Security Affairs

NOVEMBER 22, 2019

The Russian hacker who created and used Neverquest banking malware has finally been sentenced to 4 years in prison by a US District Court. Lisov was arrested in January 2017 at the Barcelona airport by the Guardia Civil. Lisov was arrested in January 2017 at the Barcelona airport by the Guardia Civil. Pierluigi Paganini.

Banking 102

Banking Malware Advertising Passwords 102

Security Affairs

OCTOBER 3, 2021

TA544 is a financially motivated threat actor that is active at least since 2017, it focuses on attacks on banking users, it leverages banking malware and other payloads to target organizations worldwide, mainly in Italy and Japan. ” reads the analysis published by Proofpoint. Pierluigi Paganini.

Malware 82

Malware Banking Social Engineering Retail 82

Security Affairs

AUGUST 2, 2020

The Taiwanese vendor QNAP urges its users to update the Malware Remover app following the alert on the QSnatch malware. The Taiwanese company QNAP is urging its users to update the Malware Remover app to prevent NAS devices from being infected by the QSnatch malware. Webshell functionality for remote access.

Malware 99

Malware Advertising Passwords Manufacturing 99

Security Affairs

OCTOBER 12, 2023

In September more than 17,000 WordPress websites have been compromised by the Balada Injector malware. The Balada injector is a malware family that has been active since 2017. The malware supports multiple attack vectors and persistence mechanisms. ” states the report published by Sucuri. ” continues Sucuri.

Malware 113

Malware Hacking Accountability Cybercrime 113

Security Affairs

JANUARY 15, 2024

Balada Injector malware infected more than 7100 WordPress sites using a vulnerable version of the Popup Builder plugin. The Balada injector is a malware family that has been active since 2017. The malware supports multiple attack vectors and persistence mechanisms. ” concludes the report.

Malware 110

Malware Hacking Accountability Information Security 110

Security Affairs

OCTOBER 26, 2022

“Kaye allegedly operated The Real Deal, a Dark Web market for illicit items, including stolen account login credentials for U.S. Kaye also trafficked login credentials for Twitter and LinkedIn accounts. ’s National Crime Agency (NCA) in February 2017. The man used a custom version of the Mirai IoT malware.

Marketing 86

Marketing Government Hacking Accountability 86

Security Affairs

FEBRUARY 11, 2022

One of the vulnerabilities is an elevation of privilege vulnerability in Microsoft Windows SAM (Security Accounts Manager) vulnerability. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.An ” reads the advisory published by Microsoft.

IoT 108

IoT Accountability Authentication Hacking 108

Security Affairs

JUNE 16, 2023

The malware is distributed as the messaging apps BingeChat and Chatico. The GravityRAT malware Access Trojan (RAT) is believed to be the work of Pakistani hacker groups, it was mainly employed in attacks aimed at Indian users. MalwareHunterTeam researchers first shared the hash for a GravityRAT sample via a tweet.

Backups 91

Backups Spyware Malware Accountability 91

Security Affairs

JUNE 20, 2022

The attack took place in April 2017 and the man is accused of conducting the attack for the Russian military intelligence service GRU. Kozachek hacked the computed of the NATO think tank in 2017 and installed a keylogger to spy on the organization. ” reported the Tagesschau website. ” continues the post.

Hacking 129

Hacking Accountability Malware Cybersecurity 129

Security Affairs

JUNE 17, 2021

Russian national Oleg Koshkin was convicted for charges related to the operation of a malware crypting service used by the Kelihos botnet to obfuscate malware and evade detection. “Levashov provided the Kelihos malware to Crypt4U personnel for crypting before distributing it to his victims.

Antivirus 101

Antivirus Malware Cryptocurrency Software 101

Security Affairs

OCTOBER 8, 2023

Human Security identified a supply chain of a Chinese manufacturer that was compromised to backdoor the firmware of several products delivered to resellers, physical retail stores and e-commerce warehouses. The experts conclude warning the owners of the compromised devices that is can be very complex to remove BADBOX from their product.

