2019, Accountability, Information Security and Malware

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. Follow me on Twitter: @securityaffairs and Facebook.

Accountability

Accountability Malware Phishing Social Engineering

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. The experts noticed that the threat actors have rewritten many functions of the malware to run on Linux systems. Additional analysis led to the discovery of a previously unknown Linux backdoor tracked as SprySOCKS.

Malware

Malware Encryption Telecommunications Authentication

Google enhances malware protection for accounts enrolled in Advanced Protection Program (APP)

Security Affairs

OCTOBER 10, 2020

Google improves malware protection for Google Chrome users who are covered by the company’s Advanced Protection Program (APP). The Advanced Protection Program aims at protecting users with high visibility and sensitive information (i.e. Google announced an improved malware protection. continues the post. ” . .

Accountability

Accountability Malware Phishing Advertising

Which was the most common threat to macOS devices in 2019? Shlayer malware

Security Affairs

JANUARY 27, 2020

Malware authors continue to show interest in macOS devices, Kaspersky experts confirmed that the Shlayer malware has been the most common threat to the macOS platform. Security experts from Kaspersky Lab revealed that the Shlayer malware was the most widespread macOS threat in 2019. up to 10.14.3. up to 10.14.3.

Adware

Adware Malware Social Engineering Advertising

Reading the 2019 Internet Crime Complaint Center (IC3) report

Security Affairs

FEBRUARY 12, 2020

The FBI’s Internal Crime Complaint Center (IC3) released the FBI 2019 Internet Crime Report , a document that outlines cybercrime trends over the past year. Here we are to analyze the annual FBI 2019 Internet Crime Complaint Center (IC3) , one of the most interesting documents on the crime trends observed in the last 12 months.

Internet

Internet Internet Scams Cybercrime

New Linux malware targets WordPress sites by exploiting 30 bugs

Security Affairs

DECEMBER 30, 2022

A new Linux malware has been exploiting 30 vulnerabilities in outdated WordPress plugins and themes to deploy malicious JavaScripts. Doctor Web researchers discovered a Linux malware, tracked as Linux.BackDoor.WordPressExploit.1, WordPress Ultimate FAQ (vulnerabilities CVE-2019-17232 and CVE-2019-17233). WP Live Chat.

Malware

Malware Hacking Accountability Phishing

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software. Since May 2019, Penchukov had a prominent role in the Zeus operation.

Malware

Malware Cybercrime Banking Hacking

Capital One discovered more customers’ SSNs exposed in 2019 hack

Security Affairs

APRIL 3, 2021

More clients of Capital One have been impacted in the 2019 data breach, the US bank is notifying them of their SSNs exposure. US bank Capital One notified a number of additional customers that their Social Security numbers were exposed in the data breach that took place in July 2019. Source Sergiu Gatlan (BleepingComputer).

Hacking

Hacking Data breaches Banking Small Business

GoDaddy discloses a data breach, web hosting account credentials exposed

Security Affairs

MAY 5, 2020

GoDaddy has been notifying its customers of a data breach, threat actors might have compromised their web hosting account credentials. GoDaddy has been notifying its customers of a data breach, attackers might have compromised users’ web hosting account credentials. ” reads the data breach notice submitted by the company.

Data breaches

Data breaches Accountability Advertising Internet

US OCC imposed an $80 Million fine to Capital One for 2019 hack

Security Affairs

AUGUST 9, 2020

US Office of the Comptroller of the Currency (OCC) regulator has fined the credit card provider Capital One Financial Corp with $80 million over 2019 data breach. The US Office of the Comptroller of the Currency (OCC) has imposed an $80 million fine to the credit card provider Capital One Financial Corp over 2019 data breach.

Hacking

Hacking Banking Data breaches Advertising

AMT Games data breach: Millions of Users’ Messages, Account IDs, and IP Addresses Exposed

Security Affairs

JUNE 2, 2021

Feedback message data contained Account id, feedback rating given, and users’ email addresses. Player profile data included Player id; username; country; total money spent on the game; and even Facebook, Apple, and Google account data if the user linked either account with their game account. What Data Was Leaked?

Data breaches

Data breaches Accountability Mobile Phishing

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Security Affairs

JUNE 20, 2022

The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. “TAs are modifying their code in order to tailor their malware on specific banking institutions.

Malware

Malware Banking Antivirus Phishing

GravityRAT malware also targets Android and macOS

Security Affairs

OCTOBER 19, 2020

Researchers from Kaspersky Lab have spotted new variants of the GravityRAT malware that now can be also used to infect Android and macOS devices. GravityRAT is a malware strain known for checking the CPU temperature of Windows computers to avoid being executed in sandboxes and virtual machines. ” concludes Kaspersky.

