Advertising, Authentication, Information Security and Malware

Crooks impersonate brands using search engine advertisement services

Security Affairs

DECEMBER 26, 2022

The FBI warns of cybercriminals using search engine advertisement services to impersonate brands and defraud users. The FBI is warning of cyber criminals using search engine advertisement services to impersonate brands and direct users to websites that were used to defraud users. ” reads the advisory published by the FBI.

Advertising

Advertising Engineering Education Internet

Patch Tuesday, March 2024 Edition

Krebs on Security

MARCH 12, 2024

Security Update addresses dozens of security issues. Narang highlighted CVE-2024-21390 as a particularly interesting vulnerability in this month’s Patch Tuesday release, which is an elevation of privilege flaw in Microsoft Authenticator , the software giant’s app for multi-factor authentication.

Authentication

Authentication Engineering Accountability Internet

Statc Stealer, a new sophisticated info-stealing malware

Security Affairs

AUGUST 10, 2023

Experts warn that a new info-stealer named Statc Stealer is infecting Windows devices to steal a broad range of sensitive information. Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices. ” concludes the report.

Malware

Malware Encryption Advertising Cryptocurrency

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Zombinder APK binding service used in multiple malware attacks

Security Affairs

DECEMBER 8, 2022

While investigating a new malware campaign targeting Android and Windows systems, researchers at Threat Fabric discovered a darknet service, dubbed Zombinder, used to embed malicious payloads in legitimate Android apps. Clicking on the “Download for Android” button leads to downloading the Ermac malware. Keylogging. Pierluigi Paganini.

Malware

Malware Banking Cryptocurrency Advertising

USCYBERCOM shares five new North Korea-linked malware samples

Security Affairs

MAY 13, 2020

The United States Cyber Command (USCYBERCOM) has uploaded five new North Korean malware samples to VirusTotal. The United States Cyber Command (USCYBERCOM) has shared five new malware samples attributed to the North Korea-linked Lazarus APT , it has uploaded the malicious code to VirusTotal. ” reads the DHS CISA’s advisory.

Malware

Malware Advertising Government Cryptocurrency

Erbium info-stealing malware, a new option in the threat landscape

Security Affairs

SEPTEMBER 27, 2022

Threat actors behind the new ‘Erbium’ information-stealing malware are distributing it as fake cracks and cheats for popular video games to steal victims’ credentials and cryptocurrency wallets. The Erbium info-stealing malware was first spotted by researchers at threat intelligence firm Cluster25 on July 21, 2022.

Malware

Malware Password Management Authentication Passwords

Rampant Kitten ‘s arsenal includes Android malware that bypasses 2FA

Security Affairs

SEPTEMBER 18, 2020

Security researchers discovered Android malware capable of bypassing 2FA that was developed by an Iran-linked group dubbed Rampant Kitten. Security researchers from Check Point discovered an Android malware, developed by an Iran-linked group dubbed Rampant Kitten, that is able to bypass 2FA. Pierluigi Paganini.

Malware

Malware Phishing Accountability Advertising

New Coronavirus-themed malspam campaign delivers FormBook Malware

Security Affairs

MARCH 8, 2020

Experts uncovered a new Coronavirus (COVID-19 ) -themed campaign that is distributing a malware downloader that delivers the FormBook information-stealing Trojan. Experts at MalwareHunterTeam uncovered a new malspam campaign exploiting the fear in the Coronavirus (COVID-19) to deliver malware.

Malware

Malware Scams Social Engineering Phishing

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The QSnatch malware implements multiple functionalities, such as: . The experts were alerted about the malware in October and immediately launched an investigation.

Malware

Malware Firmware Advertising Manufacturing

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Security Affairs

FEBRUARY 14, 2020

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released reports on North Korea-linked HIDDEN COBRA malware. The FBI, the US Cyber Command, and the Department of Homeland Security have published technical details of a new North-Korea linked hacking operation.

Malware

Malware Passwords Advertising Antivirus

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. Threat actors used custom malware to steal data from 3.2 NordLocker experts speculate the malware campaign leveraged tainted Adobe Photoshop versions, pirated games, and Windows cracking tools.

Malware

Malware Computers and Electronics Software Financial Services

OpenBSD addresses authentication bypass, privilege escalation issues

Security Affairs

DECEMBER 5, 2019

Experts from Qualys Research Labs discovered four high-severity security flaws in OpenBSD, one of which is a type authentication bypass issue. Researchers from Qualys Research Labs discovered four high-severity security vulnerabilities in OpenBSD, a type authentication bypass issue and three privilege escalation bugs.

