Security Affairs

JANUARY 14, 2021

Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian entities exclusively. The operations described by QiAnXin are attributed to an APT group active since at least April 2018. These files have fewer than a dozen sightings each. This also happened in the earlier campaign.

Malware 109

Malware Surveillance Phishing Government 109

Krebs on Security

AUGUST 30, 2019

But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client’s brand and their customers. Here’s a look at a recent CRM-based phishing campaign that targeted customers of Fortune 500 construction equipment vendor United Rentals. Stamford, Ct.

Phishing 214

Phishing Marketing Accountability DNS 214

Cisco Security

AUGUST 12, 2021

For several years, Cisco Secure provided DNS visibility and architecture intelligence with Cisco Umbrella and Cisco Umbrella Investigate ; and automated malware analysis and threat intelligence with Cisco Secure Malware Analytics (Threat Grid) , backed by Cisco Talos Intelligence and Cisco SecureX. SECURITY CATEGORY (PHISHING).

DNS 144

DNS Firewall Phishing Mobile 144

Security Affairs

FEBRUARY 1, 2019

Security experts at Cybaze – Yoroi ZLab have analyzed a new sample of the AdvisorsBot malware, a downloader that was first spotted in August 2018. As usual, the malware looks like a legitimate e-mail attachment, named as “invoice.doc”. Figure 3 – Piece of VBS script that starts malware infection. DLL Analysis.

Malware 84

Malware DNS Social Engineering Advertising 84

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned.

DNS 258

DNS Penetration Testing Malware Hacking 258

Security Affairs

FEBRUARY 8, 2022

The Roaming Mantis SMS phishing campaign is now targeting Android and iPhone users in Europe with malicious apps and phishing pages. Roaming Mantis surfaced in March 2018 when hacked routers in Japan redirecting users to compromised websites. ” concludes Kaspersky.

Phishing 86

Phishing DNS Malware Hacking 86

Security Affairs

APRIL 8, 2019

Kaspersky Lab reported that hundreds of users have been targeted with malware over the past month as part of a recent Roaming Mantis campaign. Security experts at Kaspersky Lab reported that hundreds of users have been targeted with malware over the past month as part of a new campaign associated with Roaming Mantis gang.

DNS 93

DNS Mobile Phishing Malware 93

Security Affairs

MARCH 21, 2022

Ukraine CERT (CERT-UA) warns of spear-phishing ??attacks The Government Team for Response to Computer Emergencies of Ukraine (CERT-UA) warns of spear-phishing messages conducted by UAC-0035 group (aka InvisiMole) against Ukrainian state bodies. attacks conducted by UAC-0035 group (aka InvisiMole) on state organizations of Ukraine.

Spyware 84

Spyware DNS Phishing Government 84

Security Affairs

SEPTEMBER 14, 2018

In mid-August, the state-sponsored hackers launched a highly targeted spear-phishing email to a high-ranking office in a Middle Eastern nation. “In August 2018, Unit 42 observed OilRig targeting a government organization using spear-phishing emails to deliver an updated version of a Trojan known as BONDUPDATER.

DNS 78

DNS Phishing Government Malware 78

Troy Hunt

JULY 12, 2018

— Troy Hunt (@troyhunt) July 5, 2018. For example, check out how it's used when embedded in the TXT record of a DNS entry which is then loaded into a WHOIS service which doesn't properly output encode the results. This is from CVE-2018-12529 and the sample exploit was taken from the SecurityResearch101 blog. DNS Hijacking.

DNS 277

DNS Wireless Risk Banking 277

Security Affairs

JANUARY 13, 2019

Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang.

Malware 91

Malware DNS Financial Services Retail 91

Security Affairs

MAY 15, 2023

“Lancefly’s custom malware, which we have dubbed Merdoor, is a powerful backdoor that appears to have existed since 2018.” The attack chain employed in 2020 started with a phishing email with a lure based on the 37th ASEAN Summit. The intelligence-gathering campaign started in mid-2022 and is likely still ongoing.

Encryption 82

Encryption DNS Phishing Malware 82

Security Affairs

JULY 6, 2021

According to Group-IB’s Threat Intelligence team, the suspect, dubbed Dr HeX by Group-IB based on one of the nicknames that he used, has been active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims.

Cybercrime 95

Cybercrime Phishing Banking Telecommunications 95

Krebs on Security

SEPTEMBER 6, 2021

The Web site in 2015 for the “Manipulaters Team,” a group of Pakistani hackers behind the dark web identity “Saim Raza,” who sells spam and malware tools and services. Regarding phishing, whenever we receive complaint, we remove the services immediately. Also we are running business since 2006.”

