2017 and Architecture - Cyber Security Informer

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

In this latest campaign, our investigation also uncovered prebuilt Hiatus binaries that target new architectures such as Arm, Intel 80386, and x86-64 and previously targeted architectures such as MIPS, MIPS64, and i386. reads the report published by Black Lotus Labs. Attackers also attempted to exploit weak vendor-supplied passwords.

Architecture

Architecture Internet Internet Malware

Deloitte denied its systems were hacked by Brain Cipher ransomware group

Security Affairs

DECEMBER 9, 2024

In September 2017, theaccountancy firm giant revealed thatwas targeted by a sophisticated attack that compromised the confidential emails and plans of some of its blue-chip clients. In addition to emails, hackers had potential access to IP addresses, architectural diagrams for businesses and health information.

Hacking

Hacking Ransomware Accountability Architecture

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

The most interesting characteristic of the Triada Trojan is its modular architecture, which gives it theoretically a wide range of abilities. In July 2017, Dr.Web researchers discovered many smartphonemodels were shipped with the dreaded Triada trojan such as Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20.

Cryptocurrency

Cryptocurrency Malware Firmware Mobile

APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq

Security Affairs

MAY 13, 2025

Marbled Dust has been active since at least 2017 and primarily targets organizations in Europe and the Middle East. Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. Microsoft researchers believe the group selects this method based on reconnaissance, confirming the use of the app.

DNS

DNS Telecommunications Architecture Media

NIST’s Post-Quantum Cryptography Standards

Schneier on Security

AUGUST 8, 2022

In 2017, NIST received eighty-two post-quantum algorithm submissions from all over the world. It took a couple of decades to fully understand von Neumann computer architecture; expect the same learning curve with quantum computing. Then, with input from the cryptographic community, NIST crowns a winner.

Encryption

Encryption Architecture Engineering Information Security

Crosspost: A Simple SOAR Adoption Maturity Model

Anton on Security

JUNE 17, 2022

For example, in my analyst days, I built a maturity model for a SOC (2018) , a SIEM deployment (2018) and vulnerability management (2017). Thanks to Google SOAR Solution Architecture Manager Oleg Siminel , and others from the Siemplify field team, for their support here. Guess which one is missing? The one for SOAR!

Architecture

Architecture Technology Phishing

Evaluating the NSA's Telephony Metadata Program

Schneier on Security

AUGUST 12, 2019

The first concern was over high numbers: in both 2016 and 2017, the Foreign Intelligence Surveillance Court issued 40 orders for collection, but the NSA collected hundreds of millions of CDRs, and the agency provided little clarification for the high numbers. For a time, the new program seemed to be functioning well.

Surveillance

Surveillance Architecture Encryption Technology

WordCamp Seattle 2017 – The Emerald City Event

SiteLock

AUGUST 27, 2021

Kostas Nicolacopoulos (@KostasNi) November 4, 2017. It was also clear that her focus on IA (Information Architecture) and UX (User Experience) isn’t just a skill, but also a passion. Because your ultimate goal should be to connect with your audience via your content, not just rank high in search results. You Created a Plugin.

Architecture

Architecture Marketing Malware Software

GhostRace – New Data Leak Vulnerability Affects Modern CPUs

The Hacker News

MARCH 15, 2024

A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed GhostRace (CVE-2024-2193), it is a variation of the transient execution CPU vulnerability known as Spectre v1 (CVE-2017-5753). The approach combines speculative execution and race conditions.

Architecture

My Philosophy and Recommendations Around the LastPass Breaches

Daniel Miessler

DECEMBER 24, 2022

These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture. That’s the natural place for core functionality, which I wrote about in 2017. Actually, some data was lost.

Password Management

Password Management Passwords Encryption Backups

Equifax Breach Underscores Need for Accountability, Simpler Architectures

Dark Reading

DECEMBER 11, 2018

A new congressional report says the credit reporting firm's September 2017 breach was 'entirely preventable.'

Architecture

Architecture Accountability

CISA warns of phishing attacks delivering KONNI RAT

Security Affairs

AUGUST 17, 2020

The KONNI RAT was first discovered in May 2017 by researchers from the Cisco Talos team after it was employed in attacks aimed at organizations linked to North Korea. The KONNI malware also employed in at least two campaigns in 2017. Upon enabling the macros, the code will fetch and install the KONNI malware.

Phishing

Phishing Malware Advertising Architecture

CFPB’s Proposed Data Rules

Schneier on Security

JANUARY 31, 2024

Despite being responsible for one of the biggest data breaches of all time in 2017, the credit bureau Equifax is still around—illustrating that the oligopolistic nature of this market means that companies face few consequences for misbehavior. Equifax, Transunion and Experian make up a longstanding oligopoly for credit reporting.

