Hot for Security

MARCH 29, 2021

You probably don’t recall creating an account on the Verifications.io Email verifiers are online services that allow marketers and salespeople to verify that the email address you used to create an account, sign up for a newsletter or make an order on their website is real and valid. platform or River City Media.

Data breaches 116

Data breaches Media Marketing Social Engineering 116

Security Affairs

OCTOBER 15, 2020

A series of messages published on Barnes & Noble’s Nook social media accounts state that it had suffered a system failure and is working to restore operations by restoring their server backups. 2/2) Please be assured that there is no compromise of customer payment details which are encrypted and tokenized.

Cyber Attacks 111

Cyber Attacks VPN Backups Ransomware 111

Approachable Cyber Threats

OCTOBER 16, 2020

During the COVID-19 pandemic for example, you may use a Virtual Private Network (VPN) to connect to your organization’s network as if you’re sitting in the office, or you might use Remote Desktop Protocol (RDP) to connect to your computer that’s now collecting dust on your office desk. VPNs continue to be problematic as well.

Ransomware 98

Ransomware VPN Internet Internet 98

Fox IT

JANUARY 12, 2021

NCC Group and Fox-IT observed this threat actor during various incident response engagements performed between October 2019 until April 2020. After obtaining a valid account, they use this account to access the victim’s VPN, Citrix or another remote service that allows access to the network of the victim.

VPN 68

VPN Accountability Passwords DNS 68

Malwarebytes

MARCH 15, 2021

After all, malware detections for both consumers and businesses decreased in 2020 compared to 2019. Source: ZDNet) PSA: Russia, China will likely use deepfakes in the coming weeks (Source: Cyberscoop) TikTok account of popular Korean band, BTS (Burn The Stage), was hacked. That sounds like good news, but it wasn’t.

Malware 58

Malware VPN Cybercrime Encryption 58

Malwarebytes

MARCH 17, 2021

PYSA, aka Mespinoza, is a malware capable of exfiltrating data and encrypting users’ critical files and data stored on their systems. PYSA, also known as Mespinoza, was first spotted in the wild in October 2019 where it was initially used against large corporate networks. Consider installing and using a VPN.

Education 107

Education Ransomware Phishing Passwords 107

Thales Cloud Protection & Licensing

SEPTEMBER 12, 2019

Now that it’s September, the excitement is beginning to build in earnest for the 2019 Rugby World Cup. Just a couple of months after that, World Rugby itself announced that one of its training websites had suffered a security breach that exposed subscribers’ account information.

IoT 105

IoT Internet Internet VPN 105

Security Affairs

NOVEMBER 19, 2019

Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware.

Ransomware 71

Ransomware Antivirus Malware Banking 71

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. The joint alert also states that attackers scanning also enumerated devices for the CVE-2020-12812 and CVE-2019-5591 flaws. Implement the shortest acceptable timeframe for password changes.

Passwords 66

Passwords Government Firmware Accountability 66

SecureWorld News

JULY 28, 2020

Since at least March 2019, Baiwang released software updates which installed a driver automatically along with the main tax program. In April 2019, employees of the pharmaceutical company discovered that the software contained malware that created a backdoor on the company’s network.

Software 52

Software Banking Passwords Accountability 52

Malwarebytes

MAY 28, 2021

The first is Ransom.Sodinokibi , which Malwarebytes has already profiled and has been detecting since 2019.). The files are then held for ransom and the victim is threatened by data loss, because of the encryption, and leaking of the exfiltrated data. Earlier versions appended the.CONTI extension to encrypted files.

Healthcare 105

Healthcare Ransomware Encryption Passwords 105

Malwarebytes

MARCH 10, 2022

Observed since: September 2019 Ransomware note: Restore-My-Files.txt Ransomware extension: lockbit Kill Chain: Brute force attack on a web server containing an outdated VPN service > LockBit Sample hash: 9feed0c7fa8c1d32390e1c168051267df61f11b048ec62aa5b8e66f60e8083af. Ensure routine auditing is conducted for all accounts.

Ransomware 69

Ransomware Phishing Accountability Technology 69

SecureList

MARCH 30, 2021

In 2019, we observed an APT campaign targeting multiple industries, including the Japanese manufacturing industry and its overseas operations, that was designed to steal information. Log of the hijacking VPN session from DESKTOP-A41UVJV. Encrypted Ecipekac Layer II loader (shellcode). size of encrypted data. pcasvc.dll.