Software 239

Software Phishing Cybercrime Accountability 239

CyberSecurity Insiders

MARCH 21, 2021

Back in 2018, almost two-thirds of the small businesses suffered from cyber security attacks. . Anti-virus and anti-malware . There are different kinds of cyber attacks that are faced by small businesses, including malware, phishing, SQL injection, DNS tunneling, and more. Two-factor authentication . Firewalls .

Small Business 145

Small Business Cyber Attacks VPN Backups 145

eSecurity Planet

JUNE 1, 2023

Domain-based Message Authentication, Reporting and Conformance is a protocol that was first proposed in January 2012 and widely adopted in 2018 by the U.S. A DMARC policy is included in a DNS record for a given domain, enabling the sender to specify if messages are protected by SPF or DKIM. How Does DMARC Work?

Technology 70

Technology Authentication DNS Phishing 70

Security Affairs

DECEMBER 11, 2018

The Novidade exploit kit leverages cross-site request forgery (CSRF) to change the Domain Name System (DNS) settings of SOHO routers and redirect traffic from the connected devices to the IP address under the control of the attackers. ” reads the analysis published by Trend Micro. ” continues the analysis.

DNS 91

DNS Advertising Firmware Banking 91

Security Affairs

SEPTEMBER 6, 2018

The OopsIE Trojan is one of the malware in the APT’s arsenal that was detected for the first time in February 2018. The campaign was also delivering the QUADAGENT backdoor, anyway, experts noticed the group using a different malware for each targeted organization. ” reads the analysis published by Paolo Alto Network.

Government 48

Government Phishing Malware Advertising 48

Security Affairs

AUGUST 19, 2018

million) in just in 2 days. · CVE-2018-14023 – Recovering expired messages from Signal. · Linux Kernel Project rolled out security updates to fix two DoS vulnerabilities. · 2.6 billion records exposed in 2,308 disclosed data breaches in H1. · Marap modular downloader opens the doors to further attacks.

Data breaches 45

Data breaches DNS Advertising Hacking 45

Security Affairs

AUGUST 7, 2019

group_b : from August 2017 to January 2018 3. group_c : from January 2018 to February 2018 4. Indeed during the group_a, the main observed delivery techniques where about Phishing (rif.T1193) and Valid Accounts (rif.T1078). T1386) and spread over spear phishing campaigns as shown on delivery section.

Computers and Electronics 80

Computers and Electronics Penetration Testing DNS Phishing 80

SecureList

AUGUST 30, 2023

Since 2018, Lazarus has persistently targeted crypto-currency-related businesses for a long time, using malicious Word documents and themes related to the crypto-currency business to lure potential targets. It’s thought that the malware was spread through a vulnerability in the software.

Malware 72

Malware Spyware Cryptocurrency Government 72

SecureList

DECEMBER 1, 2023

To exfiltrate data and deliver next-stage malware, the attackers abuse cloud-based data storage, such as Dropbox or Yandex Disk, as well as a temporary file sharing service. The postinst script contains comments in Russian and Ukrainian, including information about improvements made to the malware, as well as statements by activists.

Malware 90

Malware Ransomware Encryption Energy and Utilities 90

Adam Levin

JULY 8, 2020

Many of these faux-Zoom sites were used to distribute malware under the guise of links to online meetings. Hackers were also quick to pounce on the disruption caused by the 2018 shutdown of the U.S. A recent domain hijack of Japanese cryptocurrency exchange Coincheck.com was used to spoof the company in a spear-phishing campaign.

Hacking 130

Hacking Retail Cyber Insurance Authentication 130

SecureList

NOVEMBER 26, 2021

The PyInstaller module for Windows contains a script named “Guard” Interestingly, this malware was developed for both Windows and macOS operating systems. The attackers obtain initial access to a system by sending a spear-phishing email to the victim containing a Dropbox download link.

Malware 85

Malware Banking Energy and Utilities Accountability 85

Security Affairs

DECEMBER 20, 2018

Security firms such as Proofpoint and Eset analyzed other samples of the same threat targeting the Australian landscape back in May 2018 and, more recently, in Italy. The Cybaze -Yoroi ZLab dissected one of these recent Danabot variants spread across the Italian cyberspace leveraging “ Fattura ” themed phishing emails (e.g.

