Security Boulevard

JANUARY 21, 2022

Xloader is an information stealing malware that is the successor to Formbook, which had been sold in hacking forums since early 2016. In October 2020, Formbook was rebranded as Xloader and some significant improvements were introduced, especially related to the command and control (C2) network encryption.

Encryption 126

Encryption Malware Backups Passwords 126

Security Affairs

APRIL 21, 2024

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. The Akira ransomware operators implement a double extortion model by exfiltrating victims’ data before encrypting it.

Ransomware 111

Ransomware Encryption Antivirus VPN 111

Security Affairs

SEPTEMBER 19, 2022

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and targets Docker installs. In January 2021, the cybercrime gang launched a new campaign targeting Kubernetes environments with the Hildegard malware. The new attacks suggest the hacking group is back in action.

Encryption 97

Encryption Cybercrime Hacking Malware 97

Security Affairs

DECEMBER 4, 2021

Cuba ransomware has been active since at least January 2020. The ransomware encrypts files on the targeted systems using the “ cuba” extension. As a loader, it has been used to download other malware families, such as Ficker stealer and NetSupport RAT , to compromised hosts. SecurityAffairs – hacking, ransomware).

Ransomware 140

Ransomware Hacking Malware Encryption 140

CyberSecurity Insiders

JULY 8, 2021

Trickbot banking malware is back in news for inducing a new ransomware variant into the wild. Researchers from Fortinet’s FortiGuard Labs has have found that the new malware strain is acting similar to that of Conti Ransomware with a change that it Asymmetric encryption algorithms unlike other file encrypting malware variants.

Malware 110

Malware Ransomware Healthcare Encryption 110

The Last Watchdog

APRIL 21, 2021

From January through March 2021, TLS concealed 45 percent of the malware Sophos analysts observed circulating on the Internet; that’s double the rate – 23 percent – seen in early 2020, Dan Schiappa, Sophos’ chief product officer, told me in a briefing. And then they may use off-the-shelf malware to carry out their attack.

Malware 214

Malware Firewall Encryption Digital transformation 214

Security Affairs

JUNE 15, 2021

The source code for the Paradise Ransomware has been released on a hacking forum allowing threat actors to develop their customized variant. The source code for the Paradise Ransomware has been released on the hacking forum XSS allowing threat actors to develop their own customized ransomware operation. Pierluigi Paganini.

Ransomware 128

Ransomware Hacking Encryption Malware 128

Security Affairs

JANUARY 8, 2021

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. ” concludes the report.

Malware 139

Malware Encryption Antivirus Passwords 139

Security Affairs

NOVEMBER 13, 2021

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. SecurityAffairs – hacking, GravityRAT). Record audio.

Encryption 134

Encryption Malware Media Authentication 134

Security Affairs

JULY 16, 2021

The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. In April 2021, more than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store. dex file as before. explained.

Malware 140

Malware Mobile Spyware Encryption 140

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. File encryption 2013 – 2015. These included PClock, CryptoLocker 2.0,

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

MAY 27, 2020

The updated Grandoreiro Malware equipped with latenbot-C2 features in Q2 2020 now extended to Portuguese banks. During April and May 2020, a new Grandoreiro variant was identified. This piece of malware includes improvements in the way it is operating. Figure 1: Grandoreiro email template Q2 2020 (Portugal).

Malware 69

Malware Banking Advertising Data collection 69

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In some cases, this allows the intruders to profit even if their malware somehow fails to do its job.

Hacking 342

Hacking Ransomware Banking Accountability 342

Security Affairs

FEBRUARY 2, 2021

Ransomware operators are exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992, to encrypt virtual hard disks. Security experts are warning of ransomware attacks exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992 , to encrypt virtual hard disks. Pierluigi Paganini.

Encryption 97

Encryption Ransomware System Administration Hacking 97

The Last Watchdog

JANUARY 25, 2021

Thanks to a couple of milestone hacks disclosed at the close of 2020 and start of 2021, they will forever be associated with putting supply-chain vulnerabilities on the map. Similarly, the SolarWinds and Mimecast hacks are precursors of increasingly clever and deeply-damaging hacks of the global supply chain sure to come.

