2021, Encryption, Hacking and Information Security

Flaws in DataVault encryption software impact multiple storage devices

Security Affairs

DECEMBER 30, 2021

Researchers found several vulnerabilities in third-party encryption software that is used by multiple storage devices from major vendors. Researcher Sylvain Pelissier has discovered that the DataVault encryption software made by ENC Security and used by multiple vendors is affected by a couple of key derivation function issues.

Encryption

Encryption Software Passwords Engineering

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

Security Affairs

FEBRUARY 21, 2022

Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files.

Encryption

Encryption Ransomware VPN Malware

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. According to a report published by blockchain analytics company Chainalysis, the Hive ransomware is one of the top 10 ransomware strains by revenue in 2021. key files.

Encryption

Encryption Ransomware Cybercrime Malware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains

Security Affairs

JULY 29, 2021

ransomware is now able to encrypt Windows domains by using Active Directory group policies. ransomware that encrypts Windows domains by using Active Directory group policies. After ransomware ads were banned on hacking forum, the LockBit operators set up their own leak site promoting the latest variant and advertising the LockBit 2.0

Encryption

Encryption Ransomware Malware Hacking

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines. The malware changes the extension of the encrypted files to ‘.royal’.

Encryption

Encryption Ransomware Malware Healthcare

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. The researchers noticed that the encryption algorithm implemented in the ELF executable is flawed and can allow victims to decrypt locked files without paying a ransom. ” continues the report.

Encryption

Encryption Ransomware Cybercrime Engineering

ESET found a variant of the Hive ransomware that encrypts Linux and FreeBSD

Security Affairs

OCTOBER 29, 2021

The Hive ransomware operators have developed a new variant of their malware that can encrypt Linux and FreeBSD. ESET researchers discovered a new Hive ransomware variant that was specifically developed to encrypt Linux and FreeBSD. 1/6 pic.twitter.com/dBw0E5pj6r — ESET research (@ESETresearch) October 29, 2021.

Encryption

Encryption Ransomware Spyware Malware

SOVA Android malware now also encrypts victims’ files

Security Affairs

AUGUST 15, 2022

Security researchers from Cleafy reported that the SOVA Android banking malware is back and is rapidly evolving. The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers report. The malware has been active since 2021 and evolves over time.

Encryption

Encryption Malware Banking Ransomware

LockFile Ransomware uses a new intermittent encryption technique

Security Affairs

AUGUST 31, 2021

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. Sophos researchers discovered that the group is now leveraging a new technique called “intermittent encryption” to speed up the encryption process.

Encryption

Encryption Ransomware Financial Services Antivirus

TeamTNT is back and targets servers to run Bitcoin encryption solvers

Security Affairs

SEPTEMBER 19, 2022

The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August 2020 experts from Cado Security discovered that botnet is also able to target misconfigured Kubernetes installations. The new attacks suggest the hacking group is back in action. SecurityAffairs – hacking, cryptomining).

Encryption

Encryption Cybercrime Hacking Malware

The worst cyber attacks of 2021

Security Affairs

JANUARY 3, 2022

Which are the cyber attacks of 2021 that had the major impact on organizations worldwide in terms of financial losses and disruption of the operations? The US Cybersecurity and Infrastructure Security Agency (CISA) also issued the Emergency Directive 21-02 in response to the disclosure of zero-day vulnerabilities in Microsoft Exchange.

Cyber Attacks

Cyber Attacks Ransomware Insurance Hacking

Google discloses a severe flaw in widely used Libgcrypt encryption library

Security Affairs

FEBRUARY 1, 2021

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. pic.twitter.com/GYJOddEPxl — Filippo Valsorda (@FiloSottile) January 29, 2021. pic.twitter.com/LYC9PsURqn — Filippo Valsorda (@FiloSottile) January 29, 2021.