Banking 74

Banking Malware Internet Internet 74

Security Affairs

AUGUST 20, 2019

Prior to April 2018, Silence’s target interests were primarily limited to 25 post-Soviet states and neighboring countries. Since the report “Silence: Moving into the darkside” was released in September 2018, Group-IB’s Threat Intelligence team has detected at least 16 new campaigns targeting banks launched by Silence.

Banking 56

Banking Cybercrime Cybersecurity Advertising 56

SecureList

JANUARY 13, 2022

The group seems to work more like a unit within a larger formation of Lazarus attackers, with the ability to tap into its vast resources: be it malware implants, exploits, or infrastructure. Abusing a dccw.exe file is a known technique and we suspect the malware authors used it to run the next stage malware with high privilege.

Cryptocurrency 125

Cryptocurrency Malware Accountability Banking 125

eSecurity Planet

JUNE 8, 2023

Email security consists of the policies, tools, and services deployed to protect against threats specific to email such as spam, phishing attacks, malware-infested attachments, impersonation, and email interception.

Firewall 64

Firewall DNS Authentication Malware 64

SecureList

MAY 27, 2022

Our analysis of the rogue firmware, and other malicious artefacts from the target’s network, revealed that the threat actor behind it had tampered with the firmware to embed malware that we call MoonBounce. Since 2018, we have been tracking Roaming Mantis – a threat actor that targets Android devices.

Phishing 102

Phishing Spyware Firmware Malware 102

SecureList

FEBRUARY 7, 2022

Roaming Mantis is a malicious campaign that targets Android devices and spreads mobile malware via smishing. We have been tracking Roaming Mantis since 2018, and published five blog posts about this campaign: Roaming Mantis uses DNS hijacking to infect Android smartphones. Roaming Mantis, part III. Roaming Mantis, part IV.

Phishing 80

Phishing DNS Mobile Malware 80

SecureList

APRIL 27, 2022

Disclaimer: when referring to APT groups as Russian-speaking, Chinese-speaking or other-“speaking” languages, we refer to various artefacts used by the groups (such as malware debugging strings, comments found in scripts, etc.) On February 23, ESET published a tweet announcing new wiper malware targeting Ukraine.

Malware 129

Malware Firmware Government Phishing 129

Security Affairs

MARCH 22, 2019

The financially-motivated hacking group FIN7 is back and used a new piece of malware in a recent hacking campaign. Security experts at Flashpoint revealed that the financially-motivated cybercrime group FIN7 (aka Anunak and Carbanak ) used new malware in a recent hacking campaign. ” continues the analysis. Pierluigi Paganini.

Malware 83

Malware Identity Theft Cybercrime Hacking 83

Security Affairs

NOVEMBER 29, 2019

Compared to its predecessors, the sixth “Hi-Tech Crime Trends” report is the first to contain chapters devoted to the main industries attacked and covers the period from H2 2018 to H1 2019, as compared to the period from H2 2017 to H1 2018. As for 2019, it has become the year of covert military operations in cyberspace.

Banking 86

Banking Telecommunications Marketing Internet 86

CyberSecurity Insiders

JANUARY 13, 2022

Note- The newly detected APT first surfaced in 2017 when it targeted companies in Iraq and Saudi Arabia through spear phishing attacks and mainly breaching networks belonging to military and oil distribution networks.

Hacking 110

Hacking Spyware DNS Surveillance 110

Security Affairs

SEPTEMBER 1, 2018

The attacks were detected on August 13, 2018, experts revealed that the hackers targeted also the NS Bank in Russia and Carpatica/Patria in Romania. Cobalt hackers leverage spear-phishing emails to compromise target systems, messages spoof emails from financial institutions or a financial supplier/partner. plus; eucentalbank[.]com;

Cybercrime 55

Cybercrime Banking Phishing Advertising 55

Cisco Security

OCTOBER 19, 2021

There are other protection mechanisms, such as Malware Defense , that can block further threats. Phishing [ T1566 ]. Much of this traffic is comprised of suspicious DNS queries, which point to known or likely Command and Control sites. DNS BIND information disclosure attempts were also commonly encountered. CVE-2018-7600.

Firewall 125

Firewall Authentication DNS Accountability 125

Security Affairs

NOVEMBER 14, 2018

Experts at Yoroi’s Cyber Security Defence Center along with Fincantieri’s security team investigated the recently discovered Martymcfly malware attacks. command and control services of info stealers malware). command and control services of info stealers malware). DNS requests intercepted. Background.

Computers and Electronics 81

Computers and Electronics Penetration Testing Malware Phishing 81