2012, Encryption, Information Security and Malware

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Security Affairs

APRIL 1, 2020

Researchers spotted a campaign using Excel files to spread LimeRAT malware using the 8-year-old and well-known VelvetSweatshop bug. Researchers at the Mimecast Threat Center spotted a new campaign using Excel files to spread LimeRAT malware using the 8-year-old VelvetSweatshop bug. ” reads the analysis published by the experts.

Malware

Malware Passwords Encryption Advertising

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Security Affairs

SEPTEMBER 24, 2023

Stealth Falcon is a nation-state actor active since at least 2012, the group targeted political activists and journalists in the Middle East in past campaigns. The attacks have been conducted from 2012 until 2106, against Emirati journalists, activists, and dissidents. The malware also supports multiple evasion capabilities.

Spyware

Spyware Malware Architecture Encryption

SideWinder carried out over 1,000 attacks since April 2020

Security Affairs

MAY 31, 2022

SideWinder has been active since at least 2012, the group main targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. The URLs used for C2 communications for these domains are split into two parts: The Installer module contains the first part of the URL which is the C2 server domain name in encrypted form.

Encryption

Encryption Malware Phishing Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

Microsoft is recommending administrators to disable the SMBv1 network communication protocol on Exchange servers to prevent malware attacks. Microsoft is urging administrators to disable the SMBv1 protocol on Exchange servers as a countermeasure against malware threats like TrickBot and Emotet. Get-WindowsFeature FS-SMB1).Installed

Authentication

Authentication Malware Advertising Hacking

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. FBI spoofs 2012 – 2013. It surfaced in November 2012 and was making thousands of victims a day. File encryption 2013 – 2015. None of these early threats went pro.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Mirai V3G4 botnet exploits 13 flaws to target IoT devices

Security Affairs

FEBRUARY 16, 2023

Below is the list of vulnerabilities exploited by V3G4: CVE-2012-4869 : FreePBX Elastix Remote Command Execution Vulnerability Gitorious Remote Command Execution Vulnerability CVE-2014-9727 : FRITZ!Box Unlike most Mirai variants, the V3G4 variant uses different XOR encryption keys for string encryption.

IoT

IoT DDOS Encryption Malware

Chinese cyberspies used a new PlugX variant, dubbed THOR, in attacks against MS Exchange Servers

Security Affairs

JULY 28, 2021

Researchers from Palo Alto Networks Unit 42 team tracked the new version of the PlugX malware as Thor, they reported that the RAT was used as a post-exploitation tool deployed on one of the compromised servers. The analysis of the file revealed that it includes the encrypted and compressed PlugX payload. ” reads the analysis.

Encryption

Encryption Antivirus Malware Hacking

Security Affairs newsletter Round 355

Security Affairs

FEBRUARY 28, 2022

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp? worth of NFTs from tens of OpenSea users Trickbot operation is now controlled by Conti ransomware.

Ransomware

Ransomware Malware Encryption Phishing

A new variant of Asruex Trojan exploits very old Office, Adobe flaws

Security Affairs

AUGUST 23, 2019

Malware researchers at Trend Micro discovered a new variant of the Asruex Trojan that exploits old Microsoft Office and Adobe vulnerabilities to infect Windows and Mac systems. CVE-2012-0158 is a critical remote code execution (RCE) vulnerability that affected Microsoft Office. . SecurityAffairs – Asruex Trojan, malware).

Malware

Malware Spyware Advertising Encryption

Platinum APT and leverages steganography to hide C2 communications

Security Affairs

JUNE 6, 2019

In June 2018, experts at Kaspersky were investigating attacks against government and military entities in South and Southeast Asian countries, The experts tracked the campaign as EasternRoppels, they speculate it may have started as far back as 2012. ” reads the analysis published by the expert. ” continues Kaspersky.

Encryption

Encryption Government Advertising Cyber Attacks

New Cyber Attack Campaign Leverages the COVID-19 Infodemic

Security Affairs

FEBRUARY 26, 2020

Researchers from Cybaze Yoroi ZLab have spotted a new campaign exploiting the interest in coronavirus (COVID-19) evolution to spread malware. It is not new for cyber-crooks to exploit social phenomena to spread malware in order to maximize the impact and dissemination of a malicious campaign. Introduction. Technical Analysis.

Cyber Attacks

Cyber Attacks Malware Social Engineering Advertising

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

Security Affairs

SEPTEMBER 9, 2019

ESET researchers discovered a new malware associated with the Stealth Falcon APT group that abuses the Windows BITS service to stealthy exfiltrate data. Security researchers from discovered a new malware associated with the Stealth Falcon cyber espionage group that abuses the Windows BITS service to stealthy exfiltrate data.

