Accountability, Encryption, Information Security and Malware

Information Security News headlines trending on Google

CyberSecurity Insiders

MAY 4, 2023

According to the advisory, all healthcare providers operating in the Indian subcontinent and in the whole of South Asia should be cautious about the said file-encrypting group that mainly targets the healthcare sector. The post Information Security News headlines trending on Google appeared first on Cybersecurity Insiders.

Information Security

Information Security Healthcare Social Engineering Ransomware

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. ” reads the analysis published by Google TAG. Pierluigi Paganini.

Accountability

Accountability Malware Phishing Social Engineering

SOVA Android malware now also encrypts victims’ files

Security Affairs

AUGUST 15, 2022

Security researchers from Cleafy reported that the SOVA Android banking malware is back and is rapidly evolving. The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers report. The malware has been active since 2021 and evolves over time.

Encryption

Encryption Malware Banking Ransomware

Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies

Security Affairs

JANUARY 1, 2024

The MultiLogin endpoint endpoint is an internal mechanism that allows the synchronization of Google accounts across services. This endpoint receives a vector containing account IDs and auth-login tokens for efficiently handling concurrent sessions or seamlessly transitioning between user profiles. ” continues the report.

Malware

Malware Penetration Testing Passwords Encryption

Crooks manipulate GitHub’s search results to distribute malware

Security Affairs

APRIL 13, 2024

Researchers warn threat actors are manipulating GitHub search results to target developers with persistent malware. Checkmarx researchers reported that t hreat actors are manipulating GitHub search results to deliver persistent malware to developers systems. csproj or.vcxproj), it is automatically executed when the project is built.

Malware

Malware Cryptocurrency Encryption Hacking

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

A new variant of the information-stealing malware ViperSoftX implements sophisticated techniques to avoid detection. Trend Micro researchers observed a new ViperSoftX malware campaign that unlike previous attacks relies on DLL sideloading for its arrival and execution technique. c2 arrowlchat[.]com c2 arrowlchat[.]com

Encryption

Encryption Malware Cryptocurrency Software

Linux variant of Cerber ransomware targets Atlassian servers

Security Affairs

APRIL 17, 2024

The malware includes three heavily obfuscated C++ payloads compiled as 64-bit Executable and Linkable Format (ELF) files and packed with UPX. ” states Cado Security. Financially motivated threat actors created an admin account to deploy the Effluence web shell plugin and execute arbitrary commands on the vulnerable server.

Ransomware

Ransomware Encryption Malware Accountability

Rorschach ransomware has the fastest file-encrypting routine to date

Security Affairs

APRIL 4, 2023

A new ransomware strain named Rorschach ransomware supports the fastest file-encrypting routine observed to date. The researchers conducted five separate encryption speed tests in a controlled environment (with 6 CPUs, 8192MB RAM, SSD, and 220000 files to be encrypted), limited to local drive encryption only.

Encryption

Encryption Ransomware Malware Backups

Rogue ChatGPT extension FakeGPT hijacked Facebook accounts

Security Affairs

MARCH 22, 2023

A tainted version of the legitimate ChatGPT extension for Chrome, designed to steal Facebook accounts, has thousands of downloads. Guardio ’s security team uncovered a new variant of a malicious Chat-GPT Chrome Extension that was already downloaded by thousands a day. Left: The “FakeGPT” Variant on Chrome Store.

Accountability

Accountability Encryption Hacking Cybercrime

Iran-linked DEV-0270 group abuses BitLocker to encrypt victims’ devices

Security Affairs

SEPTEMBER 9, 2022

Iran-linked APT group DEV-0270 (aka Nemesis Kitten) is abusing the BitLocker Windows feature to encrypt victims’ devices. Microsoft Security Threat Intelligence researchers reported that Iran-linked APT group DEV-0270 ( Nemesis Kitten ) has been abusing the BitLocker Windows feature to encrypt victims’ devices.

Encryption

Encryption Internet Internet Firewall

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group.

Malware

Malware Encryption Telecommunications Authentication

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. In some attacks, threat actors created an administrative account named itadm.