Encryption

Encryption Engineering Hacking Software

CVE-2021-3711 in OpenSSL can allow to change an application’s behavior

Security Affairs

AUGUST 24, 2021

The OpenSSL Project patched a high-severity vulnerability, tracked as CVE-2021-3711 , that can allow an attacker to change an application’s behavior or cause the app to crash. The vulnerability ties the decryption of SM2 encrypted data, the changes depend on the targeted application and data it maintains (i.e. and 1.0.2za.

Encryption

Encryption Hacking Information Security

Zoom now supports end-to-end encrypted (E2EE) calls

Security Affairs

OCTOBER 15, 2020

The Video conferencing platform Zoom announced the implementation of end-to-end encryption (E2EE) and its availability starting next week. The popular Video conferencing platform Zoom announced the availability of the end-to-end encryption (E2EE) starting next week. SecurityAffairs – hacking, Zoom). Pierluigi Paganini.

Encryption

Encryption Advertising Accountability Hacking

Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications

Security Affairs

JANUARY 8, 2024

“According to this and other leaked documents, the Department of Defence purchased technology for the Air Force’s encrypted communications. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Swiss Air Force) ” reported the SwissInfo website.

Hacking

Hacking Data breaches Ransomware Manufacturing

Hackers scan for VMware vCenter servers vulnerable to CVE-2021-21985 RCE

Security Affairs

JUNE 4, 2021

Threat actors are actively scanning the Internet for VMware vCenter servers affected by a critical remote code execution (RCE) vulnerability tracked as CVE-2021-21985. The CVE-2021-21985 flaw is caused by the lack of input validation in the Virtual SAN ( vSAN ) Health Check plug-in, which is enabled by default in the vCenter Server.

Internet

Internet Internet Ransomware Encryption

Morgan Stanley discloses data breach after the hack of a third-party vendor

Security Affairs

JULY 8, 2021

The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server of a third-party vendor. The security breach was first reported by BleepingComputer that also shared a copy of the data breach notification letter sent to the impacted customers.

Data breaches

Data breaches Hacking Banking Financial Services

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

“The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors.” SecurityAffairs – hacking, ransomware).

Ransomware

Ransomware Hacking Malware Encryption

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Security Affairs

JANUARY 11, 2022

The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems. The ransomware gang started its operations on December 27, 2021, and has already hacked the corporate networks of two organizations from Bangladesh and Japan respectively.

Ransomware

Ransomware Hacking Internet Internet

A 16-year-old bug (CVE-2021-3438) in printer driver affects millions of printers worldwide

Security Affairs

JULY 20, 2021

Experts warn of a 16-year-old vulnerability (CVE-2021-3438) in an HP, Xerox, and Samsung printers driver that an attacker could exploit to gain admin rights on systems. The vulnerability, tracked as CVE-2021-3438 , is a buffer overflow that resides in the SSPORT.SYS driver which is used by some printer models. Pierluigi Paganini.

Encryption

Encryption Accountability Software Hacking

Over 500K MikroTik RouterOS systems potentially exposed to hacking due to critical flaw

Security Affairs

JULY 26, 2023

Experts warn of a severe privilege escalation, tracked as CVE-2023-30799 , in MikroTik RouterOS that can be exploited to hack vulnerable devices. The Mikrotik RouterOS operating system does not support brute force protection and the default “admin” user password was an empty string until October 2021.

Hacking

Hacking Passwords Authentication Encryption

Source code for the Babuk is available on a hacking forum

Security Affairs

SEPTEMBER 4, 2021

The complete source code for the Babuk ransomware is available for sale on a Russian-speaking hacking forum. A threat actor has leaked the source code for the Babuk ransomware on a Russian-speaking hacking forum. Metropolitan Police Department, encrypted its files and demanded a $4 million ransom. Pierluigi Paganini.

