2020, Encryption, Hacking and Information Security

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Security Affairs

OCTOBER 9, 2023

pic.twitter.com/YJavUu53v3 — vx-underground (@vxunderground) October 7, 2023 BleepingComputer was able to verify with the help of the popular malware researcher Michael Gillespie that that source code is legitimate and is related to the first version of the ransomware that was employed in 2020.

Cybercrime

Cybercrime Ransomware DDOS Encryption

SideWinder carried out over 1,000 attacks since April 2020

Security Affairs

MAY 31, 2022

SideWinder, an aggressive APT group, is believed to have carried out over 1,000 attacks since April 2020, Kaspersky reported. The group stands out for the high frequency and persistence of its attacks, researchers believe that the APT group has carried out over 1,000 attacks since April 2020. SecurityAffairs – hacking, SideWinder).

Encryption

Encryption Malware Phishing Hacking

FragAttacks vulnerabilities expose all WiFi devices to hack

Security Affairs

MAY 12, 2021

.” Summarizing, the design flaws discovered by the expert are: CVE-2020-24588 : aggregation attack (accepting non-SPP A-MSDU frames). CVE-2020-24587 : mixed key attack (reassembling fragments encrypted under different keys). CVE-2020-26140 : Accepting plaintext data frames in a protected network. Pierluigi Paganini.

Hacking

Hacking Encryption Authentication Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

TeamTNT is back and targets servers to run Bitcoin encryption solvers

Security Affairs

SEPTEMBER 19, 2022

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and targets Docker installs. The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August 2020 experts from Cado Security discovered that botnet is also able to target misconfigured Kubernetes installations.

Encryption

Encryption Cybercrime Hacking Malware

Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs

Security Affairs

FEBRUARY 2, 2021

Ransomware operators are exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992, to encrypt virtual hard disks. Security experts are warning of ransomware attacks exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992 , to encrypt virtual hard disks. Pierluigi Paganini.

Encryption

Encryption Ransomware System Administration Hacking

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. “The harsh and unfortunate reality is the security of a number of security companies is s**t,” Arena said.

Hacking

Hacking Ransomware Banking Accountability

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

xyz pic.twitter.com/VLhISark8Y — Goldwave (@OGoldwave) March 13, 2023 The variant employed in the campaign supports a more sophisticated encryption method of byte remapping and a monthly rotation of the C2 server. #ViperSoftX is back, doesn't look like much has changed. c2 arrowlchat[.]com ” concludes the report.

Encryption

Encryption Malware Cryptocurrency Software

The source code of the Paradise Ransomware was leaked on XSS hacking forum

Security Affairs

JUNE 15, 2021

The source code for the Paradise Ransomware has been released on a hacking forum allowing threat actors to develop their customized variant. The source code for the Paradise Ransomware has been released on the hacking forum XSS allowing threat actors to develop their own customized ransomware operation. Pierluigi Paganini.

Ransomware

Ransomware Hacking Encryption Malware

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. File encryption 2013 – 2015. pharma giant ExecuPharm.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

Cuba ransomware has been active since at least January 2020. The ransomware encrypts files on the targeted systems using the “ cuba” extension. The FBI discourages paying the ransom because there is no guarantee to recover the encrypted files. SecurityAffairs – hacking, ransomware). Pierluigi Paganini.

Ransomware

Ransomware Hacking Malware Encryption

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. The Akira ransomware operators implement a double extortion model by exfiltrating victims’ data before encrypting it.

Ransomware

Ransomware Encryption Antivirus VPN

Which is the Threat landscape for the ICS sector in 2020?

Security Affairs

MARCH 22, 2021

The Kaspersky ICS CERT published a report that provided details about the threat landscape for computers in the ICS engineering and integration sector in 2020. Kaspersky ICS CERT published a report that provided details about the threat landscape for ICS engineering and integration sector in 2020. In H2 2020, 39.3%

Engineering

Engineering VPN Accountability Software

Let’s Encrypt CA is revoking over 3 Million TLS certificates due to a bug

Security Affairs

MARCH 4, 2020

Let’s Encrypt is going to revoke over 3 million certificates today due to a flaw in the software used to verify users and their domains before issuing a certificate. A bug in Let’s Encrypt’s certificate authority (CA) software, dubbed Boulder, caused the correct validation for some certificates.

Encryption

Encryption Advertising DNS Software

Hacking Nespresso machines to have unlimited funds to purchase coffee

Security Affairs

FEBRUARY 7, 2021

Some commercial Nespresso machines that are used in Europe could be hacked to add unlimited funds to purchase coffee. Some Nespresso Pro machines in Europe could be hacked to add unlimited funds to purchase coffee. The researchers wrote a Python script that used to crack the weak encryption and dumped the card’s binary.

