then when the victims receive the email, hackers trick them into opening the attachment using a password included in the content of the message. Excel attempts to decrypt and open the file and run any macros it contains. .

Malware

Malware Passwords Encryption Advertising

SideWinder carried out over 1,000 attacks since April 2020

Security Affairs

MAY 31, 2022

SideWinder has been active since at least 2012, the group main targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. The URLs used for C2 communications for these domains are split into two parts: The Installer module contains the first part of the URL which is the C2 server domain name in encrypted form.

Encryption

Encryption Malware Phishing Hacking

German industrial giant ThyssenKrupp targeted in a new cyberattack

Security Affairs

DECEMBER 21, 2022

. “At the present time, no damage has been done, nor are there any indications that data has been stolen or modified,” This isn’t the first attack suffered by the company, in 2012, the company was targeted by another cyber attack that was classified as “heavy” and of “exceptional quality.”. Pierluigi Paganini.

Engineering

Engineering Data breaches Ransomware Banking

Mirai V3G4 botnet exploits 13 flaws to target IoT devices

Security Affairs

FEBRUARY 16, 2023

Below is the list of vulnerabilities exploited by V3G4: CVE-2012-4869 : FreePBX Elastix Remote Command Execution Vulnerability Gitorious Remote Command Execution Vulnerability CVE-2014-9727 : FRITZ!Box Unlike most Mirai variants, the V3G4 variant uses different XOR encryption keys for string encryption.

IoT

IoT DDOS Encryption Malware

Chinese cyberspies used a new PlugX variant, dubbed THOR, in attacks against MS Exchange Servers

Security Affairs

JULY 28, 2021

The analysis of the file revealed that it includes the encrypted and compressed PlugX payload. Aro.dat is, in fact, an encrypted and compressed PlugX payload.” Aro.exe is likely part of the “ ARO 2012 advanced repair and optimization tool,” which is a freely available tool that claims to fix Windows registry errors.

Encryption

Encryption Antivirus Malware Hacking

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs

MARCH 22, 2020

The expert Bob Diachenko has discovered an unsecured Elasticsearch install belonging to a UK security firm that contained 5 billion records of data leaked in previous incidents that took place between 2012 and 2019. ” wrote Security Discovery’s researcher Bob Diachenko.

Data breaches

Data breaches DNS Advertising Engineering

Platinum APT and leverages steganography to hide C2 communications

Security Affairs

JUNE 6, 2019

In June 2018, experts at Kaspersky were investigating attacks against government and military entities in South and Southeast Asian countries, The experts tracked the campaign as EasternRoppels, they speculate it may have started as far back as 2012. According to the experts, the backdoor might have been active since at least 2012. . “We

Encryption

Encryption Government Advertising Cyber Attacks

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

Security Affairs

JANUARY 31, 2021

Shadowsocks is a free and open-source encryption protocol project, widely used in China to circumvent Internet censorship. It was created in 2012 by a Chinese programmer named “ clowwindy “, and multiple implementations of the protocol have been made available since.

Firewall

Firewall Surveillance Internet Internet

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

Those secrets collectively have a code name—ECI, for exceptionally compartmented information—and almost never appear in the documents. Chatting with Snowden on an encrypted IM connection, I joked that the NSA cafeteria menu probably has code names for menu items. Transferring files electronically is what encryption is for.

Surveillance

Surveillance Computers and Electronics Encryption Government

Security Affairs newsletter Round 355

Security Affairs

FEBRUARY 28, 2022

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp? worth of NFTs from tens of OpenSea users Trickbot operation is now controlled by Conti ransomware.

Ransomware

Ransomware Malware Encryption Phishing

Keepnet Labs accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs

MARCH 22, 2020

The expert Bob Diachenko has discovered an unsecured Elasticsearch install belonging to the security firm Keepnet Labs that contained 5 billion records of data leaked in previous incidents that took place between 2012 and 2019. ” wrote Security Discovery’s researcher Bob Diachenko.

Data breaches

Data breaches DNS Advertising Engineering

PurpleFox botnet variant uses WebSockets for more secure C2 communication

Security Affairs

OCTOBER 20, 2021

“However, instead of sending it in cleartext, the client deploys a symmetric AES encryption for any communication over the WebSocket for the first exchange, as no shared secret is established yet, and the AES encryption will generate a default key for this first exchange. ” continues the analysis.

Encryption

Encryption DNS Architecture Firewall

A new variant of Asruex Trojan exploits very old Office, Adobe flaws

Security Affairs

AUGUST 23, 2019

. “However, when we encountered Asruex in a PDF file, we found that a variant of the malware can also act as an infector particularly through the use of old vulnerabilities CVE-2012-0158 and CVE-2010-2883 , which inject code in Word and PDF files respectively.” ” reads the report published by Trend Micro. EBSS section.

