Security Affairs

APRIL 29, 2023

A new variant of the information-stealing malware ViperSoftX implements sophisticated techniques to avoid detection. Trend Micro researchers observed a new ViperSoftX malware campaign that unlike previous attacks relies on DLL sideloading for its arrival and execution technique. c2 arrowlchat[.]com c2 arrowlchat[.]com

Encryption 82

Encryption Malware Cryptocurrency Software 82

Security Affairs

JANUARY 5, 2024

The seller, who goes online with moniker RET, explained that it wasn’t the author of the ransomware malware, it had acquired the package without a license and cracked the builder version. To each encrypted file, it appends a randomized nine-digit hexadecimal number as an extension.

Ransomware 98

Ransomware Hacking Encryption Malware 98

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware 211

Malware VPN Internet Internet 211

Security Affairs

JUNE 12, 2022

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134 , affecting Atlassian Confluence Server and Data Center.

Ransomware 122

Ransomware Encryption Malware Hacking 122

Security Affairs

JUNE 12, 2023

Researchers detailed a fully undetectable (FUD) malware obfuscation engine named BatCloak that is used by threat actors. Researchers from Trend Micro have analyzed the BatCloak, a fully undetectable (FUD) malware obfuscation engine used by threat actors to stealthily deliver their malware since September 2022.

Engineering 82

Engineering Malware Encryption Hacking 82

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group.

Malware 96

Malware Encryption Telecommunications Authentication 96

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. The most important change in the latest Hive variant is the encryption mechanism it adopts. SecurityAffairs – hacking, Hive ransomware). ” continues Microsoft. .

Encryption 109

Encryption Ransomware Cybercrime Malware 109

Security Affairs

APRIL 4, 2023

A new ransomware strain named Rorschach ransomware supports the fastest file-encrypting routine observed to date. The researchers conducted five separate encryption speed tests in a controlled environment (with 6 CPUs, 8192MB RAM, SSD, and 220000 files to be encrypted), limited to local drive encryption only.

Encryption 85

Encryption Ransomware Malware Backups 85

Security Affairs

JANUARY 2, 2024

A team of researchers released a suite of tools that could help victims to decrypt data encrypted with by the Black Basta ransomware. Independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor.

Ransomware 110

Ransomware Encryption Insurance Malware 110

Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. The researchers noticed that the encryption algorithm implemented in the ELF executable is flawed and can allow victims to decrypt locked files without paying a ransom. ” continues the report.

Encryption 82

Encryption Ransomware Cybercrime Engineering 82

Security Affairs

JANUARY 2, 2023

In 2022, ransomware attacks targeted 105 state or municipal governments or agencies in the US, reads a report published by Emsisoft. The only local government known to have paid a ransom in 2022 was Quincy, MA., SecurityAffairs – hacking, malware). which paid a $500,000 ransom. ” concludes the report.

Government 84

Government Ransomware Healthcare Education 84

Security Affairs

JANUARY 16, 2023

Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. The BianLian ransomware emerged in August 2022, the malware was employed in attacks against organizations in various industries, including manufactoring, media and entertainment, and healthcare.

Ransomware 87

Ransomware Malware Antivirus Encryption 87

Malwarebytes

SEPTEMBER 8, 2022

Known ransomware attacks by gang, August 2022. LockBit has been the most active ransomware threat for all of 2022 and it is impossible to imagine there isn't a team of FBI agents somewhere plotting its demise. Known ransomware attacks by gang, between March 2022 and August 2022. The future of ransomware.

Ransomware 77

Ransomware DDOS Encryption Backups 77

SecureList

OCTOBER 16, 2023

As the conflict continues, we anticipate potential wiper or ransomware malware attacks in the future. On October 8, a major hack on the Israeli Dorad private power station was announced on underground channels by the Cyber Av3ngers group. In 2020, Cyber Avengers claimed responsibility for the power cut and railway infrastructure hack.