Authentication

Authentication Advertising Hacking Malware

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

China-linked hackers carried out cyber espionage campaigns targeting governments, corporations, and think tanks with TAIDOOR malware. “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1 “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1

Malware

Malware Government Passwords System Administration

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs

SEPTEMBER 22, 2020

US Cybersecurity and Infrastructure Security Agency (CISA) is warning of a notable increase in the use of LokiBot malware by threat actors since July 2020. The Agency’s EINSTEIN Intrusion Detection System has detected persistent malicious activity associated with the LokiBot malware. Enforce multi-factor authentication.

Malware

Malware Passwords Advertising Antivirus

Crooks leverage Zoom’s popularity in Coronavirus outbreak to serve malware

Security Affairs

MARCH 30, 2020

com to deliver malware. Ensure you are ordering goods from an authentic source. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Advertising Retail Architecture

A Google Drive weakness could allow attackers to serve malware

Security Affairs

AUGUST 23, 2020

The issue could have been exploited by an attacker to send an email that appears as sent by another Gmail or G Suite user, the message is able to bypass protection mechanisms such as Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC). Pierluigi Paganini.

Malware

Malware Phishing Advertising Antivirus

QNAP urges users to update Malware Remover after QSnatch joint alert

Security Affairs

AUGUST 2, 2020

The Taiwanese vendor QNAP urges its users to update the Malware Remover app following the alert on the QSnatch malware. The Taiwanese company QNAP is urging its users to update the Malware Remover app to prevent NAS devices from being infected by the QSnatch malware. Webshell functionality for remote access.

Malware

Malware Advertising Passwords Manufacturing

Masad Stealer Malware exfiltrates data via Telegram

Security Affairs

SEPTEMBER 29, 2019

Experts at Juniper Threat Labs have discovered a new piece of malware dubbed Masad Stealer that exfiltrate s cryptocurrency wallet files via Telegram. Security researchers at the Juniper Threat Labs discovered a strain of malware dubbed Masad Stealer that is actively distributed.

Malware

Malware Cryptocurrency Advertising Marketing

The Most Common Types of Malware in 2021

CyberSecurity Insiders

JANUARY 31, 2021

Regardless of how familiar you are with Information Security, you’ve probably come across the term ‘malware’ countless times. From accessing your business-critical resources and sensitive information to halting business operations and services, a malware infection can quickly become an organization’s worst nightmare come true.

Malware

Malware Computers and Electronics Adware Spyware

Alien Android banking Trojan, the powerful successor of the Cerberus malware

Security Affairs

SEPTEMBER 24, 2020

Security researchers spotted a new strain of Android malware, dubbed Alien, that implements multiple features allowing it to steal credentials from 226 apps. Alien first appeared in the threat landscape early this year, its model of sale is Malware-as-a-Service (MaaS) and is advertised on several underground hacking forums.

Banking

Banking Malware Advertising Architecture

New MATA Multi-platform malware framework linked to NK Lazarus APT

Security Affairs

JULY 23, 2020

North Korea-linked Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA, to target entities worldwide. The MATA malware framework could target Windows, Linux, and macOS operating systems. The malware framework implements a wide range of features that allow attackers to fully control the infected systems.

Malware

Malware Ransomware Advertising Encryption

Nexus, an emerging Android banking Trojan targets 450 financial apps

Security Affairs

MARCH 23, 2023

Nexus is available via a Malware-as-a-Service (MaaS) subscription and is advertised on underground forums or through private channels (e.g., However, Cleafy’s Threat Intelligence & Response Team reported having detected the first Nexus infections in June 2022, months before the MaaS was publicly advertised.

Banking

Banking Cryptocurrency Malware Advertising

MobiHok RAT, a new Android malware based on old SpyNote RAT

Security Affairs

SEPTEMBER 16, 2019

A new Android malware has appeared in the threat landscape, tracked as MobiHok RAT, it borrows the code from the old SpyNote RAT. Experts pointed out that the latest release of the RAT implements new features, including a bypass to the Facebook authentication mechanism. SecurityAffairs – MobiHok RAT, malware).

Malware

Malware Advertising Marketing Hacking

Phishers prefer Tesla, top 3 malware strains in Coronavirus phishing campaigns

Security Affairs

APRIL 9, 2020

Group-IB’s CERT-GIB analyzed hundreds of coronavirus -related phishing emails and discovered top malware strains in COVID-19 campaigns. Spyware turned out to be the most common malware class hiding in fraudulent COVID-19 emails, with AgentTesla topping the list of phishers’ favorite strains. SecurityAffairs – malware, Coronavirus).