Malware

Malware Spyware Advertising Encryption

Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor

Security Affairs

JUNE 23, 2022

The Tropic Trooper APT has been active at least since 2012, it was first spotted by security experts at Trend Micro in 2015, when the threat actors targeted government ministries and heavy industries in Taiwan and the military in the Philippines. The collected information is formatted and sent to the C&C server.

Hacking

Hacking Wireless Encryption Passwords

bA Data-Centric Approach to DEFEND

Thales Cloud Protection & Licensing

DECEMBER 18, 2019

The vision of the CDM program, created in 2012, is that all federal networks should be continuously scanned to identify and respond to threats and breaches. Along the way, I highlight where and why industry best practices for encryption, policy and access controls can be applied. I follow that path down to where that data is stored.

Digital transformation

Digital transformation CISO Government Cybersecurity

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

Security Affairs

SEPTEMBER 9, 2019

Stealth Falcon is a nation-state actor active since at least 2012, the group targeted political activists and journalists in the Middle East in past campaigns. The attacks have been conducted from 2012 until 2106, against Emirati journalists, activists, and dissidents. .”

Malware

Malware Advertising System Administration Spyware

3 Zero-Day in SonicWall Enterprise Email Security Appliances actively exploited

Security Affairs

APRIL 21, 2021

The CVE-2021-20021 and CVE-2021-20022 flaws were discovered by FireEye’s Mandiant team on March 26, 2021 while investigating an attack against one of its customers using an instance of SonicWall’s Email Security (ES) application running on a Windows Server 2012 installation.

Authentication

Authentication Accountability Encryption Hacking

New Cyber Attack Campaign Leverages the COVID-19 Infodemic

Security Affairs

FEBRUARY 26, 2020

The file downloaded from this censorship free file hosting is actually a chunk of 125KB random looking bytes, suggesting it would likely be some binary payload protected with strong encryption. Figure 4: Piece of the encrypted file downloaded from “share.]dmca.]gripe”. Figure 9: C2 connection.

Cyber Attacks

Cyber Attacks Malware Social Engineering Advertising

The Platinum APT group adds the Titanium backdoor to its arsenal

Security Affairs

NOVEMBER 9, 2019

In June 2018, experts at Kaspersky were investigating attacks against government and military entities in South and Southeast Asian countries, The experts tracked the campaign as EasternRoppels, they speculate it may have started as far back as 2012. This C2 encrypts data with the same key as the C&C requests.

Encryption

Encryption Passwords Malware Software

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

Security Affairs

JANUARY 7, 2020

SideWinder, a group that has been active since 2012, is a known threat and has reportedly targeted military entities’ Windows machines. Collected data is encrypted using RSA and AES encryption algorithms, then it is sent to the C&C server. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Surveillance

Surveillance Advertising Marketing Encryption

CISSPs from Around the Globe: An Interview with James Wright

CyberSecurity Insiders

SEPTEMBER 8, 2021

The Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted.

Computers and Electronics

Computers and Electronics Architecture Education Cybersecurity

The Fuzzing Files: The Anatomy of a Heartbleed

ForAllSecure

JULY 28, 2020

In late March 2014, two teams of security researchers independently started fuzz testing OpenSSL, an open source utility that encrypts traffic from a web browser to a server and forms the basis of trusted transactions online. In 2012, a change was made to OpenSSL-- that change allowed for Heartbleed to exist. through 1.0.1f

Encryption

Encryption Retail Software Banking

The Fuzzing Files: The Anatomy of a Heartbleed

ForAllSecure

JULY 28, 2020

In late March 2014, two teams of security researchers independently started fuzz testing OpenSSL, an open source utility that encrypts traffic from a web browser to a server and forms the basis of trusted transactions online. In 2012, a change was made to OpenSSL-- that change allowed for Heartbleed to exist. through 1.0.1f

Encryption

Encryption Retail Software Banking

The Fuzzing Files: The Anatomy of a Heartbleed

ForAllSecure

JULY 28, 2020

In late March 2014, two teams of security researchers independently started fuzz testing OpenSSL, an open source utility that encrypts traffic from a web browser to a server and forms the basis of trusted transactions online. In 2012, a change was made to OpenSSL-- that change allowed for Heartbleed to exist. through 1.0.1f

Encryption

Encryption Retail Software Banking

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Security Affairs

MAY 16, 2023

MustangPanda has been active since at least 2012, it targeted American and European entities such as government organizations, think tanks, NGOs , and even Catholic organizations at the Vatican. The communications are encrypted using a custom or modified encryption scheme that is based on Substitution-Permutation Network.

