Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. The infection chain. Twitter @Slvlombardo.

Malware 97

Malware Computers and Electronics Encryption Ransomware 97

Security Affairs

MARCH 26, 2024

A new variant of TheMoon malware infected thousands of outdated small office and home office (SOHO) routers and IoT devices worldwide. The activity of the TheMoon botnet was first spotted in 2014, and since 2017 its operators added to the code of the bot at least 6 IoT device exploits.

IoT 122

IoT Cybercrime Internet Internet 122

Security Affairs

SEPTEMBER 29, 2022

A new multifunctional Go-based malware dubbed Chaos is targeting both Windows and Linux systems, experts warn. Researchers from Black Lotus Labs at Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed to target devices based on multiple architectures, including Windows and Linux.

Malware 86

Malware DDOS Architecture Financial Services 86

Security Affairs

FEBRUARY 23, 2022

UK and US cybersecurity agencies linked Cyclops Blink malware to Russia’s Sandworm APT. US and UK cybersecurity and law enforcement agencies published a joint security advisory about a new malware, dubbed Cyclops Blink, that has been linked to the Russian-backed Sandworm APT group. appeared first on Security Affairs.

Malware 91

Malware Firmware Architecture Firewall 91

Security Affairs

JULY 29, 2019

According to experts at Sonicwall, scanning of random ports and the diffusion of encrypted malware are characterizing the threat landscape. In 2018, global malware volume recorded by SonicWall hit a record-breaking 10.52 Most of the attacks targeted non-standard ports and experts observed a spike in the number of encrypted malware.

IoT 84

IoT Encryption Malware Advertising 84

Security Affairs

AUGUST 1, 2020

A 30-year-old Moldovan man pleaded guilty this week for creating the FastPOS malware that infected PoS systems worldwide. The Moldovan citizen Valerian Chiochiu (30), aka Onassis, pleaded guilty on Friday for creating the infamous FastPOS Point-of-Sale (POS) malware. and infraud.ws. Pierluigi Paganini.

Malware 72

Malware Advertising Cybercrime Hacking 72

Security Affairs

OCTOBER 3, 2021

TA544 is a financially motivated threat actor that is active at least since 2017, it focuses on attacks on banking users, it leverages banking malware and other payloads to target organizations worldwide, mainly in Italy and Japan. ” reads the analysis published by Proofpoint. Pierluigi Paganini.

Malware 83

Malware Banking Social Engineering Retail 83

Security Affairs

JULY 23, 2020

North Korea-linked Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA, to target entities worldwide. The MATA malware framework could target Windows, Linux, and macOS operating systems. The malware framework implements a wide range of features that allow attackers to fully control the infected systems.

Malware 100

Malware Ransomware Advertising Encryption 100

Security Affairs

APRIL 10, 2021

Microsoft researchers spotted a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. Security experts from Microsoft have uncovered a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. SecurityAffairs – hacking, IcedID malware).

Malware 97

Malware Banking Marketing Authentication 97

Security Affairs

DECEMBER 12, 2021

Russian national Oleg Koshkin was convicted in January for charges related to the operation of a malware crypting service used by the Kelihos botnet to obfuscate malware and evade detection. Koshkin was arrested in California in September 2019 , while Tsurkan was arrested in April 2017.

Antivirus 86

Antivirus Malware Cybercrime Cyber threats 86

Security Affairs

APRIL 8, 2022

A Ukrainian man was sentenced in the US to 5 years in prison for his criminal activity in the cybercrime group FIN7. for high-level hacking activity in the cybercrime group FIN7 (aka Carbanak Group and the Navigator Group). Iarmak is the third member of the FIN7 cybercrime group to be sentenced in the U.S. in May 2020.

Cybercrime 105

Cybercrime Hacking Software Phishing 105

Security Affairs

NOVEMBER 22, 2019

The Russian hacker who created and used Neverquest banking malware has finally been sentenced to 4 years in prison by a US District Court. Lisov was arrested in January 2017 at the Barcelona airport by the Guardia Civil. Lisov was arrested in January 2017 at the Barcelona airport by the Guardia Civil. Pierluigi Paganini.

