Advertising, Encryption and Hacking - Cyber Security Informer

Ragnar Locker ransomware gang advertises Campari hack on Facebook

Security Affairs

NOVEMBER 11, 2020

Ragnar Locker Ransomware operators have started to run Facebook advertisements to force their victims into paying the ransom. In November 2019, ransomware operators have started adopting a new double-extortion strategy first used by the Maze gang that sees threat actors also stealing unencrypted files before encrypting infected systems.

Advertising

Advertising Hacking Ransomware Accountability

Red Cross Hack Linked to Iranian Influence Operation?

Krebs on Security

FEBRUARY 16, 2022

The ICRC said the hacked servers contained data relating to the organization’s Restoring Family Links services, which works to reconnect people separated by war, violence, migration and other causes. In their online statement about the hack (updated on Feb. “Mr. .” Image: Ke-la.com. com, sachtimes[.]com,

Hacking

Hacking Ransomware Media Accountability

Twitter Hacking for Profit and the LoLs

Krebs on Security

JULY 22, 2020

The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week’s epic hack against Twitter. ” Twice in the past year, the OGUsers forum was hacked , and both times its database of usernames, email addresses and private messages was leaked online.

Hacking

Hacking Accountability Scams Media

Inside the DemandScience by Pure Incubation Data Breach

Troy Hunt

NOVEMBER 13, 2024

Apparently, before a child reaches the age of 13, advertisers will have gathered more 72 million data points on them. But in all likelihood, there will be more than a handful of domain subscribers who take issue with that volume of people data sitting there in one corpus easily downloadable via a clear web hacking forum.

Data breaches

Data breaches Passwords B2B Technology

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. The malicious code was advertised on cybercrime forums for $3,000 per month. The report includes Indicators of Compromise (IoCs) for this new variant.

Malware

Malware Advertising Antivirus Cybercrime

Ransomware hackers adopting Intermittent Encryption

CyberSecurity Insiders

SEPTEMBER 13, 2022

According to a study conducted by security firm SentinelOne, ransomware spreading hackers are adopting a new encryption standard named ‘Intermittent Encryption’ while targeting victims. Intermittent Encryption is nothing but locking down files on a partial note and at a great speed that also helps in being detected.

Encryption

Encryption Ransomware Advertising Malware

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

Researchers at SEC Consult Vulnerability Lab discovered multiple issues in several security products from Fortinet, including hardcoded key and encryption for communications. “The messages are encrypted using XOR “encryption” with a static key.” Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Encryption

Encryption Antivirus DNS Advertising

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 20, 2024

CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog Nation-state actor exploited three Ivanti CSA zero-days Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’ macOS HM Surf flaw in TCC allows bypass Safari privacy settings Iran-linked actors target critical infrastructure organizations (..)

Data breaches

Data breaches Cybercrime Cyber Insurance Marketing

Snake Ransomware isolates infected Systems before encrypting files

Security Affairs

JULY 5, 2020

Experts spotted recent samples of the Snake ransomware that were isolating the infected systems while encrypting files to avoid interference. The Snake ransomware kills processes from a predefined list, including ICS-related processes, to encrypt associated files. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Encryption

Encryption Ransomware Firewall Backups

REvil ransomware gang hacked gaming firm Gaming Partners International

Security Affairs

OCTOBER 31, 2020

The REvil ransomware operators made the headlines again, this time the gang claims to have hacked the Gaming Partners International (GPI). The REvil ransomware gang (aka Sodinokibi) claims to have stolen info from the systems at the company before encrypting them. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Ransomware Advertising Encryption

German encrypted email service Tutanota suffers DDoS attacks

Security Affairs

SEPTEMBER 19, 2020

The popular encrypted email service Tutanota was hit with a series of DDoS attacks this week targeting its website fist and its DNS providers later. Encrypted email service, Tutanota suffered a series of DDoS attacks that initially targeted the website and later its DNS providers. SecurityAffairs – hacking, Tutanota).

DDOS

DDOS Encryption DNS Advertising

Let’s Encrypt CA is revoking over 3 Million TLS certificates due to a bug

Security Affairs

MARCH 4, 2020

Let’s Encrypt is going to revoke over 3 million certificates today due to a flaw in the software used to verify users and their domains before issuing a certificate. A bug in Let’s Encrypt’s certificate authority (CA) software, dubbed Boulder, caused the correct validation for some certificates. Pierluigi Paganini.

