2015, Information Security, Internet and Malware

TroyStealer – A new info stealer targeting Portuguese Internet users

Security Affairs

JUNE 13, 2020

The world of cybercrime is changing, and more and more malware variants have spread every day. There seems to be a new stealer in town called #TroyStealer , targeting Portuguese internet users EXE: [link] Exfil email address: domionhuby@gmail.com Has anyone seen this threat before? /cc Figure 5: TroyStealer malware high flow diagram.

Internet

Internet Internet Malware Banking

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Security Affairs

SEPTEMBER 23, 2020

The Internet was shutdown several days and more than 80 websites, most of them news and political sites, were blocked. Qurium forensics report: Internet blocking in Belarus. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Internet). They still remain blocked.

Internet

Internet Internet DNS Advertising

Author Q&A: In modern cyberwarfare ‘information security’ is one in the same with ‘national security’

The Last Watchdog

AUGUST 16, 2021

Now comes a book by John Arquilla, titled Bitskrieg: The New Challenge of Cyberwarfare , that lays out who’s doing what, and why, in terms of malicious use of digital resources connected over the Internet. And in 2015 President Obama raised the issue with President Xi. Maybe not North Korea.

Information Security

Information Security Government Artificial Intelligence Encryption

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

North Korea-linked Andariel APT used a new malware named EarlyRat last year

Security Affairs

JUNE 29, 2023

North Korea-linked cyberespionage group Andariel used a previously undocumented malware called EarlyRat. Kaspersky researchers reported that the North Korea-linked APT group Andariel used a previously undocumented malware dubbed EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year.

Malware

Malware Cybercrime Phishing Internet

Reading the 2019 Internet Crime Complaint Center (IC3) report

Security Affairs

FEBRUARY 12, 2020

The FBI’s Internal Crime Complaint Center (IC3) released the FBI 2019 Internet Crime Report , a document that outlines cybercrime trends over the past year. Here we are to analyze the annual FBI 2019 Internet Crime Complaint Center (IC3) , one of the most interesting documents on the crime trends observed in the last 12 months.

Internet

Internet Internet Scams Cybercrime

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” ” Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Pierluigi Paganini.

Malware

Malware DDOS IoT Cybercrime

XcodeSpy Mac malware targets Xcode Developers with a backdoor

Security Affairs

MARCH 18, 2021

Unknown threat actors have been using a new XcodeSpy Mac malware to target software developers who use Apple’s Xcode integrated development environment. “The malware installs a user LaunchAgent for persistence and is able to record information from the victim’s microphone, camera, and keyboard.” Pierluigi Paganini.

Malware

Malware Mobile Internet Internet

Spying on satellite internet comms with a $300 listening station

Security Affairs

AUGUST 10, 2020

An attacker could use $300 worth of off-the-shelf equipment to eavesdrop and intercept signals from satellite internet communications. The academic researcher James Pavur, speaking at Black Hat 2020 hacking conference , explained that satellite internet communications are susceptible to eavesdropping and signal interception.

Internet

Internet Internet Advertising Encryption

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

Security Affairs

JUNE 15, 2020

Attackers could leverage a compromised identifier to use mobile Internet at the legitimate user’s expense and carry out fraud and impersonation, Attackers can also hijack user session data containing relevant identifiers (e.g., phone number) of a real subscriber and impersonate him to access the Internet. Pierluigi Paganini.

Mobile

Mobile Internet Internet Wireless

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Security Affairs

FEBRUARY 14, 2020

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released reports on North Korea-linked HIDDEN COBRA malware. The FBI, the US Cyber Command, and the Department of Homeland Security have published technical details of a new North-Korea linked hacking operation.

Malware

Malware Passwords Advertising Antivirus

New MATA Multi-platform malware framework linked to NK Lazarus APT

Security Affairs

JULY 23, 2020

North Korea-linked Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA, to target entities worldwide. The MATA malware framework could target Windows, Linux, and macOS operating systems. The malware framework implements a wide range of features that allow attackers to fully control the infected systems.

Malware

Malware Ransomware Advertising Encryption

Internet scans found nearly one million systems vulnerable to BlueKeep

Security Affairs

MAY 28, 2019

GreyNoise is observing sweeping tests for systems vulnerable to the RDP "BlueKeep" (CVE-2019-0708) vulnerability from several dozen hosts around the Internet. BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Graham added. Pierluigi Paganini.

Internet

Internet Internet Advertising Malware

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

China-linked hackers carried out cyber espionage campaigns targeting governments, corporations, and think tanks with TAIDOOR malware. “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1 “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1

Malware

Malware Government Passwords System Administration

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The QSnatch malware implements multiple functionalities, such as: . The experts were alerted about the malware in October and immediately launched an investigation.

