2017, Antivirus, Information Security and Malware

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. The infection chain. Twitter @Slvlombardo.

Malware

Malware Computers and Electronics Encryption Ransomware

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

Security Affairs

JUNE 17, 2021

Russian national Oleg Koshkin was convicted for operating a “crypting” service used to obfuscate the Kelihos bot from antivirus software. Russian national Oleg Koshkin was convicted for charges related to the operation of a malware crypting service used by the Kelihos botnet to obfuscate malware and evade detection.

Antivirus

Antivirus Malware Cryptocurrency Software

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Security Affairs

DECEMBER 12, 2021

Russian national Oleg Koshkin was convicted in January for charges related to the operation of a malware crypting service used by the Kelihos botnet to obfuscate malware and evade detection. Koshkin was arrested in California in September 2019 , while Tsurkan was arrested in April 2017.

Antivirus

Antivirus Malware Cybercrime Cyber threats

Chinese actors behind attacks on industrial enterprises and public institutions

Security Affairs

AUGUST 9, 2022

The emails used weaponized Microsoft Word documents exploiting the CVE-2017-11882 vulnerability. The CVE-2017-11882 flaw is a memory-corruption issue that affects all versions of Microsoft Office released between 2000 and 2017. The vulnerability affects the MS Office component EQNEDT32.EXE

Encryption

Encryption Antivirus Malware Hacking

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2 CVE-2017-18368 ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 This malware is still in beta phase and has been accidently leaked.

IoT

IoT Firmware Malware Wireless

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

Experts defined DirtyMoe as a complex malware that has been designed as a modular system. The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “Both PurpleFox and DirtyMoe are still active malware and gaining strength.”

DNS

DNS Cryptocurrency Internet Internet

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Malware

Malware Phishing Antivirus Hacking

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Security Affairs

APRIL 30, 2021

The weaponized RTF documents generated with the exploit builder are able to trigger the CVE-2017-11882 , CVE-2018-0798 , CVE-2018-0802 vulnerabilities in Microsoft’s Equation Editor. ” The report published by the experts also includes MITRE ATT&CK Matrix, researchers could contact the security firm for IoCs.

Phishing

Phishing Malware Antivirus Encryption

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

And the malware that subsequently gets installed continues to get more stealthy and capable with each advancing iteration. Researchers recently flushed out a new variety of the Xbash family of malware tuned to seek out administrators’ rights and take control of Linux servers. Apps from other sources can carry malware or spyware.

Passwords

Passwords Password Management Antivirus Internet

New APT ChamelGang Targets energy and aviation companies in Russia

Security Affairs

OCTOBER 4, 2021

In March, the cyberespionage group was observed leveraging ProxyShell against targets in 10 countries and used a variety of malware in its campaign. FRP, Cobalt Strike Beacon, and Tiny Shell) and previously undetected malware tracked as ProxyT, BeaconLoader and the DoorMe backdoor. ” reads the analysis published by the experts.

Energy and Utilities

Energy and Utilities Malware Technology Antivirus

DoubleFeature, post-exploitation dashboard used by Equation Group APT

Security Affairs

DECEMBER 28, 2021

Check Point researchers have published a detailed analysis of the DoubleFeature tool used to log post-exploitation activities in attacks conducted by the Equation Group and involving the DanderSpritz malware framework. The tool also includes features to bypass Antivirus engines and perform other malicious activities. .

Antivirus

Antivirus Malware Hacking Engineering

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. Javali trojan is active since November 2017 and targets users of financial and banking organizations geolocated in Brazil and Mexico. From here, the malware executes a new thread when specific and hardcoded web-browsers are opened.

Antivirus

Antivirus Malware Banking Internet

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to ZINC, a DPRK-affiliated and state-sponsored group, based on observed tradecraft, infrastructure, malware patterns, and account affiliations.” Not all visitors to the site were infected. ” concludes Microsoft.

