2022, Blog, Encryption and Hacking - Cyber Security Informer

Black Basta ransomware now supports encrypting VMware ESXi servers

Security Affairs

JUNE 8, 2022

Black Basta ransomware gang implemented a new feature to encrypt VMware ESXi virtual machines (VMs) running on Linux servers. The Black Basta ransomware gang now supports encryption of VMware ESXi virtual machines (VMs) running on Linux servers. SecurityAffairs – hacking, Black Basta ransomware). Pierluigi Paganini.

Encryption

Encryption Ransomware Malware Hacking

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines. Starting from September 2022, the note was changed to Royal.

Encryption

Encryption Ransomware Malware Healthcare

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

Security Affairs

JUNE 12, 2022

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134 , affecting Atlassian Confluence Server and Data Center.

Ransomware

Ransomware Encryption Malware Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

xyz pic.twitter.com/VLhISark8Y — Goldwave (@OGoldwave) March 13, 2023 The variant employed in the campaign supports a more sophisticated encryption method of byte remapping and a monthly rotation of the C2 server. #ViperSoftX is back, doesn't look like much has changed. c2 arrowlchat[.]com ” concludes the report.

Encryption

Encryption Malware Cryptocurrency Software

Rorschach ransomware has the fastest file-encrypting routine to date

Security Affairs

APRIL 4, 2023

A new ransomware strain named Rorschach ransomware supports the fastest file-encrypting routine observed to date. The researchers conducted five separate encryption speed tests in a controlled environment (with 6 CPUs, 8192MB RAM, SSD, and 220000 files to be encrypted), limited to local drive encryption only.

Encryption

Encryption Ransomware Malware Backups

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022. stole at least $800,000 from at least five victims between August 2022 and March 2023. 9, 2024, U.S.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

Hacking Electronic Flight Bags. Airbus NAVBLUE Flysmart+ Manager

Pen Test Partners

JANUARY 31, 2024

It makes the app susceptible to interception where an attacker could force a victim to use the unencrypted HTTP protocol while forwarding the data to the real server, encrypted. 25 th July 2022 : response from Airbus, confirming that they had replicated the issue. We asked if we could blog about the issue, now that it had been fixed.

Hacking

Hacking Engineering Encryption Software

Hertzbleed Side-Channel Attack allows to remotely steal encryption keys from AMD and Intel chips

Security Affairs

JUNE 15, 2022

Hertzbleed attack: Researchers discovered a new vulnerability in modern Intel and AMD chips that could allow attackers to steal encryption keys. The experts will present their findings at the 31st USENIX Security Symposium that will take place in Boston, 10–12 August 2022. SecurityAffairs – hacking, Hertzbleed).

Encryption

Encryption Hacking Cybersecurity Information Security

News Alert: HostingAdvice poll finds one in three Americans hacked upon visiting sketchy websites

The Last Watchdog

JULY 18, 2023

July 18, 2022 – Around 30,000 websites get hacked every day , with the majority of those cyberattacks due to human error. A new study by HostingAdvice, the premier authority on web hosting, found that 32% of Americans say they’ve gotten hacked from visiting a sketchy website and of those, 53% got a computer virus.

Hacking

Hacking DDOS Small Business Spyware

Experts found the first LockBit encryptor that targets macOS systems

Security Affairs

APRIL 16, 2023

One of the encryptors developed by Lockbit, named ‘locker_Apple_M1_64’, can encrypt files of Mac systems running on the Apple silicon M1. The MacOS variant has been available since November 11th, 2022. The MacOS variant has been available since November 11th, 2022. It appears we are late to the game.

Encryption

Encryption Architecture Ransomware Education

OpenSSL Patches New Bug Targeting Encryption [Lessons from Heartbleed]

Security Boulevard

MAY 5, 2022

OpenSSL Patches New Bug Targeting Encryption [Lessons from Heartbleed]. Thu, 05/05/2022 - 12:26. C VE-2022-0778 is described as an infinite loop DoS attack discovered by Google vulnerability researcher Tavis Ormandy. Because OpenSSL is everywhere, infiltrating it is like hitting the hacking jackpot. brooke.crothers.

