Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines. The malware changes the extension of the encrypted files to ‘.royal’.

Encryption 96

Encryption Ransomware Malware Healthcare 96

Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. The researchers noticed that the encryption algorithm implemented in the ELF executable is flawed and can allow victims to decrypt locked files without paying a ransom. ” continues the report.

Encryption 86

Encryption Ransomware Cybercrime Engineering 86

eSecurity Planet

OCTOBER 4, 2021

percent of all malware detected on networks of WatchGuard Technologies customers in the second quarter came over encrypted connections, raising the security risk for the 80 percent of such organizations that lack processes for decrypting and scanning HTTPS traffic for threats. Malware in Encrypted Traffic. A surprising 91.5

Encryption 145

Encryption Malware Ransomware Firewall 145

Security Affairs

OCTOBER 29, 2021

The Hive ransomware operators have developed a new variant of their malware that can encrypt Linux and FreeBSD. ESET researchers discovered a new Hive ransomware variant that was specifically developed to encrypt Linux and FreeBSD. 1/6 pic.twitter.com/dBw0E5pj6r — ESET research (@ESETresearch) October 29, 2021.

Encryption 104

Encryption Ransomware Spyware Malware 104

Security Affairs

AUGUST 31, 2021

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. Sophos researchers discovered that the group is now leveraging a new technique called “intermittent encryption” to speed up the encryption process.

Encryption 104

Encryption Ransomware Financial Services Antivirus 104

Security Affairs

AUGUST 15, 2022

The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers report. The malware has been active since 2021 and evolves over time. The malware encrypts the files inside the infected devices using an AES algorithm and renaming them with the extension “.enc”.

Encryption 98

Encryption Malware Banking Ransomware 98

Security Affairs

SEPTEMBER 19, 2022

In January 2021, the cybercrime gang launched a new campaign targeting Kubernetes environments with the Hildegard malware. The discovery of the recent attacks is important because on November 6th, 2021, TeamTNT communicated via Twitter a farewell note. The new attacks suggest the hacking group is back in action.

Encryption 94

Encryption Cybercrime Hacking Malware 94

Security Affairs

JANUARY 3, 2022

Which are the cyber attacks of 2021 that had the major impact on organizations worldwide in terms of financial losses and disruption of the operations? Colonial Pipeline ( May 2021 ) – The Colonial Pipeline facility in Pelham, Alabama, was hit by a cybersecurity attack in May and its operators were forced to shut down its systems.

Cyber Attacks 108

Cyber Attacks Ransomware Insurance Hacking 108

Security Affairs

FEBRUARY 1, 2021

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. pic.twitter.com/GYJOddEPxl — Filippo Valsorda (@FiloSottile) January 29, 2021. pic.twitter.com/LYC9PsURqn — Filippo Valsorda (@FiloSottile) January 29, 2021.

Encryption 134

Encryption Engineering Hacking Software 134

Security Affairs

AUGUST 24, 2021

The OpenSSL Project patched a high-severity vulnerability, tracked as CVE-2021-3711 , that can allow an attacker to change an application’s behavior or cause the app to crash. The vulnerability ties the decryption of SM2 encrypted data, the changes depend on the targeted application and data it maintains (i.e. and 1.0.2za.

Encryption 112

Encryption Hacking Information Security 112

Security Affairs

OCTOBER 15, 2020

The Video conferencing platform Zoom announced the implementation of end-to-end encryption (E2EE) and its availability starting next week. The popular Video conferencing platform Zoom announced the availability of the end-to-end encryption (E2EE) starting next week. SecurityAffairs – hacking, Zoom). Pierluigi Paganini.

Encryption 101

Encryption Advertising Accountability Hacking 101

CyberSecurity Insiders

OCTOBER 19, 2021

The gang’s payment portal and data leak blog have been hacked by some other group throwing the developers into jeopardy. Note 1- BitDefender, a Rome based Cybersecurity firm, shared a universal decryptor that helps to decrypt the encryption algorithm of REvil.

Hacking 104

Hacking Ransomware Cyber Attacks Encryption 104

SecureList

JUNE 8, 2022

Routers are forever being hacked and infected, and used to infiltrate local networks. During 2020 and 2021, more than 500 router vulnerabilities were found. The nvd.nist.gov website presents different figures, but they too show a significant increase in the number of router vulnerabilities found in 2020 and 2021. Verdict. %*.

