Security Affairs

NOVEMBER 8, 2023

Bluewater Health hospital confirmed that threat actors stole a database containing information on 5.6 Chatham-Kent Health Alliance reported that threat actors had access to data belonging to 1446 employees who worked in the hospital as of February 2021. The threat actors obtained the VPN credentials through phishing attacks.

Ransomware 112

Ransomware Healthcare VPN Insurance 112

Security Affairs

DECEMBER 14, 2023

anti-cybercrime (Ofac).” The authorities reported that from June 2021 through at least November 2022, threat actors targeted a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH).

Ransomware 112

Ransomware Cryptocurrency Cybercrime VPN 112

Security Affairs

JANUARY 21, 2024

Admin of the BreachForums hacking forum sentenced to 20 years supervised release Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails VF Corp December data breach impacts 35 million customers China-linked APT UNC3886 exploits VMware zero-day since 2021 Ransomware attacks break records in 2023: the number of victims rose by 128% U.S.

Artificial Intelligence 96

Artificial Intelligence VPN Hacking Firewall 96

Security Affairs

JANUARY 12, 2022

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. 2021-11-26 04:34:54 2021-11-26 10:05:15 149.154.167.91 154.167.91

Malware 131

Malware Manufacturing Cryptocurrency Cybercrime 131

Security Affairs

SEPTEMBER 8, 2021

The ransomware group has been active since August 2021 and implement a double extortion model like other gangs. SongBird also created a post on the RAMP forum that includes a link to a file containing the Fortinet VPN accounts. 2,959 out of 22,500 victims are US entities.

VPN 91

VPN Ransomware Hacking Accountability 91

Security Affairs

AUGUST 26, 2021

Threat actors are targeting Pulse Connect Secure VPN devices exploiting multiple flaws, including CVE-2021-22893 and CVE-2021-22937. CVE-2021-22893 is a buffer overflow issue in Pulse Connect Secure Collaboration Suite prior b9.1R11.4 The flaw received a CVSS score of 9.1,

Malware 129

Malware VPN Authentication Hacking 129

Security Affairs

MAY 9, 2021

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager UNC2529, a new sophisticated cybercrime gang that targets U.S.

Data breaches 87

Data breaches DDOS VPN Hacking 87

Security Affairs

JANUARY 14, 2022

The gang was also providing VPN-like services used by other cybercriminal organizations to carry out malicious activities used to deliver malware to the target organization. Source SSU. The law enforcement arrested the leader of the group, a 36-year-old man that lives in Kyiv, along with his wife and three other acquaintances.

Ransomware 112

Ransomware DDOS Telecommunications Malware 112

Security Affairs

JULY 18, 2021

Read more at [link] #Cybersecurity #InfoSec #Ransomware — US-CERT (@USCERT_gov) July 15, 2021. Other groups targeted known vulnerabilities in SonicWall devices in the past, such as the UNC2447 cybercrime gang that exploited the CVE-2021-20016 zero-day bug in SonicWall SMA 100 Series VPN appliances to deliver the FiveHands ransomware.

Ransomware 115

Ransomware Firmware Mobile InfoSec 115

Security Affairs

AUGUST 8, 2021

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN RansomEXX ransomware leaks files stolen from Italian luxury brand Zegna VMware addresses critical flaws in its products CVE-2021-20090 actively exploited to target millions of IoT devices worldwide RansomEXX ransomware hit computer manufacturer and distributor GIGABYTE.

VPN 98

VPN Ransomware Manufacturing IoT 98

Security Affairs

JULY 9, 2021

Bloomberg was informed about the payment by two people familiar with the attack. The systems at the company were infected with the Phoenix Locker, a variant of ransomware tracked as Hades that was part of the arsenal of the cybercrime group known as Evil Corp.

Data breaches 141

Data breaches Insurance Ransomware Identity Theft 141

Security Affairs

JULY 6, 2022

.” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. The Hive ransomware operation has been active since June 2021, it provides Ransomware-as-a-Service Hive and adopts a double-extortion model threatening to publish data stolen from the victims on their leak site (HiveLeaks).

