Advertising, Information Security, Malware and VPN

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

Security Affairs

OCTOBER 3, 2023

Cybersecurity researchers spotted a new malware-as-a-service (MaaS) called BunnyLoader that’s appeared in the threat landscape. Zscaler ThreatLabz researchers discovered a new malware-as-a-service (MaaS) that is called BunnyLoader, which has been advertised for sale in multiple cybercrime forums since September 4, 2023.

Advertising

Advertising Cybercrime Malware Cryptocurrency

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

Bulletproof VPN services took down in a global police operation

Security Affairs

DECEMBER 22, 2020

A joint operation conducted by law European enforcement agencies resulted in the seizure of the infrastructure of three bulletproof VPN services. ” The three VPN bulletproof services were hosted at insorg.org , safe-inet.com , and safe-inet.net, their home page currently displays a law enforcement banner. day to $190/year.

VPN

VPN Cybercrime Advertising Accountability

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Security Affairs

OCTOBER 16, 2020

The Tripwire VERT security team spotted almost 800,000 SonicWall VPN appliances exposed online that are vulnerable to the CVE-2020-5135 RCE flaw. Security experts from the Tripwire VERT security team have discovered 795,357 SonicWall VPN appliances that were exposed online that are vulnerable to the CVE-2020-5135 RCE flaw.

VPN

VPN Firewall Advertising Internet

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. ” continues the EUROPOL. Europol said.

VPN

VPN Cybercrime Ransomware Advertising

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Security Affairs

SEPTEMBER 25, 2020

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes.

VPN

VPN Hacking IoT Advertising

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

VPN

VPN Government Authentication Advertising

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

Security Affairs

FEBRUARY 16, 2020

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world. Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign. POWSSHNET – Self-Developed Backdoor malware – RDP over SSH Tunneling.

VPN

VPN Telecommunications Advertising Hacking

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

Security Affairs

APRIL 6, 2020

DarkHotel nation-state actor is exploiting a VPN zero -day to breach Chinese government agencies in Beijing and Shanghai. Chinese security-firm Qihoo 360 has uncovered a hacking campaign conducted by a DarkHotel APT group (APT-C-06) aimed at Chinese government agencies in Beijing and Shanghai. ” continues the researchers.

VPN

VPN Government Advertising Firmware

Experts link AVRecon bot to the malware proxy service SocksEscort

Security Affairs

JULY 31, 2023

Threat actors behind the campaign aimed at building a botnet to use for a range of criminal activities from password spraying to digital advertising fraud. The AVrecon malware was written in C to ensure portability and designed to target ARM-embedded devices. The popular investigator Brian Krebs and Spur.us “ SocksEscort[.]com

Malware

Malware Small Business Advertising Passwords

7 VPN services left data of millions of users exposed online

Security Affairs

JULY 21, 2020

vpnMentor experts reported that seven Virtual Private Network (VPN) recently left 1.2 Security experts from vpnMentor have discovered a group of seven free VPN (virtual private network) apps that left their server unsecured online exposing private user data for anyone to see. . The server was secured on July 15 th.

VPN

VPN Advertising Passwords Internet

New TA886 group targets companies with custom Screenshotter malware

Security Affairs

FEBRUARY 10, 2023

A recently discovered threat actor, tracked as TA886 by security firm Proofpoint, is targeting organizations in the United States and Germany with new malware dubbed Screenshotter. The malware is able to take JPG screenshots of the victim’s desktop and submitting it to a remote C2 via a POST to a hardcoded IP address.

Malware

Malware Phishing Spyware Cybercrime

Privilege Escalation flaw found in Forcepoint VPN Client for Windows

Security Affairs

SEPTEMBER 23, 2019

Security researcher Peleg Hadar of SafeBreach Labs discovered a privilege escalation flaw that impacts all versions of Forcepoint VPN Client for Windows except the latest release. “There is an unquoted search path vulnerability in Forcepoint VPN Client for Windows versions lower than 6.6.1.” Pierluigi Paganini.

VPN

VPN Advertising Hacking Malware

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” ” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in.

Cybercrime

Cybercrime VPN Malware Penetration Testing

Experts warn of self-spreading malware targeting gamers looking for cheats on YouTube

Security Affairs

SEPTEMBER 16, 2022

Threat actors target gamers looking for cheats on YouTube with the RedLine Stealer information-stealing malware and crypto miners. The malicious code can also act as first-stage malware. “The videos advertise cheats and cracks and provide instructions on hacking popular games and software.” Pierluigi Paganini.

