2020, Hacking, Malware and Passwords - Cyber Security Informer

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking

Hacking Social Engineering Phishing Scams

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

Security Affairs

FEBRUARY 17, 2024

CISA warns that the Akira Ransomware gang is exploiting the Cisco ASA/FTD vulnerability CVE-2020-3259 (CVSS score: 7.5) Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco ASA and FTD bug, tracked as CVE-2020-3259 (CVSS score: 7.5), to its Known Exploited Vulnerabilities catalog. in attacks in the wild.

Ransomware

Ransomware VPN Education Hacking

PurpleFox malware infected at least 2,000 computers in Ukraine

Security Affairs

FEBRUARY 2, 2024

The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. ” reads the alert published by CERT-UA.

Malware

Malware Internet Internet DDOS

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware

Malware Cybercrime Software Antivirus

New Russia Malware targets firewall appliances

CyberSecurity Insiders

FEBRUARY 23, 2022

A new malware developed by Sandworm hacking group has targeted appliances that are fire walled and reports are in that the military intelligence of the Russian Federation developed the malicious software. Now some statistic facts about malware. In the first half of 2020 alone, SonicWall registered over 3.2

Firewall

Firewall Malware IoT Software

More than 26m user passwords stolen from Amazon, Apple, and Facebook

CyberSecurity Insiders

JUNE 10, 2021

A hacking malware distributed onto 3.25 According to research carried out by a Cybersecurity firm named NordLocker, a hacking group devised malware and distributed it onto millions of PCs in 2018. And then started to use that malware to harvest millions of user credentials that accounted for a 1.2

Passwords

Passwords Malware Banking Hacking

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Initially a stealthy trojan horse program delivered via email and used to steal passwords, Trickbot evolved into “a highly modular malware suite that provides the Trickbot Group with the ability to conduct a variety of illegal cyber activities, including ransomware attacks,” the Treasury Department said. Image: Microsoft.

Hacking

Hacking Cybercrime Ransomware Government

Hundreds of millions of Android users exposed to hack due to CVE-2020-8913

Security Affairs

DECEMBER 4, 2020

Hundreds of millions of Android users are potentially exposed to the risk of hack due to the use of Android Play Core Library versions vulnerable to CVE-2020-8913. The CVE-2020-8913 flaw is a local, arbitrary code execution vulnerability that resides exists in the SplitCompat.install endpoint in Android’s Play Core Library.

Hacking

Hacking Risk Mobile Banking

CISA analyzed stealthy malware found on compromised Pulse Secure devices

Security Affairs

JULY 22, 2021

CISA released an alert today about several stealth malware samples that were found on compromised Pulse Secure devices. Cybersecurity and Infrastructure Security Agency (CISA) published a security alert related to the discovery of 13 malware samples on compromised Pulse Secure devices, many of which were undetected by antivirus products.

Malware

Malware Antivirus Passwords Firewall

A TrickBot malware developer sentenced to 64 months in prison

Security Affairs

JANUARY 26, 2024

The Russian national malware developer Vladimir Dunaev was sentenced to more than 5 years in prison for his role in the TrickBot operation. The Russian national Vladimir Dunaev (40) has been sentenced in the US to 64 months in prison for his role in the development and distribution of the TrickBot malware. in October 2021.

Malware

Malware Identity Theft Banking Ransomware

Recently disclosed CVE-2020-4006 VMware zero-day was reported by NSA

Security Affairs

DECEMBER 4, 2020

VMware addressed CVE-2020-4006 zero-day flaw in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. VMware has finally released security updates to fix the CVE-2020-4006 zero-day flaw in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector.

Passwords

Passwords Accountability Malware Hacking

Free Download Manager backdoored to serve Linux malware for more than 3 years

Security Affairs

SEPTEMBER 14, 2023

Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than three years. Researchers from Kaspersky discovered a free download manager site that has been compromised to serve Linux malware. org domain and they were not containing any malware. org subdomain. .”

Malware

Malware Software Cryptocurrency Passwords

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account.

Firmware

Firmware Passwords Accountability VPN

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their credentials have been stolen. The malicious code can also act as a first-stage malware.

