Schneier on Security

JUNE 30, 2022

Wired is reporting on a new remote-access Trojan that is able to infect at least eighty different targets: So far, researchers from Lumen Technologies’ Black Lotus Labs say they’ve identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and DrayTek.

Malware 240

Malware DNS Architecture Hacking 240

Krebs on Security

AUGUST 28, 2020

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. ”

Accountability 361

Accountability Hacking Authentication Marketing 361

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In some cases, this allows the intruders to profit even if their malware somehow fails to do its job.

Hacking 358

Hacking Ransomware Banking Accountability 358

Security Affairs

MARCH 26, 2025

New ReaderUpdate malware variants, now written in Crystal, Nim, Rust, and Go, targets macOS users, SentinelOne warns. SentinelOne researchers warn that multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages, are targeting macOS users. The malware maintains persistence via a.plist file.

Malware 73

Malware Adware Antivirus Marketing 73

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware 314

Malware Cybercrime Software Accountability 314

Krebs on Security

FEBRUARY 9, 2023

Initially a stealthy trojan horse program delivered via email and used to steal passwords, Trickbot evolved into “a highly modular malware suite that provides the Trickbot Group with the ability to conduct a variety of illegal cyber activities, including ransomware attacks,” the Treasury Department said. Image: Microsoft.

Hacking 250

Hacking Cybercrime Ransomware Government 250

Security Affairs

DECEMBER 27, 2024

charges for allegedly threatening to release data stolen from a company in a March 2020 security breach. government has charged the Brazilian citizen Junior Barros De Oliveira, 29, with allegedly threatening to release data stolen from a company during a March 2020 security breach. A Brazilian citizen faces U.S. Sellinger announced.”

Government 69

Government Hacking Data breaches Information Security 69

Security Affairs

NOVEMBER 29, 2024

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. On or about June 25, 2020, Matveev and his LockBit coconspirators targeted a law enforcement agency in Passaic County, New Jersey. The attacks hit law enforcement agencies in Washington, D.C.

Ransomware 120

Ransomware Healthcare Hacking Malware 120

Krebs on Security

FEBRUARY 17, 2021

Confirmed thefts attributed to the group include the 2016 hacking of the SWIFT payment system for Bangladesh Bank, which netted thieves $81 million; $6.1 In reality, prosecutors say, the programs were malware or downloaded malware after the applications were installed. billion from banks and other victims worldwide.

Cryptocurrency 344

Cryptocurrency Financial Services Banking Government 344

SecureBlitz

FEBRUARY 21, 2024

In 2020, the digital landscape witnessed a cunning maneuver by the infamous Astaroth malware. Cisco Talos researchers first uncovered this devious strategy, revealing that Astaroth embedded encrypted and […] The post Astaroth malware uses YouTube channel descriptions for hacks appeared first on SecureBlitz Cybersecurity.

Malware 116

Malware Hacking Encryption Cybersecurity 116

The Last Watchdog

JANUARY 25, 2021

Thanks to a couple of milestone hacks disclosed at the close of 2020 and start of 2021, they will forever be associated with putting supply-chain vulnerabilities on the map. Similarly, the SolarWinds and Mimecast hacks are precursors of increasingly clever and deeply-damaging hacks of the global supply chain sure to come.

Hacking 228

Hacking B2B Authentication Software 228

Schneier on Security

APRIL 8, 2021

This seems to have been exploited by “Western government operatives actively conducting a counterterrorism operation”: The exploits, which went back to early 2020 and used never-before-seen techniques, were “watering hole” attacks that used infected websites to deliver malware to visitors.

Government 270

Government Hacking Malware Cybersecurity 270

Security Affairs

NOVEMBER 5, 2024

Canadian authorities arrested a suspect linked to multiple hacks following a breach of cloud data platform Snowflake earlier this year. “Canadian authorities have arrested a man suspected of being behind a string of hacks involving as many as 165 customers of Snowflake Inc., Charges remain undisclosed.