Firmware 142

Firmware Mobile Malware Retail 142

Security Affairs

JANUARY 6, 2022

North Korea-linked APT group Konni targets Russian Federation’s Ministry of Foreign Affairs (MID) new versions of malware implants. Security researchers at Cluster25 uncovered a recent campaign carried out by the North Korea-linked Konni APT group aimed at Russian diplomatic entities that used new versions of malware implants.

Phishing 132

Phishing Malware Hacking Accountability 132

Security Affairs

DECEMBER 12, 2021

Russian national Oleg Koshkin was convicted in January for charges related to the operation of a malware crypting service used by the Kelihos botnet to obfuscate malware and evade detection. Koshkin was arrested in California in September 2019 , while Tsurkan was arrested in April 2017.

Antivirus 85

Antivirus Malware Cybercrime Cyber threats 85

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Malware 123

Malware Phishing Antivirus Hacking 123

Security Affairs

JUNE 21, 2020

The United States has deported the author of NeverQuest banking malware, the computer programmer Stanislav Vitaliyevich Lisov to Russia. . The Russian hacker was suspected of being the author of the Neverquest malware , aka Vawtrak malware, and the person who administrated the control infrastructure. Pierluigi Paganini.

Banking 99

Banking Malware Advertising Hacking 99

Security Affairs

SEPTEMBER 22, 2020

” According to the 2017 indictment , Wyatt used email and telephone accounts to send messages used to threaten the hacked companies of releasing their information. “a. WYATT registered a telephone account (Account B) used in the course of the conspiracy to send threatening and extortionate text messages to victims.“.

Identity Theft 111

Identity Theft Accountability Hacking Advertising 111

Security Affairs

DECEMBER 6, 2020

The prosecutors state that Leonardo’s security systems did not detect the malware that was allegedly used by the unfaithful employee. In January 2017, the internal cybersecurity structure of Leonardo SpA reported anomalous network traffic, outgoing from some workstations of the Pomigliano D’Arco plant.

Computers and Electronics 97

Computers and Electronics Malware Media Accountability 97

Security Affairs

APRIL 20, 2023

In Q1 2023, threat actors linked to Russia’s military intelligence service focused their phishing campaigns on Ukraine, with the country accounting for over 60% of observed Russian targeting. The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. and similar services.

Phishing 86

Phishing Education Accountability Telecommunications 86

Security Affairs

APRIL 19, 2023

Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. According to the joint report, APT28 exploited the known vulnerability to carry out reconnaissance and reploy malware on unpatched Cisco routers. For some of the targeted devices, threat actors abused an SNMP exploit to deploy the Jaguar Tooth Malware.

Malware 84

Malware Firmware Government Education 84

Security Affairs

NOVEMBER 13, 2021

GravityRAT was first spotted by Cisco Talos researchers in 2017 who speculate it remained under the radar for the at least a couple of years [since 2015], In October 2020, researchers from Kaspersky Lab spotted new variants of the GravityRAT malware that was able to infect both Android and macOS devices. Record audio.

Encryption 128

Encryption Malware Media Authentication 128

Security Affairs

OCTOBER 17, 2023

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. ’ The CERT-UA also reported that the state-sponsored hackers used compromised VPN accounts that weren’t protected by multi-factor authentication. The malware maintains persistence through Cron jobs.

Telecommunications 104

Telecommunications Authentication Data collection Passwords 104

SC Magazine

MARCH 15, 2021

The school districts of Rockford, Illinois and Rockingham County, North Carolina learned some very valuable lessons in transparency and communication, timely incident response, access management, data redundancy and disaster recovery after each experienced a debilitating malware attack years ago.

Malware 78

Malware Backups Education Ransomware 78

Security Affairs

JUNE 14, 2019

Experts at Dragos firm reported that Xenotime threat actor behind the 2017 Trisis/Triton malware attack is targeting electric utilities in the US and APAC. Xenotime threat actor is considered responsible for the 2017 Trisis/ Triton malware attack that hit oil and gas organizations. continues the report.

Malware 84

Malware Advertising Authentication Passwords 84

Security Affairs

AUGUST 27, 2022

“Certain services were switched off temporarily for security reasons but the security of accounts belonging to citizens and companies and their data have not been jeopardised,” said Public Administration Minister Maras Dukaj. Montenegro immediately reported the attack to other members of the NATO alliance.