Firmware

Firmware Encryption Government Malware

Growing Cyber Threats to the Energy and Industrial Sectors

NopSec

DECEMBER 7, 2016

Remember Shamoon, the malware that disabled some 35,000 computers at one of the world’s largest oil companies in 2012? Modern variants of ransomware, called crypto ransomware, entomb the files stored on a hard drive using strong encryption. It gives the example of Hacking Team, based in Italy, and Vupen Security, based in France.

Cyber threats

Cyber threats Cyber Attacks Ransomware Manufacturing

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

File name: control MD5: c4463d6ae741d4fb789bd0895fafebee SHA1: c8866ca1012dfabf5ad131cfeea0036dacb433e6 Creation time: 2012-09-21 09:56:09 First submission on VT: 2019-02-19 23:26:41. This temp file is the Ammyy RAT encrypted file, which will be decrypted and renamed at a later stage ( wsus.exe ). About the author Pedro Tavares.

Malware

Malware Antivirus Technology Phishing

Cyber mercenaries group DeathStalker uses a new backdoor

Security Affairs

DECEMBER 5, 2020

DeathStalker is a hack-for-hire group discovered by Kaspersky, it has been targeting organizations worldwide, mainly law firms and financial entities, since 2012. The cyber mercenaries group known as DeathStalker has been using a new PowerShell backdoor in recent attacks.

DNS

DNS Phishing Antivirus Encryption

Happy 10th anniversary & Kali's story.so far

Kali Linux

MARCH 28, 2023

In information security (infosec) there is the need to be on the latest version. Being a system administrator, a patch could contain a security update to stop a vulnerability. Moving to Rolling Overall, the feedback received for Kali 2.0 was positive, and it was a success.

InfoSec

InfoSec Penetration Testing Architecture Software

The Hacker Mind Podcast: DEF CON Villages

ForAllSecure

AUGUST 2, 2022

Anyone who has anyone in the information security community is usually melting under the hot Nevada sun. Gosh, there must be 20 or more villages at DEFCON if you want to learn radio if you want to learn tampering with seals if you want to learn encryption, if you want to learn you name it. You turn it off and back on again.

Hacking

Hacking Computers and Electronics InfoSec Software

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. GitGuardian is a developer favorite offering a secrets detection solution that scans source code to detect certificates, passwords, API keys, encryption keys, and more.

Cybersecurity

Cybersecurity Threat Detection Artificial Intelligence Risk

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

I’m Robert Vamosi and in this episode I’m talking about our right to repair, how some high tech companies might want to limit that right, and how there’s a group of information security professionals who are volunteering their free time to fight for those rights in local legislation.

InfoSec

InfoSec Manufacturing Technology Software

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

I’m Robert Vamosi and in this episode I’m talking about our right to repair, how some high tech companies might want to limit that right, and how there’s a group of information security professionals who are volunteering their free time to fight for those rights in local legislation.

InfoSec

InfoSec Manufacturing Technology Software

Russian govn blocked Tutanota service in Russia to stop encrypted communication

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Trending Sources

A cyber attack hit Thyssenkrupp Automotive Body Solutions business unit

Microsoft recommends Exchange admins to disable the SMBv1 protocol

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

SideWinder carried out over 1,000 attacks since April 2020

German industrial giant ThyssenKrupp targeted in a new cyberattack

Mirai V3G4 botnet exploits 13 flaws to target IoT devices

Chinese cyberspies used a new PlugX variant, dubbed THOR, in attacks against MS Exchange Servers

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

Platinum APT and leverages steganography to hide C2 communications

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

Snowden Ten Years Later

Security Affairs newsletter Round 355

Keepnet Labs accidentally exposed an unprotected database with 5 Billion previously leaked records

PurpleFox botnet variant uses WebSockets for more secure C2 communication

A new variant of Asruex Trojan exploits very old Office, Adobe flaws

Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor

bA Data-Centric Approach to DEFEND

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

3 Zero-Day in SonicWall Enterprise Email Security Appliances actively exploited

New Cyber Attack Campaign Leverages the COVID-19 Infodemic

The Platinum APT group adds the Titanium backdoor to its arsenal

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

CISSPs from Around the Globe: An Interview with James Wright

The Fuzzing Files: The Anatomy of a Heartbleed

The Fuzzing Files: The Anatomy of a Heartbleed

The Fuzzing Files: The Anatomy of a Heartbleed

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Growing Cyber Threats to the Energy and Industrial Sectors

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Cyber mercenaries group DeathStalker uses a new backdoor

Happy 10th anniversary & Kali's story.so far

The Hacker Mind Podcast: DEF CON Villages

Top Cybersecurity Startups to Watch in 2022

The Hacker Mind Podcast: The Right To Repair

The Hacker Mind Podcast: The Right To Repair

Stay Connected