Hacking

Hacking Ransomware Encryption Cybercrime

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

As of at least May 2021, an APT actor group almost certainly exploited a Fortigate appliance to access a webserver hosting the domain for a U.S. The feds uncovered the attack in May 2021, government experts reported that the threat actors likely created an account with the username “elie” to gain persistence on the network.

VPN

VPN Government Hacking Accountability

GravityRAT returns disguised as an end-to-end encrypted chat app

Security Affairs

NOVEMBER 13, 2021

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. SecurityAffairs – hacking, GravityRAT). Pierluigi Paganini.

Encryption

Encryption Malware Media Authentication

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

Security Affairs

SEPTEMBER 22, 2021

CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root. Security experts from consulting firm GRIMM have discovered a vulnerability in Small Offices/Home Offices (SOHO) Netgear routers that could be exploited by a remote attacker to execute arbitrary code as root.

DNS

DNS Firmware VPN Risk

Microsoft December 2021 Patch Tuesday fixes an actively exploited zero-day

Security Affairs

DECEMBER 15, 2021

Microsoft December 2021 Patch Tuesday addresses 67 vulnerabilities, including an actively exploited Windows Installer vulnerability. One of the vulnerabilities fixed by Microsoft, tracked as CVE-2021-43890 , is under active exploitation. Yes No EoP CVE-2021-43883 Windows Installer Elevation of Privilege Vulnerability Important 7.1

IoT

IoT Mobile Media Encryption

BlackCat ransomware gang claims to have hacked US defense contractor NJVC

Security Affairs

OCTOBER 2, 2022

Another US defense contractor suffered a data breach, the BlackCat ransomware gang claims to have hacked NJVC. At the time of this writing, the ALPHV’s Tor leak site is not reachable and it is not clear if there is some link with the NJVC hack. SecurityAffairs – hacking, NJVC). ” reported CyberNews.

Hacking

Hacking Ransomware Data breaches Government

Abusing distance learning software to hack into student PCs

Security Affairs

MARCH 22, 2021

McAfee’s Advanced Threat Research (ATR) team has discovered four vulnerabilities, tracked CVE-2021-27192 , CVE-2021-27193 , CVE-2021-27194 , and CVE-2021-27195 , that could be exploited by attackers for multiple malicious purposes, including taking over students’ computers. Pierluigi Paganini.

Software

Software Hacking Encryption Information Security

Cyber espionage campaign targets Asian countries since 2021

Security Affairs

SEPTEMBER 13, 2022

A cyber espionage group targets governments and state-owned organizations in multiple Asian countries since early 2021. Threat actors are targeting government and state-owned organizations in multiple Asian countries as parts of a cyber espionage campaign that remained under the radar since early 2021. ” continues the report.

Penetration Testing

Penetration Testing Government Software Education

APWG: Phishing maintained near-record levels in the first quarter of 2021

Security Affairs

JUNE 13, 2021

The Anti-Phishing Working Group (APWG) revealed that the number of phishing websites peaked at record levels in the first quarter of 2021. The Anti-Phishing Working Group (APWG) has published its new Phishing Activity Trends Report related to the first quarter of 2021. Reported Phishing Websites for Q1 2021.

Phishing

Phishing Advertising Cryptocurrency Encryption

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

In December 2021, experts at Check Point Research observed the resurgence of the Phorpiex botnet. The ZIP archives contain a compressed executable payload that, if executed, will start the encryption process with LockBit Black ransomware. com,” and “Jenny[@]gsd[.]com.”

Phishing

Phishing Ransomware Security Awareness Authentication

REvil ransomware gang hacked Acer and is demanding a $50 million ransom

Security Affairs

MARCH 20, 2021

Acer is the world’s 6th-largest PC vendor by unit sales as of January 2021, it has more than 7,000 employees (2019) and in 2019 declared 234.29 The ransomware gang claimed to have stolen data from the systems of the vendor before encrypting them, then published on their data leak site some images of allegedly stolen documents (i.e.

