2015, Hacking, Internet and Malware - Cyber Security Informer

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware.

Malware

Malware Cybercrime Software Antivirus

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. as a media sharing device on a local network that was somehow exposed to the Internet. Image: spur.us.

Malware

Malware Passwords Accountability Advertising

Treasury Sanctions Creators of 911 S5 Proxy Botnet

Krebs on Security

MAY 28, 2024

Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5 , an online anonymity service that for many years was the easiest and cheapest way to route one’s Web traffic through malware-infected computers around the globe. The 911 S5 botnet-powered proxy service, circa July 2022.

VPN

VPN Banking Cybercrime Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Security Affairs

MAY 4, 2020

Hackers are conducting a mass-scanning the Internet for vulnerable Salt installs that could allow them to hack the organizations, the last victim is the Ghost blogging platform. The same vulnerabilities in the Salt platform have been exploited during the weekend to hack the infrastructure of Lineageos. Pierluigi Paganini.

Internet

Internet Internet Hacking Advertising

Sendgrid Under Siege from Hacked Accounts

Krebs on Security

AUGUST 28, 2020

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. ”

Accountability

Accountability Hacking Authentication Marketing

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Security Affairs

SEPTEMBER 23, 2020

The Internet was shutdown several days and more than 80 websites, most of them news and political sites, were blocked. Qurium forensics report: Internet blocking in Belarus. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Internet). Pierluigi Paganini.

Internet

Internet Internet DNS Advertising

The History of Computer Viruses & Malware

eSecurity Planet

NOVEMBER 2, 2022

If you’ve used a computer for more than 5 minutes, you probably know a thing or two about computer viruses and malware. On the modern Internet, malware is a near-constant presence. Though often conflated with one another, malware and computer viruses aren’t necessarily the same thing. From Theory to Reality: 1948-1971.

Malware

Malware Ransomware Antivirus Internet

North Korea-linked Andariel APT used a new malware named EarlyRat last year

Security Affairs

JUNE 29, 2023

North Korea-linked cyberespionage group Andariel used a previously undocumented malware called EarlyRat. Kaspersky researchers reported that the North Korea-linked APT group Andariel used a previously undocumented malware dubbed EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year.

Malware

Malware Cybercrime Phishing Internet

Xwo Malware scans the Internet for Exposed Services, Default Passwords

Security Affairs

APRIL 5, 2019

Researchers at AT&T Alien Labs have spotted a malware called Xwo that is actively scanning the Internet for exposed web services and default passwords. Experts at AT&T Alien Labs discovered a new piece of malware called Xwo that is actively scanning the Internet for exposed web services and default passwords.

Internet

Internet Internet Passwords Malware

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The above-mentioned AIDS Trojan hailing from the distant pre-Internet era was the progenitor of the trend, but its real-world impact was close to zero. File encryption 2013 – 2015. The newsmaking emergence of CTB-Locker in 2014 and the CryptoWall ransomware in 2015 fully demonstrated this multi-pronged shift.

Ransomware

Ransomware Hacking Encryption Penetration Testing

SFO discloses data breach following the hack of 2 of its websites

Security Affairs

APRIL 11, 2020

San Francisco International Airport (SFO) disclosed a data breach, its websites SFOConnect.com and SFOConstruction.com were hacked last month. The attackers may have gained access to some users’ login credentials after deploying malware on both websites. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches Hacking Telecommunications Passwords

TroyStealer – A new info stealer targeting Portuguese Internet users

Security Affairs

JUNE 13, 2020

The world of cybercrime is changing, and more and more malware variants have spread every day. There seems to be a new stealer in town called #TroyStealer , targeting Portuguese internet users EXE: [link] Exfil email address: domionhuby@gmail.com Has anyone seen this threat before? /cc Figure 5: TroyStealer malware high flow diagram.

Internet

Internet Internet Malware Banking

StealthWorker Malware Uses Windows, Linux Bots to Hack Websites

Security Affairs

MARCH 7, 2019

Security experts at FortiGuard uncovered a new malware campaign aimed at delivering the StealthWorker brute-force malware. The malicious code was first discovered by Malwarebytes at the end of February and tracked by malware researchers at Cybaze -Yoroi ZLab as GoBrut. SecurityAffairs – StealthWorker , hacking).

