2016, Encryption, Hacking and Information Security

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Facebook announces WhatsApp end-to-end encrypted (E2EE) backups

Security Affairs

SEPTEMBER 13, 2021

Facebook announced it will allow WhatsApp users to encrypt their message history backups in the cloud. Facebook will continue to work to protect the privacy of WhatsApp users and announced that it will allow users to encrypt their message history backups in the cloud. SecurityAffairs – hacking, E2EE). Pierluigi Paganini.

Backups

Backups Encryption Passwords Accountability

Hackers penetrated NEC defense business division in 2016

Security Affairs

JANUARY 31, 2020

Japanese electronics and IT giant NEC confirmed a security breach suffered by its defense business division in December 2016. The IT giant NEC confirmed that the company defense business division has suffered a security breach back in December 2016. SecurityAffairs – NEC, hacking). Pierluigi Paganini.

Data breaches

Data breaches Advertising Antivirus Encryption

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

The ransomware encrypts files on the targeted systems using the “ cuba” extension. The Hancitor downloader has been active since at least 2016 for dropping Pony and Vawtrak. The FBI discourages paying the ransom because there is no guarantee to recover the encrypted files. SecurityAffairs – hacking, ransomware).

Ransomware

Ransomware Hacking Malware Encryption

Zendesk 2016 security breach may impact Uber, Slack, and other organizations

Security Affairs

OCTOBER 2, 2019

Zendesk discloses a data breach that took place in 2016 when a hacker accessed data of 10,000 users, including passwords, emails, names, and phone numbers. In 2016, customer service software company Zendesk suffered a security breach that exposed data of 10,000 users, including passwords, emails, names, and phone numbers.

Data breaches

Data breaches Passwords Authentication Accountability

Linux variant of Cerber ransomware targets Atlassian servers

Security Affairs

APRIL 17, 2024

Cado Security Labs recently became aware that Cerber ransomware is being deployed into Confluence servers via the CVE-2023-22518 exploit. Cerber has been active since at least 2016, most recently it was involved in attacks against Confluence servers. ” continues the report. 0” at startup and “/tmp/log.1”

Ransomware

Ransomware Encryption Malware Accountability

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

Security Affairs

FEBRUARY 23, 2022

National Security Agency (NSA) Equation Group. The name “ Bvp47 ” comes form numerous references to the string “Bvp” and the numerical value “0x47” used in the encryption algorithm. SecurityAffairs – hacking, backdoor). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Encryption

Encryption Hacking Government Engineering

Source code of Dharma ransomware now surfacing on public hacking forums

Security Affairs

MARCH 29, 2020

The source code of the infamous Dharma ransomware is now available for sale on two Russian-language hacking forums. The source code of one of the most profitable ransomware families, the Dharma ransomware , is up for sale on two Russian-language hacking forums. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Hacking Advertising Malware

OpenSSL to fix the second critical flaw ever

Security Affairs

OCTOBER 26, 2022

Experts pointed out that it is the first critical vulnerability patched in toolkit since September 2016. is a security-fix release. SecurityAffairs – hacking, encryption ). The post OpenSSL to fix the second critical flaw ever appeared first on Security Affairs. ” reads the announcement. Pierluigi Paganini.

Encryption

Encryption Hacking Information Security

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

The ZIP archives contain a compressed executable payload that, if executed, will start the encryption process with LockBit Black ransomware. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Phorpiex botnet) com,” and “Jenny[@]gsd[.]com.”

Phishing

Phishing Ransomware Security Awareness Authentication

Apple could opt to stop iMessage and FaceTime services due to the government’s surveillance demands

Security Affairs

JULY 24, 2023

The UK government wants to give more surveillance powers to its intelligence agencies proposing changes to the Investigatory Powers Act ( IPA ), which was first introduced in 2016. The British government demanded firms providing messaging services of clearing security features with the Home Office before releasing them to customers.

Surveillance

Surveillance Encryption Government Technology

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

Security Affairs

FEBRUARY 2, 2024

Olsen, the Assistant Attorney General for National Security; and James Smith, the Assistant Director in Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), announced today that JOSHUA ADAM SCHULTE was sentenced to 40 years in prison by U.S. District Judge Jesse M.

Computers and Electronics

Computers and Electronics Engineering Hacking Data breaches

A cyber attack hit Thyssenkrupp Automotive Body Solutions business unit

Security Affairs

FEBRUARY 26, 2024

In 2016, alleged Asian threat actors targeted ThyssenKrupp to steal company secrets. In In January 2021, a ThyssenKrupp subsidiary was a victim of a ransomware cyberattack that caused the encryption of its servers and employee workstations. This isn’t the first time that the company was the victim of a cyber attack.