Malware 141

Malware Encryption VPN Technology 141

Krebs on Security

FEBRUARY 18, 2019

Talos reported that these DNS hijacks also paved the way for the attackers to obtain SSL encryption certificates for the targeted domains (e.g. webmail.finance.gov.lb), which allowed them to decrypt the intercepted email and VPN credentials and view them in plain text. adpvpn.adpolice.gov.ae: VPN service for the Abu Dhabi Police.

DNS 267

DNS Internet Internet Government 267

SiteLock

AUGUST 27, 2021

In fact, holiday shopping can account for up to 30 percent of annual sales for online retailers. billion in 2019. Don’t store it if you don’t need it – Your business should remove any sensitive customer data such as credit card and bank account information that’s not essential to your business. billion and $730.7

Retail 98

Retail eCommerce Small Business Scams 98

Security Affairs

MAY 12, 2021

An example of this can be traced back to June 2019, when an unauthorized user gained access to Quest Diagnostic’s sensitive data through a billing vendor by the name of the American Medical Collection Agency (AMCA). million patients , including credit card numbers, bank account information, and even social security numbers.

Data collection 84

Data collection Data breaches VPN Risk 84

Herjavec Group

AUGUST 23, 2021

LockBit ransomware was initially discovered in September 2019. This is the act of exfiltrating sensitive data from the victim network before the encryption stage of the attack[1]. Begin the encryption process and drop the ransom note in each folder after it encrypts the folder’s contents (T1486: Data Encrypted for Impact). .

Ransomware 52

Ransomware Encryption Manufacturing Backups 52

Adam Levin

JANUARY 2, 2019

2019 will be the year consumers start thinking more about cyber hygiene , and the year Congress becomes more proactive in the areas of privacy and cybersecurity. SIM-jacking or SIM swap fraud will increase: This sophisticated attack allows a hacker to steal your cell phone number and with that, any account associated with it.

Cybersecurity 157

Cybersecurity Identity Theft Passwords Password Management 157

Krebs on Security

OCTOBER 21, 2019

Antivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that — while otherwise unrelated — shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with little more than a password.

Accountability 131

Accountability VPN Software Antivirus 131

SecureList

NOVEMBER 1, 2022

KeyPlug is a modular backdoor with the capability of communicating to its server via several network communication protocols set in its XOR-encrypted embedded configuration block. In 2019, SoleDragon was also deployed through Skype. It provides victims with a VPN connection that can be used to browse these resources.

Malware 139

Malware Ransomware Spyware Encryption 139

Adam Levin

MAY 19, 2021

TransUnion, 2019: The credit reporting bureau reported the data compromise of 37,000 Canadians, however the nature and content of that compromise are not clear. . Experian, 2013 – 2015: Hackers stole a trove of information from T-Mobile customers whose data had passed through Experian to check credit there and open a new account.

Risk 218

Risk Identity Theft Data breaches VPN 218

Security Affairs

MAY 27, 2020

Group-IB , a Singapore-based cybersecurity company that specializes in preventing cyberattacks, found out that the year of 2019 was marked by ransomware evolution and was dominated by increasingly aggressive ransomware campaigns, with its operators resorting to more cunning TTPs, reminding those of APT groups to get their victims shell out.

Ransomware 87

Ransomware Phishing Advertising Encryption 87

eSecurity Planet

MARCH 25, 2022

By exploiting weak server vulnerabilities, the Iran-based hackers were able to gain access, move laterally, encrypt IT systems, and demand ransom payment. Meanwhile, the suspect server was connected to the CDOT domain with an administrator account and the internet. clinical labs company September U.S. Remote Desktop Software Features.

VPN 111

VPN Software Authentication Encryption 111

SecureList

NOVEMBER 23, 2021

This ransomware is controlled by command line parameters and can either retrieve an encryption key from the C2 or an argument at launch time. We saw many attacks using N-days, such as the attack that targeted the Brazilian Supreme Court (exploiting vulnerabilities in VMWare ESXI (CVE-2019-5544 and CVE-2020-3992).

Cryptocurrency 104

Cryptocurrency Banking Cybercrime Ransomware 104

SecureList

JUNE 15, 2022

Complex attacks almost invariably feature several phases, such as reconnaissance, initial access to the infrastructure, gaining access to target systems and/or privileges, and the actual malicious acts (data theft, destruction or encryption, etc.). Request for access to corporate VPN. Screenshot translation. I have a small team.