Encryption

Encryption Software Media Authentication

Trigona Ransomware targets Microsoft SQL servers

Security Affairs

APRIL 20, 2023

Threat actors are hacking poorly secured and Interned-exposed Microsoft SQL servers to deploy the Trigona ransomware. Threat actors are hacking into poorly secured and public-facing Microsoft SQL servers to deploy Trigona ransomware. _locked” extension to the filename of encrypted files. ” concludes the report.

Ransomware

Ransomware Malware Encryption Hacking

Researchers found the first Linux variant of the RTM locker

Security Affairs

APRIL 27, 2023

The encryptor uses a combination of ECDH on Curve25519 (asymmetric encryption) and Chacha20 (symmetric encryption) to encrypt files. The researchers discovered that the samples contain a self-delete mechanism which is invoked once the victim’s device is encrypted. ” reads the analysis published by Uptycs.

Encryption

Encryption Ransomware Malware Education

Elon Musk Wants End-to-End Encryption for Twitter Direct Messages: Too soon or Too Late?

Security Boulevard

MAY 4, 2022

Elon Musk Wants End-to-End Encryption for Twitter Direct Messages: Too soon or Too Late? Wed, 05/04/2022 - 14:51. Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages,” Musk said in a tweet. Because they are not end-to-end encrypted, Twitter itself has access to them.

Encryption

Encryption Surveillance Media Government

NB65 group targets Russia with a modified version of Conti’s ransomware

Security Affairs

APRIL 10, 2022

NB65 hacking group created its ransomware based on the leaked source code of the Conti ransomware and targets Russia. According to BleepingComputer , NB65 hacking group is targeting Russian organizations with ransomware that they have developed using the leaked source code of the Conti ransomware. F**k Vladimir Putin.

Ransomware

Ransomware Hacking Encryption Cybersecurity

Security Affairs newsletter Round 369 by Pierluigi Paganini

Security Affairs

JUNE 12, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). SecurityAffairs – hacking, newsletter). To nominate, please visit:?.

Ransomware

Ransomware DNS Cybercrime Hacking

Moobot botnet spreads by targeting Cacti and RealTek flaws

Security Affairs

APRIL 3, 2023

FortiGuard Labs researchers observed an ongoing hacking campaign targeting Cacti ( CVE-2022-46169 ) and Realtek ( CVE-2021-35394 ) vulnerabilities to spread ShellBot and Moobot malware. Since September 2022, Moobot botnet was spotted targeting vulnerable D-Link routers. It executes the Moobot with the parameter realtek.<Filename>.”

DDOS

DDOS Malware Hacking Education

Do not use Tails OS until a flaw in the bundled Tor Browser will be fixed

Security Affairs

MAY 26, 2022

The root cause of the alert is a couple of critical zero-day issues, tracked as CVE-2022-1802 and CVE-2022-1529, in the Firefox browser that was addressed by Mozilla in May. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. ” reads the advisory. .

Surveillance

Surveillance Passwords Hacking Encryption

OpenSSL fixed two high-severity vulnerabilities

Security Affairs

NOVEMBER 2, 2022

The OpenSSL project has issued security updates to address a couple of high-severity vulnerabilities, tracked as CVE-2022-3602 and CVE-2022-3786 , in its cryptography library. ” reads the advisory published by the CVE-2022-3786. SecurityAffairs – hacking, encryption). The flaws impact versions 3.0.0

Encryption

Encryption Authentication Hacking Software

Experts warn of the new 0mega ransomware operation

Security Affairs

JULY 11, 2022

The ransomware operation has been active at least since May 2022 and already claimed to have breached multiple organizations. 0mega extension to the encrypted file’s names and creates for each victim a customized ransom note named DECRYPT-FILES.txt. pic.twitter.com/xQs34oKPAy — Amigo-A (@Amigo_A_) July 9, 2022.