Banking

Banking Financial Services Marketing Data privacy

New NKAbuse malware abuses NKN decentralized P2P network protocol

Security Affairs

DECEMBER 15, 2023

The malicious code can target various architectures, it supports both flooder and backdoor capabilities. The primary target of NKAbuse is Linux desktops, however, it can target MISP and ARM architecture. NKN (New Kind of Network) is a decentralized peer-to-peer network protocol that relies on blockchain technology. .

Malware

Malware Architecture Technology DDOS

Microsoft Warns of Email Attacks Executing Code Using an Old Bug

Threatpost

JUNE 10, 2019

The flaw affected all versions of Microsoft Office, Microsoft Windows and architecture types dating back to 2000, and was patched in November 2017.

Architecture

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since at least 2011. In 2017, Symantec speculated that at least 40 targets in 16 countries have been compromised by the threat actors. The targets were all located in the Middle East, Europe, Asia, and Africa.

Malware

Malware Telecommunications Advertising Encryption

Beyond the Surface: the evolution and expansion of the SideWinder APT group

SecureList

OCTOBER 15, 2024

RTF exploit RTF files were specifically crafted by the attacker to exploit CVE-2017-11882, a memory corruption vulnerability in Microsoft Office software. Some infection routines do not check the architecture. The payloads are selected at runtime according to the system architecture, and merged before injection.

Malware

Malware Encryption Architecture Phishing

Samsung shipped 100 million Galaxy smart phones filled with critical security vulnerabilities

CyberSecurity Insiders

FEBRUARY 28, 2022

As per a study conducted by Tel Aviv University, a wide range of Samsung Smart Phones across multiple generations are being released into the market with a major security flaw and the concern is that vulnerability has been existing since 2017- the year when the Galaxy S8 made its first debut.

Mobile

Mobile Architecture Marketing Encryption

Experts spotted a new Mirai variant that targets new processors

Security Affairs

APRIL 10, 2019

Palo Alto Networks researchers discovered a new variant of the Mirai malware that is targeting more processor architectures than previous ones. Mirai botnet continues to be one of the most dangerous malware in the threat landscape, experts at Palo Alto Networks discovered a new variant that targets more processor architectures than before.

Architecture

Architecture DDOS IoT Internet

Microsoft enabled Retpoline mitigations against the Spectre Variant 2 for Windows 10

Security Affairs

MARCH 4, 2019

The Meltdown attack (CVE-2017-5754) could allow attackers to read the entire physical memory of the target machines stealing credentials, personal information, and more. The Spectre attack (CVE-2017-5753 and CVE-2017-5715) allows user-mode applications to extract information from other processes running on the same system.

Advertising

Advertising Architecture Software Hacking

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

Researchers from Black Lotus Labs at Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed to target devices based on multiple architectures, including Windows and Linux. A new multifunctional Go-based malware dubbed Chaos is targeting both Windows and Linux systems, experts warn.

Malware

Malware DDOS Architecture Financial Services

Iran-linked APT is exploiting the Zerologon flaw in attacks

Security Affairs

OCTOBER 6, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. The first MuddyWater campaign was observed in late 2017 when targeted entities in the Middle East.

Authentication

Authentication Advertising Architecture Cyber Attacks

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. Then the script downloads the actual Enemybot binary which is compiled for the target device’s architecture. The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion.

DDOS

DDOS Architecture Malware Cybercrime

StripedFly: Perennially flying under the radar

SecureList

OCTOBER 25, 2023

Subsequent analysis revealed earlier instances of suspicious code dating back to 2017. Importantly, our investigation, which considered binary timestamps, indicated that this exploit was created prior to April 2017. It is worth noting that the EternalBlue exploit was publicly disclosed by the Shadow Brokers group on April 14, 2017.

Malware

Malware DNS Encryption Cryptocurrency

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. The botnet was first discovered by Fortinet in March, the DDoS botnet targeted several routers and web servers by exploiting known vulnerabilities. The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion.

Malware

Malware DDOS IoT Cybercrime

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

includes several new flaws, including: Vulnerability Affected software CVE-2017-17105 Zivif PR115-204-P-RS CVE-2019-10655 Grandstream CVE-2020-25223 WebAdmin of Sophos SG UTM CVE-2021-42013 Apache CVE-2022-31137 Roxy-WI CVE-2022-33891 Apache Spark ZSL-2022-5717 MiniDVBLinux. “Since the release of Zerobot 1.1,

IoT

IoT DDOS Malware Firmware

Deloitte denied its systems were hacked by Brain Cipher ransomware group

Security Affairs

DECEMBER 9, 2024

In September 2017, the accountancy firm giant revealed that was targeted by a sophisticated attack that compromised the confidential emails and plans of some of its blue-chip clients. In addition to emails, hackers had potential access to IP addresses, architectural diagrams for businesses and health information.