Hacking

Hacking Technology Software Engineering

Morgan Stanley discloses data breach after the hack of a third-party vendor

Security Affairs

JULY 8, 2021

The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server of a third-party vendor. The hack of the FTA server took place in March, but the hacker had access to the data of Morgan Stanley customers in May. ” reads the letter.

Data breaches

Data breaches Hacking Banking Financial Services

GravityRAT returns disguised as an end-to-end encrypted chat app

Security Affairs

NOVEMBER 13, 2021

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. SecurityAffairs – hacking, GravityRAT). Pierluigi Paganini.

Encryption

Encryption Malware Media Authentication

Most of Exim email servers could be hacked by exploiting 21Nails flaws

Security Affairs

MAY 4, 2021

This is not the first time that experts disclose vulnerabilities in EXIM software, in May 2020 the U.S. Experts announced they will not publish that exploits for now.

Hacking

Hacking Software Engineering Encryption

Asian media firm E27 hacked, attackers asked for a “donation”

Security Affairs

JUNE 28, 2020

Asian media firm E27 suffered a security breach and hackers asked for a “donation” to provide information on the flaws they exploited in the attack. If you use the legacy email and password login, your passwords are encrypted, but we highly encourage that you change it. SecurityAffairs – hacking, E27).

Media

Media Hacking Passwords Data breaches

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

In April, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) previously warned of attacks carried out by APT groups targeting Fortinet FortiOS servers using multiple exploits. The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591.

VPN

VPN Government Hacking Accountability

3.4 Million user records from LiveAuctioneers hack available for sale

Security Affairs

JULY 14, 2020

The company confirmed the security breach over the weekend, it revealed that unknown threat actors accessed a partner’s systems in June stealing user information. The company confirmed that the an investigation into the hack is still ongoing. SecurityAffairs – hacking, LiveAuctioneers ). The poster is selling 3.4

Hacking

Hacking Data breaches Identity Theft Advertising

NetWalker ransomware operators have made $25 million since March 2020

Security Affairs

AUGUST 4, 2020

NetWalker ransomware operators continue to be very active, according to McAfee the cybercrime gang has earned more than $25 million since March 2020. McAfee researchers believe that the NetWalker ransomware operators continue to be very active, the gang is believed to have earned more than $25 million since March 2020. reads the alert.

Ransomware

Ransomware VPN Cybercrime Advertising

Two PoC exploits for CVE-2020-0601 NSACrypto flaw released

Security Affairs

JANUARY 16, 2020

Researchers published proof-of-concept (PoC) code exploits for a recently-patched CVE-2020-0601 flaw in the Windows operating system reported by NSA. dll module that contains various ‘Certificate and Cryptographic Messaging functions’ used by the Windows Crypto API for data encryption. . SecurityAffairs – CVE-2020-0601, hacking).

Advertising

Advertising Software Encryption Hacking

Popular Webkinz World online children’s game hacked, 23M credentials leaked

Security Affairs

APRIL 19, 2020

A hacker has leaked the usernames and passwords of nearly 23 million players of Webkinz World on a well-known hacking forum. . “ZDNet has learned that details about the vulnerability have been circulating online before today’s leak for months, both on hacking forums and on online IM chat groups.” Pierluigi Paganini.

Hacking

Hacking Passwords Data breaches Advertising

Microsoft addresses CVE-2020-0601 flaw, the first issue ever reported by NSA

Security Affairs

JANUARY 15, 2020

Microsoft has released a security update to address “a broad cryptographic vulnerability” that is impacting its Windows operating system. The flaw, dubbed ‘NSACrypt’ and tracked as CVE-2020-0601, resides in the Crypt32.dll SecurityAffairs – CVE-2020-0601 , hacking). Pierluigi Paganini.

Advertising

Advertising Software Encryption Hacking

Energy giant Shell discloses data breach caused by Accellion FTA hack

Security Affairs

MARCH 23, 2021

billion in 2020. “Shell has been impacted by a data security incident involving Accellion’s File Transfer Appliance. “We FireEye pointed out that despite FIN11 hackers are publishing data from Accellion FTA customers on the Clop ransomware leak site, they did not encrypt systems on the compromised networks.

Data breaches

Data breaches Hacking Cybercrime Cyber Attacks

A renewed espionage campaign targets South Asia with iOS spyware LightSpy

Security Affairs

APRIL 16, 2024

A first-stage implant is delivered to the visitors, it gathers device information and downloads further stages, including the core LightSpy implant and various plugins for specific spying functions. “The Loader initiates the process by loading both the encrypted and subsequently decrypted LightSpy kernel.

Spyware

Spyware Mobile Malware Encryption

Black Kingdom ransomware is targeting Microsoft Exchange servers

Security Affairs

MARCH 24, 2021

Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents. It does indeed encrypt files. SecurityAffairs – hacking, Microsoft Exchange). Pierluigi Paganini.

