Security Affairs

MAY 8, 2023

Ukraine’s CERT-UA warns of an ongoing phishing campaign aimed at distributing the SmokeLoader malware in the form of a polyglot file. CERT-UA warns of an ongoing phishing campaign that is distributing the SmokeLoader malware in the form of a polyglot file. ” reads the alert published by Ukraine’s CERT.

Malware 92

Malware Phishing VPN Accountability 92

Security Affairs

APRIL 5, 2022

Ukraine CERT-UA spotted a spear-phishing campaign conducted by Russia-linked Armageddon APT targeting local state organizations. The phishing messages have been sent from “vadim_melnik88@i[.]ua,” ua,” the campaign aims at infecting the target systems with malware.

Phishing 114

Phishing Government Hacking Malware 114

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. FBI spoofs 2012 – 2013. File encryption 2013 – 2015.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

SEPTEMBER 18, 2021

Security researchers from the Cisco Talos team uncovered a spear-phishing campaign targeting the aviation industry for two years avoiding detection. Security researchers from Cisco Talos uncovered a spear-phishing campaign targeting, dubbed Operation Layover, that targeted the aviation industry for two years without being detected.

Malware 97

Malware Phishing DNS Cybercrime 97

Security Affairs

AUGUST 16, 2022

Russia-linked Gamaredon APT group targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad. Russia-linked Gamaredon APT group (aka Shuckworm , Actinium , Armageddon , Primitive Bear , and Trident Ursa) targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad, Symantec warns.

Malware 83

Malware Phishing Hacking Government 83

Security Affairs

MAY 16, 2021

Alleged Pakistan-Linked cyber espionage group, tracked as Transparent Tribe, targets Indian entities with a new Windows malware. Researchers from Cisco Talos warn that the Pakistan-linked APT group Transparent Tribe expanded its Windows malware arsenal. ” read the analysis published Cisco Talos. ” continues the report.

Malware 103

Malware Phishing Hacking Information Security 103

Security Affairs

JUNE 3, 2023

Kimsuky cyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium , Velvet Chollima, APT43 ) was first spotted by Kaspersky researcher in 2013. The APT group has persistently refined its social engineering tactics, making its spear-phishing campaigns progressively harder to detect. ” continues the advisory.

Social Engineering 89

Social Engineering Phishing System Administration Engineering 89

Security Affairs

MARCH 21, 2022

Ukraine CERT (CERT-UA) warns of spear-phishing ??attacks The Government Team for Response to Computer Emergencies of Ukraine (CERT-UA) warns of spear-phishing messages conducted by UAC-0035 group (aka InvisiMole) against Ukrainian state bodies. attacks conducted by UAC-0035 group (aka InvisiMole) on state organizations of Ukraine.

Spyware 85

Spyware DNS Phishing Government 85

Security Affairs

FEBRUARY 6, 2022

Russia-linked APT group Gamaredon is behind spear-phishing attacks against Ukrainian entities and organizations since October 2021. In Mid January the Ukrainian government was hit with destructive malware, tracked as WhisperGate , and several Ukrainian government websites were defaced by exploiting a separate vulnerability in OctoberCMS.

Government 82

Government Phishing Malware Hacking 82

Krebs on Security

OCTOBER 1, 2022

In customer guidance released Thursday, Microsoft said it is investigating two reported zero-day flaws affecting Microsoft Exchange Server 2013, 2016, and 2019. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks.

Hacking 183

Hacking Passwords Internet Internet 183

CyberSecurity Insiders

AUGUST 26, 2022

Ransomware is a cyberattack that uses malware – software created to infiltrate a computer system and damage or disrupt it. An AIDS researcher named Joseph Popp put malware on floppy discs and handed them out to over 20,000 people at a conference. The malware demanded over $500 from each person who inserted the floppy disk.

Ransomware 123

Ransomware Education Software Malware 123

Security Affairs

NOVEMBER 19, 2021

The TA406 cyber espionage group was first spotted by Kaspersky researchers in 2013. TA406 doesn’t usually employ malware in its campaigns, however, researchers tracked two campaigns that were attempting to distribute information-stealer malware.

Cryptocurrency 85

Cryptocurrency Malware Government Education 85

Security Affairs

JANUARY 18, 2022

Trend Micro researchers spotted an elusive threat actor, called Earth Lusca, that targets organizations worldwide via spear-phishing and watering hole attacks. . The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. Both clusters served as a C&C server.