Ransomware

Ransomware Encryption Antivirus VPN

Russia-linked APT28 used new malware in a recent phishing campaign

Security Affairs

DECEMBER 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. The group employed previously undetected malware such as OCEANMAP, MASEPIE, and STEELHOOK to steal sensitive information from target networks. file classified as MASEPIE.

Phishing

Phishing Malware Computers and Electronics Internet

GravityRAT returns disguised as an end-to-end encrypted chat app

Security Affairs

NOVEMBER 13, 2021

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Gets connected network information. Record audio.

Encryption

Encryption Malware Media Authentication

Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw

Security Affairs

MARCH 3, 2021

A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could’ve allowed to hijack any account. Microsoft has awarded the security researcher Laxman Muthiyah $50,000 for reporting a vulnerability that could have allowed anyone to hijack users’ accounts without consent.

Accountability

Accountability Passwords Encryption Mobile

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware

Malware Software Technology Accountability

Zoom now supports end-to-end encrypted (E2EE) calls

Security Affairs

OCTOBER 15, 2020

The Video conferencing platform Zoom announced the implementation of end-to-end encryption (E2EE) and its availability starting next week. The popular Video conferencing platform Zoom announced the availability of the end-to-end encryption (E2EE) starting next week. ” reads the post published by the company. Pierluigi Paganini.

Encryption

Encryption Advertising Accountability Hacking

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. The infection chain.

Malware

Malware Computers and Electronics Encryption Ransomware

TeamTNT is back and targets servers to run Bitcoin encryption solvers

Security Affairs

SEPTEMBER 19, 2022

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and targets Docker installs. The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August 2020 experts from Cado Security discovered that botnet is also able to target misconfigured Kubernetes installations.

Encryption

Encryption Cybercrime Hacking Malware

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

The used lure is in Russian is called “ Information security memo ” which provide security practices for passwords, confidential information, etc. The threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat: Debug Information.

Malware

Malware Encryption Antivirus Architecture

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

Info stealers, the type of malware with its purpose in the name, can cripple businesses and everyday users alike. Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network.

Banking

Banking Cybercrime Malware Accountability

ERMAC, a new banking Trojan that borrows the code from Cerberus malware

Security Affairs

SEPTEMBER 27, 2021

According to the experts, ERMAC is operated by threat actors behind the BlackRock mobile malware. On August 17, two forum members named “ermac” and “DukeEugene” started advertising the malware. DukeEugene”, posted the following message in his account: “Android botnet ERMAC. 3k$ per month. Pierluigi Paganini.

Banking

Banking Malware Mobile Encryption

YTStealer info-stealing malware targets YouTube content creators

Security Affairs

JUNE 29, 2022

Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators.

Malware

Malware Authentication Software Accountability

8Base ransomware operators use a new variant of the Phobos ransomware

Security Affairs

NOVEMBER 19, 2023

Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. 8base” file extension for encrypted documents, a circumstance that suggested a possible link to the 8Base group or the use of the same code-base for their ransomware.

Ransomware

Ransomware Encryption Backups Manufacturing

German encrypted email service Tutanota suffers DDoS attacks

Security Affairs

SEPTEMBER 19, 2020

The popular encrypted email service Tutanota was hit with a series of DDoS attacks this week targeting its website fist and its DNS providers later. Encrypted email service, Tutanota suffered a series of DDoS attacks that initially targeted the website and later its DNS providers. ” continues the post. Pierluigi Paganini.

DDOS

DDOS Encryption DNS Advertising

46M accounts were impacted in the data breach of children’s online playground Animal Jam

Security Affairs

NOVEMBER 12, 2020

The popular children’s online playground Animal Jam has suffered a data breach that affected more than 46 million accounts. Animal Jam has suffered a data breach impacting 46 million accounts belonging to children and parents who signed up for the game. . records include the birth year the player entered at account creation 23.9M

Data breaches

Data breaches Accountability Passwords Encryption

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

The main reasons to rewrite malware in Rust is to have lower AV detection rates, compared to malware written in most common languages, and to target multiple architectures. ” Upon executing the malware, the Rust binary prompts an error requiring a password to be passed as an argument. SecurityAffairs – hacking, malware).