Ransomware

Ransomware Hacking Computers and Electronics Malware

Hacking Nespresso machines to have unlimited funds to purchase coffee

Security Affairs

FEBRUARY 7, 2021

Some commercial Nespresso machines that are used in Europe could be hacked to add unlimited funds to purchase coffee. Some Nespresso Pro machines in Europe could be hacked to add unlimited funds to purchase coffee. The researchers wrote a Python script that used to crack the weak encryption and dumped the card’s binary.

Hacking

Hacking Technology Software Engineering

B. Braun Infusomat pumps could be hacked to alter medication doses

Security Affairs

AUGUST 27, 2021

Braun ‘s Infusomat Space Large Volume Pump and SpaceStation that could be remotely hacked. The five previously unreported vulnerabilities in the medical system are: CVE-2021-33886 – Use of Externally-Controlled Format String (CVSS 7.7) CVE-2021-33885 – Insufficient Verification of Data Authenticity (CVSS 9.7) The post B.

Hacking

Hacking Authentication Internet Internet

Ukrainian REvil gang member sentenced to 13 years in prison

Security Affairs

MAY 2, 2024

In November 2021, the US Department of Justice charged Vasinskyi, REvil ransomware affiliate, for orchestrating the ransomware attacks on Kaseya MSP platform that took place on July 4, 2021. Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, ransomware)

Ransomware

Ransomware Cryptocurrency Cybercrime Encryption

WhatsApp flaws could have allowed hackers to remotely hack mobile devices

Security Affairs

APRIL 14, 2021

WhatsApp addressed two security vulnerabilities in its app for Android that could have been exploited to remotely hack the victim’s device. ” reads the analysis of researchers from Census Labs which reported one of the two issues(CVE-2021-24027). man-in-the-disk vulnerability under CVE-2021-24027.”

Mobile

Mobile Hacking Encryption Surveillance

Nation-state actors hacked Red Cross exploiting a Zoho bug

Security Affairs

FEBRUARY 17, 2022

The attribution of the hack is based on similarities of attackers’ TTPs with the ones associated with APT groups and the targeted nature of the attack. “Once inside our network, the hackers were able to deploy offensive security tools which allowed them to disguise themselves as legitimate users or administrators.

Hacking

Hacking Password Management Malware Encryption

Three more ransomware attacks hit Water and Wastewater systems in 2021

Security Affairs

OCTOBER 15, 2021

In all the attacks the ransomware encrypting files on the infected systems and in one of the security incidents threat actors compromised a system used to control the SCADA industrial equipment. In July 2021, cyber actors used remote access to introduce ZuCaNo ransomware onto a Maine-based WWS facility’s wastewater SCADA computer.

Ransomware

Ransomware Cyber threats Firmware Backups

Energy giant Shell discloses data breach caused by Accellion FTA hack

Security Affairs

MARCH 23, 2021

FireEye pointed out that despite FIN11 hackers are publishing data from Accellion FTA customers on the Clop ransomware leak site, they did not encrypt systems on the compromised networks. In response to the wave of attacks, the vendor has released multiple security patches to address the vulnerabilities exploited by the hackers.

Data breaches

Data breaches Hacking Cybercrime Cyber Attacks

AvosLocker ransomware now targets Linux systems, including ESXi servers

Security Affairs

JANUARY 11, 2022

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers, Bleeping computed reported. SecurityAffairs – hacking, AvosLocker).

Ransomware

Ransomware Encryption Advertising Malware

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Security Affairs

OCTOBER 9, 2023

The HelloKitty gang has been active since January 2021. In November 2021, the US FBI has published a flash alert warning private organizations of the evolution of the HelloKitty ransomware (aka FiveHands). CVE-2021-20016 , CVE-2021-20021 , CVE-2021-20022 , CVE-2021-2002 ) or using compromised credentials.

