Security Affairs

JUNE 17, 2021

Iran-linked Ferocious Kitten APT group used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on targets’ devices. ” Kaspersky spotted the activity of the group by investigating two weaponized documents that were uploaded to VirusTotal in July 2020 and March 2021. .”

VPN 123

VPN Internet Internet Software 123

Security Affairs

AUGUST 26, 2021

Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. ” reads CISA’s advisory.

Malware 129

Malware VPN Authentication Hacking 129

Security Affairs

JANUARY 12, 2022

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. The malicious code can also act as a first-stage malware. 2021-11-26 04:34:54 2021-11-26 10:05:15 149.154.167.91 2021-12-05 12:06:03 2021-12-05 13:19:35 149.154.167.91

Malware 131

Malware Manufacturing Cryptocurrency Cybercrime 131

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their credentials have been stolen. The malicious code can also act as a first-stage malware.

Accountability 132

Accountability Malware Data breaches Passwords 132

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. mike [link] pic.twitter.com/fkU2USEZis — Swisscom CSIRT (@swisscom_csirt) January 26, 2021. SecurityAffairs – hacking, Fortinet VPN). ” continues Kaspersky.

VPN 96

VPN Ransomware Antivirus Firmware 96

Security Affairs

JANUARY 1, 2021

Impacted devices include Unified Security Gateway (USG), ATP, USG FLEX and VPN firewalls products. 2020 VPN series running firmware ZLD V4.60 Patch1 in April 2021 NXC5500 V6.10 Patch1 in April 2021. 2020 VPN series running firmware ZLD V4.60 Patch1 in April 2021 NXC5500 V6.10 Patch1 in April 2021.

Firewall 139

Firewall VPN Firmware Passwords 139

Security Affairs

JULY 31, 2022

The researchers discovered over a dozen Android Apps on Google Play Store, collectively dubbed DawDropper, that were dropping Banking malware. The DawDropper apps are masqueraded as productivity and utility apps such as document scanners, VPN services, QR code readers, and call recorders. ” concludes the report.

Banking 116

Banking Malware VPN Hacking 116

Security Affairs

JULY 31, 2023

The AVRecon botnet relies on compromised small office/home office (SOHO) routers since at least May 2021. The AVrecon malware was written in C to ensure portability and designed to target ARM-embedded devices. Based on information associated with their x.509 continues the report. “We “ SocksEscort[.]com

Malware 90

Malware Small Business Advertising Passwords 90

Security Affairs

JANUARY 1, 2022

Which are the most-read cyber stories of 2021? The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass the OS screensaver. Pierluigi Paganini.

Hacking 95

Hacking VPN Passwords Ransomware 95

Security Affairs

AUGUST 25, 2023

The researchers observed Flax Typhoon gaining and maintaining long-term access to Taiwanese organizations’ networks with minimal use of malware. Microsoft has not observed The group has been active since mid-2021, it focuses on government agencies and education, critical manufacturing, and information technology organizations in Taiwan.

VPN 80

VPN Manufacturing Education Hacking 80

Security Boulevard

MAY 3, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2021. The UK Security Service MI5 said 10,000 staff from every UK government department and from important UK industries have been lured by fake LinkedIn profiles.

Ransomware 124

Ransomware Passwords Scams Government 124

Security Affairs

JANUARY 21, 2024

Admin of the BreachForums hacking forum sentenced to 20 years supervised release Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails VF Corp December data breach impacts 35 million customers China-linked APT UNC3886 exploits VMware zero-day since 2021 Ransomware attacks break records in 2023: the number of victims rose by 128% U.S.

Artificial Intelligence 96

Artificial Intelligence VPN Hacking Firewall 96

Security Affairs

NOVEMBER 8, 2023

Bluewater Health hospital confirmed that threat actors stole a database containing information on 5.6 Chatham-Kent Health Alliance reported that threat actors had access to data belonging to 1446 employees who worked in the hospital as of February 2021. The threat actors obtained the VPN credentials through phishing attacks.