Cyber Attacks

Cyber Attacks Ransomware Engineering Banking

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

Those secrets collectively have a code name—ECI, for exceptionally compartmented information—and almost never appear in the documents. Chatting with Snowden on an encrypted IM connection, I joked that the NSA cafeteria menu probably has code names for menu items. Transferring files electronically is what encryption is for.

Surveillance

Surveillance Computers and Electronics Encryption Government

No More Ransom helped ransomware victims to save almost €1B

Security Affairs

JULY 26, 2021

The “No More Ransom” website is an initiative launched in 2016 by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky and McAfee to help victims of ransomware retrieve their encrypted data without having to pay the criminals. SecurityAffairs – hacking, No More Ransomware).

Ransomware

Ransomware Encryption Cybercrime Hacking

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

. “To make sure that your Exchange organization is better protected against the latest threats (for example Emotet, TrickBot or WannaCry to name a few) we recommend disabling SMBv1 if it’s enabled on your Exchange (2013/2016/2019) server.” Please see this KB for more information.

Authentication

Authentication Malware Advertising Hacking

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. ” reads the alert published by the FBI.

Ransomware

Ransomware Encryption Passwords Malware

Experts spotted a new variant of the Cuba Ransomware with optimized infection techniques

Security Affairs

JUNE 10, 2022

The ransomware encrypts files on the targeted systems using the “.cuba” The Hancitor downloader has been active since at least 2016 for dropping Pony and Vawtrak. .” Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. SecurityAffairs – hacking, Cuba ransomware).

Ransomware

Ransomware Malware Encryption Hacking

German industrial giant ThyssenKrupp targeted in a new cyberattack

Security Affairs

DECEMBER 21, 2022

In 2016, alleged Asian threat actors targeted ThyssenKrupp to steal company secrets. In January 2021, a ThyssenKrupp subsidiary was a victim of a ransomware cyberattack that caused the encryption of its servers and employee workstations. SecurityAffairs – ThyssenKrupp, hacking ). Pierluigi Paganini.

Engineering

Engineering Ransomware Data breaches Banking

Emsisoft releases free decryptor for the victims of the Diavol ransomware

Security Affairs

MARCH 19, 2022

TrickBot is a popular banking Trojan that has been around since October 2016, its authors have continuously upgraded it by implementing new features. SecurityAffairs – hacking, Diavol ransomware). The post Emsisoft releases free decryptor for the victims of the Diavol ransomware appeared first on Security Affairs.

Ransomware

Ransomware Encryption Banking Malware

FBI links the Diavol ransomware to the TrickBot gang

Security Affairs

JANUARY 20, 2022

Diavol encrypts files solely using an RSA encryption key, and its code is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker. “The FBI has not yet observed Diavol leak victim data, despite ransom notes including threats to leak stolen information.”

Ransomware

Ransomware Banking Malware Encryption

European Commission has chosen the Signal app to secure its communications

Security Affairs

FEBRUARY 25, 2020

The popular cross-platform encrypted messaging service Signal has been chosen by the European Commission for its communications. The European Commission has decided to adopt for its staff the popular cross-platform encrypted messaging service Signal for its communications. ” reported the Politico. ” reported the Politico.

Encryption

Encryption Advertising Surveillance Hacking

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Security Affairs

SEPTEMBER 24, 2023

In 2016, researchers from the non-profit organization CitizenLab published a report that describes a campaign of targeted spyware attacks carried out by the Stealth Falcon. The remaining components are encrypted and stored within a binary registry value.”

Spyware

Spyware Malware Architecture Encryption

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

Between 2014 and 2016 the group used a new custom malware dubbed Carbanak that is considered a newer version of Anunak. Starting from 2016 the group developed a new custom malware using Cobalt Strike, a legitimate penetration testing framework. Hladyr also controlled the organization’s encrypted channels of communication.”

System Administration

System Administration Penetration Testing Malware Banking

APT29 abused the Windows Credential Roaming in an attack against a diplomatic entity

Security Affairs

NOVEMBER 10, 2022

APT29 along with APT28 cyber espionage group was involved in the Democratic National Committee hack and the wave of attacks aimed at the 2016 US Presidential Elections. “The queried LDAP attributes relate to usual credential information gathering (e.g. SecurityAffairs – hacking, APT29). Pierluigi Paganini.

Passwords

Passwords Hacking Accountability Encryption

FBI, CISA, NSA published a joint advisory on BlackMatter ransomware operations

Security Affairs

OCTOBER 19, 2021

Like other ransomware operations, BlackMatter also set up its leak site where it publishes data exfiltrated from the victims before encrypting their system. BlackMatter then remotely encrypts the hosts and shared drives as they are found. SecurityAffairs – hacking, BlackMatter ransomware). Minimize the AD attack surface.