Hacking

Hacking Ransomware Accountability Architecture

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

SecureList

APRIL 17, 2025

At that time, we identified this backdoor as related to the IronHusky APT, a Chinese-speaking threat actor operating since at least 2017. However, this transition to a modular architecture isn’t something new as we have seen modular versions of the MysterySnail RAT deployed as early as 2021.

Malware

Malware Encryption Architecture Engineering

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

. “Our analysis of this particular sample indicates the file executes on microprocessor without interlocked pipelined stages (MIPS) architecture. This is an extension understood by machines running reduced instruction set computer (RISC) architecture, which is prevalent on many IoT devices.” ” continues the analysis.

IoT

IoT DDOS Architecture Passwords

Torii botnet, probably the most sophisticated IoT botnet of ever

Security Affairs

SEPTEMBER 29, 2018

According to experts from Avast, the Torii bot has been active since at least December 2017, it could targets a broad range of architectures, including ARM, MIPS, x86, x64, PowerPC, and SuperH. The Torii IoT botnet stands out for the largest sets of architectures it is able to target.

IoT

IoT Architecture Advertising DDOS

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

Loucaides One type of common firmware vulnerability isn’t so much a coding flaw as it is an architectural soft spot, if you will. Launched in 2017, the company is led by CEO and co–founder, Yuriy Bulygin, who formerly led senior-level security teams at Intel, and CTO and co-founder Alex Bazhaniuk, also an Intel security alumn.

Firmware

Firmware Cybersecurity Technology Authentication

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

The MosaicRegressor framework was developed for cyber espionage purposes, its modular architecture allows operators to perform multiple actions. Kaspersky researchers revealed to have found MosaicRegressor components at several dozen entities between 2017 and 2019.

Firmware

Firmware Spyware Surveillance Hacking

BrandPost: Top 5 Regulatory Reasons for Implementing Zero Trust

CSO Magazine

OCTOBER 27, 2022

It is a floor for any technology vendor who wants to provide high-value solutions to government or commercial customers. Before getting into the details, let’s first settle on what we mean by Zero Trust.

Architecture

Architecture Marketing Technology Government

Boffins discovered seven new Meltdown and Spectre attacks

Security Affairs

NOVEMBER 14, 2018

The expert devised two attacks dubbed Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) , which could be conducted to sensitive data processed by the CPU. to encode out-of-bounds secrets that are never architecturally visible. Spectre-PHT (Pattern History Table).

Advertising

Advertising Architecture Manufacturing Hacking

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017, causing billions worth of damage. “The actor has so far primarily deployed Cyclops Blink to WatchGuard devices, but it is likely that Sandworm would be capable of compiling the malware for other architectures and firmware.”

Malware

Malware Firmware Architecture Firewall

SiteLock Reviews: Events We Love in 2018

SiteLock

AUGUST 27, 2021

1-3, 2017 in Nashville, TN. Even though WordCamp US was in 2017, we had to feature this beauty as it is one of the largest global WordCamp events of the year. But the biggest uncovering at the 2017 conference was the Gutenberg Editor Project —the biggest change in WordPress since 2003. Check out our WordCamp US 2017 recap here.

Education

Education Architecture Marketing Mobile

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

The most interesting characteristic of the Triada Trojan apart is its modular architecture, which gives it theoretically a wide range of abilities. Triada was designed with the specific intent to implement financial frauds, typically hijacking the financial SMS transactions.

Firmware

Firmware Mobile Malware Retail

Top Cybersecurity Trends for 2017

Spinone

NOVEMBER 15, 2016

Information Technology research and advisory company, Gartner, presented its top predictions for the cybersecurity industry for 2017 earlier this year. Adoption of Adaptive Security Architecture It’s no longer sufficient to install a firewall and the latest antivirus software and hope for the best.

