2023, Blog, Information Security and Malware

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Security Affairs

OCTOBER 18, 2023

Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. The researchers reported that several cybercrime groups began exploiting the flaw in early 2023, when the bug was still a zero-day. ” reported Google TAG.

Cybercrime

Cybercrime Malware Software Hacking

Hackers are taking advantage of the interest in generative AI to install Malware

Security Affairs

MAY 3, 2023

Threat actors are using the promise of generative AI like ChatGPT to deliver malware, Facebook parent Meta warned. Threat actors are taking advantage of the huge interest in generative AI like ChatGPT to trick victims into installing malware, Meta warns. ” reads the Meta’s Q1 2023 Security Reports.

Malware

Malware Education Accountability Media

Multiple malware used in attacks exploiting Ivanti VPN flaws

Security Affairs

FEBRUARY 1, 2024

Mandiant spotted new malware used by a China-linked threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant researchers discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices.

VPN

VPN Malware Authentication Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks

SecureList

JANUARY 18, 2023

The threat landscape is constantly updated through new malware and spyware, advanced phishing methods, and new social engineering techniques. Last year, the cybersecurity of corporations and government agencies was more significant than ever before, and will become even more so in 2023. These add up to 144 million annually.

Media

Media Social Engineering Ransomware Hacking

Microsoft Patch Tuesday for May 2023 fixed 2 actively exploited zero-day flaws

Security Affairs

MAY 9, 2023

Microsoft Patch Tuesday Security updates for May 2023 address a total of 40 vulnerabilities, including two zero-day actively exploited in attacks. Microsoft’s May 2023 security updates address 40 vulnerabilities, including two zero-day flaws actively exploited in attacks. ” reads the advisory. We are in the final!

Antivirus

Antivirus Malware Hacking Cybersecurity

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

On March 7, 2023, the researchers found a Linux variant of the PingPull that was uploaded to VirusTotal, it had a very low detection rate (3 out of 62) “Despite a largely benign verdict, additional analysis has determined that this sample is a Linux variant of PingPull malware. ” reads the analysis published by Unit 42.

Malware

Malware Telecommunications Government VPN

New Lobshot hVNC malware spreads via Google ads

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Researchers from Elastic Security Labs spotted a new remote access trojan dubbed LOBSHOT was being distributed through Google Ads. ” reads the report published by Elastic Security Labs.

Malware

Malware Cybercrime Banking Software

A flaw in the Kyocera Android printing app can be abused to drop malware

Security Affairs

APRIL 13, 2023

Security experts warn that a Kyocera Android printing app is vulnerable to improper intent handling and can be abused to drop malware. An improper intent handling issue affecting the Kyocera Android printing app can allow malicious applications to drop malware. ” reads the advisory published by the JVN.

Malware

Malware Mobile Education Media

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Security Affairs

MAY 1, 2023

Iranian authorities have been spotted using the BouldSpy Android malware to spy on minorities and traffickers. The researchers are tracking the spyware since March 2020, starting in 2023, multiple security experts [ 1 , 2 ] started monitoring its activity.

Surveillance

Surveillance Malware Spyware Education

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. Together, CWRU and the FBI were able to identify that an IP address with which the malware was communicating had also been used to access the alumni email account of a man called Phillip Durachinsky.

Malware

Malware Passwords Identity Theft Data collection

Threat actors target law firms with GootLoader and SocGholish malware

Security Affairs

MARCH 2, 2023

Cyber criminals are targeting law firms with GootLoader and FakeUpdates (aka SocGholish) malware families. Researchers from eSentire have foiled 10 cyberattacks targeting six different law firms throughout January and February of 2023. One campaign attempted to infect law firm employees with the GootLoader malware.

Malware

Malware Ransomware Engineering Internet

Introducing the DRM-Report Q1 2023: Unveiling the Current State of Ransomware

Security Affairs

MAY 15, 2023

DRM Dashboard Ransomware Monitor released the first quarterly report for the year 2023 about the activities of ransomware groups globally. DRM Dashboard Ransomware Monitor, an independent platform of cybersecurity monitoring, is pleased to release the quarterly the DRM-Report for the first quarter of 2023.

Ransomware

Ransomware Cybercrime Cybersecurity Hacking

Balada Injector continues to infect thousands of WordPress sites

Security Affairs

JANUARY 15, 2024

Balada Injector malware infected more than 7100 WordPress sites using a vulnerable version of the Popup Builder plugin. The researchers noticed that the number of Balada Injector infections has doubled compared with August 2023. The researchers noticed that the number of Balada Injector infections has doubled compared with August 2023.