Accountability

Accountability Malware Data breaches Passwords

Password Attacks 101

Security Boulevard

JUNE 11, 2021

According to the 2020 Data Breaches report by Verizon, 25% of all breaches involved the use of stolen credentials. Why are password attacks like brute forcing so effective? Let’s take a look at three kinds of password attacks that present a real threat to sites and businesses of all sizes. And how exactly do they work?

Passwords

Passwords Small Business Data breaches Accountability

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

Security Affairs

SEPTEMBER 23, 2020

Samba team has released a security patch to address the Zerologon (CVE-2020-1472) issue in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC). The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. SecurityAffairs – hacking, ZeroLogon). Pierluigi Paganini.

Authentication

Authentication Advertising Architecture Passwords

New TroubleGrabber malware targets Discord users

Security Affairs

NOVEMBER 13, 2020

The malware the same functionalities used by other malware that target Discord gamers, like AnarchyGrabber , but it appears to be the work of different threat actors. This malware is distributed via drive-by download, it is able to steal web browser tokens, Discord webhook tokens, web browser passwords, and system information.

Malware

Malware Passwords Hacking Accountability

Which is the Threat landscape for the ICS sector in 2020?

Security Affairs

MARCH 22, 2021

The Kaspersky ICS CERT published a report that provided details about the threat landscape for computers in the ICS engineering and integration sector in 2020. Kaspersky ICS CERT published a report that provided details about the threat landscape for ICS engineering and integration sector in 2020. In H2 2020, 39.3%

Engineering

Engineering VPN Accountability Software

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Security Affairs

DECEMBER 29, 2021

China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. The archive contains a weaponized Microsoft Excel file (.XLSM),

Malware

Malware Phishing Passwords Media

TeamViewer flaw can allow hackers to steal System password

Security Affairs

AUGUST 11, 2020

A severe vulnerability impacting TeamViewer for Windows, tracked as CVE 2020-13699, could be exploited by remote attackers to steal the system password. TeamViewer has recently addressed a high-risk vulnerability ( CVE 2020-13699 ), that could be exploited by remote attackers to steal system password and potentially compromise it.

Passwords

Passwords Authentication Advertising Software

Analysis of the 2020 Verizon Data Breach Report

Daniel Miessler

MAY 19, 2020

TOPIC: In this episode, Daniel takes a look at the 2020 Verizon Data Breach Investigations Report. 45% of breaches involved Hacking. Hacking, social, and malware have fallen the most. Errors are now as common as social attacks, and more common than malware attacks. Hacking types and vectors. Key numbers.

Data breaches

Data breaches Phishing Malware Hacking

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

Cuba ransomware has been active since at least January 2020. Cuba ransomware has been actively distributed through the Hancitor malware , a commodity malware that partnered with ransomware gangs to help them gain initial access to target networks. SecurityAffairs – hacking, ransomware). ” states the alert.

Ransomware

Ransomware Hacking Malware Encryption

Ezuri memory loader used in Linux and Windows malware

Security Affairs

JANUARY 8, 2021

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. ” concludes the report.

Malware

Malware Encryption Antivirus Passwords

Grandoreiro Malware implements new features in Q2 2020

Security Affairs

MAY 27, 2020

The updated Grandoreiro Malware equipped with latenbot-C2 features in Q2 2020 now extended to Portuguese banks. During April and May 2020, a new Grandoreiro variant was identified. This piece of malware includes improvements in the way it is operating. Figure 1: Grandoreiro email template Q2 2020 (Portugal).

Malware

Malware Banking Advertising Data collection

HP Device Manager flaws expose Windows systems to hack

Security Affairs

OCTOBER 4, 2020

HP released a security advisory that includes details for three critical and high severity vulnerabilities, tracked as CVE-2020-6925, CVE-2020-6926, and CVE-2020-6927, that impact the HP Device Manager. Base Score CVE-2020-6925 Weak Cipher All versions of HP Device Manager 7.0

Hacking

Hacking Accountability Passwords InfoSec

U.S. and Australian police arrested Firebird RAT author and operator

Security Affairs

APRIL 14, 2024

Australian Federal Police reported that an Australian man and a man based in the US will appear in court, following the international investigation that began in 2020. The Australian man developed and sold Firebird to customers on a dedicated hacking forum. The Australian man faces twelve counts of computer offenses.

