2014, Architecture and Hacking - Cyber Security Informer

Feedify cloud service architecture compromised by MageCart crime gang

Security Affairs

SEPTEMBER 16, 2018

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. The post Feedify cloud service architecture compromised by MageCart crime gang appeared first on Security Affairs. Pierluigi Paganini.

Architecture

Architecture Advertising Cybercrime Malware

Operation Soft Cell – Multiple telco firms hacked by nation-state actor

Security Affairs

JUNE 25, 2019

Attack scenario sees hackers planting a malicious web shell on an IIS server, identified as a modified version of the China Chopper web shell , that was used to run reconnaissance commands, steal credentials, and deploy other hacking tools. machines within the network, network architecture, users, and active directory enumeration).

Telecommunications

Telecommunications Hacking Mobile Advertising

After SIMJacker, WIBattack hacking technique disclosed. Billions of users at risk

Security Affairs

SEPTEMBER 28, 2019

Researchers are warning of a new variant of recently disclosed SimJacker attack, dubbed WIBattack , that could expose millions of mobile phones to remote hacking. WIBattack is a new variant of the recently discovered Simjacker attack method that could expose millions of mobile phones to remote hacking. ” reported SRLLabs.

Hacking

Hacking Risk Mobile Advertising

Hackers targeted ICS/SCADA systems at water facilities, Israeli government warns

Security Affairs

APRIL 27, 2020

The experts discovered a desolating situation, a number of systems affected by critical vulnerabilities were publicly exposed on the Internet and the overall architecture was including outdated operation technology (OT) systems. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Energy and Utilities

Energy and Utilities Government Cyber Attacks Architecture

AMD is going to patch UEFI SMM callout privilege escalation flaw

Security Affairs

JUNE 22, 2020

If this level of access is acquired, an attacker could potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, chips).

Firmware

Firmware Architecture Advertising Manufacturing

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. Pierluigi Paganini.

Firmware

Firmware Spyware Surveillance Hacking

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

The new versions of FinSpy spyware were used by a new unknown hacking group, Amnesty International speculates the involvement of a nation-state actor that employed them since September 2019. It extracts the binary for the relevant architecture in /tmp/udev2 and executes it. SecurityAffairs – hacking, FinSpy). Pierluigi Paganini.

Spyware

Spyware Surveillance Mobile Advertising

New HEH botnet wipes devices potentially bricking them

Security Affairs

OCTOBER 7, 2020

Experts noticed that the malware supports multiple CPU architectures, including x86(32/64), ARM(32/64), MIPS(MIPS32/MIPS-III) and PPC, it is written in the Go open-source programming language. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, HEH botnet).

Architecture

Architecture IoT Malware Advertising

AMD admits hacker stole source code files related to its GPUs

Security Affairs

MARCH 28, 2020

AMD admitted that a hacker has stolen files related to some of its graphics products, but it downplayed the potential impact of the hack. AMD admitted that a hacker that goes online with the moniker “Palesa” has stolen source code files related to some of its graphics products, but it downplayed the potential impact of the hack.

Advertising

Advertising Architecture Hacking Data breaches

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Pierluigi Paganini.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Crooks leverage Zoom’s popularity in Coronavirus outbreak to serve malware

Security Affairs

MARCH 30, 2020

Prevent zero-day attacks with a holistic, end to end cyber architecture. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – coronavirus, hacking). Pierluigi Paganini.

Malware

Malware Advertising Retail Architecture

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs

SEPTEMBER 24, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, ZeroLogon).

Security Intelligence

Security Intelligence Authentication Advertising Passwords

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. Gafgyt is a popular choice for launching large-scale DDoS attacks, it first appeared in the threat landscape in 2014. Then the script downloads the actual Enemybot binary which is compiled for the target device’s architecture. Pierluigi Paganini.

DDOS

DDOS Architecture Malware Cybercrime

Maastricht University finally paid a 30 bitcoin ransom to crooks

Security Affairs

FEBRUARY 9, 2020

. “The modus operandi of the group behind this specific attack comes over with a criminal group that already has one has a long history, and goes back to at least 2014,” reads the Fox-IT full report to UM (in Dutch). TA505 hacking group has been active since 2014 focusing on Retail and banking sectors.