Ransomware

Ransomware Encryption Malware Hacking

Experts spotted a new variant of the Cuba Ransomware with optimized infection techniques

Security Affairs

JUNE 10, 2022

The ransomware encrypts files on the targeted systems using the “.cuba” Researchers from Trend Micro have reported a surge in Cuba ransomware gang activity in March and April 2022. ” Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. cuba” extension.

Ransomware

Ransomware Malware Encryption Hacking

SideWinder carried out over 1,000 attacks since April 2020

Security Affairs

MAY 31, 2022

These techniques include multiple obfuscation routines, encryption with unique keys for each malicious file, multi-layer malwares, memory-resident malwares and splitting infrastructure strings into different malware components.” The second half of the URL is encrypted inside the second stage HTA module. ” states Kaspersky.

Encryption

Encryption Malware Phishing Hacking

Nation States Will Weaponize Social and Recruit Bad Guys with Benefits in 2022

McAfee

OCTOBER 31, 2021

McAfee Enterprise and FireEye recently released its 2022 Threat Predictions. In this blog, we take a deeper dive into the continuingly aggressive role Nation States will play in 2022. The post Nation States Will Weaponize Social and Recruit Bad Guys with Benefits in 2022 appeared first on McAfee Blogs.

Cybercrime

Cybercrime Government Malware Media

New RA Group ransomware gang is the latest group using leaked Babuk source code

Security Affairs

MAY 15, 2023

Once encrypted the victims files RA Group, the gang drops customized ransom notes (“How To Restore Your Files.txt.”), which include the victim’s name and a unique link to download the exfiltration proofs. The ransomware supports intermittent encryption to speed up the encryption process. ” continues the report.

Ransomware

Ransomware Encryption Cybercrime Insurance

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

The threat of bad actors hacking into airplane systems mid-flight has become a major concern for airlines and operators worldwide. Back in 2015, a security researcher decided to make that very point when he claimed to have hacked a plane , accessed the thrust system, and made it fly higher than intended.

Software

Software Risk Artificial Intelligence Engineering

The mystery behind the samples of the new REvil ransomware operation

Security Affairs

MAY 2, 2022

The expert noticed that the sample does not encrypt files, it only adds a random extension to the victim’s files. Timestamp 2022-04-27, new config, new mutex, campaign ID, etc. Raw config for the REvil ransommware reborn: [link] [link] — Vitali Kremez (@VK_Intel) May 2, 2022. Tweets by WhichbufferArda.

Ransomware

Ransomware Encryption Cryptocurrency Malware

US HHS warns healthcare orgs of Royal Ransomware attacks

Security Affairs

DECEMBER 10, 2022

The human-operated Royal ransomware first appeared on the threat landscape in September 2022, it has demanded ransoms up to millions of dollars. “Royal is a human-operated ransomware that was first observed in 2022 and has increased in appearance. Starting from September 2022, the note was changed to Royal.

Healthcare

Healthcare Ransomware Encryption Malware

New Luna ransomware targets Windows, Linux and ESXi systems

Security Affairs

JULY 20, 2022

The encryption scheme is unusual because it combines x25519 and AES. Researchers from Uptycs first reported the discovery of the new Black Basta ransomware variant that supports encryption of VMWare ESXi servers. “A trend, which we also discussed in our previous blog post , is that ESXi systems are increasingly targeted.

Ransomware

Ransomware Encryption Malware Advertising

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Security Affairs

APRIL 9, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter newsletter) The post Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition appeared first on Security Affairs. billion rubles.

Computers and Electronics

Computers and Electronics Backups Cybercrime Marketing

Secure Kali Pi (2022)

Kali Linux

AUGUST 1, 2022

This is the first part of a 3 part series of blog posts surrounding Kali usage on Raspberry Pi devices. We are no exception to this, and today, we are going to be revisiting our “drop box” machine, which has been encrypted thus making it harder to identify if discovered.

