2018, Hacking, Information Security and Malware

Britain’s information commissioner fines British Airways for 2018 Hack

Security Affairs

OCTOBER 16, 2020

Britain’s information commissioner has fined British Airways 20 million pounds for the 2018 hack that exposed data of 400,000 customers. In September 2018, British Airways suffered a data breach that exposed the personal information of 400,000 customers. SecurityAffairs – hacking, British Airways).

Hacking

Hacking Data breaches Advertising Information Security

PurpleFox malware infected at least 2,000 computers in Ukraine

Security Affairs

FEBRUARY 2, 2024

The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. ” reads the alert published by CERT-UA.

Malware

Malware Internet Internet DDOS

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

The group is suspected to have been running successful malware campaigns for more than five years. The attackers have used off-the-shelf malware since the beginning of their operations and have never developed their own malware. SecurityAffairs – hacking, malware). ” concludes the experts.

Malware

Malware Phishing DNS Cybercrime

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. RaaS rollout 2015 – 2018. Targeting enterprises Late 2018 – present day.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Roaming Mantis uses new DNS changer in its Wroba mobile malware

Security Affairs

JANUARY 22, 2023

Roaming Mantis threat actors were observed using a new variant of their mobile malware Wroba to hijack DNS settings of Wi-Fi routers. Researchers from Kaspersky observed Roaming Mantis threat actors using an updated variant of their mobile malware Wroba to compromise Wi-Fi routers and hijack DNS settings. Agent.eq (a.k.a

DNS

DNS Mobile Malware Hacking

Amadey malware spreads via software cracks laced with SmokeLoader

Security Affairs

JULY 25, 2022

Operators behind the Amadey Bot malware use the SmokeLoader to distribute a new variant via software cracks and keygen sites. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows operators to install additional payloads. Then the malware contacts the C2 and sends system information (i.e.

Software

Software Malware Cybercrime VPN

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software.

Malware

Malware Cybercrime Banking Hacking

M?ris Bot infects MikroTik routers compromised in 2018

Security Affairs

SEPTEMBER 14, 2021

The network equipment maker MikroTik revealed that the routers were previously compromised in 2018. The vendor explained that the devices haven’t been properly secured, even if the security patches released by MikroTik at the time were installed. If somebody got your password in 2018, just an upgrade will not help.

DDOS

DDOS Firewall Passwords Internet

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Security Affairs

MAY 23, 2024

A previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ has been targeting military and government entities since 2018. Bitdefender researchers discovered a previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ that has been targeting military and government entities since 2018.

Malware

Malware Accountability Phishing Data collection

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. LFI CVE-2018-16763 Fuel CMS 1.4.1 LFI CVE-2018-16763 Fuel CMS 1.4.1 The new variant of the bot includes exploits for the following security issues: CVE-2022-22954 : Critical RCE flaw in VMware Workspace ONE Access and VMware Identity Manager. .

Malware

Malware DDOS IoT Cybercrime

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Security Affairs

MARCH 2, 2024

from April 29, 2018, to May 10, 2020). The legal action alleges that the Israeli surveillance firm tried to compromise approximately 1,400 individuals through WhatsApp hacking attempts. In September 2018, a report published by Citizen Lab revealed that the NSO Pegasus spyware was used against targets across 45 countries worldwide.

Spyware

Spyware Surveillance Architecture Software

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. Together, CWRU and the FBI were able to identify that an IP address with which the malware was communicating had also been used to access the alumni email account of a man called Phillip Durachinsky.

Malware

Malware Passwords Identity Theft Data collection

USCYBERCOM shares five new North Korea-linked malware samples

Security Affairs

MAY 13, 2020

The United States Cyber Command (USCYBERCOM) has uploaded five new North Korean malware samples to VirusTotal. The United States Cyber Command (USCYBERCOM) has shared five new malware samples attributed to the North Korea-linked Lazarus APT , it has uploaded the malicious code to VirusTotal. SecurityAffairs – North Korea, hacking).

Malware

Malware Advertising Government Cryptocurrency

Payment solutions giant Edenred announces malware infection

Security Affairs

NOVEMBER 22, 2019

The Payment solutions giant Edenred disclosed a malware incident that affected some of its computing systems, it immediately started an investigation. The Payment solutions giant Edenred announced that some of its computing systems have been infected with malware, the company is currently investigating the incident. Pierluigi Paganini.