Malware

Malware Antivirus Hacking Accountability

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware. Another trend was disguising malware in emails.

Ransomware

Ransomware Antivirus Malware Banking

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. These included PClock, CryptoLocker 2.0, Crypt0L0cker, and TorrentLocker.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Playing Cat and Mouse: Three Techniques Abused to Avoid Detection

Security Affairs

MAY 23, 2019

The third one is related to binary payloads abusing code signature tricks to evade traditional security controls. Sample information. As study case we chosen a Word document containing the CVE-2017-0199 exploit, which allows the document to download and execute arbitrary code at opening time. The Broken Doc. Spoofed Signature.

Antivirus

Antivirus Malware Advertising Cyber Attacks

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln

Security Affairs

JUNE 23, 2020

Fxmsp gained worldwide fame in May 2019, after it was reported that the networks belonging to leading antivirus software companies had been compromised. Fxmsp included one of his Jabber accounts, in his contact information on the forum which helped Group-IB researchers to establish his presumed identity. Geography and victims.

Antivirus

Antivirus Advertising Hacking Banking

US authorities charged Dridex gang members for stealing over $100 Million

Security Affairs

DECEMBER 7, 2019

US DoJ charged two Russian citizens for deploying the Dridex malware and for their involvement in international bank fraud and computer hacking schemes. The Bugat malware a multifunction malware package designed to automate the theft of confidential personal and financial information. Attorney Brady.

Banking

Banking Malware Cybercrime Accountability

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs

JUNE 27, 2019

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide. ” continues the report.

Identity Theft

Identity Theft Hacking System Administration Advertising

Security Affairs newsletter Round 261

Security Affairs

APRIL 26, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Spyware

Spyware Hacking Advertising Antivirus

Cybercriminal greeners from Iran attack companies worldwide for financial gain

Security Affairs

AUGUST 24, 2020

In some attacks, they attempted to elevate privileges using exploit for CVE-2017-0213. For instance, to disable built-in antivirus software, the attackers used Defender Control and Your Uninstaller. Interestingly, the threat actors likely didn’t have a clear plan on what to do with the compromised networks.

Threat Detection

Threat Detection Ransomware Advertising Cybercrime

The Most Common Types of Malware in 2021

CyberSecurity Insiders

JANUARY 31, 2021

Regardless of how familiar you are with Information Security, you’ve probably come across the term ‘malware’ countless times. From accessing your business-critical resources and sensitive information to halting business operations and services, a malware infection can quickly become an organization’s worst nightmare come true.

Malware

Malware Computers and Electronics Adware Spyware

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. Brian Krebs | @briankrebs.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Top Cybersecurity Trends for 2017

Spinone

NOVEMBER 15, 2016

Information Technology research and advisory company, Gartner, presented its top predictions for the cybersecurity industry for 2017 earlier this year. Previously Separate Security Policies Must Overlap and Converge Information security, IT security, and physical security are no longer separate concepts.

Cybersecurity

Cybersecurity Software Internet Internet

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

The Last Watchdog

FEBRUARY 28, 2021

Regardless of how familiar you are with Information Security, you’ve probably come across the term ‘malware’ countless times. From accessing your business-critical resources and sensitive information to halting business operations and services, a malware infection can quickly become an organization’s worst nightmare come true.

Cyber threats

Cyber threats Computers and Electronics Adware Spyware

DOJ indicts Fxmsp hacker for selling access to hacked businesses

Security Affairs

JULY 8, 2020

Once the hacker gained access to the network, the deployed password-stealing malware and remote access trojans (RATs) to harvest credentials and establish persistence in the system. The name Fxmsp refers a high-profile Russian- and English-speaking hacking group focused on breaching high-profile private corporate and government information.

Hacking

Hacking Antivirus Advertising Cybercrime

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

The Last Watchdog

AUGUST 15, 2019

A survey of local media reports by Recorded Future tallied 38 ransomware attacks against cities in 2017, rising to 53 attacks in 2018. While reporting for USA Today in 2009, I wrote about how fraudsters launched scareware campaigns to lock up computer screens as a means to extract $80 for worthless antivirus protection.

