2019, Hacking, Malware and Passwords - Cyber Security Informer

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware

Malware Cybercrime Software Antivirus

Google Discovers Massive iPhone Hack

Adam Levin

AUGUST 31, 2019

Researchers at Google announced the discovery of a hacking campaign that used hacked websites to deliver malware to iPhones. Further research revealed a small collection of hacked websites capable of delivering malware to iPhone users visiting those sites.

Hacking

Hacking Accountability Malware Passwords

Dariy Pankov, the NLBrute malware author, pleads guilty

Security Affairs

SEPTEMBER 15, 2023

The Russian national Dariy Pankov (28), aka dpxaker, is the author of the NLBrute malware. The NLBrute malware allows operators to compromise protected computers by decrypting login credentials. The powerful malware was capable of compromising protected computers by decrypting login credentials, such as passwords.

Malware

Malware Marketing Passwords Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

New Russia Malware targets firewall appliances

CyberSecurity Insiders

FEBRUARY 23, 2022

A new malware developed by Sandworm hacking group has targeted appliances that are fire walled and reports are in that the military intelligence of the Russian Federation developed the malicious software. Now some statistic facts about malware. billion malware attacks.

Firewall

Firewall Malware IoT Software

CISA analyzed stealthy malware found on compromised Pulse Secure devices

Security Affairs

JULY 22, 2021

CISA released an alert today about several stealth malware samples that were found on compromised Pulse Secure devices. Cybersecurity and Infrastructure Security Agency (CISA) published a security alert related to the discovery of 13 malware samples on compromised Pulse Secure devices, many of which were undetected by antivirus products.

Malware

Malware Antivirus Passwords Firewall

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. Below are the job descriptions used to recruit the hackers.

Accountability

Accountability Malware Phishing Social Engineering

New Linux malware targets WordPress sites by exploiting 30 bugs

Security Affairs

DECEMBER 30, 2022

A new Linux malware has been exploiting 30 vulnerabilities in outdated WordPress plugins and themes to deploy malicious JavaScripts. Doctor Web researchers discovered a Linux malware, tracked as Linux.BackDoor.WordPressExploit.1, WordPress Ultimate FAQ (vulnerabilities CVE-2019-17232 and CVE-2019-17233). WP Live Chat.

Malware

Malware Hacking Accountability Phishing

Orcus RAT Author Charged in Malware Scheme

Krebs on Security

NOVEMBER 13, 2019

In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT , a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme.

Malware

Malware Advertising Marketing System Administration

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Security Affairs

DECEMBER 13, 2020

In 2018, CVE-2019-9193 was linked to this feature, naming it as a “vulnerability.” The PGminer botnet targets Postgress that have default user “ postgres ”, and performs a brute-force attack iterating over a built-in list of popular passwords such as “ 112233 “ and “ 1q2w3e4r “ to bypass authentication. Pierluigi Paganini.

Hacking

Hacking Cryptocurrency Authentication Passwords

OT attacks increased by over 2000 percent in 2019, IBM reports

Security Affairs

FEBRUARY 11, 2020

According to IBM, OT attacks increased by over 2000 percent in 2019, most of them involved the Echobot IoT malware. IBM’s 2020 X-Force Threat Intelligence Index report analyzes the threat landscape in 2019, the experts observed a spike in the number of OT attacks. “ OT attacks hit an all-time high. Pierluigi Paganini.

Advertising

Advertising Malware IoT Technology

New modular ModPipe POS Malware targets restaurants and hospitality sectors

Security Affairs

NOVEMBER 12, 2020

Cybersecurity researchers spotted a new modular PoS malware, dubbed ModPipe, that targets PoS restaurant management software from Oracle. ESET has been aware of the existence of modules since the end of 2019 when its experts first spotted the “basic” components of the malware. SecurityAffairs – hacking, PoS malware).

Malware

Malware Architecture Passwords Software

The alleged author of NLBrute Malware was extradited to US from Georgia

Security Affairs

FEBRUARY 23, 2023

Dariy Pankov, a Russian VXer behind the NLBrute malware, has been extradited to the United States from Georgia. The Russian national Dariy Pankov, aka dpxaker, is suspected to be the author of the NLBrute malware. The malware allows operators of compromising protected computers by decrypting login credentials.

Malware

Malware Marketing Passwords Hacking

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The QSnatch malware implements multiple functionalities, such as: . The experts were alerted about the malware in October and immediately launched an investigation.

Malware

Malware Firmware Advertising Manufacturing

Ezuri memory loader used in Linux and Windows malware

Security Affairs

JANUARY 8, 2021

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes.