Computers and Electronics

Computers and Electronics Advertising Cryptocurrency Malware

SFO discloses data breach following the hack of 2 of its websites

Security Affairs

APRIL 11, 2020

San Francisco International Airport (SFO) disclosed a data breach, its websites SFOConnect.com and SFOConstruction.com were hacked last month. The attackers may have gained access to some users’ login credentials after deploying malware on both websites. SecurityAffairs – hacking, data breach). Pierluigi Paganini.

Data breaches

Data breaches Hacking Telecommunications Passwords

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. Image: Proofpoint.

Accountability

Accountability Passwords Advertising Phishing

Lemon_Duck cryptomining malware evolves to target Linux devices

Security Affairs

AUGUST 28, 2020

A new variant of the infamous Lemon_Duck cryptomining malware has been updated to targets Linux devices. Security researchers from Sophos have spotted a new variant of the Lemon_Duck cryptomining malware that has been updated to compromise Linux machines via SSH brute force attacks. SecurityAffairs – hacking, Lemon_Duck).

Malware

Malware Authentication Passwords Internet

Threat actors found a way to bypass mitigation F5 BIG-IP CVE-2020-5902 flaw

Security Affairs

JULY 8, 2020

Early June, researchers at F5 Networks have addressed a critical remote code execution (RCE) vulnerability, tracked as CVE-2020-5902, that resides in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP product. The CVE-2020-5902 vulnerability received a CVSS score of 10, this means that is quite easy to exploit.

Advertising

Advertising InfoSec Government Healthcare

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries. For example, in 2019 McAfee found that for targets in Japan, the 16Shop kit would also collect Web ID and Card Password, while US victims will be asked for their Social Security Number. Image: Akamai. Image: ZeroFox.

Phishing

Phishing Passwords Internet Internet

Asian media firm E27 hacked, attackers asked for a “donation”

Security Affairs

JUNE 28, 2020

Asian media firm E27 has been hacked by a hacking group identifying themselves as “Korean Hackers” and “Team Johnwick”that asked for a “donation” to provide information on the vulnerabilities they have exploited in the attack. . SecurityAffairs – hacking, E27). Pierluigi Paganini.

Media

Media Hacking Passwords Data breaches

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

Security Affairs

FEBRUARY 21, 2024

Upon opening the reports, the infection process starts leading to the deployment of malware on the victim’s system. In the recent campaign, threat actors used a customized PlugX malware that includes a completed backdoor command module, the researchers named it DOPLUGS. ” reads the report published by Trend Micro.

Malware

Malware Phishing Government Passwords

Kinsing malware targets Kubernetes environments via misconfigured PostgreSQL

Security Affairs

JANUARY 9, 2023

The crypto-miner Kinsing was first spotted by security firm Aqua Security in April 2020, at the time the experts spotted threat actors scanning the Internet for Docker servers running API ports exposed without a password. The Kinsing malware abuses the resources of the Docker installations to mine cryptocurrency.

Malware

Malware Authentication Cryptocurrency Internet

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In some cases, this allows the intruders to profit even if their malware somehow fails to do its job.

Hacking

Hacking Ransomware Banking Accountability

Top 10 Malware Strains of 2021

SecureWorld News

AUGUST 8, 2022

Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) released a joint Cybersecurity Advisory (CSA) providing details on the top malware strains of 2021. The top malware strains in 2021 included remote access Trojans (RATs), banking Trojans, information stealers, and ransomware.

Malware

Malware Banking Penetration Testing Healthcare

Oracle issues emergency patch for CVE-2020-14750 WebLogic Server flaw

Security Affairs

NOVEMBER 2, 2020

Oracle issued an out-of-band security update to address a critical remote code execution issue (CVE-2020-14750) impacting multiple Oracle WebLogic Server versions. The advisory states that this vulnerability is related to the CVE-2020-14882 flaw that was addressed in the October 2020 Critical Patch Update. . 12.2.1.4.0,

Advertising

Advertising Authentication Passwords Hacking

Alleged Activision hack, 500,000 Call Of Duty players impacted

Security Affairs

SEPTEMBER 21, 2020

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. “All Call of Duty players should be on notice after a major Activision hack has left millions of accounts in limbo.” Change your Activision account passwords and add 2FA immediately.