Encryption 115

Encryption Ransomware Cybercrime Malware 115

Krebs on Security

MAY 22, 2023

This email address is also connected to accounts on several Russian cybercrime forums, including “ __edman__ ,” who had a history of selling “logs” — large amounts of data stolen from many bot-infected computers — as well as giving away access to hacked Internet of Things (IoT) devices.

Scams 243

Scams DDOS Cryptocurrency Accountability 243

Security Affairs

JULY 14, 2023

The malware was spotted the first time in May 2021, but has been operating under the radar for more than two years. “Based on information associated with their x.509 509 certificates, we assess that some of these second stage C2s have been active since at least October 2021. ” continues the report.

Malware 81

Malware Advertising Cybercrime Passwords 81

Security Affairs

APRIL 19, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Energy and Utilities 97

Energy and Utilities Telecommunications Technology VPN 97

Security Affairs

DECEMBER 31, 2021

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. Internationally sourced data, exfiltrated in Sept and Aug 2021.

Accountability 132

Accountability Malware Data breaches Passwords 132

Security Affairs

MAY 17, 2022

The Facestealer spyware was first spotted on July 2021 by Dr. Web researchers, the development team behind the threat has frequently changed its code. Most of the malicious apps were VPN software (42), followed by Camera (20), and Photo Editing (13). The apps deceive users into subscribing to paid services or clicking on ads.

Spyware 89

Spyware Cryptocurrency VPN Malware 89

Security Affairs

JULY 31, 2022

The DawDropper apps are masqueraded as productivity and utility apps such as document scanners, VPN services, QR code readers, and call recorders. “In the latter part of 2021, we found a malicious campaign that uses a new dropper variant that we have dubbed as DawDropper. ” reads the report published by Trend Micro.

Banking 116

Banking Malware VPN Hacking 116

Security Affairs

JANUARY 26, 2023

The authorities reported that from June 2021 through at least November 2022, threat actors targeted a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH).

Ransomware 91

Ransomware VPN Manufacturing Healthcare 91

Security Affairs

JUNE 20, 2021

Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here.

Data breaches 99

Data breaches DDOS Small Business Ransomware 99

Security Affairs

AUGUST 29, 2023

Citrix reported that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. Then threat actors sent data as an image file to a web-accessible path: cp /var/tmp/test.tar.gz /netscaler/ns_gui/vpn/medialogininit.png. php) on victim machines.

VPN 102

VPN Ransomware DNS Malware 102

Security Affairs

AUGUST 10, 2022

Free-net-vpn and Free-net-vpn2 are malicious packages developed to target environment variables. Free-net-vpn and Free-net-vpn2 are malicious packages that target environment variables. Pyg-utils , Pymocks and PyProto2 are malicious packages to that allows attackers to steal users’ AWS credentials.

VPN 93

VPN Passwords Cyber threats Software 93

Security Affairs

DECEMBER 22, 2022

The Go-based botnet spreads by exploiting two dozen security vulnerabilities in the internet of things (IoT) devices and other applications. Use least privileges access: Use a secure virtual private network (VPN) service for remote access and restrict remote access to the device. “Since the release of Zerobot 1.1,

IoT 115

IoT DDOS Malware Firmware 115

Security Affairs

DECEMBER 3, 2022

Google fixed the ninth actively exploited Chrome zeroday this year A new Linux flaw can be chained with other two bugs to gain full root privileges Attack of drones: airborne cybersecurity nightmare Cuba Ransomware received over $60M in Ransom payments as of August 2022 Android Keyboard Apps with 2 Million downloads can remotely hack your device New (..)

Spyware 92

Spyware Data breaches VPN Hacking 92

Security Affairs

DECEMBER 18, 2022

years in jail for spying on behalf of Saudi Arabia Social Blade discloses security breach Data of 5.7M Samba addressed multiple high-severity vulnerabilities Former Twitter employee sentenced to 3.5

Data breaches 92

Data breaches Hacking DDOS VPN 92

Security Affairs

OCTOBER 25, 2022

Stolen data include contracts, financial and business documents, engineering projects, and employees’ personally identifiable information (PII), including Aadhar card numbers. According to a report published by blockchain analytics company Chainalysis, the Hive ransomware is one of the top 10 ransomware strains by revenue in 2021.