Malware

Malware Firmware Advertising Manufacturing

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Security Affairs

MAY 4, 2020

Hackers are conducting a mass-scanning the Internet for vulnerable Salt installs that could allow them to hack the organizations, the last victim is the Ghost blogging platform. Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS [link]. Pierluigi Paganini. SecurityAffairs – Salt, hacking).

Internet

Internet Internet Hacking Advertising

Experts warn of massive internet scans for SAP systems affected by RECON Vulnerability

Security Affairs

JULY 18, 2020

Hackers have been scanning the Internet for SAP systems affected by RECON vulnerability, researchers from Bad Packets warn. Researchers from Bad Packets reported that threat actors have been scanning the Internet for SAP systems affected by RECON vulnerability , , tracked as CVE-2020-6287. Pierluigi Paganini.

Internet

Internet Internet Advertising Accountability

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs

SEPTEMBER 22, 2020

US Cybersecurity and Infrastructure Security Agency (CISA) is warning of a notable increase in the use of LokiBot malware by threat actors since July 2020. The Agency’s EINSTEIN Intrusion Detection System has detected persistent malicious activity associated with the LokiBot malware. Pierluigi Paganini.

Malware

Malware Passwords Advertising Antivirus

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” reads the report published by CyberArk.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

QNAP urges users to update Malware Remover after QSnatch joint alert

Security Affairs

AUGUST 2, 2020

The Taiwanese vendor QNAP urges its users to update the Malware Remover app following the alert on the QSnatch malware. The Taiwanese company QNAP is urging its users to update the Malware Remover app to prevent NAS devices from being infected by the QSnatch malware. Webshell functionality for remote access.

Malware

Malware Advertising Passwords Manufacturing

Trend Micro observed notable malware activity associated with the Momentum Botnet

Security Affairs

DECEMBER 18, 2019

Security experts recently found notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. Malware researchers from Trend Micro recently observed notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. Pierluigi Paganini.

Malware

Malware DDOS DNS Advertising

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Security Affairs

AUGUST 10, 2020

There are several aspects of the Internet blocking in Myanmar that raise questions. Internet blocking is normally requested by the Ministry of Transport and Communication, but in order to force operators to implement the blocking, a legal decree is required. Circumvention of Internet blocking. Blocking without accountability.

Internet

Internet Internet Telecommunications DNS

New TA2101 threat actor poses as government agencies to distribute malware

Security Affairs

NOVEMBER 15, 2019

A new threat actor tracked as TA2101 is conducting malware campaigns using email to impersonate government agencies in the United States, Germany, and Italy. Another campaign observed by ProofPoint aimed at German users impersonating the German internet service provider 1&1 Internet AG. ” concludes Proofpoint.

Government

Government Malware Social Engineering Banking

New strain of Clipsa malware launches brute-force attacks on WordPress sites

Security Affairs

AUGUST 8, 2019

Avast spotted a new strain of Clipsa malware that is used to mine and steal cryptocurrencies along with carrying out brute-force attacks on WordPress sites. Clipsa is a malware that is well known to cyber security community is able to steal cryptocurrency via clipoard hijacking and mine cryptocurrency after installing a miner. .

Malware

Malware Cryptocurrency Passwords Internet

North Korea-linked APT group BeagleBoyz targets banks

Security Affairs

AUGUST 29, 2020

The BeagleBoyz APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. “North Korea’s intelligence apparatus controls a hacking team dedicated to robbing banks through remote internet access. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking

Banking Malware Advertising Hacking

Silex malware bricks thousands of IoT devices in a few hours

Security Affairs

JUNE 26, 2019

Security experts warn of a new piece of the Silex malware that is bricking thousands of IoT devices, and the situation could rapidly go worse. Cashdollar explained that the Silex malware trashes the storage of the infected devices, drops firewall rules and wipe network configurations before halting the system.

IoT

IoT Malware Advertising Firmware

IoT and Cybersecurity: What’s the Future?

Security Affairs

MAY 2, 2022

They continuously send and receive data via the internet and can be the easiest way for a hacker to access your home network. In March 2021, hackers gained access to a security company’s surveillance cameras and live-streamed those video feeds from hospitals, jails, schools, police stations, gyms, and even Tesla.

IoT

IoT Cybersecurity VPN Internet

OSX/Linker, a new piece of Mac malware that exploits Gatekeeper bypass

Security Affairs

JUNE 25, 2019

Mac security software firm Intego has spotted a new Mac malware dubbed OSX/Linker that exploits a recently disclosed macOS Gatekeeper vulnerability. Experts at Mac security software firm Intego discovered a new piece of Mac malware dubbed OSX/Linker that exploits a recently disclosed macOS Gatekeeper bypass vulnerability.