Unstructured Data 123

Unstructured Data Media Cybercrime Hacking 123

Security Affairs

NOVEMBER 16, 2024

NSO Group developed malware that relied on WhatsApp exploits to infect target individuals even after the Meta-owned instant messaging company sued the surveillance firm. ” NSO Group continued using WhatsApp exploits, including spyware called “Erised,” even after being sued for violating anti-hacking laws. .

Spyware 120

Spyware Surveillance Malware Hacking 120

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. In early 2020, several cybercriminals groups followed suit.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

MAY 13, 2025

DoppelPaymer ransomware has been active since June 2019 ; in November 2020, Microsoft Security Response Center (MSRC) warned customers of the DoppelPaymerransomwareand provided useful information on the threat. DoppelPaymer is based on the BitPaymer ransomware and the Dridex malware family, operators often usethe EMOTET malware to spread it.

Ransomware 108

Ransomware Cybercrime Malware Banking 108

Security Affairs

MAY 4, 2025

When the malware was successful, the ransomware then created a ransom note on the victims system that directed the victim to send $10,000 worth of Bitcoin to a cryptocurrency address controlled by a co-conspirator and to send proof of this payment to a Black Kingdom email address.” .” reads the press release published by DoJ.

Ransomware 115

Ransomware Encryption VPN Cryptocurrency 115

Security Affairs

DECEMBER 17, 2024

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. The Federal Bureau of Investigation (FBI) released a Private Industry Notification (PIN) to warn of HiatusRAT malware campaigns targeting Chinese-branded web cameras and DVRs. ” reads the PIN report.

Architecture 109

Architecture Internet Internet Malware 109

Security Affairs

FEBRUARY 17, 2024

CISA warns that the Akira Ransomware gang is exploiting the Cisco ASA/FTD vulnerability CVE-2020-3259 (CVSS score: 7.5) Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco ASA and FTD bug, tracked as CVE-2020-3259 (CVSS score: 7.5), to its Known Exploited Vulnerabilities catalog. in attacks in the wild.

Ransomware 142

Ransomware VPN Hacking Education 142

Security Affairs

NOVEMBER 19, 2024

Evgenii Ptitsyn and others allegedly ran an international hacking scheme since November 2020, deploying Phobos ransomware to extort victims. Ptitsyn and his conspirators used a ransomware-as-a-service (RaaS) model to distribute their malware to a network of affiliates.

Cybercrime 117

Cybercrime Ransomware Healthcare Education 117

Security Affairs

NOVEMBER 1, 2024

The malware also grants attackers access to the device’s system, enabling them to retrieve user KeyChain data, device lists, and execute shell commands, potentially gaining full control over the device. The authors utilized the publicly available Safari exploit CVE-2020-9802 for initial access and CVE-2020-3837 for privilege escalation.

Spyware 143

Spyware Media Hacking Malware 143

Security Affairs

FEBRUARY 2, 2025

A joint law enforcement operation led to the seizure of 39 domains tied to a Pakistan-based HeartSender cybercrime group (aka Saim Raza and Manipulators Team) known for selling hacking and fraud tools. The HeartSender group has sold phishing tools to criminals since 2020, causing over $3 million in U.S.

Cybercrime 110

Cybercrime Advertising Phishing Hacking 110

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. Image: Proofpoint.

Accountability 350

Accountability Passwords Advertising Phishing 350

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware 331

Malware Software Technology Accountability 331

Security Affairs

APRIL 28, 2025

Threat actors use custom malware, rootkits, and cloud storage for espionage, credential theft, and data exfiltration, posing a high business risk with advanced evasion techniques. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,APT)

Telecommunications 120

Telecommunications Government Malware Hacking 120

Security Affairs

DECEMBER 23, 2024

NSO Group continued using WhatsApp exploits, including spyware called Erised, even after being sued for violating anti-hacking laws. 2 NSO continued to use and make Erised available to customers even after this litigation had been filed, until changes to WhatsApp blocked its access sometime after May 2020. continues the court filing.