Malware

Malware Advertising System Administration Spyware

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

Security Affairs

JANUARY 31, 2021

Shadowsocks is a free and open-source encryption protocol project, widely used in China to circumvent Internet censorship. It was created in 2012 by a Chinese programmer named “ clowwindy “, and multiple implementations of the protocol have been made available since.

Firewall

Firewall Surveillance Internet Internet

Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor

Security Affairs

JUNE 23, 2022

China-linked APT group Tropic Trooper has been spotted previously undocumented malware written in Nim language. Computer name, MAC address, OS version, installed AV products, and presence of WeChat and Tencent files) along with information about local wireless network SSIDs in the victim machine’s vicinity.

Hacking

Hacking Wireless Encryption Passwords

PurpleFox botnet variant uses WebSockets for more secure C2 communication

Security Affairs

OCTOBER 20, 2021

” The MSI package first removes registry keys associated with the old Purple Fox installations if any are present, then it replaces the components of the malware with new ones. “The goal is to install the MSI package as an admin without any user interaction.” ” continues the analysis.

Encryption

Encryption DNS Architecture Firewall

The Platinum APT group adds the Titanium backdoor to its arsenal

Security Affairs

NOVEMBER 9, 2019

In June 2018, experts at Kaspersky were investigating attacks against government and military entities in South and Southeast Asian countries, The experts tracked the campaign as EasternRoppels, they speculate it may have started as far back as 2012. After that, the malware starts receiving commands. ” continues the analys i s.

Encryption

Encryption Passwords Malware Software

3 Zero-Day in SonicWall Enterprise Email Security Appliances actively exploited

Security Affairs

APRIL 21, 2021

The CVE-2021-20021 and CVE-2021-20022 flaws were discovered by FireEye’s Mandiant team on March 26, 2021 while investigating an attack against one of its customers using an instance of SonicWall’s Email Security (ES) application running on a Windows Server 2012 installation.

Authentication

Authentication Accountability Encryption Hacking

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

Security Affairs

JANUARY 7, 2020

SideWinder, a group that has been active since 2012, is a known threat and has reportedly targeted military entities’ Windows machines. Collected data is encrypted using RSA and AES encryption algorithms, then it is sent to the C&C server. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Surveillance

Surveillance Advertising Marketing Encryption

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

SI-LAB captured a piece of the FlawedAmmyy malware that leverages undetected XLM macros as an Infection Vehicle to compromise user’s devices. The threat is only detected later when an MSI file (Windows installer) drops and execute the first infection stage of the malware. macro) embedded that is not detectable by AV engines.

Malware

Malware Antivirus Technology Phishing

Growing Cyber Threats to the Energy and Industrial Sectors

NopSec

DECEMBER 7, 2016

Remember Shamoon, the malware that disabled some 35,000 computers at one of the world’s largest oil companies in 2012? When the malware hit Saudi Aramco four years ago, it propelled the company into a technological dark age, forcing the company to rely on typewriters and faxes while it recovered.

Cyber threats

Cyber threats Cyber Attacks Ransomware Manufacturing

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Security Affairs

MAY 16, 2023

MustangPanda has been active since at least 2012, it targeted American and European entities such as government organizations, think tanks, NGOs , and even Catholic organizations at the Vatican. Upon opening the reports, the infection process starts leading to the deployment of malware on the victim’s system.

Firmware

Firmware Encryption Government Malware

Cyber mercenaries group DeathStalker uses a new backdoor

Security Affairs

DECEMBER 5, 2020

DeathStalker is a hack-for-hire group discovered by Kaspersky, it has been targeting organizations worldwide, mainly law firms and financial entities, since 2012. Once executed the command, the malware the malicious code sends back command execution results. “On

DNS

DNS Phishing Antivirus Encryption

Cyber Security Informer

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Webinars

Trending Sources

SideWinder carried out over 1,000 attacks since April 2020

Webinars

Microsoft recommends Exchange admins to disable the SMBv1 protocol

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Mirai V3G4 botnet exploits 13 flaws to target IoT devices

Chinese cyberspies used a new PlugX variant, dubbed THOR, in attacks against MS Exchange Servers

Security Affairs newsletter Round 355

A new variant of Asruex Trojan exploits very old Office, Adobe flaws

Platinum APT and leverages steganography to hide C2 communications

New Cyber Attack Campaign Leverages the COVID-19 Infodemic

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor

PurpleFox botnet variant uses WebSockets for more secure C2 communication

The Platinum APT group adds the Titanium backdoor to its arsenal

3 Zero-Day in SonicWall Enterprise Email Security Appliances actively exploited

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Growing Cyber Threats to the Energy and Industrial Sectors

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Cyber mercenaries group DeathStalker uses a new backdoor

Stay Connected