Cybercrime

Cybercrime Ransomware DDOS Encryption

A new variant of ESXiArgs ransomware makes recovery much harder

Security Affairs

FEBRUARY 9, 2023

Experts spotted a new variant of ESXiArgs ransomware targeting VMware ESXi servers, authors have improved the encryption process, making it much harder to recover the encrypted virtual machines. The attack exploits a heap-overflow vulnerability in VMware ESXi and is tracked as CVE-2021-21974 which was patched in February 2021.

Ransomware

Ransomware Encryption Hacking Cybercrime

Hertzbleed Side-Channel Attack allows to remotely steal encryption keys from AMD and Intel chips

Security Affairs

JUNE 15, 2022

Hertzbleed attack: Researchers discovered a new vulnerability in modern Intel and AMD chips that could allow attackers to steal encryption keys. The experts shared their findings, along with proof-of-concept code, to Intel, Cloudflare and Microsoft in Q3 2021 and to AMD in Q1 2022. SecurityAffairs – hacking, Hertzbleed).

Encryption

Encryption Hacking Cybersecurity Information Security

Victims of FonixCrypter ransomware could decrypt their files for free

Security Affairs

JANUARY 30, 2021

The availability of the master decryption key allows the victims to recover their encrypted files for free. Fonix Ransomware Master RSA Key (Spub.key & Spriv.key) and Sample Decryptor : #Fonix #ransomware #XINOF #FonixCrypter #close_project #hack #Malware #raas #ransomware_as_a_service [link] — fnx (@fnx67482837) January 29, 2021.

Ransomware

Ransomware Encryption Malware Cybercrime

Flaws in DataVault encryption software impact multiple storage devices

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

Webinars

Trending Sources

New Hive ransomware variant is written in Rust and use improved encryption method

Webinars

LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

ESET found a variant of the Hive ransomware that encrypts Linux and FreeBSD

SOVA Android malware now also encrypts victims’ files

LockFile Ransomware uses a new intermittent encryption technique

TeamTNT is back and targets servers to run Bitcoin encryption solvers

The worst cyber attacks of 2021

Google discloses a severe flaw in widely used Libgcrypt encryption library

CVE-2021-3711 in OpenSSL can allow to change an application’s behavior

Zoom now supports end-to-end encrypted (E2EE) calls

Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications

Hackers scan for VMware vCenter servers vulnerable to CVE-2021-21985 RCE

Morgan Stanley discloses data breach after the hack of a third-party vendor

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

A 16-year-old bug (CVE-2021-3438) in printer driver affects millions of printers worldwide

Over 500K MikroTik RouterOS systems potentially exposed to hacking due to critical flaw

Source code for the Babuk is available on a hacking forum

APT hacked a US municipal government via an unpatched Fortinet VPN

GravityRAT returns disguised as an end-to-end encrypted chat app

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

Microsoft December 2021 Patch Tuesday fixes an actively exploited zero-day

BlackCat ransomware gang claims to have hacked US defense contractor NJVC

Abusing distance learning software to hack into student PCs

Cyber espionage campaign targets Asian countries since 2021

APWG: Phishing maintained near-record levels in the first quarter of 2021

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

REvil ransomware gang hacked Acer and is demanding a $50 million ransom

Hacking Nespresso machines to have unlimited funds to purchase coffee

B. Braun Infusomat pumps could be hacked to alter medication doses

Ukrainian REvil gang member sentenced to 13 years in prison

WhatsApp flaws could have allowed hackers to remotely hack mobile devices

Nation-state actors hacked Red Cross exploiting a Zoho bug

Three more ransomware attacks hit Water and Wastewater systems in 2021

Energy giant Shell discloses data breach caused by Accellion FTA hack

AvosLocker ransomware now targets Linux systems, including ESXi servers

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

A new variant of ESXiArgs ransomware makes recovery much harder

Hertzbleed Side-Channel Attack allows to remotely steal encryption keys from AMD and Intel chips

Victims of FonixCrypter ransomware could decrypt their files for free

Stay Connected