2019, Encryption, Hacking and Information Security

LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains

Security Affairs

JULY 29, 2021

ransomware is now able to encrypt Windows domains by using Active Directory group policies. ransomware that encrypts Windows domains by using Active Directory group policies. After ransomware ads were banned on hacking forum, the LockBit operators set up their own leak site promoting the latest variant and advertising the LockBit 2.0

Encryption

Encryption Ransomware Malware Hacking

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. The researchers noticed that the encryption algorithm implemented in the ELF executable is flawed and can allow victims to decrypt locked files without paying a ransom. ” continues the report.

Encryption

Encryption Ransomware Cybercrime Engineering

Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs

Security Affairs

FEBRUARY 2, 2021

Ransomware operators are exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992, to encrypt virtual hard disks. Security experts are warning of ransomware attacks exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992 , to encrypt virtual hard disks. Pierluigi Paganini.

Encryption

Encryption Ransomware System Administration Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Trojan Shield, the biggest ever police operation against encrypted communications

Security Affairs

JUNE 8, 2021

Trojan Shield operation: The FBI and Australian Federal Police ran an encrypted chat platform that was used by crime gangs and intercepted their communications. The FBI and Australian Federal Police (AFP) ran an encrypted chat platform that was used by crime gangs and intercepted their communications.

Encryption

Encryption Cryptocurrency Cybercrime Advertising

The source code of the Paradise Ransomware was leaked on XSS hacking forum

Security Affairs

JUNE 15, 2021

The source code for the Paradise Ransomware has been released on a hacking forum allowing threat actors to develop their customized variant. The source code for the Paradise Ransomware has been released on the hacking forum XSS allowing threat actors to develop their own customized ransomware operation. Pierluigi Paganini.

Ransomware

Ransomware Hacking Encryption Malware

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Security Affairs

MARCH 7, 2020

A new vulnerability, tracked as CVE-2019-0090 , affects all Intel chips that could allow attackers to bypass every hardware-enabled security technology. Security experts from Positive Technologies warn of a new vulnerability, tracked as CVE-2019-0090, that affects all Intel processors that were released in the past 5 years.

Firmware

Firmware Technology Advertising Authentication

REvil ransomware gang hacked Acer and is demanding a $50 million ransom

Security Affairs

MARCH 20, 2021

Acer is the world’s 6th-largest PC vendor by unit sales as of January 2021, it has more than 7,000 employees (2019) and in 2019 declared 234.29 financial spreadsheets, bank documents and communications) as proof of the hack. Acer is currently investigating the security breach. SecurityAffairs – hacking, ransoware).

Ransomware

Ransomware Hacking Computers and Electronics Malware

Ragnar Locker ransomware gang advertises Campari hack on Facebook

Security Affairs

NOVEMBER 11, 2020

In November 2019, ransomware operators have started adopting a new double-extortion strategy first used by the Maze gang that sees threat actors also stealing unencrypted files before encrypting infected systems. SecurityAffairs – hacking, Ragnar Locker ransomware). 9, on Facebook. Pierluigi Paganini.

Advertising

Advertising Hacking Ransomware Accountability

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware

Ransomware Hacking Encryption Penetration Testing

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

Security Affairs

DECEMBER 5, 2019

Researchers discovered a vulnerability tracked as CVE-2019-14899 that can be exploited to hijack active TCP connections in a VPN tunnel. “Additionally, we are able to determine the exact seq and ack num bers by counting encrypted packets and/or examining their size. SecurityAffairs – CVE-2019-14899 , hacking).

VPN

VPN Encryption Advertising Authentication

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

In April, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) previously warned of attacks carried out by APT groups targeting Fortinet FortiOS servers using multiple exploits. The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591.

VPN

VPN Government Hacking Accountability

8Base ransomware operators use a new variant of the Phobos ransomware

Security Affairs

NOVEMBER 19, 2023

Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. 8base” file extension for encrypted documents, a circumstance that suggested a possible link to the 8Base group or the use of the same code-base for their ransomware.

