Schneier on Security

MARCH 28, 2019

In January 2019, we discovered a sophisticated supply chain attack involving the ASUS Live Update Utility. Kaspersky Labs is reporting on a new supply chain attack they call "Shadowhammer.". The attack took place between June and November 2018 and according to our telemetry, it affected a large number of users. [.].

Hacking 274

Hacking Malware 274

Schneier on Security

OCTOBER 10, 2019

Kaspersky has a detailed blog post about a new piece of sophisticated malware that it's calling Reductor. Based on these similarities, we're quite sure the new malware was developed by the COMPfun authors. The COMpfun malware was initially documented by G-DATA in 2014. We identified targets in Russia and Belarus. [.].

Malware 237

Malware Engineering Encryption Hacking 237

Krebs on Security

DECEMBER 10, 2019

The patches include fixes for seven critical bugs — those that can be exploited by malware or miscreants to take control over a Windows system with no help from users — as well as another flaw in most versions of Windows that is already being exploited in active attacks. It is very likely this is being exploited in the wild.”

Backups 190

Backups Software Malware Marketing 190

Malwarebytes

MAY 8, 2025

According to the original complaint against NSO Group, filed in October 2019, the spyware vendor used WhatsApp servers to send malware to around 1400 mobile phones. The ruling comes after a six-year legal case against the company after Meta accused it of misusing its servers to spy on users.

Spyware 133

Spyware Hacking Surveillance Government 133

Krebs on Security

FEBRUARY 4, 2025

The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled , English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. Constella found that a user named Shoppy registered on Cracked in 2019 using the email address finn@shoppy[.]gg.

eCommerce 218

eCommerce Cybercrime Accountability Hacking 218

Krebs on Security

SEPTEMBER 10, 2019

The software giant assigned a “critical” rating to almost a quarter of those vulnerabilities, meaning they could be used by malware or miscreants to hijack vulnerable systems with little or no interaction on the part of the user.

Software 192

Software Backups Malware Hacking 192

Krebs on Security

NOVEMBER 13, 2019

In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT , a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme.

Malware 241

Malware Advertising Marketing System Administration 241

Security Affairs

DECEMBER 23, 2024

Court documents state that on October 29, 2019, plaintiffs filed this lawsuit, alleging that the defendants used WhatsApp to target approximately 1,400 mobile phones and devices to infect them with the surveillance software. NSOs witnesses have refused to answer whether it developed further WhatsApp-based Malware Vectors thereafter.

Spyware 110

Spyware Surveillance Software Hacking 110

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware 314

Malware Cybercrime Software Accountability 314

Security Affairs

NOVEMBER 16, 2024

NSO Group developed malware that relied on WhatsApp exploits to infect target individuals even after the Meta-owned instant messaging company sued the surveillance firm. ” NSO Group continued using WhatsApp exploits, including spyware called “Erised,” even after being sued for violating anti-hacking laws. .”

Spyware 120

Spyware Surveillance Malware Hacking 120

Security Affairs

DECEMBER 22, 2024

The man is accused of being a LockBit ransomware developer from 2019 through at least February 2024. Panev and other developers were tasked to create and maintain the malware and infrastructure, while affiliates executed attacks and extorted ransoms, splitting the proceeds. Arrested in Israel, he awaits extradition to the U.S.

Ransomware 121

Ransomware Small Business Antivirus Malware 121

Security Affairs

MAY 5, 2025

Sansec researchers reported that multiple vendors were hacked in a coordinated supply chain attack, the experts discovered that a backdoor was hidden in 21 applications. Sansec identified these backdoors in the following packages which were published between 2019 and 2022.” ” reads the report published by Sansec.

eCommerce 96

eCommerce Hacking Authentication Software 96

Security Affairs

MAY 13, 2025

DoppelPaymer ransomware has been active since June 2019 ; in November 2020, Microsoft Security Response Center (MSRC) warned customers of the DoppelPaymerransomwareand provided useful information on the threat. DoppelPaymer is based on the BitPaymer ransomware and the Dridex malware family, operators often usethe EMOTET malware to spread it.

Ransomware 108

Ransomware Cybercrime Malware Banking 108

Security Affairs

MAY 24, 2025

Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware spreads via malspam campaigns, it inserts replies in active email threads. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,newsletter)

Cybercrime 122

Cybercrime Cryptocurrency Ransomware Malware 122

The Last Watchdog

FEBRUARY 3, 2020

and Saudi Arabia have been steadily escalating for at least the past decade, with notable spikes in activity throughout the course of 2019. It’s notable that hacks to gain access to, and maintain control of, industrial control systems are a recurring theme in cyber warfare. The Saudis aren’t known for being transparent.

Energy and Utilities 330

Energy and Utilities Malware Hacking Passwords 330

Security Affairs

NOVEMBER 19, 2024

Evgenii Ptitsyn and others allegedly ran an international hacking scheme since November 2020, deploying Phobos ransomware to extort victims. Ptitsyn and his conspirators used a ransomware-as-a-service (RaaS) model to distribute their malware to a network of affiliates.

Cybercrime 117

Cybercrime Ransomware Healthcare Education 117

Security Affairs

DECEMBER 18, 2024

The APT group targeted an organization in Latin America in 2019 and 2022. While investigating the 2022 attack, the researchers noticed that the victim organization had also suffered a 2019 attack using “Careto2” and “Goreto” frameworks. ” reads the analysis published by Kaspersky.

Cyber Attacks 116

Cyber Attacks Hacking Government Malware 116

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. ‘FATAL’ ERROR.

DNS 319

DNS Penetration Testing Malware Hacking 319

SecureList

DECEMBER 12, 2024

Same organization, hacked by the Mask in 2019 Having examined available information about the organization compromised in 2022, we found that it was also compromised with an advanced attack in 2019. Apart from this implant, we also observed attackers deploying a microphone recorder and a file stealer to compromised computers.