Malware

Malware Encryption Antivirus Passwords

Threat Group Continuously Updates Malware to Evade Antivirus Software

eSecurity Planet

NOVEMBER 7, 2022

Kaspersky researchers recently found evidence of an advanced threat group continuously updating its malware to evade security products, similar to a release cycle for developers. LODEINFO has been observed engaged in a spear- phishing campaign since December 2019 by JPCERT/CC. during their investigation. This is basic role management.

Antivirus

Antivirus Software Malware Phishing

Lemon_Duck cryptomining malware evolves to target Linux devices

Security Affairs

AUGUST 28, 2020

A new variant of the infamous Lemon_Duck cryptomining malware has been updated to targets Linux devices. Security researchers from Sophos have spotted a new variant of the Lemon_Duck cryptomining malware that has been updated to compromise Linux machines via SSH brute force attacks. SecurityAffairs – hacking, Lemon_Duck).

Malware

Malware Authentication Passwords Internet

Data of 533 million Facebook users leaked in a hacking forum for free

Security Affairs

APRIL 3, 2021

On April 3, a user has leaked the phone numbers and personal data of 533 million Facebook users in a hacking forum for free online. Bad news for Facebook, a user in a hacking forum has published the phone numbers and personal data of 533 million Facebook users. SecurityAffairs – hacking, data leak). Pierluigi Paganini.

Hacking

Hacking Accountability Passwords Data breaches

New malware tied to China targets Linux endpoints and servers

SC Magazine

MARCH 10, 2021

New malware compiled on Red Hat Enterprise Linux uses a network data encoding scheme based on XOR, creates a backdoor in systems that gives an attacker near full control over infected machines. ( “Linux password file” by Christiaan Colen is licensed under CC BY-SA 2.0 ).

Malware

Malware Media Passwords Government

New Shlayer Mac malware spreads via poisoned search engine results

Security Affairs

JUNE 21, 2020

Shlayer Mac malware is back, the Mac threat is now spreading through new black SEO operations. Researchers spotted a new version of the Shlayer Mac malware that is spreading via poisoned Google search results. The malware can be used to download other malicious payloads, including malware or adware. up to 10.14.3.

Engineering

Engineering Malware Adware Antivirus

US Feds arrested two men involved in the Warzone RAT operation

Security Affairs

FEBRUARY 12, 2024

The seizure is the result of an international law enforcement operation, federal authorities in Atlanta and Boston charged individuals in Malta and Nigeria, for their involvement in selling the malware. The two individuals are charged with selling and supporting the Warzone RAT and other malware. ” concludes DoJ.

Malware

Malware Hacking Cybercrime Advertising

CopperStealer Malware Targets Facebook and Instagram Business Accounts

Threatpost

MARCH 19, 2021

A previously undocumented password and cookie stealer has been compromising accounts of big guns like Facebook, Apple, Amazon and Google since 2019 and then using them for cybercriminal activity.

Accountability

Accountability Malware Passwords Hacking

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries. For example, in 2019 McAfee found that for targets in Japan, the 16Shop kit would also collect Web ID and Card Password, while US victims will be asked for their Social Security Number. Image: Akamai.

Phishing

Phishing Passwords Internet Internet

CVE-2019-11707 Firefox Zero-Day exploited to infect employees at cryptocurrency exchanges

Security Affairs

JUNE 20, 2019

Researchers discovered that recently patched Firefox zero-day (CVE-2019-11707) has been exploited to deliver Windows and Mac malware to cryptocurrency exchanges. CVE-2019-11707 is a type confusion vulnerability in Array.pop. to address the recently fixed CVE-2019-11707 zero-day flaw in Mozilla Firefox.

Cryptocurrency

Cryptocurrency Malware Advertising Passwords

Poloniex forces password reset following a data leak

Security Affairs

JANUARY 2, 2020

The Poloniex cryptocurrency exchange is forcing users to reset their passwords following a data leak. . Another bad news for the community of the virtual currencies communities, the Poloniex cryptocurrency exchange has forced its users to reset their passwords following a data leak. . SecurityAffairs – Poloniex exchange, hacking).

Passwords

Passwords Cryptocurrency Data breaches Advertising

QNAP urges users to update Malware Remover after QSnatch joint alert

Security Affairs

AUGUST 2, 2020

The Taiwanese vendor QNAP urges its users to update the Malware Remover app following the alert on the QSnatch malware. The Taiwanese company QNAP is urging its users to update the Malware Remover app to prevent NAS devices from being infected by the QSnatch malware. Webshell functionality for remote access.