DDOS 101

DDOS Passwords IoT Firmware 101

CyberSecurity Insiders

APRIL 23, 2021

Later, the Satya Nadella led company issued a statement that it could be the work of a Chinese Hacking group named Hafinium. Channel Nine 9 cyber attack- Australian Television Network dubbed Channel Nine was targeted by a cyber attack on March 28th,2021 halting several news bulletins and morning shows for the day.

Cyber Attacks 145

Cyber Attacks Insurance Cyber Insurance Ransomware 145

Security Affairs

JUNE 4, 2021

Threat actors are actively scanning the Internet for VMware vCenter servers affected by a critical remote code execution (RCE) vulnerability tracked as CVE-2021-21985. The CVE-2021-21985 flaw is caused by the lack of input validation in the Virtual SAN ( vSAN ) Health Check plug-in, which is enabled by default in the vCenter Server.

Internet 132

Internet Internet Ransomware Encryption 132

Security Affairs

JANUARY 8, 2024

“According to this and other leaked documents, the Department of Defence purchased technology for the Air Force’s encrypted communications. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Swiss Air Force) ” reported the SwissInfo website.

Hacking 108

Hacking Data breaches Ransomware Manufacturing 108

Security Affairs

DECEMBER 4, 2021

“The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors.” SecurityAffairs – hacking, ransomware).

Ransomware 136

Ransomware Hacking Malware Encryption 136

Security Affairs

JANUARY 11, 2022

The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems. The ransomware gang started its operations on December 27, 2021, and has already hacked the corporate networks of two organizations from Bangladesh and Japan respectively.

Ransomware 97

Ransomware Hacking Internet Internet 97

Security Affairs

JULY 20, 2021

Experts warn of a 16-year-old vulnerability (CVE-2021-3438) in an HP, Xerox, and Samsung printers driver that an attacker could exploit to gain admin rights on systems. The vulnerability, tracked as CVE-2021-3438 , is a buffer overflow that resides in the SSPORT.SYS driver which is used by some printer models. Pierluigi Paganini.

Encryption 115

Encryption Accountability Software Hacking 115

The Last Watchdog

JANUARY 25, 2021

Thanks to a couple of milestone hacks disclosed at the close of 2020 and start of 2021, they will forever be associated with putting supply-chain vulnerabilities on the map. Similarly, the SolarWinds and Mimecast hacks are precursors of increasingly clever and deeply-damaging hacks of the global supply chain sure to come.

Hacking 228

Hacking B2B Authentication Software 228

Security Affairs

JULY 26, 2023

Experts warn of a severe privilege escalation, tracked as CVE-2023-30799 , in MikroTik RouterOS that can be exploited to hack vulnerable devices. The Mikrotik RouterOS operating system does not support brute force protection and the default “admin” user password was an empty string until October 2021.

Hacking 94

Hacking Passwords Authentication Encryption 94

Security Affairs

MAY 12, 2021

Microsoft Patch Tuesday for May 2021 security updates addressed 55 vulnerabilities, four are rated as Critical. CVE-2021-28476 – Hyper-V Remote Code Execution Vulnerability The flaw could allow a guest VM to force the Hyper-V host’s kernel to read from an arbitrary, potentially invalid address. Pierluigi Paganini.

Wireless 97

Wireless Encryption Internet Internet 97

Security Affairs

JUNE 6, 2024

TargetCompany has been active since June 2021 , once encrypted a file it adds.mallox,exploit,architek, or.brg extension to the filenames of encrypted files. The malware then enters “VM mode” to encrypt files with specific extensions. TXT” in all folders containing encrypted files.

Ransomware 83

Ransomware Encryption Backups Malware 83

Schneier on Security

APRIL 2, 2024

Anyone in possession of a predetermined encryption key could stash any code of their choice in an SSH login certificate, upload it, and execute it on the backdoored device. In theory, the code could allow for just about anything, including stealing encryption keys or installing malware. It was an incredibly complex backdoor.

Social Engineering 314

Social Engineering Engineering Software Encryption 314

The Last Watchdog

APRIL 5, 2022

As the dust settles following the recently disclosed hack of NewsCorp , important lessons are emerging for the cybersecurity and journalism communities. ’ This firewall even goes as far as to block the latest versions of the encryption service TLS (v1.3) Related: How China challenged Google in Operation Aurora.