Spyware 110

Spyware Surveillance Software Hacking 110

Krebs on Security

JUNE 30, 2020

The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. An ad for a site selling stolen payment card data, circa March 2020. But fraud experts say recent developments suggest both trends are about to change — and likely for the worse.

Retail 347

Retail Banking Hacking Cybercrime 347

Security Affairs

APRIL 30, 2025

Their campaigns involve multi-phase intrusions, initial access, privilege escalation, and data exfiltration, using modular malware, LOTL techniques, and evasive C2 infrastructure. The APT group uses RomCom malware in multi-stage attacks. Tools like WinRAR and Plink are deployed, with data exfiltrated from c:userspublicmusic.

Encryption 103

Encryption Ransomware Malware Phishing 103

Security Affairs

MARCH 8, 2025

In May 2020, NTT Communications (NTT Com) disclosed a data breach that impacted hundreds of customers. The company launched an investigation after discovering unauthorized access to some systems on May 7, 2020, and then this week, it confirmed that threat actors may have been stolen.

Data breaches 117

Data breaches Mobile Hacking Malware 117

Krebs on Security

APRIL 7, 2022

The DOJ said it did not seek to disinfect compromised devices; instead, it obtained court orders to remove the Cyclops Blink malware from its “command and control” servers — the hidden machines that allowed the attackers to orchestrate the activities of the botnet. billion euros in 2020 alone. energy facilities.

Marketing 309

Marketing Energy and Utilities Malware Ransomware 309

The Last Watchdog

APRIL 21, 2021

From January through March 2021, TLS concealed 45 percent of the malware Sophos analysts observed circulating on the Internet; that’s double the rate – 23 percent – seen in early 2020, Dan Schiappa, Sophos’ chief product officer, told me in a briefing. And then they may use off-the-shelf malware to carry out their attack.

Malware 214

Malware Firewall Encryption Data breaches 214

Krebs on Security

APRIL 18, 2022

” On April 13, Microsoft said it executed a legal sneak attack against Zloader , a remote access trojan and malware platform that multiple ransomware groups have used to deploy their malware inside victim networks. alone by October 2020.

Healthcare 348

Healthcare Ransomware Cybersecurity Malware 348

Security Affairs

FEBRUARY 2, 2024

The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. ” reads the alert published by CERT-UA.

Malware 137

Malware Internet Internet DDOS 137

Security Affairs

DECEMBER 4, 2021

Cuba ransomware has been active since at least January 2020. Cuba ransomware has been actively distributed through the Hancitor malware , a commodity malware that partnered with ransomware gangs to help them gain initial access to target networks. SecurityAffairs – hacking, ransomware). ” states the alert.

Ransomware 145

Ransomware Hacking Malware Encryption 145

Security Affairs

MARCH 28, 2025

The Trojan has been active since 2016, it initially targeted Brazil but expanded to Mexico, Portugal, and Spain since 2020. The malware uses a custom URI Client and unusual port numbers to communicate with the server. “The attack involves malicious ZIP files containing obfuscated VBS scripts that drop a Delphi-based EXE.

Banking 90

Banking Phishing Malware Passwords 90

Security Affairs

FEBRUARY 12, 2025

At the end of October 2020, the US-CERT published a report on Kimuskys recent activities that provided information on their TTPs and infrastructure. Recently, researchers from AhnLab Security Intelligence Center (ASEC) observed North Koreas Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware.

Phishing 90

Phishing Malware Security Intelligence Hacking 90

Security Affairs

DECEMBER 8, 2024

Pirated software is distributed via Russian online forums, attackers disguise the malware as a tool to bypass licensing for business automation software. The RedLine stealer is an info-stealing malware written in.NET that has been active since at least early 2020. ” concludes the report.

Software 82

Software Malware Accountability Encryption 82