Ransomware

Ransomware Internet Internet Hacking

Hundreds of C-level executives credentials available for $100 to $1500 per account

Security Affairs

NOVEMBER 28, 2020

Once the hacker gained access to the network, they deployed password-stealing malware and remote access trojans (RATs) to harvest credentials and establish persistence in the system. The name Fxmsp refers a high-profile Russian- and English-speaking hacking group focused on breaching high-profile private corporate and government information.

Accountability

Accountability Cybercrime Hacking Retail

Microsoft warns of growing DoppelPaymer Ransomware threat

Security Affairs

NOVEMBER 21, 2019

There is misleading information circulating about Microsoft Teams, along with references to RDP (BlueKeep), as ways in which this malware spreads.” “Our security research teams have investigated and found no evidence to support these claims. SecurityAffairs – DoppelPaymer ransomware, malware).

Ransomware

Ransomware Social Engineering Malware Advertising

Security Affairs newsletter Round 221 – News of the week

Security Affairs

JULY 7, 2019

Firefox finally addressed the Antivirus software TLS Errors. US Cyber Command warns of Iran-linked hackers exploiting CVE-2017-11774 Outlook flaw. Magento fixed security flaws that allow complete site takeover. Cryptomining Campaign involves Golang malware to target Linux servers. LooCipher: The New Infernal Ransomware.

Scams

Scams Spyware DNS Advertising

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 28, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cybercrime

Cybercrime Spyware Data breaches Antivirus

Top 6 Rootkit Threats and How to Protect Yourself

eSecurity Planet

NOVEMBER 7, 2022

In the ever-evolving world of malware , rootkits are some of the most dangerous threats out there. Because of how deeply embedded kernel-mode rootkits are within a computer’s system, they can be one of the most damaging types of malware out there. Looking for More About Malware? Check Out What is Malware?

Firmware

Firmware Malware Antivirus Firewall

MuddyWater APT group is back with updated TTPs

Security Affairs

DECEMBER 11, 2022

The first MuddyWater campaign was observed in late 2017 when targeted entities in the Middle East. HTML attachments are often delivered to the recipients and not blocked by antivirus and email security solutions. The experts pointed out that the campaign exhibits updated TTPs.

Antivirus

Antivirus Hacking Information Security Malware

Cyber Security Informer

Wannacry, the hybrid malware that brought the world to its knees

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

Webinars

Trending Sources

Purple Lambert, a new malware of CIA-linked Lambert APT group

Webinars

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Chinese actors behind attacks on industrial enterprises and public institutions

BotenaGo botnet targets millions of IoT devices using 33 exploits

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

China-linked APT uses a new backdoor in attacks at Russian defense contractor

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

New APT ChamelGang Targets energy and aviation companies in Russia

DoubleFeature, post-exploitation dashboard used by Equation Group APT

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Microsoft: North Korea-linked Zinc APT targets security experts

Ransomware Revival: Troldesh becomes a leader by the number of attacks

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Playing Cat and Mouse: Three Techniques Abused to Avoid Detection

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln

US authorities charged Dridex gang members for stealing over $100 Million

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs newsletter Round 261

Cybercriminal greeners from Iran attack companies worldwide for financial gain

The Most Common Types of Malware in 2021

Top Cybersecurity Accounts to Follow on Twitter

Top Cybersecurity Trends for 2017

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

DOJ indicts Fxmsp hacker for selling access to hacked businesses

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

Hundreds of C-level executives credentials available for $100 to $1500 per account

Microsoft warns of growing DoppelPaymer Ransomware threat

Security Affairs newsletter Round 221 – News of the week

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

Top 6 Rootkit Threats and How to Protect Yourself

MuddyWater APT group is back with updated TTPs

Stay Connected