Phishing

Phishing Malware Spyware DDOS

TheMoon bot infected 40,000 devices in January and February

Security Affairs

MARCH 26, 2024

A new variant of TheMoon malware infected thousands of outdated small office and home office (SOHO) routers and IoT devices worldwide. Once the rules have been created, a thread connects to an NTP server from a roster of authentic NTP servers.

IoT

IoT Cybercrime Internet Internet

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 25, 2024

Apple created post-quantum cryptographic protocol PQ3 for iMessage Russian hacker is set to face trial for the hack of a local power grid Microsoft released red teaming tool PyRIT for Generative AI CISA orders federal agencies to fix ConnectWise ScreenConnect bug in a week FTC charged Avast with selling users’ browsing data to advertising companies (..)

Spyware

Spyware Cyber Insurance Hacking Advertising

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

Microsoft is recommending administrators to disable the SMBv1 network communication protocol on Exchange servers to prevent malware attacks. Microsoft is urging administrators to disable the SMBv1 protocol on Exchange servers as a countermeasure against malware threats like TrickBot and Emotet. Pierluigi Paganini.

Authentication

Authentication Malware Advertising Hacking

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

— Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. Attacks showing up in commodity malware like those used by the threat actor CHIMBORAZO indicate broader exploitation in the near term.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. states Microsoft. Pierluigi Paganini.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Malicious app in Google Play used to deliver Cerberus Banking Trojan

Security Affairs

JULY 8, 2020

The malware-as-a-service Cerberus has emerged in the threat landscape in August 2019, it is an Android RAT developed from scratch that doesn’t borrow the code from other malware. The malware implements banking Trojan capabilities such as the use of overlay attacks, the ability to intercept SMS messages and access to the contact list.

Banking

Banking Malware Authentication Advertising

Neo_Net runs eCrime campaign targeting clients of banks globally

Security Affairs

JULY 4, 2023

A Mexican threat actor that goes online with the moniker Neo_Net is behind an Android malware campaign targeting banks worldwide. The case was reported by security researcher Pol Thill. . The threat actor advertises the Smishing-as-a-Service platform on Telegram. ” Thill explained.

Banking

Banking Phishing Social Engineering Authentication

SYS01 stealer targets critical government infrastructure

Security Affairs

MARCH 7, 2023

Cybersecurity researchers from Morphisec discovered a new, advanced information stealer, dubbed SYS01 stealer, that since November 2022 was employed in attacks aimed at critical government infrastructure employees, manufacturing companies, and other sectors. ” reads the analysis published by Morphisec.

Government

Government Manufacturing Social Engineering Malware

TroyStealer – A new info stealer targeting Portuguese Internet users

Security Affairs

JUNE 13, 2020

The world of cybercrime is changing, and more and more malware variants have spread every day. An information stealer (or info stealer) is a Trojan that is designed to gather information from a system. Another common form this malware is to log user keystrokes which may reveal sensitive information. h/t: abuse.ch.

Internet

Internet Internet Malware Banking

Visa warns of new sophisticated credit card skimmer dubbed Baka

Security Affairs

SEPTEMBER 6, 2020

Baka is a sophisticated e-skimmer developed by a skilled malware developer that implements a unique obfuscation method and loader. The skimmer loads dynamically to avoid static malware scanners and uses unique encryption parameters for each victim to obfuscate the malicious code.” ” reads the alert published by VISA.

eCommerce

eCommerce Malware Encryption Advertising

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Security Affairs

OCTOBER 21, 2019

Security experts have a new malware, dubbed skip-2.0 Security experts at ESET have discovered a new malware, dubbed skip-2.0, malware was used by threat actors to establish a backdoor in MSSQL Server 11 and 12 servers, allowing them to access to any account on the server using a “magic password.”

Malware

Malware Passwords Advertising DNS

Belarusian authorities seized XakFor, one of the largest Russian-speaking hacker sites

Security Affairs

SEPTEMBER 8, 2019

net), a popular hacking forum a place frequented by hackers, malware authors, scammers and cybercriminals. The site was considered the right place online where to find free malware or to buy not sophisticated malicious codes, including ransomware and RAT. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising Malware Cybercrime Hacking

Microsoft failed to fix LSASS elevation of privilege flaw

Security Affairs

AUGUST 13, 2020

Google Project Zero researcher who discovered the elevation of privilege flaw ( CVE-2020-1509 ) in the Windows Local Security Authority Subsystem Service (LSASS) warn that Microsoft did not properly address it. “If the target is a proxy then the authentication process is allowed, even if the Enterprise Auth Cap is not specified.

Authentication

Authentication Advertising Hacking Information Security

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. Researchers from Kaspersky have spotted a UEFI malware that was involved in attacks on organizations with an interest in North Korea. Pierluigi Paganini. SecurityAffairs – hacking, UEFI).