Malware

Malware Cryptocurrency Hacking Passwords

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Security Affairs

AUGUST 12, 2020

Experts found new variants of Agent Tesla Trojan that include modules to steal credentials from popular web browsers, VPN software, as well as FTP and email clients. Recent samples of the malware include specific code to collect app configuration data and credentials from several apps.

Passwords

Passwords Spyware VPN Malware

The Pirate Bay clones target millions of users with malware and malicious ads?

Security Affairs

FEBRUARY 9, 2022

Malvertising, also known as malicious advertising, is a type of online advertising used by threat actors to distribute malicious files. It’s also a rapidly growing threat that often includes fraudulent advertising schemes designed to make as much profit as possible from website visitors. Protecting against malvertising.

Malware

Malware Advertising Education Antivirus

REvil Ransomware member win the auction for KPot stealer source code

Security Affairs

NOVEMBER 4, 2020

KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software. The KPOT Stealer was written in C/C++, it was offered in the cybercrime underground as a Malware-as-a-Service (MaaS).

Ransomware

Ransomware Malware Advertising Cybercrime

CISA says federal agency compromised by malicious cyber actor

Security Affairs

SEPTEMBER 25, 2020

Cybersecurity and Infrastructure Security Agency (CISA) revealed that a hacker breached a US federal agency and threat actors exfiltrated data. Threat actors implanted a malware in the network of an unnamed federal agency that was able to avoid detection. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

VPN

VPN Malware Cyber threats Accountability

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Security Affairs

JULY 14, 2023

A new malware dubbed AVrecon targets small office/home office (SOHO) routers, it infected over 70,000 devices from 20 countries. Lumen Black Lotus Labs uncovered a long-running hacking campaign targeting SOHO routers with a strain of malware dubbed AVrecon. ” concludes the report. ” concludes the report.

Malware

Malware Advertising Cybercrime Passwords

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Since then, the same spammers have used this method to advertise more than 100 different crypto investment-themed domains. That user advertised a service called “ Quot Project ” which said they could be hired to write programming scripts in Python and C++. In May 2020, Zipper told another Lolzteam member that quot[.]pw

Scams

Scams DDOS Cryptocurrency Accountability

Crooks target Ukraine’s IT Army with a tainted DDoS tool

Security Affairs

MARCH 10, 2022

Threat actors are spreading password-stealing malware disguised as a security tool to target Ukraine’s IT Army. Cisco Talos researchers have uncovered a malware campaign targeting Ukraine’s IT Army , threat actors are using infostealer malware mimicking a DDoS tool called the “Liberator.” 35) on port 6666.

DDOS

DDOS Digital transformation Malware Advertising

+60,000 Android apps spotted hiding adware for past six months

Security Affairs

JUNE 7, 2023

However, the threat actors involved can easily switch tactics to redirect users to other types of malware, such as banking Trojans to steal credentials and financial information or ransomware.” ” The malware has been able to remain undetected since October 2022. ” reads the report published by Bitdefender.

Adware

Adware Mobile Malware Advertising

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Security Affairs

APRIL 2, 2020

Microsoft is sending notifications to dozens of hospitals about vulnerable VPN devices and gateways exposed online in their network. Microsoft is warning dozens of hospitals of the risks of ransomware attacks due to insecure VPN devices and gateways exposed online. ” reads the post published by Microsoft. Pierluigi Paganini.

Ransomware

Ransomware VPN Healthcare Cyber Attacks

NASA warns of a significant increase in cyber attacks during Coronavirus outbreak

Security Affairs

APRIL 8, 2020

The memo was obtained by the website SpaceRef, it warns of both phishing attacks and malware-based attacks. According to the advisory issued by NASA, the number of phishing attempts doubled in the past few days, at the same time the number of malware attacks on its systems has grown exponentially. ” reads the memo.

Cyber Attacks

Cyber Attacks Computers and Electronics VPN Phishing

Doki, an undetectable Linux backdoor targets Docker Servers

Security Affairs

JULY 29, 2020

Experts spotted an undetectable Linux malware that exploits undocumented techniques to evade detection and targets publicly accessible Docker servers. ” The botnet is scanning the Internet for misconfigured Docker API endpoints, Experts noticed that the Ngrok malware has already infected many vulnerable servers.

Cryptocurrency

Cryptocurrency Malware Advertising VPN

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 21, 2024

Automotive Industry Chinese Organized Crime’s Latest U.S.

Data breaches

Data breaches Phishing Ransomware Malware

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

The Iranian hacker group has been attacking corporate VPNs over the past months, they have been hacking VPN servers to plant backdoors in companies around the world targeting Pulse Secure , Fortinet , Palo Alto Networks , and Citrix VPNs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking VPN Advertising Financial Services

Security Affairs newsletter Round 276

Security Affairs

AUGUST 9, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – cyber security, newsletter). The post Security Affairs newsletter Round 276 appeared first on Security Affairs. Pierluigi Paganini.