Ransomware

Ransomware Cyber Attacks Backups Architecture

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

. “Our analysis of this particular sample indicates the file executes on microprocessor without interlocked pipelined stages (MIPS) architecture. This is an extension understood by machines running reduced instruction set computer (RISC) architecture, which is prevalent on many IoT devices.” ” continues the analysis.

IoT

IoT DDOS Architecture Passwords

CISA warns of phishing attacks delivering KONNI RAT

Security Affairs

AUGUST 17, 2020

The malware has been active since at least 2014, it was undetected for more than 3 years and was used in highly targeted attacks. Government experts warn that macro code could change the font color to trick the victim into enabling content and determine the system architecture. SecurityAffairs – hacking, KONNI RAT).

Phishing

Phishing Malware Advertising Architecture

VMware addressed flaws in its Workstation and Tools

Security Affairs

JUNE 6, 2019

The second issue, tracked as CVE-2019-5525, is a use-after-free bug affecting the Advanced Linux Sound Architecture (ALSA) backend in Workstation 15.x. “VMware Workstation contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. SecurityAffairs – hacking). Pierluigi Paganini.

Architecture

Architecture Advertising Software Hacking

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

Security Affairs

SEPTEMBER 23, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. “An Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, ZeroLogon).

Authentication

Authentication Advertising Architecture Passwords

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 30, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Windows).

Authentication

Authentication Advertising Architecture Cybercrime

Steelcase office furniture giant hit by Ryuk ransomware attack

Security Affairs

OCTOBER 28, 2020

Steelcase is a US-based furniture company that produces office furniture, architectural and technology products for office environments and the education, health care and retail industries. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Steelcase). Pierluigi Paganini.

Ransomware

Ransomware Computers and Electronics Manufacturing Advertising

QNodeService Trojan spreads via fake COVID-19 tax relief

Security Affairs

MAY 16, 2020

is dropped depending on the Windows system architecture of the target machine. . At the end of March, experts from IBM X-Force uncovered a hacking campaign employing the Zeus Sphinx malware that focused on government relief payment. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The wizard.js

Malware

Malware Phishing Advertising Antivirus

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Security Affairs

MARCH 7, 2020

Like all security architectures, Intel’s had a weakness: the boot ROM, in this case. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, CVE-2019-0090). Pierluigi Paganini.

Firmware

Firmware Technology Advertising Authentication

Orange Business Services hit by Nefilim ransomware operators

Security Affairs

JULY 17, 2020

“The leaked documents related to ATR seem to include multiple aircraft architecture designs, email conversations, transfer of responsibility documents, and much more.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Business Services

Business Services Ransomware Mobile Telecommunications

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Security Affairs

MAY 15, 2020

Since December 2014, the threat actors are using a malware dubbed USBferry in attacks against military/navy agencies, government institutions, military hospitals, and also a national bank. ” The group used “tracert” and “ping” commands to map the target’s network architecture (i.e. Pierluigi Paganini.

Government

Government Malware Advertising Architecture

Hackers for hire group target organizations via 3ds Max exploit

Security Affairs

AUGUST 26, 2020

2] It has modeling capabilities and a flexible plugin architecture and must be used on the Microsoft Windows platform. 3Ds Max is used by engineering, architecture, gaming, or software organizations. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, 3ds Max ).

Architecture

Architecture Malware Advertising Software

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. The Raccoon stealer is written in C++ by Russian-speaking developers that initially promoted it exclusively on Russian-speaking hacking forums. SecurityAffairs – hacking, malware).