Cryptocurrency 110

Cryptocurrency Social Engineering Media Phishing 110

Security Affairs

DECEMBER 1, 2022

In 2013, Yahoo suffered one of the worst data breaches in history, exposing over 3 billion user accounts. Near the holiday season of 2013, hackers exposed the credit and debit card information of over 110 million Target customers. They then installed malware, which helped them obtain customers’ credit/debit card information.

Data breaches 94

Data breaches Passwords Social Engineering Encryption 94

Security Boulevard

MAY 17, 2023

It would be easy to chalk up this increase to the development and introduction of new advanced types of malware, but the surprising fact is that many of the same threats and exploits used in data breaches in 2013 are still being successfully employed 10 years later. The malware itself wasn’t particularly sophisticated, either.

Data breaches 52

Data breaches DNS Malware Phishing 52

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned.

DNS 259

DNS Penetration Testing Malware Hacking 259

Security Affairs

AUGUST 14, 2020

The CactusPete cyber-espionage group has been active since at least 2013, it has been mainly focused on military, diplomatic, and infrastructure targets in Asia and Eastern Europe. Since the malware contains mostly information gathering functionality, most likely they hack into organizations to gain access to the victims’ sensitive data.

Malware 91

Malware Advertising Phishing Hacking 91

Krebs on Security

SEPTEMBER 6, 2021

The Web site in 2015 for the “Manipulaters Team,” a group of Pakistani hackers behind the dark web identity “Saim Raza,” who sells spam and malware tools and services. Regarding phishing, whenever we receive complaint, we remove the services immediately. ” The IT network of The Manipulaters, circa 2013.

Software 239

Software Phishing Cybercrime Accountability 239

Security Affairs

FEBRUARY 4, 2022

In Mid January the Ukrainian government was hit with destructive malware, tracked as WhisperGate , and several Ukrainian government websites were defaced by exploiting a separate vulnerability in OctoberCMS. These clusters link to over 700 malicious domains, 215 IP addresses, and over 100 samples of malware.

Government 81

Government Malware Phishing Software 81

Security Affairs

MARCH 17, 2020

The man is active at least since 2013 and already earned at least $100,000 US from his ‘work,’ but researchers believe he has earned several times that amount. The experts were able to identify the man, his name is Bill Henry (25) from Benin City, Nigeria, his criminal activity include the theft of credit cards, phishing and malware attacks.

Cybercrime 103

Cybercrime Malware Advertising Phishing 103

Security Affairs

JUNE 8, 2023

The campaign has the objective of stealing Google and subscription credentials of a reputable news and analysis service focusing on North Korea, as well as delivering reconnaissance malware. Kimsuky cyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium , Velvet Chollima, APT43 ) was first spotted by Kaspersky researcher in 2013.

Social Engineering 71

Social Engineering Engineering Malware Risk 71

Security Affairs

MARCH 3, 2021

It was founded in 2013 and operates worldwide but mainly in Ukraine and Russia. Scams, Phishing, and Malware: It is common for unethical hackers and criminals on the Internet to use personal data to create trustworthy phishing emails. Phishing emails often use scare tactics to force users to open the attachment.

Data breaches 98

Data breaches Identity Theft B2B Phishing 98

Security Affairs

AUGUST 26, 2022

Kimsuky cyberespiona group (aka Black Banshee, Thallium , Velvet Chollima) was first spotted by Kaspersky researcher in 2013. The GoldDragon campaign targets the media and a think-tank in South Korea, the attack chain starts sending a spear-phishing email with a weaponized Word document. ” reads the report from Kaspersky.

Malware 70

Malware Media Phishing Hacking 70

Security Affairs

FEBRUARY 10, 2020

The attackers aimed at stealing confidential documents from government systems after having infected them with malware. The attackers exploit the CVE-2014-6352 and CVE-2017-0199 Office vulnerabilities to drop and execute the malware on the victim’s computer. ” reads the alert issued by MyCERT.

Government 123

Government Advertising Malware Hacking 123

NopSec

FEBRUARY 15, 2017

Do you feel confident that everyone in your organization could identify a phishing email that contained ransomware? In today’s post, we share information with the goal that it will help everyone in your organization protect themselves from phishing attacks.