Malware

Malware Advertising Passwords Manufacturing

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Security Affairs

FEBRUARY 14, 2020

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released reports on North Korea-linked HIDDEN COBRA malware. The FBI, the US Cyber Command, and the Department of Homeland Security have published technical details of a new North-Korea linked hacking operation.

Malware

Malware Passwords Advertising Antivirus

Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye

Security Affairs

DECEMBER 24, 2020

110330 CVE-2019-0708 05/14/2019 Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability (Blue. This week, security experts started analyzing the DGA mechanism used by threat actors behind the SolarWinds hack to control the Sunburst / Solarigate backdoor and published the list of targeted organizations.

Hacking

Hacking Cyber Attacks Passwords Software

Two PoS Malware used to steal data from more than 167,000 credit cards

Security Affairs

OCTOBER 25, 2022

Researchers reported that threat actors used 2 PoS malware variants to steal information about more than 167,000 credit cards. Cybersecurity firm Group-IB discovered two PoS malware to steal data associated with more than 167,000 credit cards from point-of-sale payment terminals. MajikPOS is written using the “.NET

Malware

Malware Cybercrime Banking Marketing

CVE-2019-1132 Windows Zero-Day exploited by Buhtrap Group in government attack

Security Affairs

JULY 11, 2019

The CVE-2019-1132 flaw addressed by Microsoft this month was exploited by Buhtrap threat actor to target a government organization in Eastern Europe. Microsoft Patch Tuesday updates for July 2019 address a total of 77 vulnerabilities, including two privilege escalation flaws actively exploited in the wild. 86 billion RUB ($27.4M

Government

Government Advertising Passwords Banking

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

Security Affairs

JUNE 23, 2020

CLOP ransomware operators have allegedly hacked IndiaBulls Group , an Indian conglomerate headquartered in Gurgaon, India. CLOP ransomware operators have allegedly hacked the Indian conglomerate IndiaBulls Group , its primary businesses are housing finance, consumer finance, and wealth management. . Pierluigi Paganini.

Hacking

Hacking Ransomware Banking Mobile

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

In May 2015, KrebsOnSecurity published a brief writeup about the brazen Manipulaters team, noting that they openly operated hundreds of web sites selling tools designed to trick people into giving up usernames and passwords, or deploying malicious software on their PCs. ” A number of questions, indeed.

Phishing

Phishing Cybercrime Malware Advertising

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

FEBRUARY 3, 2020

and Saudi Arabia have been steadily escalating for at least the past decade, with notable spikes in activity throughout the course of 2019. It’s notable that hacks to gain access to, and maintain control of, industrial control systems are a recurring theme in cyber warfare. The Saudis aren’t known for being transparent.

Energy and Utilities

Energy and Utilities Malware Hacking Passwords

Microsoft: Two New 0-Day Flaws in Exchange Server

Krebs on Security

OCTOBER 1, 2022

In customer guidance released Thursday, Microsoft said it is investigating two reported zero-day flaws affecting Microsoft Exchange Server 2013, 2016, and 2019. ” These web-based backdoors offer attackers an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser.

Hacking

Hacking Passwords Internet Internet

ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia

Security Affairs

FEBRUARY 23, 2020

Cisco Talos researchers discovered a new malware, tracked as ObliqueRAT, that was employed targeted attacks against organizations in Southeast Asia. Experts from Cisco Talos discovered a new malware, tracked as ObliqueRAT, that appears a custom malware developed by a threat actor focused on government and diplomatic targets. .

Government

Government Malware Advertising Passwords

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The Archiveus Trojan from 2006 was the first one to use RSA cipher, but it was reminiscent of a proof of concept and used a static 30-digit decryption password that was shortly cracked. In many cases, the crooks hack managed service providers (MSPs) first and then use this access to compromise the partnering organizations.

Ransomware

Ransomware Hacking Encryption Penetration Testing

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. It uses a list of hardcoded username/password combinations to login into devices in the attempt to access systems using weak or default credentials. RCE CVE-2020-5902 F5 BigIP RCE No CVE (vulnerability published on 2019) ThinkPHP 5.X ” concludes the report.

Malware

Malware DDOS IoT Cybercrime

Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager

Security Affairs

AUGUST 17, 2019

Trend Micro addressed 2 DLL hijacking flaws in Trend Micro Password Manager that could allow malicious actors to escalate privileges and much more. The flaw, tracked as CVE-2019-14684, could allow an authenticated attacker to run with SYSTEM privileges an arbitrary, unsigned DLL file within a trusted process. . Another researcher, Tr?n

Password Management

Password Management Passwords Advertising Authentication

Cryptomining Campaign involves Golang malware to target Linux servers

Security Affairs

JULY 5, 2019

Experts at F5 Networks discovered a cryptomining campaign that is delivering a new piece of the Golang malware that targets Linux-based servers. F5 experts uncovered a cryptominer campaign that is delivering a new strain of Golang malware that targets Linux-based servers. ” reads the analysis published by F5.