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Companies paid $4.2M bug bounties for XSS flaws in 2020

Security Affairs

OCTOBER 31, 2020

In the third place there are SSRF (Server Side Request Forgery) flaws, experts pointed out that the advent of cloud architecture and unprotected metadata endpoints has rendered these vulnerabilities increasingly critical. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. million / €33.4 million / ¥273.7

Accountability

Accountability Advertising Architecture Hacking

Winnti uses a new PipeMon backdoor in attacks aimed at the gaming industry

Security Affairs

MAY 22, 2020

The Winnti hacking group continues to target gaming industry, recently it used a new malware named PipeMon and a new method to achieve persistence. Winnti hacking group is using a new malware dubbed PipeMon and a novel method to achieve persistence in attacks aimed at video game companies. SecurityAffairs – Winnti, hacking).

Malware

Malware Hacking Advertising Architecture

US CISA warns of Ransomware attacks impacting pipeline operations

Security Affairs

FEBRUARY 18, 2020

CISA alert provided planning and operational mitigation measures, as well as technical and architectural mitigations that should be implemented by organizations in critical infrastructure sectors to avoid similar ransomware attacks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware

Ransomware Advertising Encryption Architecture

Kali Linux is now available for Raspberry Pi 4

Security Affairs

JULY 10, 2019

.” Linux Kali distro for the Raspberry Pi 4 also supports an onboard Wi-Fi monitor mode and frame injection support, but it is only available for 32-bit architecture. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Advertising

Advertising Architecture Hacking Information Security

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

” According to the experts, the attackers have good knowledge about the internal architecture of the targeted platform. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, CDRThief).

Malware

Malware Encryption Advertising Passwords

Taiwanese vendor QNAP issues advisory on Zerologon flaw

Security Affairs

OCTOBER 22, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, QNap).

Authentication

Authentication Advertising Architecture Cybercrime

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since at least 2011. “ DePriMon is an unusually advanced downloader whose developers have put extra effort into setting up the architecture and crafting the critical components,” ESET concludes.

Malware

Malware Telecommunications Advertising Encryption

Aerial Direct, the O2’s largest UK partner suffered a data breach

Security Affairs

MARCH 16, 2020

The company announced that is currently working to further enhance the security of its architecture with the help of “relevant experts” Customers can contact the support website to receive information about the security breach, the company is recommending them to change their passwords.

Data breaches

Data breaches Telecommunications Passwords Advertising

Iran-linked APT is exploiting the Zerologon flaw in attacks

Security Affairs

OCTOBER 6, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Zerologon).

Authentication

Authentication Advertising Architecture Cyber Attacks

Reading the ENISA Threat Landscape Report 2018

Security Affairs

JANUARY 30, 2019

Nation-state hacking reduced the use of complex malware and appears to go towards low profile social engineering attacks. Unfortunately, low-capability organisations /end-users have no access to cyberthreat intelligence solutions exposing them to severe risks of hack. ” reads the ENISA Threat Landscape Report 2018.

Cyber threats

Cyber threats IoT Social Engineering Advertising

Torii botnet, probably the most sophisticated IoT botnet of ever

Security Affairs

SEPTEMBER 29, 2018

According to experts from Avast, the Torii bot has been active since at least December 2017, it could targets a broad range of architectures, including ARM, MIPS, x86, x64, PowerPC, and SuperH. The Torii IoT botnet stands out for the largest sets of architectures it is able to target. ” reads the analysis published by Avast.

IoT

IoT Architecture Advertising DDOS

Expert found a critical RCE zero-day in TP-Link Wi-Fi Extenders

Security Affairs

JUNE 18, 2019

The extender operates on the MIPS architecture, like many routers, the zero-day flaw can be triggered. TP-Link’s Wi-Fi extenders operate on MIPS architecture and the vulnerability can be triggered by sending a malformed HTTP request. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Architecture

Architecture Firmware Advertising IoT

FreeRTOS flaws expose millions of IoT devices to cyber attacks

Security Affairs

OCTOBER 22, 2018

The OS supports more than 40 hardware architectures, it is used in a broad range of products, including appliances, sensors, electricity meters, fitness trackers, industrial automation systems, cars, electricity meters, and any microcontroller-based devices. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT Cyber Attacks Internet Internet

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

Security Affairs

JUNE 15, 2020

The second architectural flaw is related subscriber credentials that are checked on S-GW (SGSN) equipment by default. “ ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, 5G).