Ransomware

Ransomware Encryption Backups Manufacturing

Let’s Encrypt CA is revoking over 3 Million TLS certificates due to a bug

Security Affairs

MARCH 4, 2020

Let’s Encrypt is going to revoke over 3 million certificates today due to a flaw in the software used to verify users and their domains before issuing a certificate. A bug in Let’s Encrypt’s certificate authority (CA) software, dubbed Boulder, caused the correct validation for some certificates.

Encryption

Encryption Advertising DNS Software

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

Security Affairs

JULY 29, 2019

According to experts at Sonicwall, scanning of random ports and the diffusion of encrypted malware are characterizing the threat landscape. The situation is better in the first half of 2019, when SonicWall recorded 4.8 The situation is better in the first half of 2019, when SonicWall recorded 4.8 billion attacks.

IoT

IoT Encryption Malware Advertising

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

MAY 25, 2020

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. Mounting all the shared drives to encrypt. SecurityAffairs – Ragnar Locker ransomware, hacking).

Encryption

Encryption Ransomware Energy and Utilities Advertising

Kr00k Wi-Fi Encryption flaw affects more than a billion devices

Security Affairs

FEBRUARY 26, 2020

A high-severity hardware vulnerability, dubbed Kr00k , in Wi-Fi chips manufactured by Broadcom and Cypress expose over a billion devices to hack. This serious flaw, assigned CVE-2019-15126, causes vulnerable devices to use an all-zero encryption key to encrypt part of the user’s communication.”

Encryption

Encryption Wireless Manufacturing Advertising

Most of Exim email servers could be hacked by exploiting 21Nails flaws

Security Affairs

MAY 4, 2021

National Security Agency (NSA) warned that Russia-linked APT group tracked Sandworm Team were exploiting a critical vulnerability ( CVE-2019-10149 ) in the Exim mail transfer agent (MTA) software since at least August 2019. In September 2019 , Exim maintainers released an urgent security update, Exim version 4.92.3,

Hacking

Hacking Software Engineering Encryption

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

Security Affairs

JANUARY 7, 2020

Security experts have found a malicious app in the Google Play that exploits the recently patched CVE-2019-2215 zero-day vulnerability. Earlier October, Google Project Zero researchers Maddie Stone publicly disclosed a zero-day vulnerability , tracked as CVE-2019-2215 , in Android. ” reads a blog post published by Stone.

Surveillance

Surveillance Advertising Marketing Encryption

Bitdefender released a free decryptor for the MegaCortex ransomware

Security Affairs

JANUARY 6, 2023

The MegaCortex ransomware first appeared on the threat landscape in May 2019 when it was spotted by security experts at Sophos. Since November 2019, MegaCortex operators started adopting double extortion tactics. The decryptor also supports the “Scan Entire System” mode which allows users to search for all encrypted files.

Ransomware

Ransomware Antivirus Encryption Backups

Ryuk Ransomware evolution avoid encrypting Linux folders

Security Affairs

DECEMBER 26, 2019

Experts spotted a new strain of the Ryuk Ransomware that was developed to avoid encrypting folders commonly seen in *NIX operating systems. Kremez noticed that the ransomware doesn’t encrypt folders that are associated with *NIX operating systems. 2019-12-21: #Ryuk #Ransomware as V2.EXE ” reported BleepingComputer.

Encryption

Encryption Ransomware Malware Advertising

Source code of Dharma ransomware now surfacing on public hacking forums

Security Affairs

MARCH 29, 2020

The source code of the infamous Dharma ransomware is now available for sale on two Russian-language hacking forums. The source code of one of the most profitable ransomware families, the Dharma ransomware , is up for sale on two Russian-language hacking forums. ” concluded ZDNet. Pierluigi Paganini.