Malware

Malware Hacking Advertising Data breaches

Don’t Panic: Website Defacements from 2015

SiteLock

AUGUST 27, 2021

Bad actors have attacked websites since the beginning of the internet. Fortunately, hacks are mostly random. If you take basic security measures like a web application firewall and malware scanner, defacements can be avoided. First and foremost, hackers did not come to torment a site owner directly. Dealing With A Defacement.

Backups

Backups Firewall Hacking Malware

Reading the 2019 Internet Crime Complaint Center (IC3) report

Security Affairs

FEBRUARY 12, 2020

The FBI’s Internal Crime Complaint Center (IC3) released the FBI 2019 Internet Crime Report , a document that outlines cybercrime trends over the past year. Here we are to analyze the annual FBI 2019 Internet Crime Complaint Center (IC3) , one of the most interesting documents on the crime trends observed in the last 12 months.

Internet

Internet Internet Scams Cybercrime

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

Most of us already know the importance of using antivirus , anti-malware, and VPNs to secure our computers, phones, and other devices against potential attacks. To perform the experiment, we used Internet of Things (IoT) search engines to search for open devices that utilized common printer ports and protocols. Original post: [link].

Hacking

Hacking IoT Firmware Internet

Why 83 Percent of Large Companies Are Vulnerable to This Basic Domain Hack

Adam Levin

JULY 8, 2020

A whopping 97 percent failed to use DNSSEC , a domain security protocol designed to address core vulnerabilities in the foundations of the internet itself. Many of these faux-Zoom sites were used to distribute malware under the guise of links to online meetings. That spells trouble if you’re the one that gets hacked.

Hacking

Hacking Retail Cyber Insurance Authentication

XcodeSpy Mac malware targets Xcode Developers with a backdoor

Security Affairs

MARCH 18, 2021

Unknown threat actors have been using a new XcodeSpy Mac malware to target software developers who use Apple’s Xcode integrated development environment. “The malware installs a user LaunchAgent for persistence and is able to record information from the victim’s microphone, camera, and keyboard.” Pierluigi Paganini.

Malware

Malware Mobile Internet Internet

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” SecurityAffairs – hacking, EnemyBot). The Enemybot botnet borrows the code from the Gafgyt bot and re-used some codes from the infamous Mirai botnet.

Malware

Malware DDOS IoT Cybercrime

Source code of Dharma ransomware now surfacing on public hacking forums

Security Affairs

MARCH 29, 2020

The source code of the infamous Dharma ransomware is now available for sale on two Russian-language hacking forums. The source code of one of the most profitable ransomware families, the Dharma ransomware , is up for sale on two Russian-language hacking forums. SecurityAffairs – Dharma ransomware, malware). Pierluigi Paganini.

Ransomware

Ransomware Hacking Advertising Malware

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

JULY 28, 2020

Yet another Multipurpose Breakout Board to hack hardware in a clean and easy way! How to hack IoT & RF Devices with BürtleinaBoard. Despite FocacciaBoard is extremely useful during my night-to-night hardware hacking needs… there is another set of tools I cannot live without: pin enumeration ones. UART, JTAG, SWD, SPI, I2C).

IoT

IoT Hacking Firmware Advertising

New MATA Multi-platform malware framework linked to NK Lazarus APT

Security Affairs

JULY 23, 2020

North Korea-linked Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA, to target entities worldwide. The MATA malware framework could target Windows, Linux, and macOS operating systems. The malware framework implements a wide range of features that allow attackers to fully control the infected systems.

Malware

Malware Ransomware Advertising Encryption

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

In May 2015, KrebsOnSecurity published a brief writeup about the brazen Manipulaters team, noting that they openly operated hundreds of web sites selling tools designed to trick people into giving up usernames and passwords, or deploying malicious software on their PCs. ” A number of questions, indeed. Second I leave country already.

Phishing

Phishing Cybercrime Malware Advertising

Spying on satellite internet comms with a $300 listening station

Security Affairs

AUGUST 10, 2020

An attacker could use $300 worth of off-the-shelf equipment to eavesdrop and intercept signals from satellite internet communications. The academic researcher James Pavur, speaking at Black Hat 2020 hacking conference , explained that satellite internet communications are susceptible to eavesdropping and signal interception.

Internet

Internet Internet Advertising Encryption

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

Security Affairs

JUNE 15, 2020

Attackers could leverage a compromised identifier to use mobile Internet at the legitimate user’s expense and carry out fraud and impersonation, Attackers can also hijack user session data containing relevant identifiers (e.g., phone number) of a real subscriber and impersonate him to access the Internet. Pierluigi Paganini.