Hacking 243

Hacking Passwords Firewall Internet 243

Security Affairs

SEPTEMBER 4, 2021

The complete source code for the Babuk ransomware is available for sale on a Russian-speaking hacking forum. A threat actor has leaked the source code for the Babuk ransomware on a Russian-speaking hacking forum. Metropolitan Police Department, encrypted its files and demanded a $4 million ransom. Pierluigi Paganini.

Hacking 97

Hacking Ransomware Encryption Cybercrime 97

Security Affairs

MAY 27, 2021

As of at least May 2021, an APT actor group almost certainly exploited a Fortigate appliance to access a webserver hosting the domain for a U.S. The feds uncovered the attack in May 2021, government experts reported that the threat actors likely created an account with the username “elie” to gain persistence on the network.

VPN 118

VPN Government Hacking Accountability 118

Security Affairs

NOVEMBER 13, 2021

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. SecurityAffairs – hacking, GravityRAT). Pierluigi Paganini.

Encryption 127

Encryption Malware Media Authentication 127

Security Affairs

JULY 8, 2021

The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server of a third-party vendor. The hack of the FTA server took place in March, but the hacker had access to the data of Morgan Stanley customers in May. Pierluigi Paganini.

Data breaches 118

Data breaches Hacking Banking Financial Services 118

Security Affairs

SEPTEMBER 22, 2021

CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root. The flaw, tracked as CVE-2021-40847, resides in the source of a third-party component included in the firmware of many Netgear devices. SecurityAffairs – hacking, SOHO). ” concludes the report.

DNS 126

DNS Firmware VPN Risk 126

Security Affairs

DECEMBER 15, 2021

Microsoft December 2021 Patch Tuesday addresses 67 vulnerabilities, including an actively exploited Windows Installer vulnerability. One of the vulnerabilities fixed by Microsoft, tracked as CVE-2021-43890 , is under active exploitation. Yes No EoP CVE-2021-43883 Windows Installer Elevation of Privilege Vulnerability Important 7.1

IoT 94

IoT Mobile Media Encryption 94

Security Affairs

OCTOBER 2, 2022

Another US defense contractor suffered a data breach, the BlackCat ransomware gang claims to have hacked NJVC. At the time of this writing, the ALPHV’s Tor leak site is not reachable and it is not clear if there is some link with the NJVC hack. SecurityAffairs – hacking, NJVC). ” reported CyberNews.

Hacking 95

Hacking Ransomware Data breaches Government 95

Security Affairs

JANUARY 1, 2024

The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden. The Cactus ransomware group claims to have hacked Coop and is threatening to disclose a huge amount of personal information, over 21 thousand directories. Threat actors have published ID cards as proof of hack.

Retail 122

Retail Ransomware Encryption Hacking 122

Security Affairs

SEPTEMBER 13, 2022

A cyber espionage group targets governments and state-owned organizations in multiple Asian countries since early 2021. Threat actors are targeting government and state-owned organizations in multiple Asian countries as parts of a cyber espionage campaign that remained under the radar since early 2021. ” continues the report.

Penetration Testing 84

Penetration Testing Government Software Education 84

Security Affairs

MARCH 22, 2021

McAfee’s Advanced Threat Research (ATR) team has discovered four vulnerabilities, tracked CVE-2021-27192 , CVE-2021-27193 , CVE-2021-27194 , and CVE-2021-27195 , that could be exploited by attackers for multiple malicious purposes, including taking over students’ computers. Pierluigi Paganini.

Software 106

Software Hacking Encryption Information Security 106

Security Affairs

JUNE 13, 2021

The Anti-Phishing Working Group (APWG) revealed that the number of phishing websites peaked at record levels in the first quarter of 2021. The Anti-Phishing Working Group (APWG) has published its new Phishing Activity Trends Report related to the first quarter of 2021. Reported Phishing Websites for Q1 2021.

Phishing 100

Phishing Advertising Cryptocurrency Encryption 100

The Last Watchdog

JULY 18, 2023

July 18, 2022 – Around 30,000 websites get hacked every day , with the majority of those cyberattacks due to human error. A new study by HostingAdvice, the premier authority on web hosting, found that 32% of Americans say they’ve gotten hacked from visiting a sketchy website and of those, 53% got a computer virus. Gainesville, Fla.,

Hacking 100

Hacking DDOS Small Business Spyware 100