Malware

Malware Passwords Advertising Information Security

VSDC video editing software website hacked again

Security Affairs

APRIL 11, 2019

Users that have downloaded the VSDC multimedia editing software between 2019-02-21 and 2019-03-23, may have been infected with malware. Users that have downloaded the VSDC multimedia editing software between 2019-02-21 and 2019-03-23, may have been infected with a banking trojan and an information stealer.

Software

Software Hacking Banking Malware

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” continues the analysis.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Ticketmaster will pay $10 Million fine over hacking a competitor

Security Affairs

JANUARY 2, 2021

Ticketmaster agreed to pay a $10 million fine for hacking into the computer system of the startup rival CrowdSurge. “Ticketmaster Used Passwords Unlawfully Retained by a Former Employee of a Competitor to Access Computer Systems in Scheme to “Choke Off” the Victim’s Business” wrote the DoJ. Attorney DuCharme.

Hacking

Hacking Passwords Accountability Cybercrime

Developer hacked back Muhstik ransomware crew and released keys

Security Affairs

OCTOBER 8, 2019

One of the victims of the Muhstik ransomware gang who initially paid the ransomware, decided to hack back the crooks and released their decryption keys. The expert hacked the server used by the Muhstik ransomware gang and released the decryption keys for all the victims of the group. SecurityAffairs – Muhstik ransomware, hacking).

Hacking

Hacking Ransomware Advertising Passwords

More SolarWinds News

Schneier on Security

FEBRUARY 3, 2021

Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot , was deployed in September 2019, at the time hackers breached SolarWinds’ internal network.

Computers and Electronics

Computers and Electronics Malware Software Government

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Security Affairs

FEBRUARY 3, 2020

L inear eMerge E3 smart building access systems designed by N ortek Security & Control (NSC) are affected by a severe vulnerability (CVE-2019-7256) that has yet to be fixed and attackers are actively scanning the internet for vulnerable devices. Passwords can be found in p roduct documentation and compiled lists available on the Internet.”

DDOS

DDOS Hacking Internet Internet

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Google Discovers Massive iPhone Hack

Webinars

Trending Sources

Dariy Pankov, the NLBrute malware author, pleads guilty

Webinars

New Russia Malware targets firewall appliances

CISA analyzed stealthy malware found on compromised Pulse Secure devices

YouTube creators’ accounts hijacked with cookie-stealing malware

New Linux malware targets WordPress sites by exploiting 30 bugs

Orcus RAT Author Charged in Malware Scheme

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

OT attacks increased by over 2000 percent in 2019, IBM reports

New modular ModPipe POS Malware targets restaurants and hospitality sectors

The alleged author of NLBrute Malware was extradited to US from Georgia

QSnatch malware infected over 62,000 QNAP NAS Devices

Ezuri memory loader used in Linux and Windows malware

Threat Group Continuously Updates Malware to Evade Antivirus Software

Lemon_Duck cryptomining malware evolves to target Linux devices

Data of 533 million Facebook users leaked in a hacking forum for free

New malware tied to China targets Linux endpoints and servers

New Shlayer Mac malware spreads via poisoned search engine results

US Feds arrested two men involved in the Warzone RAT operation

CopperStealer Malware Targets Facebook and Instagram Business Accounts

Karma Catches Up to Global Phishing Service 16Shop

CVE-2019-11707 Firefox Zero-Day exploited to infect employees at cryptocurrency exchanges

Poloniex forces password reset following a data leak

QNAP urges users to update Malware Remover after QSnatch joint alert

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye

Two PoS Malware used to steal data from more than 167,000 credit cards

CVE-2019-1132 Windows Zero-Day exploited by Buhtrap Group in government attack

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

Microsoft: Two New 0-Day Flaws in Exchange Server

ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

EnemyBot malware adds new exploits to target CMS servers and Android devices

Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager

Cryptomining Campaign involves Golang malware to target Linux servers

VSDC video editing software website hacked again

Raccoon Malware, a success case in the cybercrime ecosystem

Ticketmaster will pay $10 Million fine over hacking a competitor

Developer hacked back Muhstik ransomware crew and released keys

More SolarWinds News

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Stay Connected