Malware

Malware Computers and Electronics Spyware Advertising

CVE-2019-1132 Windows Zero-Day exploited by Buhtrap Group in government attack

Security Affairs

JULY 11, 2019

The CVE-2019-1132 flaw addressed by Microsoft this month was exploited by Buhtrap threat actor to target a government organization in Eastern Europe. Microsoft Patch Tuesday updates for July 2019 address a total of 77 vulnerabilities, including two privilege escalation flaws actively exploited in the wild. 86 billion RUB ($27.4M

Government

Government Advertising Passwords Banking

SEC announces sanctions against entities over email account hacking

Security Affairs

SEPTEMBER 1, 2021

Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies over email account hacking due to cybersecurity failures. Pierluigi Paganini.

Accountability

Accountability Hacking Financial Services Cybersecurity

QNAP urges users to update Malware Remover after QSnatch joint alert

Security Affairs

AUGUST 2, 2020

The Taiwanese vendor QNAP urges its users to update the Malware Remover app following the alert on the QSnatch malware. The Taiwanese company QNAP is urging its users to update the Malware Remover app to prevent NAS devices from being infected by the QSnatch malware. Webshell functionality for remote access.

Malware

Malware Advertising Passwords Manufacturing

Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues

Security Affairs

AUGUST 14, 2019

Microsoft Patches Over 90 Vulnerabilities With August 2019 Updates. Microsoft Patch Tuesday security updates for August 2019 address more than 90 flaws, including two new ‘ wormable ‘ issues in Windows Remote Desktop Services. ” reads the security advisory for the CVE-2019-1181.”An

Authentication

Authentication Advertising Internet Internet

Robert Downey Jr’s Instagram account has been hacked

Security Affairs

SEPTEMBER 10, 2019

The Instagram account of Robert Downey Jr. has been hacked, he is the last celebrity in order of time that had the social media accounts compromised. Instagram account has been hacked, in this case the attacker did not publish offensive messages, but attempted to monetize their efforts by posting fake giveaways for Apple products.

Accountability

Accountability Hacking Advertising Scams

Over 23 million stolen payment card data traded on the Dark Web in H1 2019

Security Affairs

JULY 28, 2019

According to a report published by cyber security firm Sixgill data for over 23 million payment card were on offer in underground forums in the first half of 2019. . More than 15 million payment card were issued in the US, no other nation accounted for more than 10 percent of stolen card numbers. AMEX accounted for 12 percent.

eCommerce

eCommerce Marketing Advertising Retail

Lampion malware v2 February 2020

Security Affairs

FEBRUARY 24, 2020

Since end-December 2019 lampion malware has been noted as the most prominent malware targeting Portuguese organizations. Figure 1: Lampion malware email templates. Crooks are using compromised devices to access the banking portal in order to make online bank transfers to accounts they are controlling. com/P-14-7.dll

Malware

Malware Banking Antivirus Advertising

Lampion malware origin servers geolocated in Turkey

Security Affairs

FEBRUARY 27, 2020

Lampion malware is the most critical malware affecting Portuguese users’ last three months. This malware appears to be on the rise at the end of February 2020, after a fresh update where its operators introduced a new obfuscation layer on the first stage of the threat. Figure 7: Lampion’s email received on the target account.

Malware

Malware Advertising Government Accountability

Russia-linked threat actors targets critical infrastructure, US authorities warn

Security Affairs

JANUARY 12, 2022

The alert remarks that Russian nation-state actors have demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing custom malware. Some of the hacking campaigns that were publicly attributed to Russian state-sponsored APT actors by U.S.

Malware

Malware Cyber threats Cybersecurity Government

New Android BlackRock malware targets hundreds of apps

Security Affairs

JULY 16, 2020

Researchers spotted a new Android banking trojan dubbed BlackRock malware that steals credentials and credit card data from hundreds of apps. Security experts from ThreatFabric have discovered a new Android banking trojan dubbed BlackRock that steals credentials and credit card data from a list of 337 apps.

Malware

Malware Banking Mobile Spyware

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

Security Affairs

JANUARY 7, 2020

Security experts have found a malicious app in the Google Play that exploits the recently patched CVE-2019-2215 zero-day vulnerability. Earlier October, Google Project Zero researchers Maddie Stone publicly disclosed a zero-day vulnerability , tracked as CVE-2019-2215 , in Android. ” reads a blog post published by Stone.

Surveillance

Surveillance Advertising Marketing Encryption

ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia

Security Affairs

FEBRUARY 23, 2020

Cisco Talos researchers discovered a new malware, tracked as ObliqueRAT, that was employed targeted attacks against organizations in Southeast Asia. Experts from Cisco Talos discovered a new malware, tracked as ObliqueRAT, that appears a custom malware developed by a threat actor focused on government and diplomatic targets. .