Ransomware

Ransomware Encryption Healthcare Education

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. Threat actors used custom malware to steal data from 3.2 NordLocker experts speculate the malware campaign leveraged tainted Adobe Photoshop versions, pirated games, and Windows cracking tools.

Malware

Malware Computers and Electronics Software Financial Services

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

Security Affairs

JULY 8, 2022

The security firm states that the AstraLocker decryptor works for ransomware versions based on the Babuk malware that appends the.Astra or.babyk extensions to the name of the encrypted files. “Be sure to quarantine the malware from your system first, or it may repeatedly lock your system or encrypt files.

Ransomware

Ransomware Encryption Malware Accountability

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. They might even lock you out of your own accounts by resetting your passwords. Once they’re in, they can grab your emails, usernames, passwords, and more.

DNS

DNS VPN Encryption Passwords

DeathRansom ransomware evolves encrypting files, but experts identified its author

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. ” continues the report.

Encryption

Encryption Ransomware Malware Scams

US arrested Latvian woman who developed part of Trickbot malware

Security Affairs

JUNE 5, 2021

The US Department of Justice (DOJ) announced the arrest of a Latvian woman for her alleged role in the development of the Trickbot malware. The US Department of Justice (DOJ) announced the arrest of Alla Witte (aka Max), a Latvian woman that was charged for her alleged role in the development of the Trickbot malware.

Malware

Malware Banking Ransomware Encryption

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

Kroll researchers reported that the ransomware strain outstands for the use of encryption to protect the ransomware binary. The ransomware identifies user accounts by viewing successful logins in Windows Event Viewer, it also uses a modified variant of the open-source PSnmap Tool.

Ransomware

Ransomware Hacking Data breaches Digital transformation

Coldriver threat group targets high-ranking officials to obtain credentials

Malwarebytes

JANUARY 22, 2024

The group uses social engineering techniques to persuade their targets to open documents or download malware. In December 2023, the US charged two Russians believed to be members of this group, for their role in a campaign that hacked government accounts. It is mainly in use by security researchers to classify malware.

Social Engineering

Social Engineering Government Media DNS

XCSSET malware now targets macOS 11 and M1-based Macs

Security Affairs

APRIL 19, 2021

XCSSET, a Mac malware targeting Xcode developers, was now re-engineered and employed in a campaign aimed at Apple’s new M1 chips. Experts from Trend Micro have uncovered a Mac malware campaign targeting Xcode developers that employed a re-engineered version of the XCSSET malware to support Apple’s new M1 chips.

Malware

Malware Cryptocurrency Architecture Engineering

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

The used lure is in Russian is called " Information security memo " which provide security practices for passwords, confidential information, etc. The threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat: Debug Information.

Malware

Malware Encryption Antivirus Architecture

AMT Games data breach: Millions of Users’ Messages, Account IDs, and IP Addresses Exposed

Security Affairs

JUNE 2, 2021

There was no need for a password or login credentials to access the information, and the data was not encrypted. The leak has since been secured. Feedback message data contained Account id, feedback rating given, and users’ email addresses. The more information they possess, the more believable these emails look.

Data breaches

Data breaches Accountability Mobile Phishing

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. ” continues the alert.

Ransomware

Ransomware Encryption Passwords Malware

GoTrim botnet actively brute forces WordPress and OpenCart sites

Security Affairs

DECEMBER 14, 2022

The malware uses a bot network to perform distributed brute force attacks against target websites. “Typically, each script downloads the GoTrim malware from a hardcoded URL to a file in the same directory as the script itself and executes it.” ” continues the report. ” concludes the report.

Malware

Malware Encryption Accountability Risk

Researchers found the first Linux variant of the RTM locker

Security Affairs

APRIL 27, 2023

The encryptor uses a combination of ECDH on Curve25519 (asymmetric encryption) and Chacha20 (symmetric encryption) to encrypt files. The affiliates are obliged to remain active, or their account will be removed after 10 days without notifying them upfront. The group threatens to ban every affiliate who does leak samples.