Ransomware

Ransomware Backups Encryption Cybercrime

Experts found many similarities between the new Karma Ransomware and Nemty variants

Security Affairs

OCTOBER 19, 2021

Karma ransomware is a new threat that was first spotted in June of 2021, it is important to distinguish it from a different threat with the same name that is active since 2016. SecurityAffairs – hacking, Karma ransomware). “Diving in deeper, some samples show that the ChaCha20 algorithm has been swapped out for Salsa20. .”

Ransomware

Ransomware Encryption Malware Hacking

New GTPDOOR backdoor is designed to target telecom carrier networks

Security Affairs

MARCH 4, 2024

The cyberespionage group has been active since at least 2016, according to the CrowdStrike researchers it is using a very sophisticated toolset. If the implant is active, a specially crafted empty TCP packet is returned, accompanied by information regarding the host’s responsiveness.

Telecommunications

Telecommunications Firewall Mobile Malware

Experts linked multiple ransomware strains North Korea-backed APT38 group

Security Affairs

MAY 4, 2022

A Mandiant’s report attributed the string of attacks against the SWIFT banking system to the APT38, including the hack of Vietnam’s TP Bank in 2015, Bangladesh’s central bank in 2016, Taiwan’s Far Eastern International in 2017, Bancomext in Mexico in 2018, and Banco de Chile in 2018. SecurityAffairs – hacking, APT38).

Ransomware

Ransomware Banking Malware Hacking

MyKings botnet operators already amassed at least $24 million

Security Affairs

OCTOBER 13, 2021

According to the researchers, the Smominru botnet has been active at least since 2016 and at the time of its discovery infected more than 526,000 Windows computers. “For protection against quick analysis and against static extraction with regular expressions, the substitute values are encrypted. ” continues the analysis.

Cryptocurrency

Cryptocurrency Encryption Malware Hacking

PhantomLance, a four-year-long cyberespionage spying campaign

Security Affairs

APRIL 28, 2020

“We found dozens of related samples that had been appearing in the wild since 2016 and had been deployed in various application marketplaces including Google Play.” Recently the Vietnam-linked cyberespionage carried out hacking campaigns against Chinese entities to collect intelligence on the COVID-19 crisis.

Malware

Malware Advertising Spyware Marketing

Microsoft publishes mitigations for the PetitPotam attack

Security Affairs

JULY 26, 2021

The attack abuses the Encrypting File System Remote (EFSRPC) protocol, which is used to perform maintenance and management operations on encrypted data that is stored remotely and accessed over a network. SecurityAffairs – hacking, SolarWinds). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Authentication

Authentication Passwords Encryption Hacking

New Mirai botnet targets tens of flaws in popular IoT devices

Security Affairs

JUNE 22, 2023

” The researchers pointed out that the Mirai variant like IZ1H9 and V3G4 will first initialize an encrypted string table and then retrieve the strings through an index. However, the persistent security concerns surrounding these devices cannot be ignored. The Mirai botnet, discovered back in 2016, is still active today.

IoT

IoT Malware Encryption DDOS

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Security enthusiast and Linux evangelist Binni Shah consistently offers valuable tutorials, guides, and insights for the cybersecurity community. Street @jaysonstreet.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

The Hacker Mind Podcast: Hacking Ransomware

ForAllSecure

MAY 18, 2021

In this episode, Jack Cable talks about hacking the Qlocker ransomware and briefly interrupting its payment system. He also talks about his infosec journey hacking cryptocurrencies, joining the Digital Defense Service and CISA, and helping secure the 2020 presidential election… all before the age of 22. Would you use it?

Hacking

Hacking Ransomware Cryptocurrency Engineering

The Hacker Mind Podcast: Hacking Ransomware

ForAllSecure

MAY 18, 2021

In this episode, Jack Cable talks about hacking the Qlocker ransomware and briefly interrupting its payment system. He also talks about his infosec journey hacking cryptocurrencies, joining the Digital Defense Service and CISA, and helping secure the 2020 presidential election… all before the age of 22. Would you use it?

Hacking

Hacking Ransomware Cryptocurrency Engineering

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware

Malware Cybercrime Cryptocurrency Social Engineering

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

Attackers employed a custom tunneling tool to achieve this, it forwards client traffic to the server, the malware encrypts the traffic using trivial binary encryption. The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack.

Malware

Malware Cryptocurrency Password Management Encryption

IoT and Cybersecurity: What’s the Future?

