2017, Information Security, Malware and Passwords

TA547 targets German organizations with Rhadamanthys malware

Security Affairs

APRIL 12, 2024

Proofpoint researchers observed a threat actor, tracked as TA547, targeting German organizations with an email campaign delivering the Rhadamanthys malware. The security firm pointed out that this is the first TA547 group to use this malware family. The experts also discovered the attempts of using LLM in malware campaigns.

Malware

Malware Social Engineering Retail Engineering

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

On January 4, 2017, Case Western Reserve University (CWRU), located in Cleveland, Ohio, became aware of an infection on more than 100 of its computers. The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. Who is Phillip Durachinsky?

Malware

Malware Passwords Identity Theft Data collection

PurpleFox malware infected at least 2,000 computers in Ukraine

Security Affairs

FEBRUARY 2, 2024

The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. ” reads the alert published by CERT-UA.

Malware

Malware Internet Internet DDOS

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Security Affairs

DECEMBER 29, 2021

China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. ” reads the analysis published by NTT Security.

Malware

Malware Phishing Passwords Media

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. It uses a list of hardcoded username/password combinations to login into devices in the attempt to access systems using weak or default credentials. The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).”

Malware

Malware DDOS IoT Cybercrime

New Coronavirus-themed malspam campaign delivers FormBook Malware

Security Affairs

MARCH 8, 2020

Experts uncovered a new Coronavirus (COVID-19 ) -themed campaign that is distributing a malware downloader that delivers the FormBook information-stealing Trojan. Experts at MalwareHunterTeam uncovered a new malspam campaign exploiting the fear in the Coronavirus (COVID-19) to deliver malware.

Malware

Malware Scams Social Engineering Phishing

QNAP urges users to update Malware Remover after QSnatch joint alert

Security Affairs

AUGUST 2, 2020

The Taiwanese vendor QNAP urges its users to update the Malware Remover app following the alert on the QSnatch malware. The Taiwanese company QNAP is urging its users to update the Malware Remover app to prevent NAS devices from being infected by the QSnatch malware. Webshell functionality for remote access.

Malware

Malware Advertising Passwords Manufacturing

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. ” reads the report published by Recorded Future.

Malware

Malware Telecommunications DNS Hacking

Two PoS Malware used to steal data from more than 167,000 credit cards

Security Affairs

OCTOBER 25, 2022

Researchers reported that threat actors used 2 PoS malware variants to steal information about more than 167,000 credit cards. Cybersecurity firm Group-IB discovered two PoS malware to steal data associated with more than 167,000 credit cards from point-of-sale payment terminals. MajikPOS is written using the “.NET

Malware

Malware Cybercrime Banking Marketing

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Security Affairs

NOVEMBER 22, 2019

The Russian hacker who created and used Neverquest banking malware has finally been sentenced to 4 years in prison by a US District Court. Lisov was arrested in January 2017 at the Barcelona airport by the Guardia Civil. Lisov was arrested in January 2017 at the Barcelona airport by the Guardia Civil. Pierluigi Paganini.

Banking

Banking Malware Advertising Passwords

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The QSnatch malware implements multiple functionalities, such as: . The experts were alerted about the malware in October and immediately launched an investigation.

Malware

Malware Firmware Advertising Manufacturing

New Lucifer DDoS botnet targets Windows systems with multiple exploits

Security Affairs

JUNE 26, 2020

The malware author named the bot Satan DDoS, but Palo Alto Network’s Unit42 researchers dubbed it Lucifer because there’s another malware with the same name, the Satan Ransomware. Unit42 researchers noticed that the attacker is leveraging certutil utility in the payload for malware propagation.

DDOS

DDOS Malware Advertising Passwords

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Zerobot operators are offering the botnet as a malware-as-a-service model, one domain (zerostresser[.]com) Experts observed the bot attempting to gain access to the device by using a combination of eight common usernames and 130 passwords for IoT devices over SSH and telnet on ports 23 and 2323.

IoT

IoT DDOS Malware Firmware

Necro Python bot now enhanced with new VMWare, server exploits

Security Affairs

JUNE 4, 2021

Researchers noticed that malware authors have added multiple exploits for over 10 different web applications and the SMB protocol. Talos experts noticed that a version released on May 18 included Python versions of EternalBlue ( CVE-2017-0144 ) and EternalRomance ( CVE-2017-0147 ) exploits with a Windows download command line as the payload.