Ransomware

Ransomware Encryption VPN Malware

Russia-linked Turla APT hacked European government organization

Security Affairs

OCTOBER 29, 2020

Russia-linked APT Turla has hacked into the systems of an undisclosed European government organization according to Accenture. According to a report published by Accenture Cyber Threat Intelligence (ACTI), Russia-linked cyber-espionage group Turla has hacked into the systems of an undisclosed European government organization.

Government

Government Hacking Advertising Encryption

EncroChat dismantling led to 6,558 arrests and the seizure of $979M in criminal funds

Security Affairs

JUNE 27, 2023

Europol announced that the takedown of the EncroChat encrypted chat network has led to the arrest of 6,558 people and the seizure of $979 million in illicit funds. In July 2020, a joint operation conducted by European and British law enforcement agencies resulted in the arrest of hundreds of alleged drug dealers and other crooks.

Encryption

Encryption Hacking Banking Accountability

A database containing data of +8.9 million Zacks users was leaked online

Security Affairs

JUNE 13, 2023

A database containing the personal information of more than 8.9 A database containing personal information of 8,929,503 Zacks Investment Research users emerged on a popular hacking forum on June 10, 2023. HIBP pointed out that the most recent record in the leaked database is dated May 2020. ” reported HIBP.

Data breaches

Data breaches Passwords Cybercrime Encryption

WhatsApp flaws could have allowed hackers to remotely hack mobile devices

Security Affairs

APRIL 14, 2021

WhatsApp addressed two security vulnerabilities in its app for Android that could have been exploited to remotely hack the victim’s device. The communication with upstream servers and the E2E encryption implementation are two notable ones. SecurityAffairs – hacking, WhatsApp). ” concludes the report.

Mobile

Mobile Hacking Encryption Surveillance

A cyber attack hit Thyssenkrupp Automotive Body Solutions business unit

Security Affairs

FEBRUARY 26, 2024

On December 28, 2020, ThyssenKrupp Materials group of companies based in U.S. The hackers managed to access sensitive HR information and documents about the company’s current and former employees. The confidential information accessed by the attackers included the SSN and bank account information of employees.

Cyber Attacks

Cyber Attacks Ransomware Engineering Banking

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

Security Affairs

MAY 17, 2024

The experts speculate the Lunar toolset has been employed since at least 2020. LunarWeb can also execute shell and PowerShell commands, gather system information, run Lua code, and exfiltrate data in AES-256 encrypted form. ESET attributes the two backdoors to Russia-linked APT group Turla , with medium confidence.

Phishing

Phishing Software Government Encryption

Fake mobile version of Cyberpunk 2077 spreads ransomware

Security Affairs

DECEMBER 18, 2020

Cyberpunk 2077 is a 2020 action role-playing video game developed and published by CD Projekt, it was one of the most. RC4 algorithm with hardcoded key (in this example – "21983453453435435738912738921") is used for encryption. link] — Tatyana Shishkova (@sh1shk0va) December 17, 2020. "CyberPunk2077.sfx.exe"

Mobile

Mobile Ransomware Encryption Malware

Xamalicious Android malware distributed through the Play Store

Security Affairs

DECEMBER 27, 2023

The authors also implemented different obfuscation techniques and custom encryption to avoid detection. McAfee identified about 25 different malicious apps, some of which have been uploaded on Google Play since mid-2020. ” To circumvent analysis and detection, the malware encrypts all C2 communications.

Malware

Malware Encryption Social Engineering Marketing

Mount Locker ransomware operators demand multi-million dollar ransoms

Security Affairs

SEPTEMBER 28, 2020

A new ransomware gang named Mount Locker has started its operations stealing victims’ data before encrypting. Like other ransomware operators, Mount Locker started targeting corporate networks, it has been active since the end of July 2020. to the filenames of the encrypted files. SecurityAffairs – hacking, ransomware).

Ransomware

Ransomware Encryption Advertising Engineering

Bitdefender releases free decrypter for Darkside ransomware

Security Affairs

JANUARY 12, 2021

Darkside ransomware first appeared in the threat landscape in August 2020, its operators were distributing it using a ransomware-as-a-service business model. Darkside ransomware first appeared in the threat landscape in August 2020, its operators were distributing it using a ransomware-as-a-service business model. Pierluigi Paganini.

Ransomware

Ransomware Encryption Hacking Information Security

Two flaws could allow bypassing AMD SEV protection system

Security Affairs

MAY 16, 2021

The chipmaker AMD published guidance for two new attacks against its SEV ( Secure Encrypted Virtualization ) protection technology. Customers using prior generations of EPYC processors, which do not support SEV-SNP, should follow security best practices. SecurityAffairs – hacking, AMD). Pierluigi Paganini.