Phishing 40

Phishing Social Engineering Engineering Healthcare 40

Security Affairs

DECEMBER 18, 2019

Threat actors launched spear-phishing attacks using emails with malicious attachments often disguised as PDF files. Attackers used a new variant of the Separ credential-stealing malware, a malicious code that was first spotted by Sonicwall in 2013. ” concludes the analysis.

Manufacturing 62

Manufacturing Advertising Phishing Malware 62

Adam Shostack

MAY 20, 2020

” How the intrusion happens is about questions like: Is it phishing emails that steal creds? Related: My 2013 SIRA talk, “ Building a Science of Security “, “ Zeroing in on Malware Propagation Methods.” Email attachments with exploits? SQL injection? Is it APTs or scripts?

InfoSec 124

InfoSec Government Engineering Phishing 124

Security Affairs

AUGUST 23, 2020

At that time, the researchers tracked the sources IP in Pakistan, the attacks were part of a wider operation that relies on multi vector such as watering hole websites and phishing email campaigns delivering custom RATs dubbed Crimson and Peppy. These RATs are capable of exfiltrate information, take screenshot, and record webcam streams.

Malware 118

Malware Media Advertising Surveillance 118

SiteLock

AUGUST 27, 2021

According to the report “A resurgence of RAM scraping malware is the most prominent tactical development in 2013,” the same tactic used in the giant Target breach. Many of the attacks in our 2013 dataset targeted off-the-shelf content management systems (e.g.,

Retail 52

Retail Data breaches DDOS Passwords 52

Malwarebytes

APRIL 20, 2021

The Carbanak campaign first made international headlines in 2015 as one of the first malware campaigns that specialized in remote ATM robberies. But FIN7 had already been active for a few years at that point and was involved in a lot more banking and financial malware than just the ATM machines manipulation. The malware.

System Administration 83

System Administration Banking Malware Penetration Testing 83

SecureList

DECEMBER 8, 2022

Just to clarify, the subheading isn’t a normal quote, but a message that Janicab malware attempted to decode in its newest use of YouTube dead-drop resolvers (DDRs). Janicab was first introduced in 2013 as malware able to run on MacOS and Windows operating systems. MAC address. F1B5675E1A60049C7CD. 823EBA93FE977.

Malware 108

Malware DNS Engineering Internet 108

Security Affairs

JULY 2, 2019

Malware is currently delivered from: 'hxxps://customermgmt.net/page/macrocosm' #cybersecurity #infosec — USCYBERCOM Malware Alert (@CNMF_VirusAlert) July 2, 2019. It was highly speculated that spear phishes were involved, but not a lot of information around the initial vectors was published.”

Energy and Utilities 81

Energy and Utilities Malware Advertising InfoSec 81

Security Affairs

JUNE 4, 2020

The Cycldek group was first spotted in September 2013, in past campaigns it mainly targeted entities in Southeast Asia using different malware variants, such as PlugX and HttpTunnel. In 2014, experts noticed an intensification in the activity of the group that appeared interested in the dispute over the South China Sea.

Malware 77

Malware Media Advertising Phishing 77

Malwarebytes

FEBRUARY 8, 2022

Unfortunately, malware authors have used these capabilities to download and run malware on a large scale. Attackers have always liked macros because they provide a simple and reliable method to spread malware using legitimate features, and without relying on any vulnerability or exploit. Learn More. Mark of the Web.

Internet 68

Internet Internet Malware Software 68

Security Affairs

AUGUST 27, 2020

Screenshot from the latest forum discussion about RepWatch in 2013: The CSV files appear to have included the same set of 350 million unique emails, separated into three groups: hashed, hashed and salted, and unencrypted files. Watch out for potential spam messages and phishing emails.

Social Engineering 122

Social Engineering Passwords Marketing Phishing 122

eSecurity Planet

APRIL 23, 2021

Endpoints are the most common entry point for malware and other malicious attackers, and protecting them is more important than ever with the boom in remote work due to the COVID-19 pandemic. SentinelOne has raised $700 million in funding since being founded in 2013. About SentinelOne.

Threat Detection 57

Threat Detection Data collection IoT Malware 57

SecureList

DECEMBER 1, 2023

To exfiltrate data and deliver next-stage malware, the attackers abuse cloud-based data storage, such as Dropbox or Yandex Disk, as well as a temporary file sharing service. The postinst script contains comments in Russian and Ukrainian, including information about improvements made to the malware, as well as statements by activists.

Malware 98

Malware Ransomware Encryption Energy and Utilities 98