Hacking

Hacking Data breaches Accountability Passwords

Hotarus Corp gang hacked Ecuador’s Ministry of Finance and Banco Pichincha

Security Affairs

FEBRUARY 27, 2021

‘Hotarus Corp’ Ransomware operators hacked Ecuador’s largest private bank, Banco Pichincha, and the country’s Ministry of Finance. ?A We remind our clients that we never request sensitive data such as: users, passwords, card or account data, via telephone, email, social networks or text messages.”

Hacking

Hacking Banking Ransomware Passwords

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. It uses a list of hardcoded username/password combinations to login into devices in the attempt to access systems using weak or default credentials. RCE CVE-2020-5902 F5 BigIP RCE No CVE (vulnerability published on 2019) ThinkPHP 5.X ” concludes the report.

Malware

Malware DDOS IoT Cybercrime

Spotify reset user passwords after accidentally personal information exposure

Security Affairs

DECEMBER 11, 2020

The streaming service added that exposed data included Spotify account registration information such as user display name and password, email address, date of birth, and gender. SecurityAffairs – hacking, data leak). We apologize for any inconvenience this may cause” continues the notice. Pierluigi Paganini.

Passwords

Passwords Accountability Hacking Data breaches

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware

Malware Software Technology Accountability

US CISA warns of attacks exploiting CVE-2020-5902 flaw in F5 BIG-IP

Security Affairs

JULY 25, 2020

CISA is warning of the active exploitation of the unauthenticated remote code execution CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. “This Alert also provides additional detection measures and mitigations for victim organizations to help recover from attacks resulting from CVE-2020-5902.

Advertising

Advertising Government Healthcare Education

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. Threat actors used custom malware to steal data from 3.2 million Windows systems between 2018 and 2020. The malware stole nearly 26 million login credentials holding 1.1

Malware

Malware Computers and Electronics Software Financial Services

When Low-Tech Hacks Cause High-Impact Breaches

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

Trending Sources

PurpleFox malware infected at least 2,000 computers in Ukraine

Ask Fitis, the Bear: Real Crooks Sign Their Malware

New Russia Malware targets firewall appliances

More than 26m user passwords stolen from Amazon, Apple, and Facebook

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Hundreds of millions of Android users exposed to hack due to CVE-2020-8913

CISA analyzed stealthy malware found on compromised Pulse Secure devices

A TrickBot malware developer sentenced to 64 months in prison

Recently disclosed CVE-2020-4006 VMware zero-day was reported by NSA

Free Download Manager backdoored to serve Linux malware for more than 3 years

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Password Attacks 101

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

New TroubleGrabber malware targets Discord users

Which is the Threat landscape for the ICS sector in 2020?

China-linked BlackTech APT uses new Flagpro malware in recent attacks

TeamViewer flaw can allow hackers to steal System password

Analysis of the 2020 Verizon Data Breach Report

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Ezuri memory loader used in Linux and Windows malware

Grandoreiro Malware implements new features in Q2 2020

HP Device Manager flaws expose Windows systems to hack

U.S. and Australian police arrested Firebird RAT author and operator

SFO discloses data breach following the hack of 2 of its websites

Malicious Office 365 Apps Are the Ultimate Insiders

Lemon_Duck cryptomining malware evolves to target Linux devices

Threat actors found a way to bypass mitigation F5 BIG-IP CVE-2020-5902 flaw

Karma Catches Up to Global Phishing Service 16Shop

Asian media firm E27 hacked, attackers asked for a “donation”

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

Kinsing malware targets Kubernetes environments via misconfigured PostgreSQL

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Top 10 Malware Strains of 2021

Oracle issues emergency patch for CVE-2020-14750 WebLogic Server flaw

Alleged Activision hack, 500,000 Call Of Duty players impacted

Hotarus Corp gang hacked Ecuador’s Ministry of Finance and Banco Pichincha

EnemyBot malware adds new exploits to target CMS servers and Android devices

Spotify reset user passwords after accidentally personal information exposure

3CX Breach Was a Double Supply Chain Compromise

US CISA warns of attacks exploiting CVE-2020-5902 flaw in F5 BIG-IP

Mysterious custom malware used to steal 1.2TB of data from million PCs

Stay Connected