Malware

Malware Adware Advertising Internet

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The above-mentioned AIDS Trojan hailing from the distant pre-Internet era was the progenitor of the trend, but its real-world impact was close to zero. File encryption 2013 – 2015. The newsmaking emergence of CTB-Locker in 2014 and the CryptoWall ransomware in 2015 fully demonstrated this multi-pronged shift.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Experts linked Maui ransomware to North Korean Andariel APT

Security Affairs

AUGUST 9, 2022

Kaspersky experts noticed that approximately ten hours prior to deploying Maui ransomware to the initial target system, the threat actors deployed a variant of the well-known DTrack malware to the target preceded by 3proxy months earlier. Both malicious codes are recognized as part of Andariel’s arsenal.

Ransomware

Ransomware Computers and Electronics Healthcare Malware

New HEH botnet wipes devices potentially bricking them

Security Affairs

OCTOBER 7, 2020

Researchers from from Netlab, the network security division of Chinese tech giant Qihoo 360, have discovered a new botnet, tracked as HEH, that contains the code to wipe all data from infected systems, such as routers, IoT devices, and servers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Architecture

Architecture IoT Malware Advertising

New Lucifer DDoS botnet targets Windows systems with multiple exploits

Security Affairs

JUNE 26, 2020

The malware author named the bot Satan DDoS, but Palo Alto Network’s Unit42 researchers dubbed it Lucifer because there’s another malware with the same name, the Satan Ransomware. Unit42 researchers noticed that the attacker is leveraging certutil utility in the payload for malware propagation. Pierluigi Paganini.

DDOS

DDOS Malware Advertising Passwords

SFO discloses data breach following the hack of 2 of its websites

Security Affairs

APRIL 11, 2020

The attackers may have gained access to some users’ login credentials after deploying malware on both websites. The attackers inserted malicious computer code on these websites to steal some users’ login credentials,” reads a message posted to both site’s by the SFO’s Airport Information Technology and Telecommunications (ITT) director.

Data breaches

Data breaches Hacking Telecommunications Passwords

The Muncy malware is on the rise

Security Affairs

FEBRUARY 19, 2019

Over the last few days, a phishing campaign from DHL and entitled “ DHL Shipment Notification ” has been targeted users worldwide distribution the Muncy malware. Now, the malware is targeting user’s worldwide and has been spread via phishing campaigns. The process flow diagram below shown how the malware works.

Malware

Malware Phishing DNS Engineering

Report: Threat of Emotet and Ryuk

Security Affairs

JANUARY 31, 2020

Emotet , the most widespread malware worldwide and Ryuk , a ransomware type, are growing threats and real concerns for businesses and internet users in 2020. This study also concludes that a total of 377 Portuguese domains to spread different types of malware in the same period. SecurityAffairs – malware, hacking).

Malware

Malware Retail Advertising Antivirus

Doki, an undetectable Linux backdoor targets Docker Servers

Security Affairs

JULY 29, 2020

Experts spotted an undetectable Linux malware that exploits undocumented techniques to evade detection and targets publicly accessible Docker servers. ” The botnet is scanning the Internet for misconfigured Docker API endpoints, Experts noticed that the Ngrok malware has already infected many vulnerable servers.

Cryptocurrency

Cryptocurrency Malware Advertising VPN

Lebanese Cedar APT group broke into telco and ISPs worldwide

Security Affairs

JANUARY 28, 2021

The activities of the group were first spotted by Check-Point and Kaspersky labs in 2015. ClearSky experts linked the Lebanese Cedar group to intrusions at telco companies, internet service providers, hosting providers, and managed hosting and applications companies.

Internet

Internet Internet Hacking Malware

QNAP urges users to update NAS firmware and app to prevent infections

Security Affairs

SEPTEMBER 29, 2020

In August, researchers at Qihoo 360’s Network Security Research Lab (360 Netlab) reported that the attackers were exploiting a remote command execution vulnerability due to a command injection issue that resides in the firmware QNAP NAS devices. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware

Firmware Ransomware Encryption Advertising

Security Affairs newsletter Round 429 by Pierluigi Paganini – International edition

Security Affairs

JULY 23, 2023

Multiple DDoS botnets were observed targeting Zyxel devices CISA warns of attacks against Citrix NetScaler ADC and Gateway Devices Experts believe North Korea behind JumpCloud supply chain attack Nice Suzuki, sport: shame dealer left your data up for grabs Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group ALPHV/BlackCat and (..)