Hacking 228

Hacking B2B Authentication Software 228

Security Affairs

MARCH 22, 2021

The Kaspersky ICS CERT published a report that provided details about the threat landscape for computers in the ICS engineering and integration sector in 2020. Kaspersky ICS CERT published a report that provided details about the threat landscape for ICS engineering and integration sector in 2020. In H2 2020, 39.3%

Engineering 132

Engineering VPN Accountability Software 132

Security Affairs

APRIL 16, 2024

The malware also grants attackers access to the device’s system, enabling them to retrieve user KeyChain data, device lists, and execute shell commands, potentially gaining full control over the device. “The Loader initiates the process by loading both the encrypted and subsequently decrypted LightSpy kernel.

Spyware 108

Spyware Mobile Malware Encryption 108

Security Affairs

AUGUST 2, 2022

Gootkit access-as-a-service (AaaS) malware is back with tactics and fileless delivery of Cobalt Strike beacons. In the past, Gootkit distributed malware masquerading as freeware installers, now it uses legal documents to trick users into downloading these files. . SecurityAffairs – hacking, Gootkit). Pierluigi Paganini.

Malware 102

Malware Encryption Engineering Hacking 102

Security Affairs

SEPTEMBER 27, 2021

The source code of Cerberus was released in September 2020 on underground hacking forums after its operators failed an auction. According to the experts, ERMAC is operated by threat actors behind the BlackRock mobile malware. SecurityAffairs – hacking, banking trojan). ” reads the analysis published by Threatfabric.

Banking 86

Banking Malware Mobile Encryption 86

Security Affairs

DECEMBER 10, 2021

Malware researchers from Recorded Future and MalwareHunterTeam discovered ALPHV (aka BlackCat), the first professional ransomware strain that was written in the Rust programming language. Another one used to encrypt companies' networks. Filemarker 19 47 B7 4D at EOF and before the encrypted key, which is JSON with some settings.

Ransomware 102

Ransomware Malware Cybercrime Encryption 102

Security Affairs

JULY 1, 2020

Xerox Corporation is the last victim of the Maze ransomware operators, hackers have encrypted its files and threaten of releasing them. Maze ransomware operators have breached the systems of the Xerox Corporation and stolen files before encrypting them. billion in revenu e in Q1 2020 and has 27,000 employees across the globe.

Ransomware 103

Ransomware Hacking Encryption Banking 103

Security Affairs

OCTOBER 25, 2020

Researchers from MalwareHunterTeam have spotted a new piece of remote access trojan (RAT) dubbed ‘Abaddon’ that is likely the first malware using the Discord platform as command and control. The Abaddon malware connects to the Discord command and control server to check for new commands to execute. "Abaddon"

Malware 134

Malware Advertising Ransomware Encryption 134

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware 277

Malware Software Technology Accountability 277

Security Affairs

JUNE 11, 2021

Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. Threat actors used custom malware to steal data from 3.2 million Windows systems between 2018 and 2020. The malware stole nearly 26 million login credentials holding 1.1

Malware 116

Malware Computers and Electronics Software Financial Services 116

Security Affairs

FEBRUARY 7, 2021

Some commercial Nespresso machines that are used in Europe could be hacked to add unlimited funds to purchase coffee. Some Nespresso Pro machines in Europe could be hacked to add unlimited funds to purchase coffee. The researchers wrote a Python script that used to crack the weak encryption and dumped the card’s binary.

Hacking 145

Hacking Technology Software Engineering 145

SecureWorld News

AUGUST 8, 2022

Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) released a joint Cybersecurity Advisory (CSA) providing details on the top malware strains of 2021. The top malware strains in 2021 included remote access Trojans (RATs), banking Trojans, information stealers, and ransomware.