Encryption

Encryption Advertising DNS Software

LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains

Security Affairs

JULY 29, 2021

ransomware is now able to encrypt Windows domains by using Active Directory group policies. ransomware that encrypts Windows domains by using Active Directory group policies. After ransomware ads were banned on hacking forum, the LockBit operators set up their own leak site promoting the latest variant and advertising the LockBit 2.0

Encryption

Encryption Ransomware Malware Hacking

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

MAY 25, 2020

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. Mounting all the shared drives to encrypt. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Encryption

Encryption Ransomware Energy and Utilities Advertising

Popular Webkinz World online children’s game hacked, 23M credentials leaked

Security Affairs

APRIL 19, 2020

A hacker has leaked the usernames and passwords of nearly 23 million players of Webkinz World on a well-known hacking forum. . “ZDNet has learned that details about the vulnerability have been circulating online before today’s leak for months, both on hacking forums and on online IM chat groups.” Pierluigi Paganini.

Hacking

Hacking Data breaches Passwords Advertising

Trojan Shield, the biggest ever police operation against encrypted communications

Security Affairs

JUNE 8, 2021

Trojan Shield operation: The FBI and Australian Federal Police ran an encrypted chat platform that was used by crime gangs and intercepted their communications. The FBI and Australian Federal Police (AFP) ran an encrypted chat platform that was used by crime gangs and intercepted their communications.

Encryption

Encryption Cryptocurrency Cybercrime Advertising

Asian media firm E27 hacked, attackers asked for a “donation”

Security Affairs

JUNE 28, 2020

Asian media firm E27 has been hacked by a hacking group identifying themselves as “Korean Hackers” and “Team Johnwick”that asked for a “donation” to provide information on the vulnerabilities they have exploited in the attack. .” SecurityAffairs – hacking, E27). Pierluigi Paganini.

Media

Media Hacking Passwords Data breaches

Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer

Schneier on Security

JUNE 23, 2021

Its spyware is also said to be equipped with a keylogger, which means every keystroke made on an infected device — including passwords, search queries and messages sent via encrypted messaging apps — can be tracked and monitored.

Manufacturing

Manufacturing Spyware Surveillance Marketing

Ransom Gangs Emailing Victim Customers for Leverage

Krebs on Security

APRIL 5, 2021

“The company has been hacked, data has been stolen and will soon be released as the company refuses to protect its peoples’ data.” This letter is from the Clop ransomware gang, putting pressure on a recent victim named on Clop’s dark web shaming site. “Good day!

Ransomware

Ransomware Advertising Retail DDOS

Who’s Behind the RevCode WebMonitor RAT?

Krebs on Security

APRIL 22, 2019

An advertisement for RevCode WebMonitor. ” But critics say WebMonitor is far more likely to be deployed on “pwned” devices, or those that are surreptitiously hacked. The first advertisements in hacker forums for the sale of WebMonitor began in mid-2017. Federal Bureau of Prisons , he was released on Nov.

Advertising

Advertising Antivirus Software Malware

Source code of Dharma ransomware now surfacing on public hacking forums

Security Affairs

MARCH 29, 2020

The source code of the infamous Dharma ransomware is now available for sale on two Russian-language hacking forums. The source code of one of the most profitable ransomware families, the Dharma ransomware , is up for sale on two Russian-language hacking forums. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Hacking Advertising Malware

Chinese Military personnel charged with hacking into credit reporting agency Equifax

Security Affairs

FEBRUARY 10, 2020

The United States Department of Justice charged 4 Chinese military hackers with hacking into credit reporting agency Equifax. The United States Department of Justice officially charged 4 members of the China’s PLA’s 54th Research Institute, a division of the Chinese military, with hacking into credit reporting agency Equifax.

Hacking

Hacking Data breaches Advertising Encryption

Application and AI roundup - May

Adam Shostack

JANUARY 2, 2025

Google plans to add end-to-end encryption to Authenticator is a bit of a jaw-dropper. How did you roll out a feature that copies super-sensitive data to the cloud and not encrypt it? In her cybersecurity roundup where I saw both of those, Violet Blue asks the same question: How do medical research devices get made without passwords?

Passwords

Passwords Encryption Risk Advertising

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Asked to comment for this story, Apple said there has been no breach, hack, or technical exploit of iCloud or Apple services, and that the company is continuously adding new protections to address new and emerging threats. One “autodoxer” service advertised on Telegram that promotes a range of voice phishing tools and services.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Victims of ThunderX ransomware can recover their files for free

Security Affairs

SEPTEMBER 26, 2020

Researchers developed a decryptor for the ransomware after they have discovered a bug in the encryption process implemented by the threat. This decryptor can recover for free files encrypted by the current version of the ThunderX ransomware that appends the .tx_locked SecurityAffairs – hacking, ransomware). Pierluigi Paganini.

Ransomware

Ransomware Encryption Advertising Hacking

AvosLocker ransomware now targets Linux systems, including ESXi servers

Security Affairs

JANUARY 11, 2022

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers, Bleeping computed reported. SecurityAffairs – hacking, AvosLocker).