Ransomware 112

Ransomware Healthcare VPN Insurance 112

Security Affairs

DECEMBER 22, 2022

Zerobot operators are offering the botnet as a malware-as-a-service model, one domain (zerostresser[.]com) The Go-based botnet spreads by exploiting two dozen security vulnerabilities in the internet of things (IoT) devices and other applications. The IT giant is tracking this cluster of threat activity as DEV-1061.

IoT 115

IoT DDOS Malware Firmware 115

Security Affairs

JULY 14, 2023

A new malware dubbed AVrecon targets small office/home office (SOHO) routers, it infected over 70,000 devices from 20 countries. Lumen Black Lotus Labs uncovered a long-running hacking campaign targeting SOHO routers with a strain of malware dubbed AVrecon. “Based on information associated with their x.509

Malware 81

Malware Advertising Cybercrime Passwords 81

Security Affairs

MAY 17, 2022

The Facestealer spyware was first spotted on July 2021 by Dr. Web researchers, the development team behind the threat has frequently changed its code. Most of the malicious apps were VPN software (42), followed by Camera (20), and Photo Editing (13). SecurityAffairs – malware, Facestealer). To nominate, please visit:?

Spyware 89

Spyware Cryptocurrency VPN Malware 89

Security Affairs

MARCH 24, 2021

Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents. pic.twitter.com/POYlPYGjsz — MalwareTech (@MalwareTechBlog) March 21, 2021. If you're reading BlackKingdom, exclude *.sys

Ransomware 139

Ransomware Encryption VPN Malware 139

Security Affairs

AUGUST 29, 2023

Citrix reported that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. Then threat actors sent data as an image file to a web-accessible path: cp /var/tmp/test.tar.gz /netscaler/ns_gui/vpn/medialogininit.png. php) on victim machines.

VPN 102

VPN Ransomware DNS Malware 102

Security Affairs

FEBRUARY 26, 2022

Researchers provided details about a stealthy custom malware dubbed SockDetour that targeted U.S.-based According to Microsoft DEV-0322 is an APT group based in China, which employed commercial VPN solutions and compromised consumer routers in their attacker infrastructure. based defense contractors. based defense contractors.

Backups 90

Backups VPN Healthcare Malware 90

Security Affairs

JANUARY 26, 2023

The authorities reported that from June 2021 through at least November 2022, threat actors targeted a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH).

Ransomware 91

Ransomware VPN Manufacturing Healthcare 91

Security Affairs

DECEMBER 18, 2022

years in jail for spying on behalf of Saudi Arabia Social Blade discloses security breach Data of 5.7M years in jail for spying on behalf of Saudi Arabia Social Blade discloses security breach Data of 5.7M Samba addressed multiple high-severity vulnerabilities Former Twitter employee sentenced to 3.5

Data breaches 92

Data breaches Hacking DDOS VPN 92

Security Affairs

JANUARY 14, 2022

The gang was targeting organizations via spam campaigns to spread ransomware, however, the police did not disclose the malware family used by the group in its attacks. The gang was also providing VPN-like services used by other cybercriminal organizations to carry out malicious activities used to deliver malware to the target organization.

Ransomware 112

Ransomware DDOS Telecommunications Malware 112

Security Affairs

DECEMBER 3, 2022

Google fixed the ninth actively exploited Chrome zeroday this year A new Linux flaw can be chained with other two bugs to gain full root privileges Attack of drones: airborne cybersecurity nightmare Cuba Ransomware received over $60M in Ransom payments as of August 2022 Android Keyboard Apps with 2 Million downloads can remotely hack your device New (..)

Spyware 92

Spyware Data breaches VPN Hacking 92

Security Affairs

DECEMBER 16, 2021

The name PseudoManuscrypt comes from the similarities with the Manuscrypt malware used by the North Korea-linked Lazarus APT group in attacks aimed at the defense industry. The PseudoManuscrypt loader is delivered via a Malware-as-a-Service (MaaS) platform that distributes the malicious code in pirated software installer archives.

