2014, Malware, Passwords and VPN - Cyber Security Informer

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. Image: spur.us. as a media sharing device on a local network that was somehow exposed to the Internet.

Malware

Malware Passwords Accountability Advertising

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Security Affairs

AUGUST 12, 2020

Experts found new variants of Agent Tesla Trojan that include modules to steal credentials from popular web browsers, VPN software, as well as FTP and email clients. Recent samples of the malware include specific code to collect app configuration data and credentials from several apps.

Passwords

Passwords Spyware VPN Malware

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Security Affairs

SEPTEMBER 25, 2020

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes.

VPN

VPN Hacking IoT Advertising

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. An attacker could also exploit the flaw to disable security features in the Netlogon authentication process and change a computer’s password on the domain controller’s Active Directory.

VPN

VPN Government Authentication Advertising

7 VPN services left data of millions of users exposed online

Security Affairs

JULY 21, 2020

vpnMentor experts reported that seven Virtual Private Network (VPN) recently left 1.2 Security experts from vpnMentor have discovered a group of seven free VPN (virtual private network) apps that left their server unsecured online exposing private user data for anyone to see. . terabytes of private user data exposed to online.

VPN

VPN Advertising Passwords Internet

SHARED INTEL: Coming very soon — ‘passwordless authentication’ as a de facto security practice

The Last Watchdog

NOVEMBER 11, 2020

As a tradeoff for enjoying our digital lives, we’ve learned to live with password overload and even tolerate two-factor authentication. But now, at long last, we’re on the brink of eliminating passwords altogether, once and for all. Password tradeoffs Passwords have always been a big pain. Here are a few big takeaways.

Authentication

Authentication VPN Passwords Hacking

Nigerian Tesla: 419 scammer gone malware distributor unmasked

Malwarebytes

MAY 5, 2022

Agent Tesla is a well-known data stealer written in.NET that has been active since 2014 and is perhaps one of the most popular payloads observed in malspam campaigns. Based on these profiles, we can see this threat actor has an extensive criminal record starting at least from 2014. Test successful! ” from the same machine.

Malware

Malware Scams Phishing Accountability

FBI issued a flash alert about Netwalker ransomware attacks

Security Affairs

AUGUST 2, 2020

“Two of the most common vulnerabilities exploited by actors using Netwalker are Pulse Secure VPN (CVE-2019-11510) and Telerik UI (CVE-2019-18935).” “Two of the most common vulnerabilities exploited by actors using Netwalker are Pulse Secure VPN (CVE-2019-11510) and Telerik UI (CVE-2019-18935).”

Ransomware

Ransomware VPN Advertising Government

CISA says federal agency compromised by malicious cyber actor

Security Affairs

SEPTEMBER 25, 2020

Threat actors implanted a malware in the network of an unnamed federal agency that was able to avoid detection. The threat actors initially leveraged compromised credentials for Microsoft Office 365 (O365) accounts, domain administrator accounts, and credentials for the agency’s Pulse Secure VPN server.

VPN

VPN Malware Cyber threats Accountability

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Security Affairs

MAY 21, 2020

The data for any specific firewall depends upon the specific configuration and may include usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access.” Passwords associated with external authentication systems such as AD or LDAP are unaffected. ” concludes the report.

Firewall

Firewall Ransomware Passwords VPN

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

Security Affairs

MARCH 17, 2020

In this campaign, crooks are exploiting the interest in the Coronavirus (COVID-19) outbreak to deliver a couple of malware, the CoronaVirus Ransomware and the Kpot information-stealing Trojan. The website was distributing a file named WSHSetup.exe, it is the downloader for both the CoronaVirus Ransomware and the Kpot password-stealer.

Ransomware

Ransomware Cryptocurrency Advertising Passwords

Security Affairs newsletter Round 276

Security Affairs

AUGUST 9, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. worth of cryptocurrency from 2gether Havenly discloses data breach, 1.3M worth of cryptocurrency from 2gether Havenly discloses data breach, 1.3M Pierluigi Paganini.

Data breaches

Data breaches Ransomware Advertising VPN

NASA warns of a significant increase in cyber attacks during Coronavirus outbreak

Security Affairs

APRIL 8, 2020

The memo was obtained by the website SpaceRef, it warns of both phishing attacks and malware-based attacks. According to the advisory issued by NASA, the number of phishing attempts doubled in the past few days, at the same time the number of malware attacks on its systems has grown exponentially. ” reads the memo.