DDOS

DDOS Hacking Spyware Surveillance

University of Utah pays a $457,000 ransom to ransomware gang

Security Affairs

AUGUST 21, 2020

The university notified appropriate law enforcement entities, and the university’s Information Security Office (ISO) investigated and resolved the incident in consultation with an external firm that specializes in responding to ransomware attacks.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Cyber Insurance Insurance Advertising

Security Affairs newsletter Round 251

Security Affairs

FEBRUARY 16, 2020

The best news of the week with Security Affairs. Massive DDoS attack brought down 25% Iranian Internet connectivity. Safer internet day – Cybercrime facts Infographic. Reading the 2019 Internet Crime Complaint Center (IC3) report. billion malware installs from Third-party stores in 2019. Fix it now!

Cyber Attacks

Cyber Attacks Banking Advertising Internet

Trend Micro Anti-Threat Toolkit could be used to run malware on Win PCs

Security Affairs

OCTOBER 22, 2019

A vulnerability in the Trend Micro Anti-Threat Toolkit (ATTK) can be exploited by attackers to run malware on targets’ Windows systems. The security expert and bug-hunter John “hyp3rlinx” Page discovered an arbitrary code execution vulnerability, tracked as CVE-2019-9491, in the Trend Micro Anti-Threat Toolkit.

Malware

Malware Advertising Internet Internet

246869 Windows systems are still vulnerable to the BlueKeep flaw

Security Affairs

NOVEMBER 17, 2020

As explained by Microsoft, this vulnerability could be exploited by malware with wormable capabilities, it could be exploited without user interaction, making it possible for malware to spread in an uncontrolled way into the target networks. CVE-2015-1635 374113 N/A, CVSSv2 10.0 CVE-2019-12525 1219716 9.8 CVE-2019-0708 246869 9.8

Internet

Internet Internet Malware Cyber Attacks

Belarusian authorities seized XakFor, one of the largest Russian-speaking hacker sites

Security Affairs

SEPTEMBER 8, 2019

Ministry of Internal Affairs announced that Belarusian police have seized and shutdown XakFor, one of the largest hacking forums on the internet. net), a popular hacking forum a place frequented by hackers, malware authors, scammers and cybercriminals. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising Malware Cybercrime Hacking

Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran

Security Affairs

JUNE 17, 2021

The cyber spies are stealing sensitive information from the victims since at least 2015, they targeted the two platforms because of their popularity in Iran. Experts also spotted a tainted version of the Psiphon tool, an open-source VPN software used to evade internet censorship.

VPN

VPN Internet Internet Software

TroyStealer – A new info stealer targeting Portuguese Internet users

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Webinars

Trending Sources

Author Q&A: In modern cyberwarfare ‘information security’ is one in the same with ‘national security’

Webinars

North Korea-linked Andariel APT used a new malware named EarlyRat last year

Reading the 2019 Internet Crime Complaint Center (IC3) report

EnemyBot malware adds new exploits to target CMS servers and Android devices

XcodeSpy Mac malware targets Xcode Developers with a backdoor

Spying on satellite internet comms with a $300 listening station

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

New MATA Multi-platform malware framework linked to NK Lazarus APT

Internet scans found nearly one million systems vulnerable to BlueKeep

US govt agencies share details of the China-linked espionage malware Taidoor

QSnatch malware infected over 62,000 QNAP NAS Devices

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Experts warn of massive internet scans for SAP systems affected by RECON Vulnerability

CISA’s advisory warns of notable increase in LokiBot malware

Raccoon Malware, a success case in the cybercrime ecosystem

QNAP urges users to update Malware Remover after QSnatch joint alert

Trend Micro observed notable malware activity associated with the Momentum Botnet

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

New TA2101 threat actor poses as government agencies to distribute malware

New strain of Clipsa malware launches brute-force attacks on WordPress sites

North Korea-linked APT group BeagleBoyz targets banks

Silex malware bricks thousands of IoT devices in a few hours

IoT and Cybersecurity: What’s the Future?

OSX/Linker, a new piece of Mac malware that exploits Gatekeeper bypass

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Experts linked Maui ransomware to North Korean Andariel APT

New HEH botnet wipes devices potentially bricking them

New Lucifer DDoS botnet targets Windows systems with multiple exploits

SFO discloses data breach following the hack of 2 of its websites

The Muncy malware is on the rise

Report: Threat of Emotet and Ryuk

Doki, an undetectable Linux backdoor targets Docker Servers

Lebanese Cedar APT group broke into telco and ISPs worldwide

QNAP urges users to update NAS firmware and app to prevent infections

Security Affairs newsletter Round 429 by Pierluigi Paganini – International edition

University of Utah pays a $457,000 ransom to ransomware gang

Security Affairs newsletter Round 251

Trend Micro Anti-Threat Toolkit could be used to run malware on Win PCs

246869 Windows systems are still vulnerable to the BlueKeep flaw

Belarusian authorities seized XakFor, one of the largest Russian-speaking hacker sites

Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran

Stay Connected