Encryption

Encryption Passwords Backups Firmware

City of Dallas shut down IT services after ransomware attack

Security Affairs

MAY 4, 2023

The human-operated Royal ransomware first appeared on the threat landscape in September 2022, it has demanded ransoms up to millions of dollars. FBI and CISA believe this variant, which uses its own custom-made file encryption program, evolved from earlier iterations that used “Zeon” as a loader.” reads the alert.

Ransomware

Ransomware Healthcare Education Encryption

Lacroix Group shut down three facilities after a ‘targeted cyberattack’

Security Affairs

MAY 16, 2023

The company earned $770 million in 2022. The company said that some local infrastructures have been encrypted. “It should be noted that the activity of these three sites represents 19% of the group’s total sales in 2022. . Lacroix plans to resume production on May 22, 2023. ” reported Yahoo Finance.

Manufacturing

Manufacturing Ransomware Cyber Attacks Backups

New SolarMarker variant upgrades evasion abilities to avoid detection

Security Affairs

APRIL 19, 2022

The sample analyzed by the experts was compiled in February 2022, a circumstance that suggests the artifacts are part of new development. The SolarMarker backdoor communicates with the C2 server through the encrypted channel. SecurityAffairs – hacking, SolarMarker). To nominate, please visit:? Pierluigi Paganini.

Encryption

Encryption Malware Engineering Passwords

Kodi discloses data breach after its forum was compromised

Security Affairs

APRIL 14, 2023

The threat actor was able to access the nightly backups containing all public forum posts, team forum posts, messages sent through the user-to-user messaging system, and user information such as forum username, email address used for notifications, and an encrypted (hashed and salted) password generated by the MyBB software.

Data breaches

Data breaches Backups Passwords Accountability

Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocol

Security Affairs

MAY 13, 2023

Unlike most ransom campaigns, CheckMate, discovered in 2022, has been quiet throughout its operations. After gaining access to SMB shares, threat actors encrypt all files and leave a ransom note demanding payment in exchange for the decryption key. To the best of our knowledge, it doesn’t operate a data leak site.

Ransomware

Ransomware Encryption Passwords Internet

ZINC Hackers Leverage Open-source Software to Lure IT Pros

eSecurity Planet

OCTOBER 3, 2022

ZINC, a sub-group of the notorious North Korean Lazarus hacking group, has implanted malicious payloads in open-source software to infiltrate corporate networks, Microsoft’s threat hunting team has reported. Then they moved the conversation away from the platform to encrypted messaging apps like WhatsApp.

Software

Software Social Engineering Engineering Phishing

What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks

SecureList

JANUARY 18, 2023

The trend for personal data leaks grew rapidly in 2022 and will continue into 2023. We often see people use work email addresses to register with third-party sites and services, which can be hacked and exposed to a data leak, putting the security of the company that owns the email at risk.

Media

Media Social Engineering Ransomware Hacking

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Security Affairs

APRIL 23, 2022

The analysis of encryption techniques employed in the attack allowed the government experts to associate the campaign with the cybercrime group Trickbot. SecurityAffairs – hacking, Ukraine). To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Follow me on Twitter: @securityaffairs and Facebook.

Phishing

Phishing Cybercrime Ransomware Encryption

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

“As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” Since September 2022, Moobot botnet was spotted targeting vulnerable D-Link routers. ” reads the joint report. ” continues the report.

Energy and Utilities

Energy and Utilities Government Firewall Malware

Peugeot leaks access to user information in South America

Security Affairs

APRIL 25, 2023

The leaked Symphony application secret could have been used to decrypt previously encrypted data such as user cookies and session IDs. The private certificate, used in combination with the passphrase, was also stored on the same server.