Cyber Attacks

Cyber Attacks Computers and Electronics VPN Phishing

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Security Affairs

APRIL 2, 2020

Microsoft is sending notifications to dozens of hospitals about vulnerable VPN devices and gateways exposed online in their network. Microsoft is warning dozens of hospitals of the risks of ransomware attacks due to insecure VPN devices and gateways exposed online. ” reads the post published by Microsoft.

Ransomware

Ransomware VPN Healthcare Cyber Attacks

US CISA report shares details on web shells used by Iranian hackers

Security Affairs

SEPTEMBER 16, 2020

Cybersecurity and Infrastructure Security Agency (CISA) released a malware analysis report (MAR) that includes technical details about web shells employed by Iranian hackers. The malware used by the threat actors includes the ChunkyTuna, Tiny, and China Chopper web shells. Pierluigi Paganini. SecurityAffairs – hacking, web shells).

VPN

VPN Passwords Advertising Password Management

Netwalker ransomware operators claim to have stolen data from Forsee Power

Security Affairs

AUGUST 6, 2020

Install and regularly update anti-virus or anti-malware software on all hosts. Consider installing and using a VPN. Use two-factor authentication with strong passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Ransomware

Ransomware VPN Advertising Marketing

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

APRIL 6, 2020

Experts uncovered a hacking campaign that is breaching Docker clusters to deploy a new crypto-mining malware tracked as Kinsing. Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password.

Cryptocurrency

Cryptocurrency Malware Advertising VPN

Netwalker ransomware hit K-Electric, the major Pakistani electricity provider

Security Affairs

SEPTEMBER 9, 2020

Install and regularly update anti-virus or anti-malware software on all hosts. Consider installing and using a VPN. Use two-factor authentication with strong passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Ransomware

Ransomware Energy and Utilities VPN Advertising

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Security Affairs

JUNE 29, 2020

ESET researchers also said the attackers also attempt to exploit RDP connections to try to install coin-mining malware or create a backdoor. ” Unfortunately, most organizations often neglect the protection of RDP accesses and workers use easy-to-guess passwords and with no additional layers of authentication or protection.

Passwords

Passwords Internet Internet Advertising

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

The intention behind hacking your identity might be to attack your connection with malware or to trace your location for some malicious activities in the future. VPN or Virtual Private Network is the most secure way of connecting with the online world. The only drawback is that many free VPNs are not secure as we think.

Hacking

Hacking VPN Internet Internet

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks, the recent mass scanning activity represents a change in the modus operandi of the group. “This report aims to shed light on some of Pawn Storm’s attacks that did not use malware in the initial stages. Pierluigi Paganini.

Phishing

Phishing Accountability Advertising DNS

Netwalker Ransomware hit Argentina’s official immigration agency

Security Affairs

SEPTEMBER 6, 2020

Install and regularly update anti-virus or anti-malware software on all hosts. Consider installing and using a VPN. Use two-factor authentication with strong passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Ransomware

Ransomware VPN Advertising Passwords

Russian national Yevgeniy Aleksandrovich Nikulin sentenced to 88 months in prison

Security Affairs

SEPTEMBER 30, 2020

Nikulin first breached LinkedIn between March 3 and March 4, 2012, the hacker first infected an employee’s laptop with malware then used the employee’s VPN to access LinkedIn’s internal network. The Russian man stole roughly 117 million user records, including usernames, passwords, and emails. Pierluigi Paganini.

Identity Theft

Identity Theft Cybercrime Advertising Hacking

U.S. Bookstore giant Barnes & Noble hit by cyberattack

Security Affairs

OCTOBER 15, 2020

At the time of writing this post, the company hasn’t provided details of the attack, such as the family of malware that infected its systems. In August, the website ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. Pierluigi Paganini.