Cybersecurity

Cybersecurity Software Internet Internet

Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol

SecureList

DECEMBER 14, 2023

Written in Go, it is flexible enough to generate binaries compatible with various architectures. A not-so-new attack vector Evidence collected and analyzed by GERT suggests that this attack exploited an old vulnerability related to Struts2 (CVE-2017-5638 – Apache Struts2), targeting a financial company. (#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#cont

Malware

Malware Architecture DNS DDOS

FELIXROOT Backdoor is back in a new fresh spam campaign

Security Affairs

JULY 30, 2018

The FELIXROOT backdoor was first spotted by FireEye in September 2017, when attackers used it in attacks targeting Ukrainians. The documents include code to exploit known Microsoft Office vulnerabilities CVE-2017-0199 and CVE-2017-11882 to drop and execute the backdoor binary. ” reads the analysis published by FireEye.

Encryption

Encryption Advertising Malware Architecture

Muhstik botnet adds Oracle WebLogic and Drupal exploits

Security Affairs

NOVEMBER 11, 2020

The bot includes exploits for Oracle WebLogic Server vulnerabilities CVE-2019-2725 and CVE-2017-10271 , and the Drupal RCE flaw tracked as CVE-2018-7600. The payload is named “pty” followed by a number used to map the architecture. Researchers from Lacework have analyzed the attack chain implemented by the Muhstik bot.

IoT

IoT Malware DDOS Architecture

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

“The APT actors’ tools have a modular architecture and enable cyber actors to conduct highly automated exploits against targeted devices. . “The APT actors’ tools have a modular architecture and enable cyber actors to conduct highly automated exploits against targeted devices.

Backups

Backups Architecture Passwords Cyber Attacks

6 Takeaways From the Changes in OWASP’s Top 10 Vulnerability Ranking

CyberSecurity Insiders

OCTOBER 10, 2021

The last update to the OWASP Top 10 Vulnerability Ranking was in late 2017. A comparison of the 2017 and 2021 Top 10 sequential listing is also provided. This is actually the new name for A03-2017 Sensitive Data Exposure. Much has changed in the cyber threat landscape since then. Cryptographic failures moving a notch up.

Cyber threats

Cyber threats Cyber Attacks Software Risk

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

Security Affairs

NOVEMBER 4, 2023

Kinsing actors often exploited the PHPUnit vulnerability ( CVE-2017-9841 ) and it engaged in fully automated attacks as part of mining cryptocurrency. .” The discovery demonstrates that Kinsing actors are rapidly adding new exploits to their arsenal, expanding the potential targets. The script is accessible for review here.

Architecture

Architecture Cryptocurrency Hacking Cybercrime

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Deloitte denied its systems were hacked by Brain Cipher ransomware group

Trending Sources

New Triada Trojan comes preinstalled on Android devices

APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq

NIST’s Post-Quantum Cryptography Standards

Crosspost: A Simple SOAR Adoption Maturity Model

Evaluating the NSA's Telephony Metadata Program

WordCamp Seattle 2017 – The Emerald City Event

GhostRace – New Data Leak Vulnerability Affects Modern CPUs

My Philosophy and Recommendations Around the LastPass Breaches

Equifax Breach Underscores Need for Accountability, Simpler Architectures

CISA warns of phishing attacks delivering KONNI RAT

CFPB’s Proposed Data Rules

New NKAbuse malware abuses NKN decentralized P2P network protocol

Microsoft Warns of Email Attacks Executing Code Using an Old Bug

DePriMon downloader uses a never seen installation technique

Beyond the Surface: the evolution and expansion of the SideWinder APT group

Samsung shipped 100 million Galaxy smart phones filled with critical security vulnerabilities

Experts spotted a new Mirai variant that targets new processors

Microsoft enabled Retpoline mitigations against the Spectre Variant 2 for Windows 10

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Iran-linked APT is exploiting the Zerologon flaw in attacks

Enemybot, a new DDoS botnet appears in the threat landscape

StripedFly: Perennially flying under the radar

EnemyBot malware adds new exploits to target CMS servers and Android devices

A new Zerobot variant spreads by exploiting Apache flaws

Deloitte denied its systems were hacked by Brain Cipher ransomware group

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

Mozi Botnet is responsible for most of the IoT Traffic

Torii botnet, probably the most sophisticated IoT botnet of ever

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

Second-ever UEFI rootkit used in North Korea-themed attacks

BrandPost: Top 5 Regulatory Reasons for Implementing Zero Trust

Boffins discovered seven new Meltdown and Spectre attacks

US and UK link new Cyclops Blink malware to Russian state hackers?

SiteLock Reviews: Events We Love in 2018

Android devices shipped with backdoored firmware as part of the BADBOX network

Top Cybersecurity Trends for 2017

Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol

FELIXROOT Backdoor is back in a new fresh spam campaign

Muhstik botnet adds Oracle WebLogic and Drupal exploits

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

6 Takeaways From the Changes in OWASP’s Top 10 Vulnerability Ranking

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

Stay Connected