Mobile

Mobile Internet Internet Wireless

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Security Affairs

FEBRUARY 14, 2020

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released reports on North Korea-linked HIDDEN COBRA malware. The FBI, the US Cyber Command, and the Department of Homeland Security have published technical details of a new North-Korea linked hacking operation.

Malware

Malware Passwords Advertising Antivirus

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” continues the analysis.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Documents Unsealed: North Korea's Global Hacking Campaign

SecureWorld News

FEBRUARY 18, 2021

It may be the most complete picture we've ever had of North Korean hacking campaigns. The unsealed documents highlight a number of attack targets and motives in an effort to hack, digitally intrude, and defraud. The hacking indictment filed in the U.S. North Korean hacking methods and attack vectors. global targets.

Hacking

Hacking Cryptocurrency Computers and Electronics Banking

CIA Hacking unit APT-C-39 hit China since 2008

Security Affairs

MARCH 4, 2020

Chinese security firm Qihoo 360 revealed that the US CIA has hacked Chinese organizations in various sectors for the last 11 years. Chinese security firm Qihoo 360 is accusing that the US Central Intelligence Agency (CIA) of having hacked Chinese organizations for the last 11 years. SecurityAffairs – hacking, CIA).

Hacking

Hacking Government Advertising Engineering

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. Nikulin also hacked into an employee account of a Formspring engineer and used it to access the company network between June 13, 2012, and June 29, 2012.

Hacking

Hacking Cybercrime Data breaches Advertising

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs

SEPTEMBER 22, 2020

US Cybersecurity and Infrastructure Security Agency (CISA) is warning of a notable increase in the use of LokiBot malware by threat actors since July 2020. The Agency’s EINSTEIN Intrusion Detection System has detected persistent malicious activity associated with the LokiBot malware. SecurityAffairs – hacking, Norway).

Malware

Malware Passwords Advertising Antivirus

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

China-linked hackers carried out cyber espionage campaigns targeting governments, corporations, and think tanks with TAIDOOR malware. “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1 “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1

Malware

Malware Government Passwords System Administration

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

Security Affairs

JUNE 23, 2020

CLOP ransomware operators have allegedly hacked IndiaBulls Group , an Indian conglomerate headquartered in Gurgaon, India. CLOP ransomware operators have allegedly hacked the Indian conglomerate IndiaBulls Group , its primary businesses are housing finance, consumer finance, and wealth management. . Pierluigi Paganini.

Hacking

Hacking Ransomware Banking Mobile

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

Your IP address represents your digital identity online, hacking it not only allows attackers to access your device or your accounts, but it may cause even bigger damage. Your IP or Internet Protocol address is your digital identity on the internet. Cybercriminals are interested in hacking your IP address for various reasons.

Hacking

Hacking VPN Internet Internet

SHARED INTEL: Malware-ridden counterfeit phones place consumers, companies in harm’s way

The Last Watchdog

AUGUST 20, 2019

And, increasingly, they come riddled with some of the most invasive types of malware. This is putting consumers and companies in harm’s way through yet another attack vector – one which gives professional hacking collectives another means to compromise online accounts and break into company networks. Don’t buy a counterfeit phone.

Malware

Malware Mobile Manufacturing Marketing

Internet scans found nearly one million systems vulnerable to BlueKeep

Security Affairs

MAY 28, 2019

GreyNoise is observing sweeping tests for systems vulnerable to the RDP "BlueKeep" (CVE-2019-0708) vulnerability from several dozen hosts around the Internet. BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. SecurityAffairs – BlueKeep, hacking).

Internet

Internet Internet Advertising Malware

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The QSnatch malware implements multiple functionalities, such as: . The experts were alerted about the malware in October and immediately launched an investigation.

Malware

Malware Firmware Advertising Manufacturing

MY TAKE: These 7 nation-state backed hacks have put us on the brink of a global cyber war

The Last Watchdog

JUNE 28, 2018

Nation-state backed hacking collectives have been around at least as long as the Internet. Military operatives and intelligence units today routinely hack to knock down critical infrastructure, interfere with elections, and even to exact revenge on Hollywood studios. Iran hacks Saudi plants. Rise of North Korea.