Malware

Malware Passwords DDOS IoT

Chinese actors behind attacks on industrial enterprises and public institutions

Security Affairs

AUGUST 9, 2022

The emails used weaponized Microsoft Word documents exploiting the CVE-2017-11882 vulnerability. The CVE-2017-11882 flaw is a memory-corruption issue that affects all versions of Microsoft Office released between 2000 and 2017. The vulnerability affects the MS Office component EQNEDT32.EXE

Encryption

Encryption Antivirus Malware Hacking

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

Experts defined DirtyMoe as a complex malware that has been designed as a modular system. The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “Both PurpleFox and DirtyMoe are still active malware and gaining strength.”

DNS

DNS Cryptocurrency Internet Internet

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. POEMGATE is a malicious PAM module that is used by attackers to authenticate with a statically determined password and saves logins and passwords entered during authentication in a file in XOR-encoded form.

Telecommunications

Telecommunications Authentication Data collection Passwords

DirtyMoe modules expand the bot using worm-like techniques

Security Affairs

MARCH 21, 2022

Experts defined DirtyMoe as a complex malware that has been designed as a modular system. The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. The malware implements six methods to generate IPs with the help of a pseudo-random generator.

Malware

Malware Passwords DDOS Internet

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

And the malware that subsequently gets installed continues to get more stealthy and capable with each advancing iteration. Researchers recently flushed out a new variety of the Xbash family of malware tuned to seek out administrators’ rights and take control of Linux servers. Use a password manager.

Passwords

Passwords Password Management Antivirus Internet

Iran-linked APT TA453 targets Windows and macOS systems

Security Affairs

JULY 8, 2023

Iran-linked APT group tracked TA453 has been linked to a new malware campaign targeting both Windows and macOS systems. The Iran-linked threat actor TA453 has been linked to a malware campaign that targets both Windows and macOS. GorjolEcho maintains persistence by copying the initial stages malware in a StartUp entry.

Malware

Malware VPN Media Encryption

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Security Affairs

JANUARY 19, 2020

This is the biggest leak of Telnet passwords even reported. The list includes the IP address, username and password for the Telnet service for each device. The list appears to be the result of an Internet scan for devices using default credentials or easy-to-guess passwords. ” reported ZDNet. ” reported ZDNet.

IoT

IoT DDOS InfoSec Internet

Grandoreiro Malware implements new features in Q2 2020

Security Affairs

MAY 27, 2020

The updated Grandoreiro Malware equipped with latenbot-C2 features in Q2 2020 now extended to Portuguese banks. Cybercriminals attempt to compromise computers to generate revenue by exfiltrating information from victims’ devices, typically banking-related information. Technical Analysis. 100:51224/$rdgate?

Malware

Malware Banking Advertising Data collection

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Security Affairs

NOVEMBER 5, 2021

This ‘line of work’ is coordinated by the FSB’s 18th Center (Information Security Center) based in Moscow.” The group relied on both legitimate, publicly available software products and custom malware, such as the Pterodo/Pteranodon backdoor. .” reads the announcement published by the SSU. “The SSU Cyber ??

Government

Government Software Cyber threats Cyber Attacks

US deported NeverQuest operator Stanislav Vitaliyevich Lisov to Russia

Security Affairs

JUNE 21, 2020

The United States has deported the author of NeverQuest banking malware, the computer programmer Stanislav Vitaliyevich Lisov to Russia. . The Russian hacker was suspected of being the author of the Neverquest malware , aka Vawtrak malware, and the person who administrated the control infrastructure. Pierluigi Paganini.

Banking

Banking Malware Advertising Hacking

Xenotime threat actor now is targeting Electric Utilities in US and APAC

Security Affairs

JUNE 14, 2019

Experts at Dragos firm reported that Xenotime threat actor behind the 2017 Trisis/Triton malware attack is targeting electric utilities in the US and APAC. Xenotime threat actor is considered responsible for the 2017 Trisis/ Triton malware attack that hit oil and gas organizations. continues the report.

Malware

Malware Advertising Authentication Passwords

Ticketmaster will pay $10 Million fine over hacking a competitor

Security Affairs

JANUARY 2, 2021

The attacks aimed at stealing information to gain an advantage over CrowdSurge, which was acquired by Warner Music Group (WMG) in 2017. “Ticketmaster Used Passwords Unlawfully Retained by a Former Employee of a Competitor to Access Computer Systems in Scheme to “Choke Off” the Victim’s Business” wrote the DoJ.

Hacking

Hacking Passwords Accountability Cybercrime

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

Experts pointed out that the malware is being actively developed. It uses a list of hardcoded username/password combinations to login into devices in the attempt to access systems using weak or default credentials. It uses several techniques commonly found in other DDoS botnet malware to infect other devices.”.