Cyber Attacks

Cyber Attacks VPN Backups Ransomware

Netwalker ransomware operators leaked files stolen from K-Electric

Security Affairs

OCTOBER 1, 2020

Install and regularly update anti-virus or anti-malware software on all hosts. Consider installing and using a VPN. Use two-factor authentication with strong passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Ransomware

Ransomware Advertising Engineering VPN

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

Nikulin first breached LinkedIn between March 3 and March 4, 2012, the hacker first infected an employee’s laptop with malware then used employee’s VPN to access the LinkedIn’s internal network. The Russian man stole roughly 117 million user records, including usernames, passwords, and emails.

Hacking

Hacking Cybercrime Data breaches Advertising

Colocation data centers giant Equinix data hit by Netwalker Ransomware

Security Affairs

SEPTEMBER 10, 2020

Install and regularly update anti-virus or anti-malware software on all hosts. Consider installing and using a VPN. Use two-factor authentication with strong passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Ransomware

Ransomware VPN Data breaches Advertising

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

The campaign is worrisome due to the ongoing COVID-19 pandemic that caused the spike in the number of employees working from home and the increase in the use of corporate VPN and elimination of in-person verification. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times. Pierluigi Paganini.

Social Engineering

Social Engineering VPN Phishing Authentication

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. According to the company, most of the username and password combinations are available for free, and 5 billion of the above credentials are “unique.” Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

The Dangers of Using Unsecured Wi-Fi Networks

Security Affairs

AUGUST 22, 2019

They can see the passwords you use, your email address, your name and physical address, phone numbers and any other type of personal information that you might happen to enter into a website. For instance there are automated tools that look for passwords and write them into a file whenever they see one. In the name of self defence.

VPN

VPN Encryption Passwords Small Business

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

This type of malware attack is called a botnet attack. It’s powered by hundreds of bots carrying malware and infecting thousands of IoT devices simultaneously. Simple or reused passwords are still a problem. Instead, people come up with passwords that are comfortable. Malware, phishing, and web. Poor credentials.

IoT

IoT Cybersecurity Manufacturing Internet

Who is the Network Access Broker ‘Wazawaka?’

Krebs on Security

JANUARY 11, 2022

More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. In 2014, Wazawaka confided to another crime forum member via private message that he made good money stealing accounts from drug dealers on these marketplaces.

DDOS

DDOS Accountability Cybercrime Ransomware

Mass email campaign with a pinch of targeted spam

SecureList

SEPTEMBER 23, 2022

Payload: Agent Tesla malware. It is the widespread Agent Tesla malware, written in.NET and known since 2014. Its main objective is to fetch passwords stored in browsers and other applications, and forward these to the operator. VPN clients: NordVPN, OpenVPN. Password: Info@2018. Password: quality#@!

Passwords

Passwords Malware VPN Accountability

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

Security Affairs

JUNE 23, 2020

According to Cyberintelligence firm Bad Packets , hackers allegedly exploited the CVE-2019-19781 vulnerability in the Citrix Netscaler ADC VPN gateway exposed by Indiabulls. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Ransomware Banking Mobile

5 Common Phishing Attacks and How to Avoid Them?

Security Affairs

AUGUST 19, 2019

People fell prey for these manipulative emails and provide confidential details like passwords and bank information in their negligence. They ask you to make certain changes in your account by entering your login password or ask for some reconfirmation. You can further secure your connection by using a VPN.

Phishing

Phishing Accountability Authentication Passwords

Security Affairs newsletter Round 233

Security Affairs

SEPTEMBER 29, 2019

Privilege Escalation flaw found in Forcepoint VPN Client for Windows. Thinkful forces a password reset for all users after a data breach. North Korea-linked malware ATMDtrack infected ATMs in India. Study shows connections between 2000 malware samples used by Russian APT groups. The Dumb-Proof Guide.

Data breaches

Data breaches Advertising Malware VPN

NetWalker ransomware operators have made $25 million since March 2020

Security Affairs

AUGUST 4, 2020

The malware has been active at least since August 2019, over the months the NetWalker ransomware was made available through a ransomware-as-a-service (RaaS) model attracting criminal affiliates. The affiliates used to deliver the threat via brute-forcing attacks on RDP servers or exploiting known vulnerabilities in VPN servers and firewalls.

