Security Affairs

APRIL 17, 2022

Gov believes North Korea-linked Lazarus APT is behind Ronin Validator cyber heist The unceasing action of Anonymous against Russia Threat actors target the Ukrainian gov with IcedID malware Threat actors use Zimbra exploits to target organizations in Ukraine Conti Ransomware Gang claims responsibility for the Nordex hack ZingoStealer crimeware released (..)

Wireless 77

Wireless Data breaches Hacking Surveillance 77

Security Affairs

JULY 31, 2022

increased rewards for info on North Korea-linked threat actors to $10 million Threat actors leverages DLL-SideLoading to spread Qakbot malware Zero Day attacks target online stores using PrestaShop? and Blackmatter ransomware U.S. and Blackmatter ransomware U.S. and Blackmatter ransomware U.S.

Firmware 73

Firmware Surveillance Malware DDOS 73

Security Affairs

APRIL 2, 2022

The Beastmode botnet also includes exploits for the following issues: CVE-2021-45382 targets D-Link products (DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L and DIR-836L) CVE-2021-4045 targets TP-Link Tapo C200 IP camera. CVE-2016-5674 targets NUUO NVRmini2, NVRsolo, Crystal Devices, and NETGEAR ReadyNAS Surveillance products.

DDOS 87

DDOS Firmware Surveillance IoT 87

Security Affairs

JULY 24, 2022

ransom and sued its insurance firm for refusing to cover this payment Crooks stole $375k from Premint NFT, it is one of the biggest NFT hacks ever Google is going to remove App Permissions List from the Play Store Security Affairs newsletter Round 374 by Pierluigi Paganini APT groups target journalists and media organizations since 2021.

Spyware 92

Spyware Surveillance Insurance Malware 92

SecureList

NOVEMBER 17, 2021

Let’s start by looking at the predictions we made for 2021. Last year, we foresaw the APT and cybercrime worlds becoming more porous on an operational level. A very interesting campaign orchestrated by APT31 surfaced in 2021. One of the most iconic cyber-events of 2021 was the ransomware attack on Colonial Pipeline.

Mobile 139

Mobile Surveillance Ransomware Government 139

Security Affairs

APRIL 16, 2023

Remcos is a legitimate remote monitoring and surveillance software developed by the company BreakingSecurity. In 2021, CISA added Remcos to the list of top malware strains due to its use in mass phishing attacks using COVID-19 pandemic themes targeting businesses and individuals.

Accountability 91

Accountability Phishing Financial Services Surveillance 91

Security Affairs

MARCH 21, 2021

Hackers also posted images captured from the hacked surveillance video on Twitter with an #OperationPanopticon hashtag, published images show that they have gained root shell access to the surveillance cameras used by Telsa and Cloudflare. SecurityAffairs – hacking, cybercrime). ” concludes the DoJ. Pierluigi Paganini.

Identity Theft 74

Identity Theft Computers and Electronics Surveillance Hacking 74

Security Affairs

FEBRUARY 13, 2022

to replace Chinese equipment Hackers breached a server of National Games of China days before the event Russian Gamaredon APT is targeting Ukraine since October Israeli surveillance firm QuaDream emerges from the dark Argo CD flaw could allow stealing sensitive data from Kubernetes Apps. US seizes $3.6 US seizes $3.6

Spyware 74

Spyware Surveillance Ransomware Hacking 74

Security Affairs

AUGUST 29, 2021

EskyFun data leak, over 1 million Android gamers impacted Boffins show PIN bypass attack Mastercard and Maestro contactless payments Phorpiex botnet shuts down and authors put source code for sale Atlassian released security patches to fix a critical flaw in Confluence An RCE in Annke video surveillance product allows hacking the device ChaosDB, a (..)

Spyware 103

Spyware Data breaches Surveillance Hacking 103

Security Affairs

OCTOBER 12, 2021

Operators behind the FreakOut (aka Necro, N3Cr0m0rPh) Python botnet have added a PoC exploit for Visual Tools DVR, a professional digital video recorder used in surveillance video systems. The POC exploit code for this vulnerability is publicly available since July 2021. CVE-2021-2900 – Genexis PLATINUM 4410 2.1 P4410-V2-1.28

DDOS 96

DDOS Surveillance Hacking Internet 96

Security Affairs

JUNE 10, 2022

The attack impacted the municipal police, surveillance cameras and ZTL traffic control systems, the authorities confirmed that the problems can last for days. Municipal Administration announced that demographic services are guaranteed. ” reads a statement issued by the Municipal Administration.

Ransomware 109

Ransomware Data breaches Cyber Attacks Surveillance 109

SecureWorld News

NOVEMBER 23, 2021

The opening lines of the lawsuit say it all: "Defendants are notorious hackers—amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse.". November 23, 2021. Cybercrime mercenary group tracked around the world. link] — Ivan Krsti?