Malware

Malware Mobile Advertising Government

Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware

Security Affairs

DECEMBER 4, 2023

Microsoft warns of ongoing malvertising attacks using the DanaBot malware to deploy the CACTUS ransomware. Storm-0216 has historically used Qakbot malware for initial access, but has switched to other malware for initial access after the takedown of the Qakbot infrastructure.

Ransomware

Ransomware Malware Banking Hacking

Experts observed Amadey malware deploying LockBit 3.0 Ransomware

Security Affairs

NOVEMBER 9, 2022

Experts noticed that the Amadey malware is being used to deploy LockBit 3.0 Researchers from AhnLab Security Emergency Response Center (ASEC) reported that the Amadey malware is being used to deploy LockBit 3.0 ” reads the report published by the security firm. SecurityAffairs – hacking, Amadey malware).

Malware

Malware Ransomware Cybercrime Phishing

TinyNuke banking malware targets French organizations

Security Affairs

DECEMBER 13, 2021

The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and business services. Proofpoint researchers uncovered a campaign exclusively targeting French entities and organizations with operations in France with the banking malware TinyNuke. Pierluigi Paganini.

Banking

Banking Malware Manufacturing Business Services

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. The ATM black box attacks are quite popular in the cybercrime underground and several threat actors offer the hardware equipment and malware that could be used to compromise the ATMs.

Hacking

Hacking Firmware Encryption Manufacturing

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. Threat actors used custom malware to steal data from 3.2 million Windows systems between 2018 and 2020. The malware stole nearly 26 million login credentials holding 1.1

Malware

Malware Computers and Electronics Software Financial Services

Hackers use hackers spreading tainted hacking tools in long-running campaign

Security Affairs

MARCH 10, 2020

Who is hacking the hackers? Experts from Cybereason a mysterious hackers group is targeting other hackers by spreading tainted hacking tools. Experts from security firm Cybereason warn of a mysterious group of hackers that are distributing trojanized hacking tools on an almost daily basis for the past years.

Hacking

Hacking Malware Advertising DNS

Ezuri memory loader used in Linux and Windows malware

Security Affairs

JANUARY 8, 2021

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. ” concludes the report.

Malware

Malware Encryption Antivirus Passwords

Lazarus APT uses fake cryptocurrency apps to spread AppleJeus Malware

Security Affairs

DECEMBER 4, 2022

The North Korea-linked Lazarus APT spreads fake cryptocurrency apps under the fake brand BloxHolder to install the AppleJeus malware. Volexity researchers warn of a new malware campaign conducted by the North Korea-linked Lazarus APT against cryptocurrency users. SecurityAffairs – hacking, APT). “continues the analysis.

Cryptocurrency

Cryptocurrency Malware Hacking Information Security

FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation

Security Affairs

JANUARY 17, 2024

CISA and the FBI warned of AndroxGh0st malware used to create a botnet for victim identification and exploitation in target networks. US CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA) to warn of AndroxGh0st malware. ” reads the advisory. ” reported Lacework.

Malware

Malware Cybersecurity Hacking Information Security

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

UK and US cybersecurity agencies linked Cyclops Blink malware to Russia’s Sandworm APT. US and UK cybersecurity and law enforcement agencies published a joint security advisory about a new malware, dubbed Cyclops Blink, that has been linked to the Russian-backed Sandworm APT group. SecurityAffairs – hacking, CISA).

Malware

Malware Firmware Architecture Firewall

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

Security Affairs

JULY 29, 2019

According to experts at Sonicwall, scanning of random ports and the diffusion of encrypted malware are characterizing the threat landscape. In 2018, global malware volume recorded by SonicWall hit a record-breaking 10.52 ” In 2018 Sonicwall had logged more than 2.8 ” In 2018 Sonicwall had logged more than 2.8

IoT

IoT Encryption Malware Advertising

North Korea-linked Lazarus continues to target job seekers with macOS malware

Security Affairs

SEPTEMBER 28, 2022

North Korea-linked Lazarus APT group continues to target macOS with a malware campaign using job opportunities as a lure. The SentinelOne investigation is based on a previous one conducted by ESET in August , when Lazarus APT has been observed targeting job seekers with macOS malware working also on Intel and M1 chipsets.

Malware

Malware Cryptocurrency Architecture Advertising

GravityRAT malware also targets Android and macOS

Security Affairs

OCTOBER 19, 2020

Researchers from Kaspersky Lab have spotted new variants of the GravityRAT malware that now can be also used to infect Android and macOS devices. GravityRAT is a malware strain known for checking the CPU temperature of Windows computers to avoid being executed in sandboxes and virtual machines. SecurityAffairs – hacking, GravityRAT ).