Government

Government Malware Advertising Passwords

Gamaredon group uses a new Outlook tool to spread malware

Security Affairs

JUNE 12, 2020

In December 2019, the APT group targeted several Ukrainian diplomats, government and military officials, and law enforcement. “One tool, a VBA macro targeting Microsoft Outlook, uses the target’s email account to send spearphishing emails to contacts in the victim’s Microsoft Office address book.” Pierluigi Paganini.

Malware

Malware Phishing Advertising Government

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. “This report aims to shed light on some of Pawn Storm’s attacks that did not use malware in the initial stages.

Phishing

Phishing Accountability Advertising DNS

Chronicle’s study reveals CAs that issued most certificates to sign malware samples on VirusTotal

Security Affairs

MAY 24, 2019

Most of the digital certificates used to sign malware samples found on VirusTotal have been issued by the Certificate Authority (CA) Comodo CA. Most of the digital certificates used to sign malware samples found on VirusTotal in 2018 have been issued by the Certificate Authority (CA) Comodo CA (aka Sectigo ).

Malware

Malware Advertising Accountability Cybersecurity

Mitsubishi Electric Corp. was hit by a new cyberattack

Security Affairs

NOVEMBER 20, 2020

was hit again by a massive cyberattack that may have caused the leakage of information related to its business partners. 20 said they were checking the 8,653 accounts of those it has business transactions with to determine if information related to bank accounts of the other parties as well as other information leaked.”

Banking

Banking Cyber Attacks Accountability Media

A Ukrainian Raccoon Infostealer operator is awaiting trial in the US

Security Affairs

FEBRUARY 19, 2024

The Raccoon stealer was first spotted in April 2019, it was designed to steal victims’ credit card data, email credentials, cryptocurrency wallets, and other sensitive data. The malware is now promoted on English-speaking hacking forums, it works on both 32-bit and 64-bit operating systems. in the stolen data.

Identity Theft

Identity Theft Cryptocurrency Cybercrime Hacking

Google obtained a temporary court order against CryptBot distributors

Security Affairs

APRIL 28, 2023

Google announced that a federal judge in the Southern District of New York unsealed its civil action against the operators of the information stealer Cryptbot. to disrupt the operations of the CryptBot malware, which experts estimate infected approximately 670,000 computers this past year. ” concludes the announcemebt.

Malware

Malware Cybercrime Cryptocurrency Media

US deported NeverQuest operator Stanislav Vitaliyevich Lisov to Russia

Security Affairs

JUNE 21, 2020

The United States has deported the author of NeverQuest banking malware, the computer programmer Stanislav Vitaliyevich Lisov to Russia. . The Russian hacker was suspected of being the author of the Neverquest malware , aka Vawtrak malware, and the person who administrated the control infrastructure. Pierluigi Paganini.

Banking

Banking Malware Advertising Hacking

8Base ransomware operators use a new variant of the Phobos ransomware

Security Affairs

NOVEMBER 19, 2023

The malware supports the following features: Full encryption of files below 1.5MB and partial encryption of files above this threshold to improve the speed of encryption. Larger files will have smaller blocks of data encrypted throughout the file and a list of these blocks is saved in the metadata along with the key at the end of the file.

Ransomware

Ransomware Encryption Backups Manufacturing

Cerberus, a new banking Trojan available as malware-as-a-service in the underground

Security Affairs

AUGUST 13, 2019

Security experts analyzed a new interesting Android banking Trojan, dubbed Cerberus, that is offered for rent by its author. A new malware-as-a- service dubbed Cerberus has emerged in the threat landscape, it is an Android RAT developed from scratch that doesn’t borrow the code from other malware.

Banking

Banking Malware Advertising Social Engineering

Chip maker Advantech hit by Conti ransomware gang

Security Affairs

NOVEMBER 28, 2020

billion in 2019. On November 26, the ransomware operators began leaking the data stolen from Advantech, an archive of 3.03GB that accounts for 2% of the total amount of stolen data. Advantech has 8,000 employees worldwide and has reported a yearly sales revenue of over $1.7

Ransomware

Ransomware Encryption IoT Malware

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Security Affairs

DECEMBER 12, 2021

Russian national Oleg Koshkin was convicted in January for charges related to the operation of a malware crypting service used by the Kelihos botnet to obfuscate malware and evade detection. He has been in custody since 2019, when he was arrested in California. ” reads the press release published by DoJ.

Antivirus

Antivirus Malware Cybercrime Cyber threats

Data of 533 million Facebook users leaked in a hacking forum for free

Security Affairs

APRIL 3, 2021

Leaked data includes users’ phone numbers, Facebook IDs, full names, locations, birthdates, bios, and for some accounts the associated email addresses. The data was amassed by threat actors by exploiting a vulnerability fixed in 2019 that allowed data scraping from the social network.

Hacking

Hacking Accountability Passwords Data breaches

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. ” continues the analysis.