Banking 102

Banking Malware Advertising Passwords 102

Security Affairs

NOVEMBER 12, 2019

The analysis of a malicious email revealed a possible raising interest of the TA505 cybercrime gang in system integrator companies. The domain validtree.com is registered through namecheap.com on 2017-12-07T15:55:27Z but recently renewed on 2019-10-16T05:35:18Z. Introduction. The following image shows the decoding process. 66.133.129.5)

Cybercrime 42

Cybercrime Computers and Electronics Penetration Testing Malware 42

Security Affairs

DECEMBER 22, 2022

. “South Korea’s main spy agency, the National Intelligence Service, said North Korea’s capacity to steal digital assets is considered among the best in the world because of the country’s focus on cybercrimes since U.N. economic sanctions were toughened in 2017 in response to its nuclear and missile tests.” Citing the U.S.

Cryptocurrency 127

Cryptocurrency Cybercrime Media Government 127

Krebs on Security

JUNE 22, 2022

.” The DOJ’s statement doesn’t mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums. “Thanks to you, we are now developing in the field of information security and anonymity!,”

Advertising 267

Advertising Cybercrime System Administration Hacking 267

Security Affairs

AUGUST 13, 2021

The news was first reported by TheRecord website, the master decryption keys work for victims that were infected between July 2017 and early 2021. “The keys have been verified as authentic by Michael Gillespie , a malware analyst at security firm Emsisoft and the creator of the ID-Ransomware service.”

Ransomware 137

Ransomware Authentication Malware Hacking 137

Security Affairs

OCTOBER 12, 2023

In September more than 17,000 WordPress websites have been compromised by the Balada Injector malware. The Balada injector is a malware family that has been active since 2017. The malware supports multiple attack vectors and persistence mechanisms. ” states the report published by Sucuri.

Malware 114

Malware Hacking Accountability Cybercrime 114

Security Affairs

APRIL 17, 2022

The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. Experts pointed out that the malware is being actively developed. It uses several techniques commonly found in other DDoS botnet malware to infect other devices.”. Upon installing the threat, the bot drops a file in /tmp/.pwned

DDOS 134

DDOS Architecture Malware Cybercrime 134

Security Affairs

NOVEMBER 11, 2021

CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2 CVE-2017-18368 ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 This malware is still in beta phase and has been accidently leaked.

IoT 122

IoT Firmware Malware Wireless 122

Security Affairs

MARCH 14, 2024

The company did not share details about the attack or its scope, but a few weeks later the Akira ransomware group claimed to have stolen 100 GB of information from the company. Stolen data included corporate files and personal information Nissan refused to pay the ransom and the cybercrime group published the alleged stolen files.

Data breaches 93

Data breaches Identity Theft Financial Services Cybercrime 93

Security Affairs

JUNE 5, 2019

A new piece of malware appeared in the threat landscape, dubbed BlackSquid it targets web servers with several exploits to deliver cryptocurrency miners. Security experts at Trend Micro have discovered a new Monero cryptomining miner, dubbed BlackSquid, that is targeting web servers, network drives, and removable drives.

Cryptocurrency 62

Cryptocurrency Malware Advertising Hacking 62

Security Affairs

DECEMBER 22, 2022

Zerobot operators are offering the botnet as a malware-as-a-service model, one domain (zerostresser[.]com) the malware operators have removed CVE-2018-12613, a phpMyAdmin vulnerability that could allow threat actors to view or execute files. The IT giant is tracking this cluster of threat activity as DEV-1061.

IoT 115

IoT DDOS Malware Firmware 115

Security Affairs

JULY 21, 2021

Check Point Research (CPR) experts have spotted a cheap malware, dubbed XLoader variant, which was upgraded to target both Windows and macOS PCs. XLoader is a very cheap malware strain that is based on the popular Formbook Windows malware. Thus, a “Malware-as-a-Service” scheme is used. ” continues the report.

Spyware 100

Spyware Malware Cybercrime Advertising 100

Security Affairs

JANUARY 31, 2021

The Rocke group is using a new piece of cryptojacking malware dubbed Pro-Ocean to target Apache ActiveMQ, Oracle WebLogic, and Redis installs. The cybercrime group Rocke is using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable Apache ActiveMQ, Oracle WebLogic, and Redis intalls.

Malware 83

Malware Cryptocurrency Firewall Cybercrime 83

Security Affairs

OCTOBER 8, 2023

Human Security identified a supply chain of a Chinese manufacturer that was compromised to backdoor the firmware of several products delivered to resellers, physical retail stores and e-commerce warehouses. The experts conclude warning the owners of the compromised devices that is can be very complex to remove BADBOX from their product.