Ransomware

Ransomware VPN Cybercrime Advertising

An SSRF flaw in Maximo Asset Management could be used to target corporate networks

Security Affairs

JUNE 19, 2020

So if our ‘warehouse worker’ or equivalent connects through a properly configured VPN, that person’s access within the corporate network is restricted to what they need— from that particular system and email, for example. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

VPN

VPN Advertising Authentication Passwords

GDPR Data Security Checklist in the Age of COVID-19 and the Remote Workforce

Security Affairs

MAY 11, 2020

To maximize your network security, always protect your router with a unique password and use an encrypted network. Awareness about online scams, malware and phishing emails is also necessary for employees sharing the company’s database. Ideally, the organization gives its own devices and VPN protected Wi-Fi to its employees.

Encryption

Encryption Data breaches Advertising Passwords

Security Affairs newsletter Round 229 – News of the week

Security Affairs

SEPTEMBER 1, 2019

Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510. Internal Revenue Service warns taxpayers of a malware campaign. Nemty Ransomware, a new malware appears in the threat landscape. Kaspersky found malware in popular CamScanner app. Code Execution and DoS flaw addressed in QEMU.

eCommerce

eCommerce Data breaches Malware Advertising

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

Security Affairs

OCTOBER 23, 2020

In at least one compromise, the APT actor laterally traversed an SLTT victim network and accessed documents related to sensitive network configurations and passwords, standard operating procedures (SOP), IT instructions, such as requesting password resets, vendors and purchasing information. printing access badges. Pierluigi Paganini.

Government

Government Hacking Advertising Passwords

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware. In 2017, password-protected archives accounted for only 0.08% of all malicious objects. Another trend was disguising malware in emails.

Ransomware

Ransomware Antivirus Malware Banking

Security Affairs newsletter Round 211 – News of the week

Security Affairs

APRIL 28, 2019

Bodybuilding.com forces password reset after a security breach. FireEye experts found source code for CARBANAK malware on VirusTotal?. OilRig APT uses Karkoff malware along with DNSpionage in recent attacks. The strengths and weaknesses of different VPN protocols. EmCare reveals patient and employee data were hacked.

Wireless

Wireless Advertising VPN IoT

DanaBot banking Trojan evolves and now targets European countries

Security Affairs

SEPTEMBER 22, 2018

DanaBot is a multi-stage modular banking Trojan written in Delphi, the malware allows operators to add new functionalities by adding new plug-ins. Stealer plug-in – harvests passwords from a wide variety of applications (browsers, FTP clients, VPN clients, chat and email programs, poker programs etc.). onion web sites.

Banking

Banking Advertising VPN Architecture

Giving a Face to the Malware Proxy Service ‘Faceless’

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Webinars

Trending Sources

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Webinars

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

7 VPN services left data of millions of users exposed online

SHARED INTEL: Coming very soon — ‘passwordless authentication’ as a de facto security practice

Nigerian Tesla: 419 scammer gone malware distributor unmasked

FBI issued a flash alert about Netwalker ransomware attacks

CISA says federal agency compromised by malicious cyber actor

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

Security Affairs newsletter Round 276

NASA warns of a significant increase in cyber attacks during Coronavirus outbreak

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

US CISA report shares details on web shells used by Iranian hackers

Netwalker ransomware operators claim to have stolen data from Forsee Power

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Netwalker ransomware hit K-Electric, the major Pakistani electricity provider

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

5 Ways to Protect Yourself from IP Address Hacking

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Netwalker Ransomware hit Argentina’s official immigration agency

Russian national Yevgeniy Aleksandrovich Nikulin sentenced to 88 months in prison

U.S. Bookstore giant Barnes & Noble hit by cyberattack

Netwalker ransomware operators leaked files stolen from K-Electric

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Colocation data centers giant Equinix data hit by Netwalker Ransomware

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

15 billion credentials available in the cybercrime marketplaces

The Dangers of Using Unsecured Wi-Fi Networks

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Who is the Network Access Broker ‘Wazawaka?’

Mass email campaign with a pinch of targeted spam

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

5 Common Phishing Attacks and How to Avoid Them?

Security Affairs newsletter Round 233

NetWalker ransomware operators have made $25 million since March 2020

An SSRF flaw in Maximo Asset Management could be used to target corporate networks

GDPR Data Security Checklist in the Age of COVID-19 and the Remote Workforce

Security Affairs newsletter Round 229 – News of the week

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs newsletter Round 211 – News of the week

DanaBot banking Trojan evolves and now targets European countries

Stay Connected