Security Affairs

DECEMBER 11, 2021

The access to user’s private vault is protected by a personal password, and all the files are automatically encrypted. The software also uses a password hash with insufficient computational effort, as a consequence, an attacker can brute force user passwords leading to unauthorized access to user data.

Passwords 106

Passwords Software Encryption Hacking 106

Security Affairs

MARCH 3, 2021

The vulnerability is related to the possibility to launch a bruteforce attack to guess the seven-digit security code that is sent via email or SMS as a method of verification in password reset procedure. “Once we receive the 7 digit security code, we will have to enter it to reset the password. .”

Accountability 111

Accountability Passwords Encryption Mobile 111

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Regularly back up data, password protect backup copies offline. hard drive, storage device, the cloud).

Ransomware 98

Ransomware DDOS Passwords Backups 98

Security Affairs

JULY 8, 2022

The security firm states that the AstraLocker decryptor works for ransomware versions based on the Babuk malware that appends the.Astra or.babyk extensions to the name of the encrypted files. “Be sure to quarantine the malware from your system first, or it may repeatedly lock your system or encrypt files.

Ransomware 123

Ransomware Encryption Malware Accountability 123

Security Affairs

JANUARY 18, 2022

#Ransomware Hunt: "White Rabbit" with extension " scrypt", drops note for each encrypted file with "<filename> scrypt.txt" with victim-specific information: [link] "Follow the White Rabbit…" pic.twitter.com/lhzHi5t1KK — Michael Gillespie (@demonslay335) December 14, 2021.

Ransomware 133

Ransomware Encryption Malware Passwords 133

Security Affairs

AUGUST 10, 2021

The ransomware, tracked by Intezer as “ QNAPCrypt ” and “ eCh0raix ” by Anomali, is written in the Go programming language and uses AES encryption to encrypt files. The malicious code appends.encrypt extension to filenames of encrypted files. Create complex login passwords to make brute-forcing more difficult for attackers.

Ransomware 128

Ransomware Encryption Firmware Passwords 128

Security Affairs

JANUARY 16, 2022

The threat actors behind the attacks were exploiting an improper authorization vulnerability, tracked as CVE-2021-28799 , that could allow them to log in to a NAS device. “A A ransomware campaign targeting QNAP NAS began the week of April 19th, 2021. reads the security advisory published by the vendor.

Ransomware 114

Ransomware Encryption Backups Firmware 114

Security Affairs

DECEMBER 18, 2023

These pieces of malware are created with the intent of stealing valuable data, such as login credentials, financial information, personal details, and more. This data may include usernames, passwords, credit card numbers, social security numbers, and other sensitive information.

Banking 115

Banking Cybercrime Malware Accountability 115

Security Affairs

JULY 26, 2023

The Mikrotik RouterOS operating system does not support brute force protection and the default “admin” user password was an empty string until October 2021. in October 2021, administrators were prompted to change the password. Configure SSH to use public/private keys and disable passwords.

Hacking 94

Hacking Passwords Authentication Encryption 94

Security Affairs

JUNE 19, 2022

The ransomware, tracked by Intezer as “ QNAPCrypt ” and “ eCh0raix ” by Anomali, is written in the Go programming language and uses AES encryption to encrypt files. The malicious code appends.encrypt extension to filenames of encrypted files. 024 ($1,200) up to.06 06 bitcoins ($3,000). 024 ($1,200) up to.06 06 bitcoins ($3,000).

Ransomware 89

Ransomware Encryption Internet Internet 89

Security Affairs

SEPTEMBER 7, 2022

The Mirai -based Moobot botnet was first documented by Palo Alto Unit 42 researchers in February 2021, in November 2021, it started exploiting a critical command injection flaw ( CVE-2021-36260 ) in the webserver of several Hikvision products. ” At the time of the analysis, the C2 server was offline.

DDOS 102

DDOS Encryption Passwords Hacking 102

Security Affairs

SEPTEMBER 3, 2021

“Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems. Avoid reusing passwords for multiple accounts. Focus on cyber security awareness and training.

Ransomware 97

Ransomware Passwords Backups Firmware 97

Security Affairs

DECEMBER 15, 2021

The module was most likely compiled between late 2020 and April 2021. The username, password, user’s IP address and current timestamp are stored in a file at C:WindowsTempaf397ef28e484961ba48646a5d38cf54.db.ses. Then the result of the command is encrypted and returned to the operator. ” concludes the analysis.