Malware

Malware Computers and Electronics Spyware Advertising

Threat actors target the Ukrainian gov with IcedID malware

Security Affairs

APRIL 16, 2022

Threat actors are targeting Ukrainian government agencies with phishing attacks delivering the IcedID malware. The Ukrainian Computer Emergency Response Team (CERT-UA) uncovered new phishing campaigns aimed at infecting systems of Ukrainian government agencies with the IcedID malware. SecurityAffairs – hacking, Ukraine).

Malware

Malware Phishing Banking Government

Crooks made more than $560K with a simple clipboard hijacker

Security Affairs

APRIL 19, 2021

Avast researchers analyzed the activity of a simple cryptocurrency malware dubbed HackBoss that allowed its operators to earn over $560K. The antivirus company Avast analyzed the case of a simple malware dubbed HackBoss and how it allowed its operators to earn more $560K worth of cryptocurrency since November 2018.

Cryptocurrency

Cryptocurrency Malware Hacking Banking

Actively exploited CVE-2020-1464 Windows Spoofing flaw was known since 2018

Security Affairs

AUGUST 19, 2020

According to the security expert Tal Be’ery , the vulnerability, dubbed GlueBall, has been known since August 2018, because a malware sample exploiting it was uploaded to VirusTotal. ” In June 2020, experts discovered that the GlueBall issue was exploited in attacks in the wild to deliver malware.

Advertising

Advertising Malware Internet Internet

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Security Affairs

FEBRUARY 23, 2022

The code of the recently-emerged Entropy ransomware has similarities with the one of the infamous Dridex malware. The recently-emerged Entropy ransomware has code similarities with the popular Dridex malware. SecurityAffairs – hacking, Dridex). The post Sophos linked Entropy ransomware to Dridex malware.

Ransomware

Ransomware Malware Cybercrime Banking

New MATA Multi-platform malware framework linked to NK Lazarus APT

Security Affairs

JULY 23, 2020

North Korea-linked Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA, to target entities worldwide. The MATA malware framework could target Windows, Linux, and macOS operating systems. The malware framework implements a wide range of features that allow attackers to fully control the infected systems.

Malware

Malware Ransomware Advertising Encryption

SEC announces sanctions against entities over email account hacking

Security Affairs

SEPTEMBER 1, 2021

Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies over email account hacking due to cybersecurity failures. Pierluigi Paganini.

Accountability

Accountability Hacking Financial Services Cybersecurity

npm libraries coa and rc. have been hijacked to deliver password-stealing malware

Security Affairs

NOVEMBER 5, 2021

have been hijacked, threat actors replaced them with versions laced with password-stealing malware. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc. have been hijacked, threat actors replaced them versions laced with password-stealing malware. The last stable coa version 2.0.2

Passwords

Passwords Malware Accountability Hacking

ShinyHunters hacked Pluto TV service, 3.2M accounts exposed

Security Affairs

NOVEMBER 15, 2020

million Pluto TV user accounts on a hacking forum for free, he claims they were stolen by ShinyHunters threat actor. million Pluto TV user records, he also added that the service was hacked by ShinyHunters. SecurityAffairs – hacking, ShinyHunters). The post ShinyHunters hacked Pluto TV service, 3.2M A hacker has shared 3.2

Accountability

Accountability Hacking Data breaches Passwords

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware. SecurityAffairs – hacking, Zebrocy).

Malware

Malware Phishing Government Data collection

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The QSnatch malware implements multiple functionalities, such as: . The experts were alerted about the malware in October and immediately launched an investigation.

Malware

Malware Firmware Advertising Manufacturing

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

Security Affairs

SEPTEMBER 17, 2021

A new malware written in Golang programming language, tracked as Capoae, is targeting WordPress installs and Linux systems. Akamai researchers spotted a new strain of malware written in Golang programming language, dubbed Capoae, that was involved in attacks aimed at WordPress installs and Linux systems. . Pierluigi Paganini.

Malware

Malware Cryptocurrency Encryption Hacking

FireEye Mandiant M-Trends 2020 report: 500+ new Malware strains in 2019

Security Affairs

FEBRUARY 24, 2020

FireEye’s report revealed that the incident response division Mandiant observed more than 500 new malware families in 2019. million malware samples per day in 2019 and identified 1,268 malware families. The most worrisome figure is related to the number of previously unseen malware families which is greater than 500 (41%).