Hacking 74

Hacking DDOS Encryption Malware 74

SecureList

MAY 27, 2022

IT threat evolution in Q1 2022. IT threat evolution in Q1 2022. IT threat evolution in Q1 2022. According to Kaspersky Security Network, in Q1 2022: Kaspersky solutions blocked 1,216,350,437 attacks from online resources across the globe. Number of unique users attacked by financial malware, Q1 2022 ( download ).

Mobile 104

Mobile Adware Ransomware Malware 104

SecureList

JULY 28, 2022

This is our latest installment, focusing on activities that we observed during Q2 2022. On January 24, a hash for sophisticated Solaris SPARC malware was posted on Twitter. We identified a Windows variant of this sample using the same string encryption algorithm, internal modules, and functionalities.

Malware 136

Malware Firmware Phishing Cryptocurrency 136

eSecurity Planet

JUNE 7, 2022

They earned the highest score among providers named "Customer's Choice" in Gartner's 2022 "Voice of the Customer” Security Awareness Computer-Based Training report. The solution includes cloud sandboxing technology, preventing zero-day threats, and full disk encryption capability for enhanced data protection. Get started today!

Cybersecurity 124

Cybersecurity Identity Theft Encryption Antivirus 124

SecureList

MAY 11, 2022

Ahead of the Anti-Ransomware Day, we summarized the tendencies that characterize ransomware landscape in 2022. This year, ransomware is no less active than before: cybercriminals continue to threaten nationwide retailers and enterprises , old variants of malware return while the new ones develop. –prockiller. –size.

Ransomware 118

Ransomware Encryption Malware Cybercrime 118

SecureList

NOVEMBER 18, 2022

IT threat evolution in Q3 2022. IT threat evolution in Q3 2022. IT threat evolution in Q3 2022. Rootkits are malware implants that are installed deep in the operating system. Nevertheless, in our APT predictions for 2022 , we noted that more attackers would reach the sophistication level required to develop such tools.

Malware 105

Malware Computers and Electronics Adware Cryptocurrency 105

SecureList

NOVEMBER 18, 2022

IT threat evolution in Q3 2022. IT threat evolution in Q3 2022. IT threat evolution in Q3 2022. According to Kaspersky Security Network, in Q3 2022: Kaspersky solutions blocked 956,074,958 attacks from online resources across the globe. Number of users attacked by banking malware. TOP 10 banking malware families.

Mobile 90

Mobile Malware Ransomware IoT 90

SecureList

NOVEMBER 10, 2022

Cryptocurrency prices were dropping from the end of 2021 and throughout the first half of 2022. Cybercriminals pay neither for equipment, nor for electricity, which is rather expensive in 2022. If the cryptomining malware is installed successfully on the victim’s computer, it delivers its operator stable earnings.

Cryptocurrency 112

Cryptocurrency Malware Software Ransomware 112

Security Affairs

APRIL 9, 2024

The campaign is notable for its utilization of the BatCloak malware obfuscation engine and ScrubCrypt to distribute the malware through obfuscated batch scripts. BatCloak is a fully undetectable (FUD) malware obfuscation engine used by threat actors to stealthily deliver their malware since September 2022.

Engineering 88

Engineering Phishing Malware Hacking 88

eSecurity Planet

NOVEMBER 2, 2022

If you’ve used a computer for more than 5 minutes, you probably know a thing or two about computer viruses and malware. On the modern Internet, malware is a near-constant presence. Though often conflated with one another, malware and computer viruses aren’t necessarily the same thing. Looking to Protect Yourself Against Malware?

Malware 140

Malware Ransomware Antivirus Internet 140

eSecurity Planet

MARCH 1, 2022

Symantec this week reported a highly sophisticated malware called “Backdoor.Daxin” that “appears to be used in a long-running espionage campaign against select governments and other critical infrastructure targets” and appears to be linked to China. The malware then sends information back to remote servers.

Malware 117

Malware Government Encryption Architecture 117

eSecurity Planet

JANUARY 26, 2023

Security researchers are warning that Google Ads are being actively leveraged to distribute malware to unsuspecting victims searching for software downloads. On January 20, CronUp researcher Germán Fernández warned that the DEV-0569 ransomware group is using Google Ads to distribute Gozi/Ursnif malware, RedLine stealer, and Royal ransomware.