Ransomware

Ransomware Encryption Advertising Malware

Medusa ransomware hit over 300 critical infrastructure organizations until February 2025

Security Affairs

MARCH 13, 2025

Medusa operators leverage legitimate remote access tools like AnyDesk, Atera, and Splashtop, alongside RDP and PsExec, to move laterally and locate files for exfiltration and encryption. Encryption is executed using gaze.exe , which disables security tools, deletes backups, and encrypts files with AES-256 before dropping a ransom note.

Ransomware

Ransomware Encryption Cryptocurrency Insurance

Qilin ransomware gang claimed responsibility for the Lee Enterprises attack

Security Affairs

MARCH 2, 2025

3 cyberattack led to unauthorized access, file withdrawals, and encryption of critical applications. “Preliminary investigations indicate that threat actors unlawfully accessed the Companys network, encrypted critical applications, and exfiltrated certain files. The company reported to the SEC that a Feb.

Ransomware

Ransomware Cybercrime Encryption Healthcare

Tyler Technologies finally paid the ransom to receive the decryption key

Security Affairs

OCTOBER 11, 2020

Tyler Technologies has finally decided to paid a ransom to obtain a decryption key and recover files encrypted in a recent ransomware attack. According to BleepingComputer, which cited a source informed on the event, Tyler Technologies paid a ransom of an unspecified amount to receive the decryption key and recover encrypted files.

Technology

Technology Ransomware Encryption Advertising

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

If the attachment is opened, the malicious document proceeds to quietly download additional malware and hacking tools to the victim machine ( here’s one video example of a malicious Microsoft Office attachment from the malware sandbox service any.run ). Have a Coke and a Molotov cocktail. Image: twitter.com/multivpn.

Cybercrime

Cybercrime Malware Ransomware VPN

Victims of FonixCrypter ransomware could decrypt their files for free

Security Affairs

JANUARY 30, 2021

The FonixCrypter gang also closed its Telegram channel that was used to advertise the malware in the cybercrime underground. The availability of the master decryption key allows the victims to recover their encrypted files for free. SecurityAffairs – hacking, ransomware). Pierluigi Paganini.

Ransomware

Ransomware Encryption Malware Cybercrime

Crooks hit Puerto Rico Firefighting Department Servers

Security Affairs

OCTOBER 15, 2020

The department received an email from the threat actors that notifies it that they had encrypted its servers and demanded the payment of a ransom to release them. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising Encryption Hacking Information Security

Clop Ransomware attempts to disable Windows Defender and Malwarebytes

Security Affairs

DECEMBER 2, 2019

The malicious code executes a small program, just before starting the encryption process, to disable security tools running on the infected systems that could detect its operations. These are encrypted under the suffix. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware

Ransomware Encryption Advertising Cybercrime

Does Your Organization Have a Security.txt File?

Krebs on Security

SEPTEMBER 20, 2021

It happens all the time: Organizations get hacked because there isn’t an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Perhaps this particular retailer also did so at one point, however my message was returned with a note saying the email had been blocked.

Retail

Retail Healthcare Internet Internet

Maze Ransomware operators claim to have stolen millions of credit cards from Banco BCR

Security Affairs

MAY 1, 2020

Maze Ransomware operators claim to have hacked the network of the state-owned Bank of Costa Rica Banco BCR and to have stolen internal data, including 11 million credit card credentials. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Banking Cyber Insurance Advertising

Maze ransomware operators leak credit card data from Costa Rica’s BCR bank

Security Affairs

MAY 25, 2020

Early May, Maze Ransomware operators claimed to have hacked the network of the state-owned Bank of Costa Rica Banco BCR and to have stolen internal data, including 11 million credit card credentials. cyber #cybersecurity #databreach #banking #Hacked @BleepinComputer pic.twitter.com/5Kh6LakkKF — Cyble (@AuCyble) May 22, 2020.

Banking

Banking Ransomware Advertising Hacking

Qualcomm and MediaTek Wi-Fi chips impacted by Kr00k-Like attacks

Security Affairs

AUGUST 8, 2020

The attacker could exploit the Kr00k issue even when it is not connected to the victim’s wireless network, the vulnerability works against vulnerable devices using WPA2-Personal or WPA2-Enterprise protocols, with AES-CCMP encryption. Experts found a similar issue affecting MediaTek Wi-Fi chips that don’t use encryption at all.

Wireless

Wireless Encryption Manufacturing Advertising

Sodinokibi ransomware gang stole 1TB of data from Brown-Forman

Security Affairs

AUGUST 15, 2020

Sodinokibi (REvil) ransomware operators announced on Friday to have hacked Brown-Forman, one of the largest U.S. As a proof of the hack, Sodinokibi ransomware operators posted on their leak site multiple screenshots showing directories and files allegedly belonging to the company, and internal conversations between some employees.