Malware

Malware Cyber threats Telecommunications Advertising

Gulf countries came under hackers’ spotlight in 2018, with more than 130 000 payment cards compromised

Security Affairs

APRIL 8, 2019

Bahrain, 08.04.2019 – Group-IB, an international company that specializes in preventing cyberattacks , and NGN International, a global system integrator, analyzed cybersecurity landscape in Gulf countries in 2018. According to Group-IB’s annual Hi-Tech Crime Trends 2018 report, on average, from June 2017 to August 2018, the details of 1.8

Artificial Intelligence

Artificial Intelligence Government Banking Advertising

Operation Spalax, an ongoing malware campaign targeting Colombian entities

Security Affairs

JANUARY 14, 2021

Security experts from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian government institutions and private companies. Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian entities exclusively. Pierluigi Paganini.

Malware

Malware Surveillance Phishing Government

TA558 cybercrime group targets hospitality and travel orgs

Security Affairs

AUGUST 20, 2022

TA558 cybercrime group is behind a malware campaign targeting hospitality, hotel, and travel organizations in Latin America. Researchers from Proofpoint are monitoring a malware campaign conducted by a cybercrime group, tracked as TA558, that is targeting hospitality, hotel, and travel organizations in Latin America.

Cybercrime

Cybercrime Malware Phishing Internet

Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug

Security Affairs

JULY 4, 2019

Kaspersky experts discovered that Sodinokibi, aka Sodin, Ransomware currently also exploits the CVE-2018-8453 vulnerability to elevate privileges in Windows. The body of each Sodin sample includes an encrypted configuration block that stores the settings and data used by the malware. Pierluigi Paganini.

Ransomware

Ransomware Encryption Advertising Architecture

Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye

Security Affairs

DECEMBER 24, 2020

91541, 91534 CVE-2014-1812 05/13/2014 Microsoft Windows Group Policy Preferences Password Elevation of Privilege Vulnerability (KB2962486) 9 91148, 90951 CVE-2020-0688 02/11/2020 Microsoft Exchange Server Security Update for February 2020 8.8 50098 CVE-2016-0167 04/12/2016 Microsoft Windows Graphics Component Security Update (MS16-039) 7.8

Hacking

Hacking Cyber Attacks Passwords Software

Britain’s information commissioner fines British Airways for 2018 Hack

PurpleFox malware infected at least 2,000 computers in Ukraine

Webinars

Trending Sources

Threat actor has been targeting the aviation industry since at least 2018

Webinars

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Roaming Mantis uses new DNS changer in its Wroba mobile malware

Amadey malware spreads via software cracks laced with SmokeLoader

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

M?ris Bot infects MikroTik routers compromised in 2018

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

EnemyBot malware adds new exploits to target CMS servers and Android devices

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Alleged FruitFly malware creator ruled incompetent to stand trial

USCYBERCOM shares five new North Korea-linked malware samples

Payment solutions giant Edenred announces malware infection

Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware

Experts observed Amadey malware deploying LockBit 3.0 Ransomware

TinyNuke banking malware targets French organizations

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Mysterious custom malware used to steal 1.2TB of data from million PCs

Hackers use hackers spreading tainted hacking tools in long-running campaign

Ezuri memory loader used in Linux and Windows malware

Lazarus APT uses fake cryptocurrency apps to spread AppleJeus Malware

FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation

US and UK link new Cyclops Blink malware to Russian state hackers?

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

North Korea-linked Lazarus continues to target job seekers with macOS malware

GravityRAT malware also targets Android and macOS

Threat actors target the Ukrainian gov with IcedID malware

Crooks made more than $560K with a simple clipboard hijacker

Actively exploited CVE-2020-1464 Windows Spoofing flaw was known since 2018

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

New MATA Multi-platform malware framework linked to NK Lazarus APT

SEC announces sanctions against entities over email account hacking

npm libraries coa and rc. have been hijacked to deliver password-stealing malware

ShinyHunters hacked Pluto TV service, 3.2M accounts exposed

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

QSnatch malware infected over 62,000 QNAP NAS Devices

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

FireEye Mandiant M-Trends 2020 report: 500+ new Malware strains in 2019

Gulf countries came under hackers’ spotlight in 2018, with more than 130 000 payment cards compromised

Operation Spalax, an ongoing malware campaign targeting Colombian entities

TA558 cybercrime group targets hospitality and travel orgs

Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug

Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye

Stay Connected