Encryption

Encryption Ransomware Malware Education

Trigona Ransomware targets Microsoft SQL servers

Security Affairs

APRIL 20, 2023

Threat actors are hacking into poorly secured and public-facing Microsoft SQL servers to deploy Trigona ransomware. Trigona is a malware strain that was discovered in October 2022, and Palo Alto Unit 42 researchers reported similarities between Trigona and the CryLock ransomware. _locked” extension to the filename of encrypted files.

Ransomware

Ransomware Malware Encryption Hacking

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

-based cyber intelligence firm Hold Security , KrebsOnSecurity in March told Gunnebo about a financial transaction between a malicious hacker and a cybercriminal group which specializes in deploying ransomware. In some cases, this allows the intruders to profit even if their malware somehow fails to do its job. ”

Hacking

Hacking Ransomware Banking Accountability

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Security Affairs

FEBRUARY 19, 2024

[link] pic.twitter.com/z91nfnGYAQ — Dominic Alvieri (@AlvieriD) February 19, 2024 The Cactus ransomware operation has been active since March 2023, Kroll researchers reported that the ransomware strain is notable for the use of encryption to protect the ransomware binary. The Cactus ransomware relies on multiple legitimate tools (e.g.

Ransomware

Ransomware Digital transformation Retail Antivirus

QNAP urges users to update Malware Remover after QSnatch joint alert

Security Affairs

AUGUST 2, 2020

The Taiwanese vendor QNAP urges its users to update the Malware Remover app following the alert on the QSnatch malware. The Taiwanese company QNAP is urging its users to update the Malware Remover app to prevent NAS devices from being infected by the QSnatch malware. Webshell functionality for remote access.

Malware

Malware Advertising Passwords Manufacturing

Information Security News headlines trending on Google

YouTube creators’ accounts hijacked with cookie-stealing malware

Trending Sources

SOVA Android malware now also encrypts victims’ files

Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies

Crooks manipulate GitHub’s search results to distribute malware

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Linux variant of Cerber ransomware targets Atlassian servers

Rorschach ransomware has the fastest file-encrypting routine to date

Rogue ChatGPT extension FakeGPT hijacked Facebook accounts

Iran-linked DEV-0270 group abuses BitLocker to encrypt victims’ devices

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Akira ransomware received $42M in ransom payments from over 250 victims

Russia-linked APT28 used new malware in a recent phishing campaign

GravityRAT returns disguised as an end-to-end encrypted chat app

Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw

3CX Breach Was a Double Supply Chain Compromise

Zoom now supports end-to-end encrypted (E2EE) calls

Wannacry, the hybrid malware that brought the world to its knees

TeamTNT is back and targets servers to run Bitcoin encryption solvers

Woody RAT: A new feature-rich malware spotted in the wild

Info stealers and how to protect against them

ERMAC, a new banking Trojan that borrows the code from Cerberus malware

YTStealer info-stealing malware targets YouTube content creators

8Base ransomware operators use a new variant of the Phobos ransomware

German encrypted email service Tutanota suffers DDoS attacks

46M accounts were impacted in the data breach of children’s online playground Animal Jam

Experts spotted a variant of the Agenda Ransomware written in Rust

Mysterious custom malware used to steal 1.2TB of data from million PCs

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

DeathRansom ransomware evolves encrypting files, but experts identified its author

US arrested Latvian woman who developed part of Trickbot malware

Cactus ransomware gang claims the Schneider Electric hack

Coldriver threat group targets high-ranking officials to obtain credentials

XCSSET malware now targets macOS 11 and M1-based Macs

Woody RAT: A new feature-rich malware spotted in the wild

AMT Games data breach: Millions of Users’ Messages, Account IDs, and IP Addresses Exposed

FBI published a flash alert on Mamba Ransomware attacks

GoTrim botnet actively brute forces WordPress and OpenCart sites

Researchers found the first Linux variant of the RTM locker

Trigona Ransomware targets Microsoft SQL servers

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

QNAP urges users to update Malware Remover after QSnatch joint alert

Stay Connected