Ransomware

Ransomware Hacking Advertising Malware

A new wave of ech0raix ransomware attacks targets QNAP NAS devices

Security Affairs

DECEMBER 27, 2021

At this time, it is not clear how threat actors compromised the QNAP devices, some users claim that attackers exploited a flaw in the Photo Station software to hack them. The attackers first create a user in the administrator group, then use it to encrypt the content of the NAS. SecurityAffairs – hacking, ech0raix). and 1.0.6).”

Ransomware

Ransomware Encryption Manufacturing Hacking

Microsoft Patch Tuesday security updates for June 2019 fix 88 flaws

Security Affairs

JUNE 12, 2019

Microsoft releases Patch Tuesday security updates for June 2019 that address 88 vulnerabilities in Windows OS and other products. The flaws were disclosed by the researcher SandboxEscaper over the past weeks, below the list of the issue: CVE-2019-0973 CVE-2019-1053 CVE-2019-1064 CVE-2019-1069.

Advertising

Advertising Authentication Encryption Internet

10 Mobile Encryption Apps for Digital Privacy Protection

Spinone

DECEMBER 24, 2018

Cyber hacking is a billion-dollar industry and will only get larger. trillion dollar issue by 2019. Based on the “Key findings from the Global State of Information Security® Survey 2017” by PricewaterhouseCoopers , over 28 percent of respondents have become the victims of mobile hacking.

Encryption

Encryption Mobile Computers and Electronics Government

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords

Passwords Hacking Wireless Authentication

CVE-2019-13720 flaw in Chrome exploited in Operation WizardOpium attacks

Security Affairs

NOVEMBER 1, 2019

One of the two flaws in Chrome addressed by Google, CVE-2019-13720, was exploited in a campaign that experts attribute to Korea-linked threat actors. Reported by banananapenguin on 2019-10-12[$TBD][ 1019226 ] High CVE-2019-13720: Use-after-free in audio. reads the advisory published by Google.

Advertising

Advertising Encryption Hacking Information Security

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

Security Affairs

OCTOBER 3, 2023

Like all ransomware, this is a type of malware that, once introduced into an organization, encrypts the data and then requires the victim to pay a ransom in order to decrypt it. Encrypted file structure ransomware BlackCat / ALPHV: [ORIGINAL_FILENAME].[ORIGINAL_extension].specific/different Black The LockBit 3.0 ORIGINAL_extension].specific/different

Ransomware

Ransomware Encryption Technology Backups

Over 23 million stolen payment card data traded on the Dark Web in H1 2019

Security Affairs

JULY 28, 2019

According to a report published by cyber security firm Sixgill data for over 23 million payment card were on offer in underground forums in the first half of 2019. . The following graph shows that three trading posts accounted for 64 percent of the cards on offer during the first half of 2019. . AMEX accounted for 12 percent. .

eCommerce

eCommerce Marketing Advertising Retail

Ukrainian REvil gang member sentenced to 13 years in prison

Security Affairs

MAY 2, 2024

Vasinskyi is a REvil ransomware affiliate since at least March 1st, 2019. “Ransomware is malicious software designed to encrypt data on victim computers, allowing bad actors the ability to demand a ransom payment in exchange for the decryption key.” ” reads the press release published by DoJ.

Ransomware

Ransomware Cryptocurrency Cybercrime Encryption

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Security Affairs

SEPTEMBER 19, 2023

Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group. It consists of two components, the loader and the encrypted main payload. The backdoor uses AES-ECB encryption for C2 communications.

Malware

Malware Encryption Telecommunications Authentication

Saudi Ministry exposed sensitive data for 15 months

Security Affairs

JANUARY 8, 2024

file exposed information that attackers could employ for lateral movement within the ministry’s systems, potentially escalating to anything from account takeover to a ransomware attack. It was established in 2019 to diversify Saudi Arabia’s economy away from oil and gas. Meanwhile, the now-closed MIM’s env. What MIM data was exposed?