Firmware 143

Firmware Mobile Malware Retail 143

Security Affairs

MARCH 17, 2020

FireEye compiled the report using data from dozens of ransomware infections that it has investigated from 2017 to 2019. The timing of the ransomware attacks is not casual, attackers attempt to deploy the malware when the presence of the IT staff is reduced and the likelihood to be detected is low. Pierluigi Paganini.

Ransomware 111

Ransomware Advertising Malware Cybercrime 111

Security Affairs

AUGUST 11, 2023

A variant of the Gafgyt botnet is actively attempting to exploit a vulnerability, tracked as CVE-2017-18368 (CVSS v3: 9.8), impacting the end-of-life Zyxel P660HN-T1A router. Zyxel addressed the vulnerability in 2017 with the release of new firmware, however, the vendor warned that a Gafgyt variant was exploiting the flaw in 2019.

Firmware 75

Firmware Hacking Cybercrime Information Security 75

Security Affairs

JULY 6, 2023

A new variant of the Truebot malware was used in attacks against organizations in the United States and Canada. ALERT: Increased #Truebot malware activity targets U.S. & The attackers use the malware to escalate privileges and maintain persistence on the compromised systems. & Canada organizations.

Malware 84

Malware Cyber threats Phishing Hacking 84

Security Affairs

JUNE 16, 2023

The malware is distributed as the messaging apps BingeChat and Chatico. The GravityRAT malware Access Trojan (RAT) is believed to be the work of Pakistani hacker groups, it was mainly employed in attacks aimed at Indian users. .” MalwareHunterTeam researchers first shared the hash for a GravityRAT sample via a tweet.

Backups 91

Backups Spyware Malware Accountability 91

Security Affairs

MARCH 29, 2020

The CrySis ransomware was first spotted in by experts at ESET, the malware has infected systems, mostly in Russia, Japan, South and North Korea, and Brazil. ” reads the post published by “This, in turn, would result in the broader proliferation among multiple cybercrime groups, and an eventual surge in attacks.”

Ransomware 109

Ransomware Hacking Advertising Malware 109

Security Affairs

OCTOBER 26, 2022

Kaye made a name for himself as the developer and seller of the GovRAT malware that his “customers” used to hack U.S. ’s National Crime Agency (NCA) in February 2017. In June 2017, Kaye pleaded guilty in court to hijacking more than 900,000 routers from the network of Deutsche Telekom.

Marketing 87

Marketing Government Hacking Accountability 87

Security Affairs

AUGUST 12, 2021

CrowdStrike recently observed a malicious activity associated with Magniber ransomware , a threat that has been active since 2017. “CrowdStrike recently observed new activity related to a 2017 ransomware family, known as Magniber, using the PrintNighmare vulnerability on victims in South Korea. ” CrowdStrike concludes.

Ransomware 114

Ransomware Cybercrime Encryption Hacking 114

Security Affairs

JUNE 5, 2023

Truebot has been active since 2017 and some researchers linked it to the Silence Group , while a recent investigation linked it to threat actor TA505 (aka Evil Corp). When an organization is infected with this malware, it can quickly escalate to become a bigger infection, similar to how ransomware spreads throughout a network.”

Malware 78

Malware Ransomware Hacking Software 78

Security Affairs

OCTOBER 29, 2020

The government agencies receive information about imminent attacks, threat actors are using the TrickBot botnet to deliver the infamous ransomware to the infected systems. “CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.

Healthcare 143

Healthcare Ransomware Cybercrime Advertising 143

Security Affairs

JULY 27, 2019

Marcus Hutchins has been sentenced to “time served” and one year of supervised release his role in developing and selling the Kronos banking malware. In April, Hutchins has pleaded guilty to developing and sharing the Kronos banking malware between July 2014 and July 2015. SecurityAffairs – Marcus Hutchins, cybercrime).

Banking 71

Banking Malware Advertising Cybercrime 71

Security Affairs

JUNE 13, 2021

If you want to also receive for free the international press subscribe here. million customers impacted. million customers impacted. million customers impacted. million customers impacted.

Data breaches 61

Data breaches Hacking Cryptocurrency Scams 61

Security Affairs

DECEMBER 11, 2022

Truebot has been active since 2017 and some researchers linked it to the Silence Group , while a recent investigation linked it to threat actor TA505 (aka Evil Corp). In October, a larger number of infections leveraged Raspberry Robin, a recent malware spread through USB drives, as a delivery vector.”

Ransomware 120

Ransomware Malware Internet Internet 120