Malware 109

Malware Media Encryption Engineering 109

Krebs on Security

APRIL 7, 2022

The DOJ said it did not seek to disinfect compromised devices; instead, it obtained court orders to remove the Cyclops Blink malware from its “command and control” servers — the hidden machines that allowed the attackers to orchestrate the activities of the botnet. energy facilities. ” HYDRA. ” HYDRA. .

Marketing 309

Marketing Energy and Utilities Malware Ransomware 309

Krebs on Security

JUNE 16, 2021

First debuting in early 2019, CLOP is one of several ransomware groups that hack into organizations, launch ransomware that encrypts files and servers, and then demand an extortion payment in return for a digital key needed to unlock access. ?

Ransomware 361

Ransomware Cybercrime Malware Encryption 361

Krebs on Security

FEBRUARY 11, 2020

A dozen of the vulnerabilities Microsoft patched today are rated “critical,” meaning malware or miscreants could exploit them remotely to gain complete control over an affected system with little to no help from the user. It could be used to install malware just by getting a user to browse to a malicious or hacked Web site.

Backups 68

Backups Malware Internet Internet 68

The Last Watchdog

JUNE 21, 2020

Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. These included PClock, CryptoLocker 2.0, Crypt0L0cker, and TorrentLocker.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

DECEMBER 1, 2024

A study by the Massachusetts Institute of Technology (MIT) presented in 2019 revealed that deepfakes generated by AI could deceive humans up to 60% of the time. By automating the generation of malware variants, attackers can evade detection mechanisms employed by major anti-malware engines.

Artificial Intelligence 135

Artificial Intelligence Phishing Media Cybercrime 135

Krebs on Security

NOVEMBER 26, 2019

23, one of the cybercrime underground’s largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards. The other three restaurants are all part of the same parent company and disclosed breaches in August 2019. Image: Gemini Advisory.

Marketing 343

Marketing Cybercrime Retail Advertising 343

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. Below are the job descriptions used to recruit the hackers.

Accountability 145

Accountability Malware Phishing Social Engineering 145

Schneier on Security

FEBRUARY 3, 2021

Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot , was deployed in September 2019, at the time hackers breached SolarWinds’ internal network.

Computers and Electronics 363

Computers and Electronics Malware Software Government 363

The Last Watchdog

MARCH 4, 2019

Related: We’re in the midst of ‘cyber Pearl Harbor’ Peel back the layers of just about any sophisticated, multi-staged network breach and you’ll invariably find memory hacking at the core. Here’s what I took away from our discussion: Transient hacks. This quickly gets intricately technical. Branching attacks.

Hacking 212

Hacking Energy and Utilities System Administration Accountability 212

Krebs on Security

DECEMBER 19, 2018

Satnam Narang , senior research engineer at Tenable , said the vulnerability affects the following installations of IE: Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012, 2016 and 2019; IE 9 on Windows Server 2008; and IE 10 on Windows Server 2012.

Internet 266

Internet Internet Software Engineering 266

Security Affairs

JUNE 15, 2021

The source code for the Paradise Ransomware has been released on a hacking forum allowing threat actors to develop their customized variant. The source code for the Paradise Ransomware has been released on the hacking forum XSS allowing threat actors to develop their own customized ransomware operation. Pierluigi Paganini.

Ransomware 144

Ransomware Hacking Encryption Malware 144

Security Affairs

AUGUST 4, 2024

A China-linked APT, tracked as StormBamboo, compromised an internet service provider (ISP) to poison software update mechanisms with malware. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines. The company linked the attacks to StormBamboo APT group.

Malware 144

Malware DNS Firewall Software 144

Security Affairs

JULY 16, 2021

The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. Since 2019 experts found many Joker apps on Google Play store, in September 2019 security experts at Google removed from the store 24 apps. ” states a post published by the experts.

Malware 145

Malware Mobile Spyware Encryption 145

The Last Watchdog

AUGUST 20, 2019

And, increasingly, they come riddled with some of the most invasive types of malware. This is putting consumers and companies in harm’s way through yet another attack vector – one which gives professional hacking collectives another means to compromise online accounts and break into company networks.

Malware 185

Malware Mobile Manufacturing Marketing 185

Security Affairs

DECEMBER 3, 2024

The news of the hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware was used in the country. In 2021, the University of Toronto-based Citizen Lab Internet reported that a Polish opposition duo was hacked with NSO spyware.

Spyware 120

Spyware Government Surveillance Hacking 120

Security Affairs

APRIL 30, 2025

PRODAFT researchers warn of Russia-linked APT group Nebulous Mantis targeting NATO-related defense organizations Nebulous Mantis, a Russian-speaking cyber espionage group (aka Cuba, STORM-0978 , Tropical Scorpius , UNC2596 ), used RomCom RAT and Hancitor since 2019 to target critical infrastructure, governments, and NATO-linked entities.

Encryption 103

Encryption Ransomware Malware Phishing 103

Security Affairs

APRIL 26, 2021

Apple addresses a zero-day in macOS exploited by Shlayer malware to bypass Apple’s security features and deliver second-stage malicious payloads. The developers behind the Shlayer malware have successfully managed to get their malicious payloads approved by Apple through its automated notarizing process in order to run on macOS.

Malware 145

Malware Software Engineering Hacking 145

CyberSecurity Insiders

FEBRUARY 23, 2022

A new malware developed by Sandworm hacking group has targeted appliances that are fire walled and reports are in that the military intelligence of the Russian Federation developed the malicious software. Now some statistic facts about malware. billion malware attacks.

Firewall 132

Firewall Malware IoT Software 132