Firmware

Firmware Spyware Surveillance Hacking

New Coronavirus-themed campaign spread Lokibot worldwide

Security Affairs

APRIL 4, 2020

177] that uses the World Health Organization (WHO) trademark in an attempt to convince recipients of its authenticity.” arj ” that appears to contain additional information, but which in fact is a decoy.” ” The body of the messages contains information about the pandemic along with suggestions and recommendations.

Advertising

Advertising Malware Passwords Cybercrime

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs

SEPTEMBER 24, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Security Intelligence

Security Intelligence Authentication Advertising Passwords

Zerologon attack lets hackers to completely compromise a Windows domain

Security Affairs

SEPTEMBER 14, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. published a detailed analysis of the flaw.

Authentication

Authentication Passwords Advertising Architecture

Cisco fixes critical and high-severity flaws in Data Center Network Manager

Security Affairs

JULY 31, 2020

One of the most security issues is a critical authentication bypass vulnerability, tracked as CVE-2020-3382. The vulnerability can allow a remote, unauthenticated attacker to bypass authentication and perform actions with admin privileges on the vulnerable device. ” reads the security advisory. Pierluigi Paganini.

Authentication

Authentication Advertising Software Encryption

TeamViewer flaw can allow hackers to steal System password

Security Affairs

AUGUST 11, 2020

The expert discovered that the issue could allow an attacker to force the software to relay an NTLM authentication request to the attacker’s system. This means that the SMB authentication process will leak the system’s username, and NTLMv2 hashed version of the password to the attackers. “An Pierluigi Paganini.

Passwords

Passwords Authentication Advertising Software

230k+ Indonesian COVID-19 patients’ records for sale in the Darkweb

Security Affairs

JUNE 21, 2020

Cyble has analyzed the data and confirmed its authenticity, it also indexed the record in its data breach monitoring and notification service AmiBreached.com. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Data breaches

Data breaches Mobile Advertising Authentication

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

Security Affairs

SEPTEMBER 23, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. “An Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Vendors supporting Samba 4.7

Authentication

Authentication Advertising Architecture Passwords

Crooks impersonate brands using search engine advertisement services

Patch Tuesday, March 2024 Edition

Webinars

Trending Sources

Statc Stealer, a new sophisticated info-stealing malware

Webinars

Zombinder APK binding service used in multiple malware attacks

USCYBERCOM shares five new North Korea-linked malware samples

Erbium info-stealing malware, a new option in the threat landscape

Rampant Kitten ‘s arsenal includes Android malware that bypasses 2FA

New Coronavirus-themed malspam campaign delivers FormBook Malware

QSnatch malware infected over 62,000 QNAP NAS Devices

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Mysterious custom malware used to steal 1.2TB of data from million PCs

OpenBSD addresses authentication bypass, privilege escalation issues

US govt agencies share details of the China-linked espionage malware Taidoor

CISA’s advisory warns of notable increase in LokiBot malware

Crooks leverage Zoom’s popularity in Coronavirus outbreak to serve malware

A Google Drive weakness could allow attackers to serve malware

QNAP urges users to update Malware Remover after QSnatch joint alert

Masad Stealer Malware exfiltrates data via Telegram

The Most Common Types of Malware in 2021

Alien Android banking Trojan, the powerful successor of the Cerberus malware

New MATA Multi-platform malware framework linked to NK Lazarus APT

Nexus, an emerging Android banking Trojan targets 450 financial apps

MobiHok RAT, a new Android malware based on old SpyNote RAT

Phishers prefer Tesla, top 3 malware strains in Coronavirus phishing campaigns

TheMoon bot infected 40,000 devices in January and February

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Malicious app in Google Play used to deliver Cerberus Banking Trojan

Neo_Net runs eCrime campaign targeting clients of banks globally

SYS01 stealer targets critical government infrastructure

TroyStealer – A new info stealer targeting Portuguese Internet users

Visa warns of new sophisticated credit card skimmer dubbed Baka

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Belarusian authorities seized XakFor, one of the largest Russian-speaking hacker sites

Microsoft failed to fix LSASS elevation of privilege flaw

Second-ever UEFI rootkit used in North Korea-themed attacks

New Coronavirus-themed campaign spread Lokibot worldwide

Hackers are using Zerologon exploits in attacks in the wild

Zerologon attack lets hackers to completely compromise a Windows domain

Cisco fixes critical and high-severity flaws in Data Center Network Manager

TeamViewer flaw can allow hackers to steal System password

230k+ Indonesian COVID-19 patients’ records for sale in the Darkweb

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

Stay Connected