DDOS

DDOS Architecture Malware Cybercrime

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

According to the advisory that was issued with the help of leading cybersecurity firms (Dragos, Mandiant, Microsoft, Palo Alto Networks, and Schneider Electric), nation-state hacking groups were able to hack multiple industrial systems using a new ICS-focused malware toolkit dubbed PIPEDREAM that was discovered in early 2022.

Passwords

Passwords Architecture Backups Cyber Attacks

Developer of DDoS Mirai based botnets sentenced to prison

Security Affairs

JUNE 26, 2020

Schuchman, Vamp, and Drake created the Satori botnet in between July and August 2017. The first Satori iteration targeted devices running with factory-settings or protected with easy-to-guess passwords, the bot infected over 100,000 devices in its first month. the man also claimed that the botnet was capable of DDoS attacks of 1Tbps.

DDOS

DDOS IoT Advertising Internet

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. Mozi Botnet relies on the DHT protocol to build a P2P network, and uses ECDSA384 and the xor algorithm to ensure the integrity and security of its components and P2P network.”

IoT

IoT DDOS Architecture Passwords

Harvard Business Publishing licensee hit by ransomware

Security Affairs

OCTOBER 9, 2022

In total, the database leaked over 152,000 pieces of information pertaining to customers, such as emails, names, links to LinkedIn, Twitter, and Facebook profiles, and hashed passwords. The instance also contained 15 employee emails, names, and passwords protected by a weak SHA1-128bit hash. Dangerous leak.

Ransomware

Ransomware Passwords Encryption Identity Theft

DRBControl cyber-espionage group targets gambling, betting companies

Security Affairs

FEBRUARY 19, 2020

The DRBControl APT group has been targeting gambling and betting companies worldwide with malware that links to two China-linked APT groups. Security researchers from TrendMicro have uncovered a cyber espionage campaign carried out by an APT group tracked as DRBControl that employed a new family of malware.

Malware

Malware Advertising Phishing Passwords

Threat actors are offering for sale 550 million stolen user records

Security Affairs

MAY 15, 2020

cyber #cybersecurity @BleepinComputer #malware pic.twitter.com/CtnppIyhxn — Cyble (@AuCyble) May 14, 2020. million January 2017 CafeMom.com 2.6 million October 2017 ModaOperandi.com 1.3 Those who have their account exposed in one of the above incidents are recommended to change their password. Pierluigi Paganini.

Data breaches

Data breaches Advertising Passwords Hacking

New Mozi P2P Botnet targets Netgear, D-Link, Huawei routers

Security Affairs

DECEMBER 25, 2019

A new Mozi P2P botnet is actively targeting Netgear, D-Link, and Huawei routers by probing for weak Telnet passwords to compromise them. Security experts from 360 Netlab spotted a new Mozi P2P botnet that is actively targeting Netgear, D-Link, and Huawei routers by probing for weak Telnet passwords to compromise them.

DDOS

DDOS Passwords Wireless Advertising

Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye

Security Affairs

DECEMBER 24, 2020

91541, 91534 CVE-2014-1812 05/13/2014 Microsoft Windows Group Policy Preferences Password Elevation of Privilege Vulnerability (KB2962486) 9 91148, 90951 CVE-2020-0688 02/11/2020 Microsoft Exchange Server Security Update for February 2020 8.8

Hacking

Hacking Cyber Attacks Passwords Software

OT attacks increased by over 2000 percent in 2019, IBM reports

Security Affairs

FEBRUARY 11, 2020

According to IBM, OT attacks increased by over 2000 percent in 2019, most of them involved the Echobot IoT malware. According to IBM X-Force, attacks targeting operational technology (OT) infrastructure increased by over 2000 p ercent in 2019 compared to 2018, and most of them involved the Echobot malware. ” continues the report.

Advertising

Advertising Malware IoT Technology

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

Security Affairs

JULY 1, 2023

The group also plans to publish information that can allow a threat actor to access the company’s infrastructure. “In the case of payment refusal, also will be published points of entry into the network and passwords and logins company.” ” reads the announcement published by Lockbit operators on their leak site.

Manufacturing

Manufacturing Ransomware Hacking Security Awareness

HinataBot, a new Go-Based DDoS botnet in the threat landscape

Security Affairs

MARCH 17, 2023

The sample captured by the experts abuses old vulnerabilities and weak credentials, the researchers reported that it attempts to exploit flaws in the miniigd SOAP service on Realtek SDK devices ( CVE-2014-8361 ), Huawei HG532 routers ( CVE-2017-17215 ), and exposed Hadoop YARN servers (CVE N/A).