Cyber Attacks 80

Cyber Attacks Government Telecommunications Malware 80

The Last Watchdog

JANUARY 28, 2019

And the malware that subsequently gets installed continues to get more stealthy and capable with each advancing iteration. Researchers recently flushed out a new variety of the Xbash family of malware tuned to seek out administrators’ rights and take control of Linux servers. Apps from other sources can carry malware or spyware.

Passwords 196

Passwords Password Management Antivirus Internet 196

Security Affairs

FEBRUARY 19, 2020

The DRBControl APT group has been targeting gambling and betting companies worldwide with malware that links to two China-linked APT groups. Security researchers from TrendMicro have uncovered a cyber espionage campaign carried out by an APT group tracked as DRBControl that employed a new family of malware.

Malware 99

Malware Advertising Phishing Passwords 99

Security Affairs

NOVEMBER 26, 2019

According to a report published by the NUKIB Czech National Cyber and Information Security Agency (NUKIB) in September, China carried out a major cyber attack on a key government institution in the Czech Republic last year. The Czech experts discovered the security breach in early January 2017.

Cyber Attacks 89

Cyber Attacks Advertising Information Security Government 89

Security Affairs

APRIL 30, 2023

Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

System Administration 90

System Administration Government Phishing Malware 90

Security Affairs

OCTOBER 20, 2020

According to the indictment, the GRU officers were involved in attacks on Ukraine, including the attacks aimed at the country’s power grid in 2015 and 2016 that employed the BlackEnergy and Industroyer malware. Pavel Valeryevich Frolov · Developed components of the KillDisk and NotPetya malware.

Identity Theft 103

Identity Theft Malware Hacking Advertising 103

Security Affairs

MAY 15, 2020

cyber #cybersecurity @BleepinComputer #malware pic.twitter.com/CtnppIyhxn — Cyble (@AuCyble) May 14, 2020. million January 2017 CafeMom.com 2.6 million October 2017 ModaOperandi.com 1.3 Those who have their account exposed in one of the above incidents are recommended to change their password.

Data breaches 101

Data breaches Advertising Passwords Hacking 101

Security Affairs

MARCH 14, 2024

The remaining 90% of individuals being notified have had some other form of personal information impacted; including copies of loan-related transaction statements for loan accounts, employment or salary information or general information such as dates of birth.”

Data breaches 92

Data breaches Identity Theft Financial Services Cybercrime 92

Security Affairs

JANUARY 29, 2021

Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to ZINC, a DPRK-affiliated and state-sponsored group, based on observed tradecraft, infrastructure, malware patterns, and account affiliations.” Attackers used Twitter profiles for sharing links to a blog under their control ( br0vvnn[.]io

Malware 112

Malware Antivirus Hacking Accountability 112

Security Affairs

JULY 27, 2019

Marcus Hutchins has been sentenced to “time served” and one year of supervised release his role in developing and selling the Kronos banking malware. In April, Hutchins has pleaded guilty to developing and sharing the Kronos banking malware between July 2014 and July 2015.

Banking 71

Banking Malware Advertising Cybercrime 71

Security Affairs

DECEMBER 7, 2019

US DoJ charged two Russian citizens for deploying the Dridex malware and for their involvement in international bank fraud and computer hacking schemes. The Bugat malware a multifunction malware package designed to automate the theft of confidential personal and financial information. Attorney Brady.

Banking 64

Banking Malware Cybercrime Accountability 64

Security Affairs

APRIL 24, 2023

It is interesting to note that the domain was also hosting malware a variant of the TrueBot malware. Truebot has been active since 2017 and some researchers linked it to the Russian Silence Group , while a recent investigation linked it to threat actor TA505 (aka Evil Corp). com, was registered on April 12, 2023.

Cybercrime 73

Cybercrime Software Education Ransomware 73

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. ” continues the analysis.

IoT 123

IoT DDOS Architecture Passwords 123

SecureWorld News

MAY 27, 2021

A new security audit reveals that cyber bad actors hit the National Aeronautics and Space Administration (NASA) with more than 6,000 attacks during the last four years. And the audit found that attackers did successfully introduce malware into agency systems. 6 key areas where NASA's information security is failing.

Cyber Risk 63

Cyber Risk Risk Architecture Cyber threats 63