Malware

Malware Hacking Accountability Information Security

IRISSCON 2023: OT, AI, and human empathy

BH Consulting

NOVEMBER 22, 2023

Among them were: attacks against critical infrastructure, increasing regulation, the need for empathy from security pros, and – naturally – AI. From the off, 2023 struck a more downbeat tone than last year’s edition. Stuxnet in 2010 was the first the most recent was CosmicEnergy in 2023.

Cybercrime

Cybercrime Technology Cybersecurity Engineering

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. “Thanks to you, we are now developing in the field of information security and anonymity!,”

Cybercrime

Cybercrime Advertising IoT Malware

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Image: Mandiant.

Malware

Malware Software Technology Accountability

Experts temporarily disrupted the RedLine Stealer operations

Security Affairs

APRIL 18, 2023

The two companies teamed up with Flare to curb the operations of the malware operators. The experts discovered that the malware control panels use GitHub repositories as dead-drop resolvers. The info-stealer is considered a commodity malware that is available through malware-as-a-service model.

Malware

Malware Education Media Authentication

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

ViperSoftX uses more sophisticated encryption and anti-analysis techniques Atomic macOS Stealer is advertised on Telegram for $1,000 per month CISA warns of a critical flaw affecting Illumina medical devices OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands Cisco discloses a bug in the Prime Collaboration Deployment (..)

Cybercrime

Cybercrime Malware Hacking Accountability

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Security Affairs

APRIL 24, 2023

The malware environment checking and Anti-VM functions. com, malicious activity increased significantly in March 2023. FortiGuard Labs observed this malware in a phishing email campaign on 30 March, which we traced back to the samples included in this blog.” ” reads the report published by Fortinet.

Cybercrime

Cybercrime Malware Education Phishing

Crooks use PaperCut exploits to deliver Cl0p and LockBit ransomware

Security Affairs

APRIL 27, 2023

Microsoft is attributing the recently reported attacks exploiting the CVE-2023-27350 and CVE-2023-27351 vulnerabilities in print management software PaperCut to deliver Clop ransomware to the threat actor tracked as Lace Tempest (overlaps with FIN11 and TA505).

Ransomware

Ransomware Education Media Malware

Experts found the first LockBit encryptor that targets macOS systems

Security Affairs

APRIL 16, 2023

patrickwardle cc @cyb3rops pic.twitter.com/SMuN3Rmodl — MalwareHunterTeam (@malwrhunterteam) April 15, 2023 The discovery is disconcerting and demonstrates the effort of the group to expand its operation targeting also Apple systems. It appears we are late to the game. The MacOS variant has been available since November 11th, 2022.

Encryption

Encryption Architecture Ransomware Education

More than 17,000 WordPress websites infected with the Balada Injector in September

Security Affairs

OCTOBER 12, 2023

In September more than 17,000 WordPress websites have been compromised by the Balada Injector malware. The Balada injector is a malware family that has been active since 2017. The malware supports multiple attack vectors and persistence mechanisms. . ” continues Sucuri.

Malware

Malware Hacking Accountability Cybercrime

Experts released PoC Exploit code for actively exploited PaperCut flaw

Security Affairs

APRIL 24, 2023

Hackers are actively exploiting PaperCut MF/NG print management software flaws (tracked as CVE-2023-27350 and CVE-2023-27351 ) in attacks in the wild. On April 19th, Print management software provider PaperCut confirmed that it is aware of the active exploitation of the CVE-2023-27350 vulnerability.

Authentication

Authentication Software Education Malware

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

In April 2023, FortiGuard Labs researchers observed a hacking campaign targeting Cacti ( CVE-2022-46169 ) and Realtek ( CVE-2021-35394 ) vulnerabilities to spread ShellBot and Moobot malware. The court order allowed authorities to use the Moobot malware to copy and delete stolen and malicious data and files from compromised routers.

Energy and Utilities

Energy and Utilities Government Firewall Malware

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

The group published a series of screenshots of the company’s CTMS and ERP databases The Money Message group threatens to publish the stolen files by Wednesday, April 12, 2023, if the company will not pay the ransom. Today MSI confirmed the security breach, it confirmed that threat actors had access to some of its information service systems.