Ransomware

Ransomware Advertising Hacking Encryption

Mount Locker ransomware operators demand multi-million dollar ransoms

Security Affairs

SEPTEMBER 28, 2020

A new ransomware gang named Mount Locker has started its operations stealing victims’ data before encrypting. According to the popular malware researchers Michael Gillespie , the Mount Locker uses ChaCha20 to encrypt the files and an embedded RSA-2048 public key to encrypt the encryption key. Pierluigi Paganini.

Ransomware

Ransomware Encryption Advertising Engineering

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Krebs on Security

SEPTEMBER 4, 2018

Before it was taken offline sometime in the past 12 hours, the database contained millions of records, including the username, password and private encryption key of each mSpy customer who logged in to the mSpy site or purchased an mSpy license over the past six months. Akbar was charged with selling and advertising wiretapping equipment.

Spyware

Spyware Mobile Advertising Software

Critical Blink Router Flaws (CVSS 9.8) Allow Remote Root Code Execution via Unauthenticated Attacks

Penetration Testing

JUNE 15, 2025

Related Posts: Cyclops Blink malware launches persistent attacks on several popular ASUS routers Hackers use Cisco Router flaws to attack Iran, 3,500 routers hacked US/UK warn Russia to hack into global routers Let’s Encrypt Root gains the trust of all major root programs Rate this post Found this helpful?

Firmware

Firmware DNS Penetration Testing Advertising

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

The new versions of FinSpy spyware were used by a new unknown hacking group, Amnesty International speculates the involvement of a nation-state actor that employed them since September 2019. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, FinSpy). Pierluigi Paganini.

Spyware

Spyware Surveillance Advertising Mobile

Maze Ransomware operators published data from LG and Xerox

Security Affairs

AUGUST 4, 2020

Maze ransomware operators have also breached the systems of the Xerox Corporation and stolen files before encrypting them. The company did not disclose the cyberattack, but early June the Maze ransomware operators published some screenshots that showed that a Xerox domain has been encrypted. SecurityAffairs – hacking, ransomware).

Ransomware

Ransomware Encryption Advertising Hacking

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

The botnet uses the WSS (WebSocket over TLS) protocol for C2 communication to circumvent the typical Mirai traffic detection and provide secure encrypted communication for command and control. “Two zero days, 12 remote access functions for the router, encrypted traffic protocol, and infrastructure IP that that moves around. .

IoT

IoT Firmware DNS Advertising

Ragnar Locker ransomware gang advertises Campari hack on Facebook

Red Cross Hack Linked to Iranian Influence Operation?

Trending Sources

Twitter Hacking for Profit and the LoLs

Inside the DemandScience by Pure Incubation Data Breach

Banshee macOS stealer supports new evasion mechanisms

Ransomware hackers adopting Intermittent Encryption

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Snake Ransomware isolates infected Systems before encrypting files

REvil ransomware gang hacked gaming firm Gaming Partners International

German encrypted email service Tutanota suffers DDoS attacks

Let’s Encrypt CA is revoking over 3 Million TLS certificates due to a bug

LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains

Ragnar Ransomware encrypts files from virtual machines to evade detection

Popular Webkinz World online children’s game hacked, 23M credentials leaked

Trojan Shield, the biggest ever police operation against encrypted communications

Asian media firm E27 hacked, attackers asked for a “donation”

Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer

Ransom Gangs Emailing Victim Customers for Leverage

Who’s Behind the RevCode WebMonitor RAT?

Source code of Dharma ransomware now surfacing on public hacking forums

Chinese Military personnel charged with hacking into credit reporting agency Equifax

Application and AI roundup - May

A Day in the Life of a Prolific Voice Phishing Crew

Victims of ThunderX ransomware can recover their files for free

AvosLocker ransomware now targets Linux systems, including ESXi servers

Medusa ransomware hit over 300 critical infrastructure organizations until February 2025

Qilin ransomware gang claimed responsibility for the Lee Enterprises attack

Tyler Technologies finally paid the ransom to receive the decryption key

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Victims of FonixCrypter ransomware could decrypt their files for free

Crooks hit Puerto Rico Firefighting Department Servers

Clop Ransomware attempts to disable Windows Defender and Malwarebytes

Does Your Organization Have a Security.txt File?

Maze Ransomware operators claim to have stolen millions of credit cards from Banco BCR

Maze ransomware operators leak credit card data from Costa Rica’s BCR bank

Qualcomm and MediaTek Wi-Fi chips impacted by Kr00k-Like attacks

Sodinokibi ransomware gang stole 1TB of data from Brown-Forman

Mount Locker ransomware operators demand multi-million dollar ransoms

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Critical Blink Router Flaws (CVSS 9.8) Allow Remote Root Code Execution via Unauthenticated Attacks

Unknown FinSpy Mac and Linux versions found in Egypt

Maze Ransomware operators published data from LG and Xerox

New Ttint IoT botnet exploits two zero-days in Tenda routers

Stay Connected