Encryption 102

Encryption Authentication Passwords Internet 102

Security Affairs

OCTOBER 9, 2021

American media conglomerate Cox Media Group (CMG) was hit by a ransomware attack that took down live TV and radio broadcast streams in June 2021. The American media conglomerate Cox Media Group (CMG) announced it was hit by a ransomware attack that caused the interruption of the live TV and radio broadcast streams in June 2021.

Media 99

Media Ransomware Identity Theft Insurance 99

Security Affairs

MAY 13, 2023

After gaining access to SMB shares, threat actors encrypt all files and leave a ransom note demanding payment in exchange for the decryption key. All three types of malicious programs were discovered in 2021-22 and are believed to be of Russian origin. CHECKMATE_DECRYPTION_README” in each folder,” it said.

Ransomware 90

Ransomware Encryption Passwords Internet 90

Security Affairs

APRIL 19, 2021

Has a Discord token stealer too… @demonslay335 pic.twitter.com/OayXQPcSEl — MalwareHunterTeam (@malwrhunterteam) April 17, 2021. Upon executing the ransomware, it will encrypt the victim’s file and will give 3 hours to them to provide a valid Discord nitro. ” states BleepingComputer.

Ransomware 127

Ransomware Encryption Malware Hacking 127

Security Affairs

MAY 20, 2021

The Java-based STRRAT RAT was distributed in a massive spam campaign, the malware shows ransomware-like behavior of appending the file name extension.crimson to files without actually encrypting them. This RAT is infamous for its ransomware-like behavior of appending the file name extension.crimson to files without actually encrypting them.

Ransomware 123

Ransomware Malware Encryption Security Intelligence 123

Security Affairs

DECEMBER 12, 2023

Our researchers believe that the leaked database was likely a production database used for development purposes, as it included customer data, logs, drivers’ personal identifiable information (PII), registration and bank details, as well as passenger order details. The data covered a period from 2018 to 2021.

VPN 119

VPN Accountability Banking Marketing 119

Security Affairs

FEBRUARY 12, 2022

and Australia have published a joint advisory warning of an increased globalised threat of ransomware worldwide in 2021. Almost any sector was hit by sophisticated, high-impact ransomware attacks, including the Defense Industrial Base, Emergency Services, Food and Agriculture, Government Facilities, and Information Technology Sectors.

Ransomware 90

Ransomware Backups Encryption Accountability 90

Security Affairs

JULY 8, 2021

The security breach was first reported by BleepingComputer that also shared a copy of the data breach notification letter sent to the impacted customers. ” The provider notified Morgan Stanley in May 2021 that hackers compromised its FTA install back in January by exploiting a zero-day vulnerability later addressed by the vendor. .

Data breaches 120

Data breaches Hacking Banking Financial Services 120

Security Affairs

JUNE 29, 2022

The RansomHouse gang claims to have breached the Chipmaker giant AMD and stole 450 GB of data from the company in 2021. The RansomHouse extortion gang claims to have stolen 450 GB of data from the chipmaker giant AMD in 2021 and threatens to leak it or sell it if the company will not pay the ransom.

Encryption 85

Encryption Passwords Hacking Data breaches 85

Security Affairs

FEBRUARY 5, 2022

The LockBit ransomware gang has been active since September 2019, in June 2021 the group announced the LockBit 2.0 enumerates system information to include hostname, host configuration, domain information, local drive configuration, remote shares, and mounted external storage devices. Like other ransomware gangs, Lockbit 2.0

Ransomware 88

Ransomware Backups Encryption Accountability 88

Security Affairs

JANUARY 11, 2021

American technology vendor Ubiquiti Networks suffered a data breach and is sending out notification emails to its customers asking them to change their passwords and enable 2FA for their accounts. " pic.twitter.com/O0dmNVruS5 — briankrebs (@briankrebs) January 11, 2021.

Data breaches 114

Data breaches Passwords Accountability IoT 114

Security Affairs

JULY 26, 2021

Microsoft published mitigations for the recently discovered PetitPotam attack that allows attackers to force remote Windows machines to share their password hashes. The NTLM authentication hash can be used to carry out a relay attack or can be lately cracked to obtain the victim’s password. Normal behavior, disable it if you dare!"

Authentication 119

Authentication Passwords Encryption Hacking 119

Security Affairs

OCTOBER 9, 2022

In total, the database leaked over 152,000 pieces of information pertaining to customers, such as emails, names, links to LinkedIn, Twitter, and Facebook profiles, and hashed passwords. Some were protected by a fragile encryption algorithm like MD5, but others were encrypted using bcrypt, considered a strong hash.