Encryption

Encryption Technology Hacking Information Security

Victims of FonixCrypter ransomware could decrypt their files for free

Security Affairs

JANUARY 30, 2021

The availability of the master decryption key allows the victims to recover their encrypted files for free. Fonix Ransomware Master RSA Key (Spub.key & Spriv.key) and Sample Decryptor : #Fonix #ransomware #XINOF #FonixCrypter #close_project #hack #Malware #raas #ransomware_as_a_service [link] — fnx (@fnx67482837) January 29, 2021.

Ransomware

Ransomware Encryption Malware Cybercrime

Experts warn of attacks using a new Linux variant of SFile ransomware

Security Affairs

JANUARY 17, 2022

SFile ransomware (aka Escal), has been active since 2020 , it was observed targeting only Windows systems. Some variants of the ransomware append the English name of the target company to the filenames of the encrypted files. “The SFile ransomware uses the Mbed TLS library, RSA-2048 and AES-256 algorithms for file encryption.

Ransomware

Ransomware Encryption Backups Malware

University of Utah pays a $457,000 ransom to ransomware gang

Security Affairs

AUGUST 21, 2020

The University of Utah admitted to have paid a $457,059 ransom in order to avoid having ransomware operators leak student information online. ” According to the University, the ransomware encrypted only 0.02% of the data stored on its servers. .” SecurityAffairs – hacking, University of Utah). Pierluigi Paganini.

Ransomware

Ransomware Cyber Insurance Insurance Advertising

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords

Passwords Hacking Wireless Authentication

Grandoreiro Malware implements new features in Q2 2020

Security Affairs

MAY 27, 2020

The updated Grandoreiro Malware equipped with latenbot-C2 features in Q2 2020 now extended to Portuguese banks. Cybercriminals attempt to compromise computers to generate revenue by exfiltrating information from victims’ devices, typically banking-related information. Figure 1: Grandoreiro email template Q2 2020 (Portugal).

Malware

Malware Banking Advertising Data collection

FBI issued an alert on Ragnar Locker ransomware activity

Security Affairs

NOVEMBER 23, 2020

FBI is warning private industry partners of a surge in Ragnar Locker ransomware activity following a confirmed attack from April 2020. Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April 2020.

Ransomware

Ransomware Encryption VPN Backups

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

SideWinder carried out over 1,000 attacks since April 2020

Webinars

Trending Sources

FragAttacks vulnerabilities expose all WiFi devices to hack

Webinars

TeamTNT is back and targets servers to run Bitcoin encryption solvers

Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

The source code of the Paradise Ransomware was leaked on XSS hacking forum

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Akira ransomware received $42M in ransom payments from over 250 victims

Which is the Threat landscape for the ICS sector in 2020?

Let’s Encrypt CA is revoking over 3 Million TLS certificates due to a bug

Hacking Nespresso machines to have unlimited funds to purchase coffee

Morgan Stanley discloses data breach after the hack of a third-party vendor

GravityRAT returns disguised as an end-to-end encrypted chat app

Most of Exim email servers could be hacked by exploiting 21Nails flaws

Asian media firm E27 hacked, attackers asked for a “donation”

APT hacked a US municipal government via an unpatched Fortinet VPN

3.4 Million user records from LiveAuctioneers hack available for sale

NetWalker ransomware operators have made $25 million since March 2020

Two PoC exploits for CVE-2020-0601 NSACrypto flaw released

Popular Webkinz World online children’s game hacked, 23M credentials leaked

Microsoft addresses CVE-2020-0601 flaw, the first issue ever reported by NSA

Energy giant Shell discloses data breach caused by Accellion FTA hack

A renewed espionage campaign targets South Asia with iOS spyware LightSpy

Black Kingdom ransomware is targeting Microsoft Exchange servers

Russia-linked Turla APT hacked European government organization

EncroChat dismantling led to 6,558 arrests and the seizure of $979M in criminal funds

A database containing data of +8.9 million Zacks users was leaked online

WhatsApp flaws could have allowed hackers to remotely hack mobile devices

A cyber attack hit Thyssenkrupp Automotive Body Solutions business unit

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

Fake mobile version of Cyberpunk 2077 spreads ransomware

Xamalicious Android malware distributed through the Play Store

Mount Locker ransomware operators demand multi-million dollar ransoms

Bitdefender releases free decrypter for Darkside ransomware

Two flaws could allow bypassing AMD SEV protection system

Victims of FonixCrypter ransomware could decrypt their files for free

Experts warn of attacks using a new Linux variant of SFile ransomware

University of Utah pays a $457,000 ransom to ransomware gang

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Grandoreiro Malware implements new features in Q2 2020

FBI issued an alert on Ragnar Locker ransomware activity

Stay Connected