Security Affairs

MAY 2, 2022

IoT devices can spy on people, steal data, or bring down vast swathes of the internet, as happened in 2016 when Mirai malware infiltrated devices such as baby monitors and refrigerators and locked them into a botnet for the Dyn cyberattack. A VPN router automatically connects to VPN servers, and any traffic will be automatically encrypted.

IoT

IoT Cybersecurity VPN Internet

US arrested Latvian woman who developed part of Trickbot malware

Security Affairs

JUNE 5, 2021

Once infected a system, the ransomware informed victims that their files were encrypted demanded the payment of a Bitcoin ransom to decrypt them. TrickBot is a popular banking Trojan that has been around since October 2016, its authors have continuously upgraded it by implementing new features. Pierluigi Paganini.

Malware

Malware Banking Ransomware Encryption

Yahoo proposes $117.5 million for the settlement of data breach

Security Affairs

APRIL 9, 2019

Yahoo is continuously trying to settle a lawsuit on the massive data breach over the period of 2013 to 2016. million for the settlement of 3 billion hacked accounts. million settlement with millions of people whose email addresses and other personal information were stolen in the largest data breach in history”.

Data breaches

Data breaches Small Business Advertising Cryptocurrency

FIN8-linked actor targets Citrix NetScaler systems

Security Affairs

AUGUST 29, 2023

The attackers obtained encrypted passwords from NetScaler ADC configuration files, and the decryption key was stored on the ADC appliance. The threat actors attempted to move laterally to a domain controller, but CISA pointed out that network-segmentation controls for the appliance blocked movement.

VPN

VPN Ransomware DNS Malware

Donot Team cyberespionage group updates its Windows malware framework

Security Affairs

AUGUST 21, 2022

The Donot Team has been active since 2016, it focuses on government and military organizations, ministries of foreign affairs, and embassies in India, Pakistan, Sri Lanka, Bangladesh, and other South Asian countries. SecurityAffairs – hacking, Donot Team). ” continues the report. ” the researchers concluded.

Malware

Malware Spyware Phishing Government

Security Affairs newsletter Round 335

Security Affairs

OCTOBER 10, 2021

SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 335 appeared first on Security Affairs. ransomware hit Israeli defense firm E.M.I.T. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Data breaches

Data breaches Ransomware Cybercrime Malware

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Facebook announces WhatsApp end-to-end encrypted (E2EE) backups

Webinars

Trending Sources

Hackers penetrated NEC defense business division in 2016

Webinars

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Zendesk 2016 security breach may impact Uber, Slack, and other organizations

Linux variant of Cerber ransomware targets Atlassian servers

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

Source code of Dharma ransomware now surfacing on public hacking forums

OpenSSL to fix the second critical flaw ever

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Apple could opt to stop iMessage and FaceTime services due to the government’s surveillance demands

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

A cyber attack hit Thyssenkrupp Automotive Body Solutions business unit

Snowden Ten Years Later

No More Ransom helped ransomware victims to save almost €1B

Microsoft recommends Exchange admins to disable the SMBv1 protocol

FBI published a flash alert on Mamba Ransomware attacks

Experts spotted a new variant of the Cuba Ransomware with optimized infection techniques

German industrial giant ThyssenKrupp targeted in a new cyberattack

Emsisoft releases free decryptor for the victims of the Diavol ransomware

FBI links the Diavol ransomware to the TrickBot gang

European Commission has chosen the Signal app to secure its communications

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

A member of the FIN7 group was sentenced to 10 years in prison

APT29 abused the Windows Credential Roaming in an attack against a diplomatic entity

FBI, CISA, NSA published a joint advisory on BlackMatter ransomware operations

Experts found many similarities between the new Karma Ransomware and Nemty variants

New GTPDOOR backdoor is designed to target telecom carrier networks

Experts linked multiple ransomware strains North Korea-backed APT38 group

MyKings botnet operators already amassed at least $24 million

PhantomLance, a four-year-long cyberespionage spying campaign

Microsoft publishes mitigations for the PetitPotam attack

New Mirai botnet targets tens of flaws in popular IoT devices

Top Cybersecurity Accounts to Follow on Twitter

The Hacker Mind Podcast: Hacking Ransomware

The Hacker Mind Podcast: Hacking Ransomware

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

IoT and Cybersecurity: What’s the Future?

US arrested Latvian woman who developed part of Trickbot malware

Yahoo proposes $117.5 million for the settlement of data breach

FIN8-linked actor targets Citrix NetScaler systems

Donot Team cyberespionage group updates its Windows malware framework

Security Affairs newsletter Round 335

Stay Connected