Malware 87

Malware Banking Penetration Testing Healthcare 87

Security Affairs

SEPTEMBER 28, 2022

North Korea-linked Lazarus APT group continues to target macOS with a malware campaign using job opportunities as a lure. The SentinelOne investigation is based on a previous one conducted by ESET in August , when Lazarus APT has been observed targeting job seekers with macOS malware working also on Intel and M1 chipsets.

Malware 96

Malware Cryptocurrency Architecture Advertising 96

Security Affairs

MAY 11, 2020

Researchers warn of a new feature implemented in the Sodinokibi ransomware, the threat can now encrypt open and locked files. The Sodinokibi ransomware (REvil) continues to evolve, operators implemented a new feature that allows the malware to encrypt victim’s files, even if they are opened and locked by another process.

Encryption 100

Encryption Ransomware Advertising Malware 100

Security Affairs

AUGUST 4, 2020

NetWalker ransomware operators continue to be very active, according to McAfee the cybercrime gang has earned more than $25 million since March 2020. McAfee researchers believe that the NetWalker ransomware operators continue to be very active, the gang is believed to have earned more than $25 million since March 2020. reads the alert.

Ransomware 97

Ransomware VPN Cybercrime Advertising 97

Security Affairs

NOVEMBER 18, 2020

Experts from Cybereason Nocturnus uncovered an active campaign that targets users of a large e-commerce platform in Latin America with Chaes malware. Experts at Cybereason Nocturnus have uncovered an active campaign targeting the users of a large e-commerce platform in Latin America with malware tracked as Chaes.

Phishing 118

Phishing Malware Cryptocurrency Information Security 118

Security Affairs

DECEMBER 18, 2020

Cyberpunk 2077 is a 2020 action role-playing video game developed and published by CD Projekt, it was one of the most. RC4 algorithm with hardcoded key (in this example – "21983453453435435738912738921") is used for encryption. link] — Tatyana Shishkova (@sh1shk0va) December 17, 2020. "CyberPunk2077.sfx.exe"

Mobile 136

Mobile Ransomware Encryption Malware 136

Security Affairs

JANUARY 30, 2021

FonixCrypter ransomware operators shut down their operations, released the master decryption key for free, and deleted malware’s source code. The FonixCrypter gang also closed its Telegram channel that was used to advertise the malware in the cybercrime underground. SecurityAffairs – hacking, ransomware).

Ransomware 135

Ransomware Encryption Malware Cybercrime 135

Security Affairs

APRIL 18, 2021

Experts warn of malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. Since January, researchers observed malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. exe or annualreport.exe.

Malware 111

Malware Ransomware Encryption Phishing 111

Security Affairs

JUNE 28, 2020

Asian media firm E27 has been hacked by a hacking group identifying themselves as “Korean Hackers” and “Team Johnwick”that asked for a “donation” to provide information on the vulnerabilities they have exploited in the attack. .” SecurityAffairs – hacking, E27). Pierluigi Paganini.

Media 142

Media Hacking Passwords Data breaches 142

Security Affairs

JULY 14, 2020

“As of July 11th, 2020, our cybersecurity team has confirmed that an unauthorized third party accessed certain user data through a security breach at a LiveAuctioneers data processing partner that occurred on June 19, 2020.” The company confirmed that the an investigation into the hack is still ongoing. The post 3.4

Hacking 103

Hacking Data breaches Identity Theft Advertising 103

Security Affairs

MARCH 24, 2021

Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents. It does indeed encrypt files. SecurityAffairs – hacking, Microsoft Exchange). Pierluigi Paganini.

Ransomware 140

Ransomware Encryption VPN Malware 140

Security Affairs

SEPTEMBER 17, 2021

A new malware written in Golang programming language, tracked as Capoae, is targeting WordPress installs and Linux systems. Akamai researchers spotted a new strain of malware written in Golang programming language, dubbed Capoae, that was involved in attacks aimed at WordPress installs and Linux systems. . Pierluigi Paganini.

Malware 93

Malware Cryptocurrency Encryption Hacking 93