Ransomware 96

Ransomware Passwords Encryption Identity Theft 96

Security Affairs

APRIL 3, 2023

FortiGuard Labs researchers observed an ongoing hacking campaign targeting Cacti ( CVE-2022-46169 ) and Realtek ( CVE-2021-35394 ) vulnerabilities to spread ShellBot and Moobot malware. “Like most Mirai variants, it has an encrypted data section with a botnet configuration.” <Filename>.”

DDOS 82

DDOS Malware Hacking Education 82

Security Affairs

SEPTEMBER 1, 2021

. “Although FBI and CISA do not currently have any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday, malicious cyber actors have launched serious ransomware attacks during other holidays and weekends in 2021.” Securing and monitoring Remote Desktop Protocol endpoints.

Ransomware 105

Ransomware Risk Encryption Passwords 105

Security Affairs

DECEMBER 4, 2021

“The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors.”

Ransomware 138

Ransomware Hacking Malware Encryption 138

Security Affairs

JULY 11, 2022

BlackCat (aka ALPHV) Ransomware gang introduced an advanced search by stolen victim’s passwords, and confidential documents. They introduced an advanced search by stolen victim’s passwords, and confidential documents leaked in the TOR network. The notorious cybercriminal syndicate BlackCat competes with Conti and Lockbit 3.0.

Ransomware 83

Ransomware Passwords Data breaches Technology 83

Security Affairs

FEBRUARY 25, 2023

” The SSSCIP’s National Cybersecurity Coordination Center along with the Cyber ​​Police are working together to lock out the threats and investigate the security breaches. ” reads the advisory published by Ukraine’s cybersecurity defense and security agency SSSCIP.

Government 86

Government Passwords Encryption Phishing 86

Security Affairs

OCTOBER 5, 2021

The unsecured database was discovered on September 14, 2021, it included internal logs and subscriber information. The database also included some Apple news subscribers or registrants’ passwords. — Bob Diachenko (@MayhemDayOne) September 16, 2021. subscribers info (email, name, IP, device info, tokens).

Media 96

Media Passwords Engineering Encryption 96

Malwarebytes

MARCH 17, 2021

PYSA, aka Mespinoza, is a malware capable of exfiltrating data and encrypting users’ critical files and data stored on their systems. link] pic.twitter.com/NOPAcEFxM8 — FBI Buffalo (@FBIBuffalo) March 16, 2021. To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released.

Education 106

Education Ransomware Phishing Passwords 106

Security Affairs

MAY 20, 2021

.” The SQL query did not use a prepared statement and an attacker could easily manipulate ID input parameter to bypass the esc_sql function to generate queries which could allow extracting sensitive data from the site, including user emails, password hashes, and encryption keys and salts. is released.

Firewall 123

Firewall Encryption Passwords Hacking 123

Security Affairs

DECEMBER 25, 2022

Expert found Backdoor credentials in ZyXEL LTE3301 M209 Raspberry Robin malware used in attacks against Telecom and Governments TikTok parent company ByteDance revealed the use of TikTok data to track journalists BetMGM discloses security breach impacting 1.5 Follow me on Twitter: @securityaffairs and Facebook and Mastodon.

Ransomware 92

Ransomware Hacking Malware Encryption 92

Security Affairs

FEBRUARY 28, 2024

The Mirai -based Moobot botnet was first documented by Palo Alto Unit 42 researchers in February 2021, in November 2021, it started exploiting a critical command injection flaw ( CVE-2021-36260 ) in the webserver of several Hikvision products. Change any default usernames and passwords. ” concludes the report.

Energy and Utilities 97

Energy and Utilities Government Firewall Malware 97

Security Affairs

APRIL 23, 2021

The malware moves all files stored on the device to password-protected 7zip archives and demand the payment of a $550 ransom. The Taiwanese vendor published a security advisory to warn its customers of the ongoing attacks and is urging them to install the latest Malware Remover version and scan their devices for indicators of compromise.

Ransomware 119

Ransomware Backups Media Malware 119

Security Affairs

JUNE 11, 2021

This morning, BleepingComputer received a message from a source that was pretending to be the FBI that included a password and a link to a password-protected ZIP archive. BleepingComputer shared the decryption keys with the security firm Emsisoft, which has released in the past free decryptors for multiple pieces of ransomware.

Ransomware 137

Ransomware Passwords Manufacturing Healthcare 137