Malware 120

Malware Ransomware Software Cryptocurrency 120

Malwarebytes

JUNE 3, 2022

Although LockBit remained the most widely-deployed ransomware in May 2022, it was, typically, Conti that sucked all of the air out of the room. Not long after, a hacking group began using the leaked source code to attack targets inside Russia , violating one of ransomware’s unspoken rules. Ransomware attacks in May 2022.

Ransomware 102

Ransomware Accountability Technology Firmware 102

Security Affairs

MARCH 25, 2024

The threat actors sent out spam emails with attachments that eventually launched the StrelaStealer malware. The malware StrelaStealer is an email credential stealer that DCSO_CyTec first documented in November 2022. “The JScript file then drops a Base64-encrypted file and a batch file. ” concludes the report.

Malware 94

Malware Encryption Manufacturing Phishing 94

Security Affairs

NOVEMBER 19, 2023

Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. The group has been active since March 2022, it focused on small and medium-size businesses in multiple industries, including finance, manufacturing, business services, and IT.

Ransomware 118

Ransomware Encryption Backups Manufacturing 118

SecureList

MAY 4, 2022

In February 2022 we observed the technique of putting the shellcode into Windows event logs for the first time “in the wild” during the malicious campaign. Dropper modules also patch Windows native API functions, related to event tracing (ETW) and anti-malware scan interface (AMSI), to make the infection process stealthier.

Malware 140

Malware Encryption Architecture Technology 140

Security Affairs

MAY 7, 2022

Experts spotted a malware campaign that is the first one using a technique of hiding a shellcode into Windows event logs. In February 2022 researchers from Kaspersky spotted a malicious campaign using a novel technique that consists of hiding the shellcode in Windows event logs. SecurityAffairs – hacking, Windows event logs).

Malware 81

Malware Encryption Hacking Cybersecurity 81

Security Affairs

MAY 4, 2023

Facebook discovered a new information-stealing malware, dubbed ‘NodeStealer,’ that is being distributed on Meta. NodeStealer is a new information-stealing malware distributed on Meta that allows stealing browser cookies to hijack accounts on multiple platforms, including Facebook, Gmail, and Outlook. environment.

Malware 89

Malware Accountability Advertising Education 89

Security Affairs

OCTOBER 2, 2022

Another US defense contractor suffered a data breach, the BlackCat ransomware gang claims to have hacked NJVC. At the time of this writing, the ALPHV’s Tor leak site is not reachable and it is not clear if there is some link with the NJVC hack. SecurityAffairs – hacking, NJVC). ” reported CyberNews.

Hacking 92

Hacking Ransomware Data breaches Government 92

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware 290

Malware Software Technology Accountability 290

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. 15, 2022, LastPass said an investigation into the August breach determined the attacker did not access any customer data or password vaults.

Cryptocurrency 351

Cryptocurrency Passwords Encryption Accountability 351

Security Affairs

NOVEMBER 30, 2022

When you buy a Sony, Lexar, or Sandisk USB key or any other storage device, it comes with an encryption solution to keep your data safe. Netherlands-based company with 12 million users worldwide provides “military-grade data protection” solutions with its popular DataVault encryption software. SecurityAffairs – hacking, ENC Security).

Encryption 95

Encryption Phishing Marketing Software 95

Security Affairs

NOVEMBER 28, 2022

While the malware written in.NET is new, its deployment is similar to previous attacks attributed to #Sandworm. 1/9 pic.twitter.com/WyxzCZSz84 — ESET research (@ESETresearch) November 25, 2022. In September 2022, Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware.

Ransomware 113

Ransomware Encryption Telecommunications Malware 113

Security Affairs

MAY 30, 2024

Since 2011, Wang and his co-conspirators had been distributing malware through malicious VPN applications, including MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN. The compromised devices were recruited in the 911 S5 residential proxy service. ” reads the press release published by DoJ. based online service providers.

VPN 83

VPN Cryptocurrency Malware Software 83