Ransomware

Ransomware Firmware Hacking Manufacturing

Experts devised a new exploit for the PaperCut flaw that can bypass all current detection

Security Affairs

MAY 4, 2023

Cybersecurity researchers from VulnCheck have developed a new exploit for the recently disclosed critical flaw in PaperCut servers, tracked as CVE-2023-27350 (CVSS score: 9.8), that bypasses all current detections. The CVE-2023-27350 flaw is a PaperCut MF/NG Improper Access Control Vulnerability.

Education

Education Malware Software Cybersecurity

Cybercrime group exploits Windows zero-day in ransomware attacks

Security Affairs

APRIL 11, 2023

Microsoft has addressed a zero-day vulnerability, tracked as CVE-2023-28252 , in the Windows Common Log File System (CLFS), which is actively exploited in ransomware attacks. Microsoft fixed the issue with the release of Patch Tuesday security updates for April 2023.

Cybercrime

Cybercrime Ransomware Education Media

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Security Affairs

APRIL 24, 2023

Print management software provider PaperCut confirmed ongoing active exploitation of CVE-2023-27350 vulnerability. On April 19th, Print management software provider PaperCut confirmed that it is aware of the active exploitation of the CVE-2023-27350 vulnerability. ” The CVE-2023-27350 (CVSS score – 9.8)

Cybercrime

Cybercrime Software Education Ransomware

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

. “Successful exploits could allow attackers to monitor users’ internet activity, highjack internet connections and redirect traffic to malicious websites or inject malware into network traffic. “NETGEAR is aware of multiple security vulnerabilities on the RAX30. .” for the RAX30 router family.

Hacking

Hacking Firmware Authentication DNS

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

A new variant of the information-stealing malware ViperSoftX implements sophisticated techniques to avoid detection. Trend Micro researchers observed a new ViperSoftX malware campaign that unlike previous attacks relies on DLL sideloading for its arrival and execution technique. c2 arrowlchat[.]com c2 arrowlchat[.]com

Encryption

Encryption Malware Cryptocurrency Software

CERT-UA warns of an ongoing SmokeLoader campaign

Security Affairs

MAY 8, 2023

Ukraine’s CERT-UA warns of an ongoing phishing campaign aimed at distributing the SmokeLoader malware in the form of a polyglot file. CERT-UA warns of an ongoing phishing campaign that is distributing the SmokeLoader malware in the form of a polyglot file. ” reads the alert published by Ukraine’s CERT. .”

Malware

Malware Phishing VPN Accountability

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Spyware

Spyware Ransomware Malware Data breaches

3CX Supply chain attack allowed targeting cryptocurrency companies

Security Affairs

APRIL 4, 2023

As of Mar 22, 2023, SentinelOne observed a spike in behavioral detections of the 3CXDesktopApp, which is a popular voice and video conferencing software product. The products from multiple cybersecurity vendors started detecting the popular software as malware suggesting that the company has suffered a supply chain attack.

Cryptocurrency

Cryptocurrency Malware Software Manufacturing

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. CERT-UA observed the campaign in April 2023, the malicious e-mails with the subject “Windows Update” were crafted to appear as sent by system administrators of departments of multiple government bodies.

System Administration

System Administration Government Phishing Malware

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

In Q1 2023, threat actors linked to Russia’s military intelligence service focused their phishing campaigns on Ukraine, with the country accounting for over 60% of observed Russian targeting. On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware.

Phishing

Phishing Education Accountability Telecommunications

Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE

Security Affairs

MAY 12, 2023

The FBI and CISA issued a joint advisory warning that the Bl00dy Ransomware group is actively targeting the education sector by exploiting the PaperCut remote-code execution vulnerability CVE-2023-27350. According to the FBI, threat actors started exploiting the CVE-2023-27350 flaw in mid-April 2023 and the attacks are still ongoing.

Education

Education Ransomware Encryption Malware

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Security Affairs

FEBRUARY 6, 2023

Linux variant of Royal Ransomware from ELF 64-bit b57e5f0c857e807a03770feb4d3aa254d2c4c8c8d9e08687796be30e2093286c 0/62 FUD pic.twitter.com/GXu7GOuMDm — Will (@BushidoToken) February 2, 2023 Querying VirusTotal for the hash that was shared by the expert we can verify that currently the ransomware variant has a detection rate of 32 our of 63.