Mobile

Mobile Internet Internet Advertising

Zerologon attack lets hackers to completely compromise a Windows domain

Security Affairs

SEPTEMBER 14, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, ZeroLogon attack).

Authentication

Authentication Passwords Advertising Architecture

US officials claim Huawei Equipment has secret backdoor for spying

Security Affairs

FEBRUARY 13, 2020

In November 2018, the Wall Street Journal reported that the US Government was urging its allies to exclude Huawei from critical infrastructure and 5G architectures. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Manufacturing

Manufacturing Advertising Surveillance Architecture

Russian hacker Alexander Zhukov extradited by Bulgaria to US

Security Affairs

JANUARY 20, 2019

Bulgaria has extradited a Russian hacker that was indicted by a US court for mounting a sophisticated hacking scheme to the United States. The name 3ve is derived from a set of three distinct sub-operations using unique measures to avoid detection, and each of them was built around different architectures with different components.

Advertising

Advertising Architecture Malware Hacking

The activity of the Linux XorDdos bot increased by 254% over the last six months

Security Affairs

MAY 20, 2022

XORDDoS , also known as XOR.DDoS , first appeared in the threat landscape in 2014 it is a Linux Botnet that was employed in attacks against gaming and education websites with massive DDoS attacks that reached 150 gigabytes per second of malicious traffic. SecurityAffairs – hacking, domain name system). ” concludes the report.

DDOS

DDOS Architecture Education Hacking

Feedify cloud service architecture compromised by MageCart crime gang

Operation Soft Cell – Multiple telco firms hacked by nation-state actor

Trending Sources

After SIMJacker, WIBattack hacking technique disclosed. Billions of users at risk

Hackers targeted ICS/SCADA systems at water facilities, Israeli government warns

AMD is going to patch UEFI SMM callout privilege escalation flaw

Second-ever UEFI rootkit used in North Korea-themed attacks

Unknown FinSpy Mac and Linux versions found in Egypt

New HEH botnet wipes devices potentially bricking them

AMD admits hacker stole source code files related to its GPUs

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Crooks leverage Zoom’s popularity in Coronavirus outbreak to serve malware

Hackers are using Zerologon exploits in attacks in the wild

Enemybot, a new DDoS botnet appears in the threat landscape

Maastricht University finally paid a 30 bitcoin ransom to crooks

Mozi Botnet is responsible for most of the IoT Traffic

CISA warns of phishing attacks delivering KONNI RAT

VMware addressed flaws in its Workstation and Tools

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Steelcase office furniture giant hit by Ryuk ransomware attack

QNodeService Trojan spreads via fake COVID-19 tax relief

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Orange Business Services hit by Nefilim ransomware operators

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Hackers for hire group target organizations via 3ds Max exploit

Raccoon Malware, a success case in the cybercrime ecosystem

Companies paid $4.2M bug bounties for XSS flaws in 2020

Winnti uses a new PipeMon backdoor in attacks aimed at the gaming industry

US CISA warns of Ransomware attacks impacting pipeline operations

Kali Linux is now available for Raspberry Pi 4

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Taiwanese vendor QNAP issues advisory on Zerologon flaw

DePriMon downloader uses a never seen installation technique

Aerial Direct, the O2’s largest UK partner suffered a data breach

Iran-linked APT is exploiting the Zerologon flaw in attacks

Reading the ENISA Threat Landscape Report 2018

Torii botnet, probably the most sophisticated IoT botnet of ever

Expert found a critical RCE zero-day in TP-Link Wi-Fi Extenders

FreeRTOS flaws expose millions of IoT devices to cyber attacks

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

Zerologon attack lets hackers to completely compromise a Windows domain

US officials claim Huawei Equipment has secret backdoor for spying

Russian hacker Alexander Zhukov extradited by Bulgaria to US

The activity of the Linux XorDdos bot increased by 254% over the last six months

Stay Connected