2013, DNS, Information Security and Malware

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

The group is suspected to have been running successful malware campaigns for more than five years. The attackers have used off-the-shelf malware since the beginning of their operations and have never developed their own malware. SecurityAffairs – hacking, malware). ” reads the analysis published by Cisco Talos.

Malware

Malware Phishing DNS Cybercrime

Russia-linked InvisiMole APT targets state organizations of Ukraine

Security Affairs

MARCH 21, 2022

Then the backdoor contacts the command-and-control (C2) server to downloads and executes other malicious payloads, including the TunnelMole, malware that abuses the DNS protocol to establish a tunnel for malicious purposes, and RC2FM and RC2CL. The LoadEdge backdoor maintains persistence through the Windows registry.

Spyware

Spyware DNS Phishing Government

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Security Affairs

OCTOBER 21, 2019

Security experts have a new malware, dubbed skip-2.0 Security experts at ESET have discovered a new malware, dubbed skip-2.0, The Winnti group was first spotted by Kaspersky in 2013, according to the researchers the gang has been active since 2007. The skip-2.0 by its authors and part of the Winnti Group’s arsenal.”

Malware

Malware Passwords Advertising DNS

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

The group has been active since at least 2013, ESET experts linked the group to the Gamaredon Russian APT group Gamaredon despite considers the two crews independent. They use DNS tunneling for stealthier C&C communications, and place execution guardrails on the malicious components to hide the malware from security researchers.”

DNS

DNS Advertising Spyware Software

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

JANUARY 18, 2022

According to the security firm, the group is financially motivated, its cyberespionage campaign hit high value targets such as government and educational institutions, religious movements, pro-democracy and human rights organisations in Hong Kong, Covid-19 research organisations, gambling and cryptocurrency companies, and the media.

Cryptocurrency

Cryptocurrency Social Engineering Media Phishing

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Security Affairs

OCTOBER 14, 2019

Security experts at ESET revealed that Winnti Group continues to update its arsenal, they observed that the China-linked APT group using a new modular Windows backdoor that they used to infect the servers of a high-profile Asian mobile hardware and software manufacturer. SecurityAffairs – Winnti, malware). Pierluigi Paganini.

Manufacturing

Manufacturing Mobile Malware Software

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Security Affairs

APRIL 27, 2023

Iran-linked APT group Charming Kitten employed a new malware dubbed BellaCiao in attacks against victims in the U.S., The Charming Kitten used a new custom malware, dubbed BellaCiao, that is tailored to suit individual targets and is very sophisticated. Europe, the Middle East and India. Israel, Iraq, and Saudi Arabia.

Malware

Malware DNS Media Architecture

Phishing: What Everyone in Your Organization Needs to Know

NopSec

FEBRUARY 15, 2017

Phishing is a standard method of delivering malware, including ransomware. The attacker may utilize a website such as nwtools.com to look through the target organization’s DNS records. The FBI estimates that from October 2013 to February 2016, whaling attacks were attributed to $2.3 billion in losses.

Phishing

Phishing Social Engineering Engineering Healthcare

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. Brian Krebs | @briankrebs.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Black Hat USA 2023 NOC: Network Assurance

Cisco Security

AUGUST 28, 2023

XDR (eXtended Detection and Response) Integrations At Black Hat USA 2023, Cisco Secure was the official Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider. SCA detected 289 alerts including Suspected Port Abuse, Internal Port Scanner, New Unusual DNS Resolver,and Protocol Violation (Geographic).

Wireless

Wireless DNS Mobile Technology

A month later Gamaredon is still active in Eastern Europe

Security Affairs

JUNE 4, 2019

The group was first discovered by Symantec and TrendMicro in 2015 but evidence of its activities has been dated back to 2013. Low AV detection of SFX malware. cmd” , which firstly checks for the presence of malware analysis tools. This document, written in Ukraine language, contains information about a criminal charge.

Passwords

Passwords DNS Engineering Malware

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

SI-LAB analyzed this malware and noticed that it does not use sophisticated techniques. Criminals used UPX packer to protect malware code written in Go and a RSA public certificate is hardcoded inside malware to encrypt all user’s target files. This finding results in a simple “key” to encrypt all the infected victims.

Ransomware

Ransomware Encryption Malware Cyber Attacks

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

SI-LAB analyzed this malware and noticed that it does not use sophisticated techniques. Criminals used UPX packer to protect malware code written in Go and a RSA public certificate is hardcoded inside malware to encrypt all user’s target files. This finding results in a simple “key” to encrypt all the infected victims.

Ransomware

Ransomware Encryption Malware Cyber Attacks

Cyber Security Informer

Threat actor has been targeting the aviation industry since at least 2018

Russia-linked InvisiMole APT targets state organizations of Ukraine

Webinars

Trending Sources

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Webinars

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Financially motivated Earth Lusca threat actors targets organizations worldwide

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Phishing: What Everyone in Your Organization Needs to Know

Top Cybersecurity Accounts to Follow on Twitter

Black Hat USA 2023 NOC: Network Assurance

A month later Gamaredon is still active in Eastern Europe

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Stay Connected