Encryption

Encryption Ransomware Malware Healthcare

LockBit leaks data stolen from the South Korean National Tax Service

Security Affairs

APRIL 1, 2023

On March 29, 2023, The Lock Bit ransomware gang announced the hack of the South Korean National Tax Service. The group added the South Korean agency to its Tor leak site and announced the release of stolen data by April 1st, 2023 in case the ransom was not paid.

Identity Theft

Identity Theft Ransomware Scams Education

Yum! Brands, the owner of KFC, Taco Bell and Pizza Hut, discloses data breach

Security Affairs

APRIL 11, 2023

On January 13, 2023, Yum! Now the company, which owns the KFC, Pizza Hut, and Taco Bell brands, disclosed a data breach and revealed that ransomware actors have stolen personally identifiable information (PII) of an unspecified number of individuals. “As we announced publicly in mid-January, Yum!

Data breaches

Data breaches Identity Theft Education Ransomware

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

” reads the Threat Horizons April 2023 Threat Horizons Report published by Google.”The ” Upon installing the malware on the target system, it queries Google Sheets to obtain attacker commands. ”The payload was an open source red teaming tool called “Google Command and Control” (GC2).”

Media

Media Accountability Government Malware

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs

MAY 14, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Data breaches

Data breaches DDOS Artificial Intelligence Ransomware

Remcos RAT campaign targets US accounting and tax return preparation firms

Security Affairs

APRIL 16, 2023

The phishing attacks began in February 2023, the IT giant reported. In 2021, CISA added Remcos to the list of top malware strains due to its use in mass phishing attacks using COVID-19 pandemic themes targeting businesses and individuals.

Accountability

Accountability Phishing Financial Services Surveillance

A new Mirai botnet variant targets TP-Link Archer A21

Security Affairs

APRIL 25, 2023

Mirai botnet started exploiting the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451 ) in TP-Link Archer A21 in recent attacks. Last week, the Zero Day Initiative (ZDI) threat-hunting team observed the Mirai botnet attempting to exploit the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451, CVSS v3: 8.8)

DDOS

DDOS Engineering Firmware Architecture

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

Security Affairs

MAY 21, 2023

In February 2023, eSentire reported another BatLoader campaign targeting users searching for AI tools. The experts also detailed a separate case, that was observed on May 2023, using a similar infection scheme to advertise a rogue page for Midjourney. “Generative AI technologies and chatbots have exploded in popularity in 2023.

System Administration

System Administration Advertising Malware Hacking

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Hackers are taking advantage of the interest in generative AI to install Malware

Webinars

Trending Sources

Multiple malware used in attacks exploiting Ivanti VPN flaws

Webinars

What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks

Microsoft Patch Tuesday for May 2023 fixed 2 actively exploited zero-day flaws

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

New Lobshot hVNC malware spreads via Google ads

A flaw in the Kyocera Android printing app can be abused to drop malware

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Alleged FruitFly malware creator ruled incompetent to stand trial

Threat actors target law firms with GootLoader and SocGholish malware

Introducing the DRM-Report Q1 2023: Unveiling the Current State of Ransomware

Balada Injector continues to infect thousands of WordPress sites

IRISSCON 2023: OT, AI, and human empathy

Administrator of RSOCKS Proxy Botnet Pleads Guilty

3CX Breach Was a Double Supply Chain Compromise

Experts temporarily disrupted the RedLine Stealer operations

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Crooks use PaperCut exploits to deliver Cl0p and LockBit ransomware

Experts found the first LockBit encryptor that targets macOS systems

More than 17,000 WordPress websites infected with the Balada Injector in September

Experts released PoC Exploit code for actively exploited PaperCut flaw

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

MSI confirms security breach after Money Message ransomware attack

Experts devised a new exploit for the PaperCut flaw that can bypass all current detection

Cybercrime group exploits Windows zero-day in ransomware attacks

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

CERT-UA warns of an ongoing SmokeLoader campaign

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

3CX Supply chain attack allowed targeting cryptocurrency companies

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Google TAG warns of Russia-linked APT groups targeting Ukraine

Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

LockBit leaks data stolen from the South Korean National Tax Service

Yum! Brands, the owner of KFC, Taco Bell and Pizza Hut, discloses data breach

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Remcos RAT campaign targets US accounting and tax return preparation firms

A new Mirai botnet variant targets TP-Link Archer A21

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

Stay Connected