Government

Government Identity Theft Social Engineering Encryption

Chinese Military personnel charged with hacking into credit reporting agency Equifax

Security Affairs

FEBRUARY 10, 2020

The United States Department of Justice charged 4 Chinese military hackers with hacking into credit reporting agency Equifax. The United States Department of Justice officially charged 4 members of the China’s PLA’s 54th Research Institute, a division of the Chinese military, with hacking into credit reporting agency Equifax.

Hacking

Hacking Data breaches Advertising Encryption

Developer hacked back Muhstik ransomware crew and released keys

Security Affairs

OCTOBER 8, 2019

One of the victims of the Muhstik ransomware gang who initially paid the ransomware, decided to hack back the crooks and released their decryption keys. The expert hacked the server used by the Muhstik ransomware gang and released the decryption keys for all the victims of the group. SecurityAffairs – Muhstik ransomware, hacking).

Hacking

Hacking Ransomware Advertising Passwords

Chip maker Advantech hit by Conti ransomware gang

Security Affairs

NOVEMBER 28, 2020

The Conti ransomware gang hit infected the systems of industrial automation and Industrial IoT (IIoT) chip maker Advantech and is demanding over $13 million ransom (roughly 750 BTC) to avoid leaking stolen files and to provide a key to restore the encrypted files. billion in 2019. SecurityAffairs – hacking, Advantech).

Ransomware

Ransomware Encryption IoT Malware

MY TAKE: Why ‘basic research’ is so vital to bringing digital transformation to full fruition

The Last Watchdog

MARCH 17, 2021

NTT Research opened its doors in Silicon Valley in July 2019 to help nurture basic research in three subject areas that happen to be at the core of digital transformation: quantum physics, medical informatics and cryptography. You need look no further that the jarring SolarWinds hack for a prime example.

Digital transformation

Digital transformation Encryption Technology Mobile

DeathRansom ransomware evolves encrypting files, but experts identified its author

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. Pierluigi Paganini.

Encryption

Encryption Ransomware Malware Scams

Hacking eCommerce sites based on OXID eShop by chaining 2 flaws

Security Affairs

JULY 30, 2019

Researchers at RIPS Technologies discovered vulnerabilities in the OXID eShop platform that could expose eCommerce websites to hack. Experts discovered two critical security issues that affect recent versions of Enterprise, Professional, and Community Editions of OXID eShop software. Pierluigi Paganini. SecurityAffairs –.

eCommerce

eCommerce Hacking Advertising Software

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Security Affairs

OCTOBER 21, 2021

The Macaw Locker ransomware encrypts victims’ files and append the .macaw macaw extension to the file name of the encrypted files. In 2019, the U.S. 32) and Igor Turashev (38) for distributing the infamous Dridex banking Trojan , and for their involvement in international bank fraud and computer hacking schemes.

Ransomware

Ransomware Cybercrime Banking Encryption

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Security researchers at Netlab, the network security division Qihoo 360, have published a report that details an IoT botnet dubbed Ttint. The experts are monitoring the Mirai-based botnet since November 2019 and observed it exploiting two Tenda router 0-day vulnerabilities to spread a Remote Access Trojan (RAT).

IoT

IoT Firmware DNS Advertising

Hacking campaign is wiping Iomega NAS Devices exposed online

Security Affairs

JULY 30, 2019

txt and state that the user’s files have been encrypted and moved to a safe location.” YOUR FILES HAVE BEEN ENCRYPTED AND MOVED TO A SAFE LOCATION. BITCOIN TO THIS ADDRESS: 172bnrSX351TEEVrFJTPAA9ktBxfjnweLm YOU HAVE UNTIL THE 15th OF AUGUST 2019 TO MAKE THE PAYMENT OR YOUR FILES WILL BE SOLD ON THE DARK WEB.