Hacking

Hacking Government Cyber Attacks Encryption

SILENTFADE a long-running malware campaign targeted Facebook AD platform

Security Affairs

OCTOBER 3, 2020

Facebook shared details about a long-running ad-fraud campaign that’s been ongoing since 2016 targeting Facebook users with SilentFade malware. The social network giant revealed that malware has a Chinese origin and allowed hackers to siphon $4 million from users’ advertising accounts. SecurityAffairs – hacking, Facebook).

Malware

Malware Advertising Accountability Authentication

Experts warn of massive internet scans for SAP systems affected by RECON Vulnerability

Security Affairs

JULY 18, 2020

Hackers have been scanning the Internet for SAP systems affected by RECON vulnerability, researchers from Bad Packets warn. Researchers from Bad Packets reported that threat actors have been scanning the Internet for SAP systems affected by RECON vulnerability , , tracked as CVE-2020-6287. Pierluigi Paganini. Pierluigi Paganini.

Internet

Internet Internet Advertising Accountability

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

Iran-linked APT group Pioneer Kitten is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers. Iran-linked APT group Pioneer Kitten, also known as Fox Kitten or Parisite, is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers.

Hacking

Hacking VPN Advertising Financial Services

Kaiji, a new Linux malware targets IoT devices in the wild

Security Affairs

MAY 5, 2020

Last week, the popular security researcher MalwareMustDie and the experts at Intezer Labs spotted a new piece of malware dubbed Kaiji, that is targeting IoT devices via SSH brute-force attacks. The malicious code was designed to target Linux-based servers and Internet of Things (IoT) devices and use them as part of a DDoS botnet.

IoT

IoT Malware DDOS Advertising

Experts reported the hack of several supercomputers across Europe

Security Affairs

MAY 17, 2020

The first one came from the Leibniz Computing Center (LRZ), an institute under the Bavarian Academy of Sciences, which said it was disconnected a computing cluster from the internet following a security breach.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reported ZDNet.

Hacking

Hacking Cryptocurrency Advertising Malware

North Korea-linked APT group BeagleBoyz targets banks

Security Affairs

AUGUST 29, 2020

The BeagleBoyz APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. “North Korea’s intelligence apparatus controls a hacking team dedicated to robbing banks through remote internet access. SecurityAffairs – hacking, BeagleBoyz). Pierluigi Paganini.

Banking

Banking Malware Advertising Hacking

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Giving a Face to the Malware Proxy Service ‘Faceless’

Webinars

Trending Sources

Treasury Sanctions Creators of 911 S5 Proxy Botnet

Webinars

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Sendgrid Under Siege from Hacked Accounts

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

The History of Computer Viruses & Malware

North Korea-linked Andariel APT used a new malware named EarlyRat last year

Xwo Malware scans the Internet for Exposed Services, Default Passwords

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

SFO discloses data breach following the hack of 2 of its websites

TroyStealer – A new info stealer targeting Portuguese Internet users

StealthWorker Malware Uses Windows, Linux Bots to Hack Websites

Don’t Panic: Website Defacements from 2015

Reading the 2019 Internet Crime Complaint Center (IC3) report

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Why 83 Percent of Large Companies Are Vulnerable to This Basic Domain Hack

XcodeSpy Mac malware targets Xcode Developers with a backdoor

EnemyBot malware adds new exploits to target CMS servers and Android devices

Source code of Dharma ransomware now surfacing on public hacking forums

Hacking IoT & RF Devices with BürtleinaBoard

New MATA Multi-platform malware framework linked to NK Lazarus APT

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Spying on satellite internet comms with a $300 listening station

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Raccoon Malware, a success case in the cybercrime ecosystem

Documents Unsealed: North Korea's Global Hacking Campaign

CIA Hacking unit APT-C-39 hit China since 2008

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

CISA’s advisory warns of notable increase in LokiBot malware

US govt agencies share details of the China-linked espionage malware Taidoor

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

5 Ways to Protect Yourself from IP Address Hacking

SHARED INTEL: Malware-ridden counterfeit phones place consumers, companies in harm’s way

Internet scans found nearly one million systems vulnerable to BlueKeep

QSnatch malware infected over 62,000 QNAP NAS Devices

MY TAKE: These 7 nation-state backed hacks have put us on the brink of a global cyber war

SILENTFADE a long-running malware campaign targeted Facebook AD platform

Experts warn of massive internet scans for SAP systems affected by RECON Vulnerability

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Kaiji, a new Linux malware targets IoT devices in the wild

Experts reported the hack of several supercomputers across Europe

North Korea-linked APT group BeagleBoyz targets banks

Stay Connected