Social Engineering

Social Engineering Education Media Marketing

An expert shows how to stop popular ransomware samples via DLL hijacking

Security Affairs

MAY 4, 2022

The security researcher John Page aka ( hyp3rlinx ) discovered that malware from multiple ransomware operations, including Conti , REvil , LockBit , AvosLocker , and Black Basta, are affected by flaws that could be exploited block file encryption. SecurityAffairs – hacking, DLL hijacking). To nominate, please visit:?

Ransomware

Ransomware Antivirus Malware Encryption

Kaspersky releases a free decryptor for Yanluowang ransomware

Security Affairs

APRIL 19, 2022

Kaspersky discovered a flaw in the encryption process of the Yanluowang ransomware that allows victims to recover their files for free. Researchers from Kaspersky discovered a vulnerability in the encryption process of the Yanluowang ransomware that can be exploited to recover the files encrypted by the malware without paying the ransom.

Ransomware

Ransomware Encryption DDOS Malware

Argo CD flaw could allow stealing sensitive data from Kubernetes Apps

Security Affairs

FEBRUARY 6, 2022

A zero-day vulnerability, tracked as CVE-2022-24348, in the Argo CD tool for Kubernetes could be exploited by attackers to steal sensi tive data from Kubernetes Apps , including passwords and API keys. The impact can especially become critical in environments that make use of encrypted value files (e.g. and 2.1.9. .

Encryption

Encryption Passwords Hacking Information Security

Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE

Security Affairs

MAY 12, 2023

The Bl00dy ransomware has been active since May 2022, it has been the first group that started using the leaked LockBit ransomware builder in attacks in the wild. As a result of some of these attacks, threat actors exfiltrated data of the victim systems and demanded the payment of a ransom for the decryption of encrypted files.

Education

Education Ransomware Encryption Malware

Black Basta ransomware now supports encrypting VMware ESXi servers

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Webinars

Trending Sources

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

Webinars

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Rorschach ransomware has the fastest file-encrypting routine to date

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Hacking Electronic Flight Bags. Airbus NAVBLUE Flysmart+ Manager

Hertzbleed Side-Channel Attack allows to remotely steal encryption keys from AMD and Intel chips

News Alert: HostingAdvice poll finds one in three Americans hacked upon visiting sketchy websites

Experts found the first LockBit encryptor that targets macOS systems

OpenSSL Patches New Bug Targeting Encryption [Lessons from Heartbleed]

Trigona Ransomware targets Microsoft SQL servers

Researchers found the first Linux variant of the RTM locker

Elon Musk Wants End-to-End Encryption for Twitter Direct Messages: Too soon or Too Late?

NB65 group targets Russia with a modified version of Conti’s ransomware

Security Affairs newsletter Round 369 by Pierluigi Paganini

Moobot botnet spreads by targeting Cacti and RealTek flaws

Do not use Tails OS until a flaw in the bundled Tor Browser will be fixed

OpenSSL fixed two high-severity vulnerabilities

Experts warn of the new 0mega ransomware operation

Experts spotted a new variant of the Cuba Ransomware with optimized infection techniques

SideWinder carried out over 1,000 attacks since April 2020

Nation States Will Weaponize Social and Recruit Bad Guys with Benefits in 2022

New RA Group ransomware gang is the latest group using leaked Babuk source code

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The mystery behind the samples of the new REvil ransomware operation

US HHS warns healthcare orgs of Royal Ransomware attacks

New Luna ransomware targets Windows, Linux and ESXi systems

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Secure Kali Pi (2022)

City of Dallas shut down IT services after ransomware attack

Lacroix Group shut down three facilities after a ‘targeted cyberattack’

New SolarMarker variant upgrades evasion abilities to avoid detection

Kodi discloses data breach after its forum was compromised

Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocol

ZINC Hackers Leverage Open-source Software to Lure IT Pros

What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Peugeot leaks access to user information in South America

An expert shows how to stop popular ransomware samples via DLL hijacking

Kaspersky releases a free decryptor for Yanluowang ransomware

Argo CD flaw could allow stealing sensitive data from Kubernetes Apps

Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE

Stay Connected