Spyware 108

Spyware Energy and Utilities Malware Engineering 108

Security Affairs

DECEMBER 14, 2023

The authorities reported that from June 2021 through at least November 2022, threat actors targeted a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH).

Ransomware 112

Ransomware Cryptocurrency Cybercrime VPN 112

Malwarebytes

FEBRUARY 22, 2023

DNA Diagnostics Center (DDC), an Ohio-based private DNA testing company, last week reached a settlement deal with the Ohio and Pennsylvania state attorneys general in relation to a 2021 breach that saw the theft of 45,000 residents ' personal details. Overall the attack compromised over 2.1 This triggered the company's incident response plan.

Penetration Testing 89

Penetration Testing InfoSec Accountability Authentication 89

Security Affairs

APRIL 9, 2021

According a security advisory published by the company, Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers are affected by Remote Command Execution vulnerability that resides in the Management Interface. The flaw, tracked as CVE-2021-1459, has been rated with a CVSS score of 9.8

Small Business 128

Small Business Wireless VPN Firewall 128

Security Affairs

OCTOBER 3, 2021

Threat actors exploit a flaw in Coinbase 2FA to steal user funds Flubot Android banking Trojan spreads via fake security updates Th Tim’s RED Team Research reports 3 new CVEs, two of which in 4G/5G Baby died at Alabama Springhill Medical Center due to cyber attack Hydra Android trojan campaign targets customers of European banks Neiman Marcus discloses (..)

Banking 52

Banking Data breaches Malware VPN 52

Security Affairs

AUGUST 8, 2021

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN RansomEXX ransomware leaks files stolen from Italian luxury brand Zegna VMware addresses critical flaws in its products CVE-2021-20090 actively exploited to target millions of IoT devices worldwide RansomEXX ransomware hit computer manufacturer and distributor GIGABYTE.

VPN 98

VPN Ransomware Manufacturing IoT 98

Security Affairs

JULY 6, 2022

The operators of the Hive ransomware upgraded their malware by migrating the malware to the Rust language and implementing a more sophisticated encryption method, Microsoft researchers warn. The group used a variety of attack methods, including malspam campaigns, vulnerable RDP servers, and compromised VPN credentials.

Encryption 115

Encryption Ransomware Cybercrime Malware 115

Security Affairs

AUGUST 17, 2021

“ The flaw could allow an attacker to deploy a persistent shell, install crypto mining software, or other malware families. Such kinds of devices should only be reachable only via trusted, internal networks or a secure VPN connection. is expected to include a fix, and will be released at the end of August.

Authentication 98

Authentication VPN Internet Internet 98

Security Affairs

JUNE 30, 2022

The Hive ransomware operation has been active since June 2021, it provides Ransomware-as-a-Service Hive and adopts a double-extortion model threatening to publish data stolen from the victims on their leak site (HiveLeaks). The ransomware generates 10MiB of random data, and uses it as a master key.

Ransomware 107

Ransomware Cybersecurity Encryption VPN 107

Security Affairs

DECEMBER 13, 2023

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Small Business 111

Small Business Technology VPN Manufacturing 111

Security Affairs

MAY 9, 2021

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager UNC2529, a new sophisticated cybercrime gang that targets U.S.

Data breaches 87

Data breaches DDOS VPN Hacking 87

Security Affairs

JUNE 4, 2021

A vulnerability was discovered under Pulse Connect Secure (PCS). The vendor also released a tool that can scan Pulse Secure VPN servers for signs of compromise for CVE-2021-22893 or other previous vulnerabilities. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. “In

VPN 74

VPN Government Hacking Authentication 74

Security Affairs

MARCH 10, 2022

Threat actors are spreading password-stealing malware disguised as a security tool to target Ukraine’s IT Army. Cisco Talos researchers have uncovered a malware campaign targeting Ukraine’s IT Army , threat actors are using infostealer malware mimicking a DDoS tool called the “Liberator.” 35) on port 6666.

DDOS 84

DDOS Digital transformation Malware Advertising 84

Security Affairs

MARCH 19, 2022

. “As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.” Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.

Ransomware 97

Ransomware DDOS Passwords Backups 97