Spyware 70

Spyware Surveillance Engineering Software 70

SecureList

FEBRUARY 26, 2021

The Coalition Against Stalkerware warns that stalkerware “may facilitate intimate partner surveillance, harassment, abuse, stalking, and/or violence.” They still need physical access to the phone to jailbreak it, so iPhone users who fear surveillance should always keep an eye on their device.

Mobile 94

Mobile Surveillance Software Passwords 94

SecureList

APRIL 27, 2022

Disclaimer: when referring to APT groups as Russian-speaking, Chinese-speaking or other-“speaking” languages, we refer to various artefacts used by the groups (such as malware debugging strings, comments found in scripts, etc.) On February 23, ESET published a tweet announcing new wiper malware targeting Ukraine.

Malware 137

Malware Firmware Government Phishing 137

SecureList

APRIL 27, 2021

This is our latest installment, focusing on activities that we observed during Q1 2021. In our initial report on Sunburst , we examined the method used by the malware to communicate with its C2 (command-and-control) server and the protocol used to upgrade victims for further exploitation. The most remarkable findings.

Malware 143

Malware Spyware Government Social Engineering 143

eSecurity Planet

OCTOBER 21, 2022

Anyone who has used a computer for any significant length of time has probably at least heard of malware. Malware has been present in the digital space since the 1980s, with early prank malware like the Morris Worm or the (c)Brain. However, malware is not quite as amusing in a modern context. How Does Malware Work?

Malware 75

Malware Adware Spyware Antivirus 75

SecureList

NOVEMBER 29, 2021

The victim was infected by PowerShell malware and we discovered evidence that the actor had already stolen data from the victim and had been surveilling this victim for several months. Based on the findings from the compromised machine, we discovered additional malware. 2021-09-03 09:34:00. Modified time. Last saved user.

Surveillance 131

Surveillance Malware Phishing Encryption 131

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. Finally, the user mode malware reaches out to a hardcoded C&C URL (i.e. What happened? hxxp://mb.glbaitech[.]com/mboard.dll)

Firmware 145

Firmware Malware Encryption Passwords 145

eSecurity Planet

DECEMBER 19, 2023

Cybercrime will go to the next level: Cyberattackers will implement improved skills, “shift left” attacks, and shifting strategies to adjust to evolving cyberdefense. AI-Powered Cybercrime Despite the advancements in using AI to improve security, cybercriminals also have access to AI and LLMs.

Cybersecurity 140

Cybersecurity CISO Government Technology 140

SecureList

OCTOBER 26, 2021

This is our latest installment, focusing on activities that we observed during Q3 2021. Following this, they were tricked into downloading previously unknown malware. The backdoor, dubbed Tomiris, bears a number of similarities to the second-stage malware, Sunshuttle (aka GoldMax), used by DarkHalo last year.

Malware 144

Malware Government Surveillance Spyware 144

SecureList

OCTOBER 17, 2023

This strategic shift signals its intent to intensify its surveillance capabilities and expand its range of targets. The final payload was a loaded malware implant, the Remcos RAT – the fourth type of remote administration tool adopted by this threat actor within a few months of operation.

Government 118

Government Malware VPN Manufacturing 118

Security Affairs

FEBRUARY 20, 2022

Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Banking 86

Banking Spyware Surveillance Ransomware 86

Krebs on Security

MARCH 22, 2023

Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the software. Google said it believes the exploit chain for Samsung devices belonged to a “commercial surveillance vendor,” without elaborating further.

Malware 271

Malware eCommerce Mobile Media 271

SecureList

JULY 29, 2021

This is our latest installment, focusing on activities that we observed during Q2 2021. Moreover, we saw ShadowPad detections coincide with FourteenHi variant infections, possibly hinting at a shared operator between these two malware families. The most remarkable findings. It is capable of performing basic backdoor functions.

Malware 144

Malware Phishing Password Management Social Engineering 144

eSecurity Planet

OCTOBER 26, 2021

The Russian-based cybercrime group responsible for the high-profile attack on software maker SolarWinds last year is continuing to take aim at the global supply chain, according to a warning issued by Microsoft this week. See also: Best Third-Party Risk Management (TPRM) Tools of 2021. See also: Top Microsegmentation Tools for 2021.

Government 120

Government Cybercrime Accountability Software 120

SecureList

NOVEMBER 14, 2022

In another publication , Google also followed up on the activities of a similar vendor named Cytrox that had leveraged four 0-day vulnerabilities in a 2021 campaign. A recent leak has put it in the hands of cybercrime actors and it is very likely that by the end of the year we will see it involved in APT cases too.

Firmware 117

Firmware Surveillance Mobile Telecommunications 117

SecureList

NOVEMBER 14, 2023

The malware posed as ransomware, demanding money from the victims for “decrypting” their data. The threat actor used news about the Russo-Ukrainian conflict to trick targets into opening harmful emails that exploited the vulnerabilities (CVE-2020-35730, CVE-2020-12641 and CVE-2021-44026).

Hacking 119

Hacking Energy and Utilities Media Malware 119