DDOS

DDOS Passwords Engineering Hacking

CVE-2019-11707 Firefox Zero-Day exploited to infect employees at cryptocurrency exchanges

Security Affairs

JUNE 20, 2019

Researchers discovered that recently patched Firefox zero-day (CVE-2019-11707) has been exploited to deliver Windows and Mac malware to cryptocurrency exchanges. The popular malware researcher Vitali Kremez published an interesting analysis of macOS and Windows malware delivered through the exploitation of the CVE-2019-11707 flaw.

Cryptocurrency

Cryptocurrency Malware Advertising Passwords

Creator of multiple IoT botnets, including Satori, pleaded guilty

Security Affairs

SEPTEMBER 4, 2019

The initial indictment did not name the malware, but “all signs point to the virulent Satori botnet that surfaced last fall, and has infected at least 500,000 internet routers around the word,” explained the popular expert Kevin Poulsen. Schuchman , Vamp, and Drake created the Satori botnet in between July and August 2017.

IoT

IoT DDOS Internet Internet

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to ZINC, a DPRK-affiliated and state-sponsored group, based on observed tradecraft, infrastructure, malware patterns, and account affiliations.” Attackers also employed an encrypted Chrome password-stealer hosted on ZINC domain [link]. .

Malware

Malware Antivirus Hacking Accountability

Hackers claim to have compromised 50,000 home cameras and posted footage online

Security Affairs

OCTOBER 19, 2020

At the time of publishing this post, it is still unclear how the hackers compromised the IP cameras, likely hackers exploited some vulnerabilities in the devices or simply guessed weak passwords used to protect them.

IoT

IoT Internet Internet Hacking

Security Affairs newsletter Round 318

Security Affairs

JUNE 13, 2021

million customers impacted. million customers impacted. million customers impacted.

Data breaches

Data breaches Hacking Cryptocurrency Scams

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware. In 2017, password-protected archives accounted for only 0.08% of all malicious objects. Another trend was disguising malware in emails.

Ransomware

Ransomware Antivirus Malware Banking

TA547 targets German organizations with Rhadamanthys malware

Alleged FruitFly malware creator ruled incompetent to stand trial

Webinars

Trending Sources

PurpleFox malware infected at least 2,000 computers in Ukraine

Webinars

China-linked BlackTech APT uses new Flagpro malware in recent attacks

EnemyBot malware adds new exploits to target CMS servers and Android devices

New Coronavirus-themed malspam campaign delivers FormBook Malware

QNAP urges users to update Malware Remover after QSnatch joint alert

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Two PoS Malware used to steal data from more than 167,000 credit cards

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

QSnatch malware infected over 62,000 QNAP NAS Devices

New Lucifer DDoS botnet targets Windows systems with multiple exploits

A new Zerobot variant spreads by exploiting Apache flaws

Necro Python bot now enhanced with new VMWare, server exploits

Chinese actors behind attacks on industrial enterprises and public institutions

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

DirtyMoe modules expand the bot using worm-like techniques

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Iran-linked APT TA453 targets Windows and macOS systems

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Grandoreiro Malware implements new features in Q2 2020

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

US deported NeverQuest operator Stanislav Vitaliyevich Lisov to Russia

Xenotime threat actor now is targeting Electric Utilities in US and APAC

Ticketmaster will pay $10 Million fine over hacking a competitor

Enemybot, a new DDoS botnet appears in the threat landscape

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Developer of DDoS Mirai based botnets sentenced to prison

Mozi Botnet is responsible for most of the IoT Traffic

Harvard Business Publishing licensee hit by ransomware

DRBControl cyber-espionage group targets gambling, betting companies

Threat actors are offering for sale 550 million stolen user records

New Mozi P2P Botnet targets Netgear, D-Link, Huawei routers

Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye

OT attacks increased by over 2000 percent in 2019, IBM reports

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

HinataBot, a new Go-Based DDoS botnet in the threat landscape

CVE-2019-11707 Firefox Zero-Day exploited to infect employees at cryptocurrency exchanges

Creator of multiple IoT botnets, including Satori, pleaded guilty

Microsoft: North Korea-linked Zinc APT targets security experts

Hackers claim to have compromised 50,000 home cameras and posted footage online

Security Affairs newsletter Round 318

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Stay Connected