Hacking

Hacking Advertising Encryption Software

EncroChat dismantling led to 6,558 arrests and the seizure of $979M in criminal funds

Security Affairs

JUNE 27, 2023

Europol announced that the takedown of the EncroChat encrypted chat network has led to the arrest of 6,558 people and the seizure of $979 million in illicit funds. The police infiltrated the global network of the encrypted chatting app that was used by criminals involved in drug dealing, money laundering, extortions, and even murders.

Encryption

Encryption Hacking Banking Accountability

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

Security Affairs

NOVEMBER 16, 2022

DTrack is a modular backdoor used by the Lazarus group since 2019 , it was employed in attacks against a wide variety of targets, from financial environments to a nuclear power plan. The second stage payload is a heavily obfuscated shellcode, the APT group used an encryption method different for each sample. Pierluigi Paganini.

Telecommunications

Telecommunications Manufacturing Malware Education

Maze ransomware is going out of the business

Security Affairs

NOVEMBER 1, 2020

The Maze ransomware operators are shutting down their operations for more than one year the appeared on the threat landscape in May 2019. The Maze cybercrime gang is shutting down its operations, it was considered one of the most prominent and active ransomware crew since it began operating in May 2019. Pierluigi Paganini.

Ransomware

Ransomware Cybercrime Advertising Software

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Security Affairs

AUGUST 10, 2021

The eCh0raix ransomware has been active since at least 2019, when eExperts from security firms Intezer and Anomali separately discovered sample of the ransomware targeting Network Attached Storage (NAS) devices. The malicious code appends.encrypt extension to filenames of encrypted files. SecurityAffairs – hacking, NAS).

Ransomware

Ransomware Encryption Firmware Passwords

LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

Webinars

Trending Sources

Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs

Webinars

Trojan Shield, the biggest ever police operation against encrypted communications

The source code of the Paradise Ransomware was leaked on XSS hacking forum

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

REvil ransomware gang hacked Acer and is demanding a $50 million ransom

Ragnar Locker ransomware gang advertises Campari hack on Facebook

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

APT hacked a US municipal government via an unpatched Fortinet VPN

8Base ransomware operators use a new variant of the Phobos ransomware

Let’s Encrypt CA is revoking over 3 Million TLS certificates due to a bug

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

Ragnar Ransomware encrypts files from virtual machines to evade detection

Kr00k Wi-Fi Encryption flaw affects more than a billion devices

Most of Exim email servers could be hacked by exploiting 21Nails flaws

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

Bitdefender released a free decryptor for the MegaCortex ransomware

Ryuk Ransomware evolution avoid encrypting Linux folders

Source code of Dharma ransomware now surfacing on public hacking forums

A new wave of ech0raix ransomware attacks targets QNAP NAS devices

Microsoft Patch Tuesday security updates for June 2019 fix 88 flaws

10 Mobile Encryption Apps for Digital Privacy Protection

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

CVE-2019-13720 flaw in Chrome exploited in Operation WizardOpium attacks

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

Over 23 million stolen payment card data traded on the Dark Web in H1 2019

Ukrainian REvil gang member sentenced to 13 years in prison

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Saudi Ministry exposed sensitive data for 15 months

Chinese Military personnel charged with hacking into credit reporting agency Equifax

Developer hacked back Muhstik ransomware crew and released keys

Chip maker Advantech hit by Conti ransomware gang

MY TAKE: Why ‘basic research’ is so vital to bringing digital transformation to full fruition

DeathRansom ransomware evolves encrypting files, but experts identified its author

Hacking eCommerce sites based on OXID eShop by chaining 2 flaws

Evil Corp rebrands their ransomware, this time is the Macaw Locker

New Ttint IoT botnet exploits two zero-days in Tenda routers

Hacking campaign is wiping Iomega NAS Devices exposed online

EncroChat dismantling led to 6,558 arrests and the seizure of $979M in criminal funds

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

Maze ransomware is going out of the business

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Stay Connected