VPN 89

VPN Accountability Ransomware Encryption 89

SecureList

JUNE 17, 2021

Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. The ransomware is coded in Python and compiled to an executable using PyInstaller; it supports two encryption modes: one generated dynamically and one using a hardcoded key. CVE-2019-11510. Product affected. Pulse Secure.

Ransomware 129

Ransomware Encryption VPN System Administration 129

SecureList

OCTOBER 7, 2021

After encryption, the contents of the folders look as follows: the cybercriminals’ e-mail address and the victim’s ID are added to the beginning of each file, followed by the original name and extension, and then the extension added by the ransomware. Encrypted files and a note from the attackers. Phobos ransom note.

Ransomware 109

Ransomware Encryption Passwords Malware 109

SecureList

DECEMBER 7, 2021

But how did we get here and what has changed about the ransomware landscape since it was first our story of the year in 2019? Arguably, it all started at the end of 2019, when Maze became a “pioneer” of the modern ransomware landscape. This ransomware group first appeared in 2019 and was quite prolific in 2020.

Ransomware 121

Ransomware B2B B2C Government 121

eSecurity Planet

MAY 28, 2021

Ransomware: Encryption, Exfiltration, and Extortion. Ransomware perpetrators of the past presented a problem of availability through encryption. Detect Focus on encryption Assume exfiltration. Whether it’s a VPN , firewall , or remote access server, unauthorized entry via network gateways is a problem.

Software 99

Software Firmware DNS VPN 99

McAfee

SEPTEMBER 9, 2021

Recently, security researcher Fabian Wosar opened a dedicated Jabber account for disgruntled cybercriminals to reach out anonymously and he stated that there was a high level of response. Crab was one of the two affiliate-facing accounts that the GandCrab team had (The other being Funnycrab). Jabber group for unhappy threat actors.

Marketing 138

Marketing Ransomware Cybercrime Accountability 138

Security Affairs

FEBRUARY 23, 2020

FC Barcelona and the International Olympic Committee Twitter accounts hacked. Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks. Russian govn blocked Tutanota service in Russia to stop encrypted communication. Russian govn blocked Tutanova service in Russia to stop encrypted communication.

Artificial Intelligence 62

Artificial Intelligence eCommerce Firmware Hacking 62

Security Affairs

MARCH 27, 2023

The threat actor abused Bitly shortener and an ad hoc BlogSpot account to protect the malicious code, lastly stored in an encrypted zip archive hosted on Mega.nz. The shared secret is used to encrypt the GZipped memory stream using a xor-based algorithm in a compress-then-encrypt fashion.

Malware 82

Malware Social Engineering Encryption Marketing 82

McAfee

SEPTEMBER 14, 2021

From a persistence point of view, scheduled tasks [ T1053.005 ] and the use of valid accounts [ T1078 ] acquired through the use of Mimikatz, or creating LSASS dumps, were observed being employed during the length of the campaign. The source IP addresses discovered belonged to two different ISP/VPN providers based in Hong-Kong.

Malware 144

Malware DNS Accountability Manufacturing 144

Malwarebytes

AUGUST 1, 2022

This happened in December 2019 when Claus was a sophomore. During this period, the hacker gained unauthorized access to at least 300 Snapchat accounts , including Claus’s. This Bloomberg article mentioned that Mondore posed as a “security employee” who warned Claus of an alleged breach of her Snapchat account.

Accountability 76

Accountability VPN Media Encryption 76

Malwarebytes

AUGUST 1, 2022

This happened in December 2019 when Claus was a sophomore. During this period, the hacker gained unauthorized access to at least 300 Snapchat accounts , including Claus's. This Bloomberg article mentioned that Mondore posed as a "security employee" who warned Claus of an alleged breach of her Snapchat account.

Accountability 74

Accountability VPN Media Encryption 74

SecureList

MAY 10, 2021

To prevent attacks via RDP, it is recommended to hide RDP servers behind a VPN or disable UDP port 3389. That said, a VPN is no panacea if it too is vulnerable to amplification attacks. In Q1 2021, for instance, attackers went after Powerhouse VPN servers. Comparative number of DDoS attacks, 2019–2021. Attack geography.

DDOS 96

DDOS Cryptocurrency Media Marketing 96

SecureList

MAY 12, 2021

To ensure that their ability to restore encrypted files would never be questioned, they cultivated an online presence, wrote press releases and generally made sure their name would be known to all potential victims. Botmasters and account resellers are tasked with providing initial access inside the victim’s network.

Ransomware 123

Ransomware Encryption Malware Cybercrime 123