Ransomware 87

Ransomware Data breaches Cyber Attacks Engineering 87

Security Affairs

OCTOBER 3, 2021

Threat actors exploit a flaw in Coinbase 2FA to steal user funds Flubot Android banking Trojan spreads via fake security updates Th Tim’s RED Team Research reports 3 new CVEs, two of which in 4G/5G Baby died at Alabama Springhill Medical Center due to cyber attack Hydra Android trojan campaign targets customers of European banks Neiman Marcus discloses (..)

Banking 52

Banking Data breaches Malware VPN 52

Security Affairs

FEBRUARY 21, 2022

The Hive ransomware operation has been active since June 2021, it provides Ransomware-as-a-Service Hive and adopts a double-extortion model threatening to publish data stolen from the victims on their leak site (HiveLeaks). “Hive ransomware uses a hybrid encryption scheme, but uses its own symmetric cipher to encrypt files.

Encryption 87

Encryption Ransomware VPN Malware 87

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.

Ransomware 97

Ransomware DDOS Passwords Backups 97

Security Affairs

FEBRUARY 17, 2022

Kraken is a new Golang-based botnet discovered in late October 2021 by researchers from threat intelligence firm ZeroFox Intelligence. Experts spotted multiple versions of the administration panel or dashboard since October 2021. Kraken’s authors are constantly updating their code by implementing new features.

VPN 92

VPN Cryptocurrency Hacking Cybercrime 92

Security Affairs

JULY 31, 2023

The AVRecon botnet relies on compromised small office/home office (SOHO) routers since at least May 2021. Based on information associated with their x.509 509 certificates, we assess that some of these second stage C2s have been active since at least October 2021. continues the report. “We

Malware 90

Malware Small Business Advertising Passwords 90

Security Affairs

NOVEMBER 14, 2021

Hundreds of thousands of fake warnings of cyberattacks sent from a hacked FBI email server GravityRAT returns disguised as an end-to-end encrypted chat app Intel and AMD address high severity vulnerabilities in products and drivers New evolving Abcbot DDoS botnet targets Linux systems Retail giant Costco discloses data breach, payment card data exposed (..)

Spyware 53

Spyware Data breaches Ransomware Retail 53

Security Affairs

DECEMBER 16, 2021

The malware had attacked at least 35,000 systems in 195 countries between January and November 2021 which is uncommon for targeted attacks carried out by nation-state actors. The experts revealed that at least 7.2% Experts also observed the spyware distributed via the Glupteba botnet.

Spyware 108

Spyware Energy and Utilities Malware Engineering 108

Security Affairs

JANUARY 23, 2022

from the Lympo NTF platform.

VPN 78

VPN Ransomware Spyware DDOS 78

Security Affairs

MARCH 10, 2022

The variant employed in the attack against the IT Army is able to steal a broad range of data, including web browser data, VPN tools, Discord, Steam, and cryptocurrency wallets. Talos experts believe this is an opportunistic campaign, the same IP address is has been distributing Phoenix since November 2021. 35) on port 6666.

DDOS 84

DDOS Digital transformation Malware Advertising 84

Security Affairs

NOVEMBER 29, 2020

A cyberattack crippled the IT infrastructure of the City of Saint John Hundreds of female sports stars and celebrities have their naked photos and videos leaked online Romanians arrested for running underground malware services Threat actor shared a list of 49,577 IPs vulnerable Fortinet VPNs Computer Security and Data Privacy, the perfect alliance (..)

Data breaches 85

Data breaches Social Engineering Ransomware Malware 85

Security Affairs

JANUARY 21, 2022

of all spyware samples blocked on ICS computers worldwide in H1 2021 were part of this new limited-scope short-lifetime attack series and, depending on the region, up to one-sixth of all computers attacked with spyware were hit using this tactic.” ” reads the analysis published by Kaspersky.

Spyware 86

Spyware Accountability Social Engineering Phishing 86