IoT

IoT DDOS Architecture Passwords

APT41 actors charged for attacks on more than 100 victims globally

Security Affairs

SEPTEMBER 17, 2020

The attacks also aimed at carrying out other criminal activities, such as the deployment of ransomware and cryptocurrency malware. According to the indictment announced in August 2019, Zhang Haoran (???), These individuals are all present in the FBI’s most wanted list. 35, and Tan Dailin (???),

Identity Theft

Identity Theft Advertising Government Technology

Threat actors are offering for sale 550 million stolen user records

Security Affairs

MAY 15, 2020

cyber #cybersecurity @BleepinComputer #malware pic.twitter.com/CtnppIyhxn — Cyble (@AuCyble) May 14, 2020. Below the list of databases, published by Bleepingcomputer , that are available for sale: Company Amount Data Breach Date Evite.com 101 million March 2019 Tokopedia.com 91 million April 2020 piZap.com 60.9

Data breaches

Data breaches Advertising Passwords Hacking

The Five-Step PCI DSS 4.0 Transition Checklist

CyberSecurity Insiders

JANUARY 6, 2023

billion in 2019 to $815.4 First launched in 2004 and updated most recently in 2018, the PCI Data Security (PCI DSS) standard is continually updated to reflect the evolving challenges of the cyberthreat landscape. is clearly failing to protect cardholder account details effectively in today’s environment. In fact, the U.S.

Antivirus

Antivirus Retail Software Accountability

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware.

Ransomware

Ransomware Antivirus Malware Banking

Experts discovered TeslaGun Panel used by TA505 to manage its ServHelper Backdoor

Security Affairs

SEPTEMBER 6, 2022

The financially-motivated group is known to have used multiple malware in its attacks, including FlawedAmmyy , the ServHelper backdoor and FlawedGrace malware. The ServHelper backdoor is written in Delphi and according to the experts, the development team continues to update it by implementing new features since 2019.

Cybercrime

Cybercrime Banking Malware Retail

Belarussian authorities arrested GandCrab ransomware distributor

Security Affairs

AUGUST 3, 2020

He allegedly subscribed the GandCrab ransomware-as-a-service to create his own version of the malware and spread it running a spam campaign. The RaaS implements a user-friendly admin console, which is accessible via Tor Network, to allow malware customization (i.e. Close of GandCrab Ransomware : 1-6-2019.

Ransomware

Ransomware Advertising Malware Hacking

YouTube creators’ accounts hijacked with cookie-stealing malware

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Trending Sources

Google enhances malware protection for accounts enrolled in Advanced Protection Program (APP)

Which was the most common threat to macOS devices in 2019? Shlayer malware

Reading the 2019 Internet Crime Complaint Center (IC3) report

New Linux malware targets WordPress sites by exploiting 30 bugs

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Capital One discovered more customers’ SSNs exposed in 2019 hack

GoDaddy discloses a data breach, web hosting account credentials exposed

US OCC imposed an $80 Million fine to Capital One for 2019 hack

AMT Games data breach: Millions of Users’ Messages, Account IDs, and IP Addresses Exposed

BRATA Android Malware evolves and targets the UK, Spain, and Italy

GravityRAT malware also targets Android and macOS

CVE-2019-1132 Windows Zero-Day exploited by Buhtrap Group in government attack

SEC announces sanctions against entities over email account hacking

QNAP urges users to update Malware Remover after QSnatch joint alert

Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues

Robert Downey Jr’s Instagram account has been hacked

Over 23 million stolen payment card data traded on the Dark Web in H1 2019

Lampion malware v2 February 2020

Lampion malware origin servers geolocated in Turkey

Russia-linked threat actors targets critical infrastructure, US authorities warn

New Android BlackRock malware targets hundreds of apps

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia

Gamaredon group uses a new Outlook tool to spread malware

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Chronicle’s study reveals CAs that issued most certificates to sign malware samples on VirusTotal

Mitsubishi Electric Corp. was hit by a new cyberattack

A Ukrainian Raccoon Infostealer operator is awaiting trial in the US

Google obtained a temporary court order against CryptBot distributors

US deported NeverQuest operator Stanislav Vitaliyevich Lisov to Russia

8Base ransomware operators use a new variant of the Phobos ransomware

Cerberus, a new banking Trojan available as malware-as-a-service in the underground

Chip maker Advantech hit by Conti ransomware gang

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Data of 533 million Facebook users leaked in a hacking forum for free

Mozi Botnet is responsible for most of the IoT Traffic

APT41 actors charged for attacks on more than 100 victims globally

Threat actors are offering for sale 550 million stolen user records

The Five-Step PCI DSS 4.0 Transition Checklist

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Experts discovered TeslaGun Panel used by TA505 to manage its ServHelper Backdoor

Belarussian authorities arrested GandCrab ransomware distributor

Stay Connected