Data breaches

Data breaches Ransomware Advertising VPN

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

Security Affairs

MARCH 17, 2020

Last week, security experts from MalwareHunterTeam detected new ransomware dubbed CoronaVirus has been distributed through a malicious web site that was advertising a legitimate system optimization software and utilities from WiseCleaner. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Cryptocurrency Advertising Passwords

Security Affairs newsletter Round 283

Security Affairs

SEPTEMBER 27, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT

IoT Banking Advertising Ransomware

Dozens of unsecured databases wiped by mysterious Meow attack

Security Affairs

JULY 22, 2020

Immediately after the first attacks, security experts started searching for vulnerable databases exposed online. One of the recent Meow attacks targeted the Hong Kong-based VPN provider UFO VPN , hackers targeted its Elasticsearch database. Recently vpnMentor experts reported that seven Virtual Private Network (VPN) left 1.2

VPN

VPN Advertising Hacking Information Security

US DoJ charges Iranian hackers for attacks on US satellite companies

Security Affairs

SEPTEMBER 18, 2020

The malware used by the threat actors includes the ChunkyTuna, Tiny, and China Chopper web shells. The Iranian hackers belong to an Iran-based threat actor that was behind attacks exploiting vulnerabilities in Pulse Secure VPN, Citrix Application Delivery Controller (ADC) and Gateway , and F5’s BIG-IP ADC products.

Hacking

Hacking Identity Theft VPN Accountability

REVil ransomware infected 18,000 computers at Telecom Argentina

Security Affairs

JULY 20, 2020

Immediately after the attack was detected by the internal IT staff, the company warned its employees of not connecting its internal VPN network and avoiding opening emails with suspicious archive attachments. In the past, REVil operators have targeted Pulse Secure and Citrix VPN and enterprise gateway systems as entry points.

Ransomware

Ransomware VPN Advertising Internet

US CISA report shares details on web shells used by Iranian hackers

Security Affairs

SEPTEMBER 16, 2020

Cybersecurity and Infrastructure Security Agency (CISA) released a malware analysis report (MAR) that includes technical details about web shells employed by Iranian hackers. The malware used by the threat actors includes the ChunkyTuna, Tiny, and China Chopper web shells. Pierluigi Paganini.

VPN

VPN Passwords Advertising Password Management

Netwalker ransomware operators claim to have stolen data from Forsee Power

Security Affairs

AUGUST 6, 2020

Install and regularly update anti-virus or anti-malware software on all hosts. Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Use two-factor authentication with strong passwords.

Ransomware

Ransomware VPN Advertising Marketing

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

“As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.” Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.

Ransomware

Ransomware DDOS Passwords Backups

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs

JULY 22, 2023

through 4.73, VPN series firmware versions 4.60 Since the vulnerability is in the VPN service, which is enabled by default on the WAN, we expect the actual number of exposed and vulnerable devices to be much higher.” The cause of the vulnerability is the improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60

DDOS

DDOS Firmware VPN Firewall

SeaChange video delivery software solutions provider hit by Sodinokibi ransomware

Security Affairs

APRIL 24, 2020

Experts from BadPackets pointed out that attackers might have exploited the Pulse Secure VPN CVE-2019-11510 to compromise the company. BadPackets reported that SeaChange had a Pulse Secure VPN server ( [link] ) vulnerable to CVE-2019-11510 from April 24, 2019 until March 24, 2020. Pierluigi Paganini.

Software

Software Ransomware VPN Advertising

Security Affairs newsletter Round 269

Security Affairs

JUNE 21, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. The post Security Affairs newsletter Round 269 appeared first on Security Affairs. authorities sanction six Nigerian nationals for BEC and Romance Fraud.

DDOS

DDOS Spyware Mobile Advertising

U.S. Bookstore giant Barnes & Noble hit by cyberattack

Security Affairs

OCTOBER 15, 2020

At the time of writing this post, the company hasn’t provided details of the attack, such as the family of malware that infected its systems. Information shared about the cyber attacks suggests that the company was the victim of a ransomware attack. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cyber Attacks

Cyber Attacks VPN Backups Ransomware

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

The campaign is worrisome due to the ongoing COVID-19 pandemic that caused the spike in the number of employees working from home and the increase in the use of corporate VPN and elimination of in-person verification. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times. Pierluigi Paganini.

Social Engineering

Social Engineering VPN Phishing Authentication

Venezuelan cardiologist accused of operating and selling Thanos ransomware

Security Affairs

MAY 17, 2022

Hakbit ransomware) has been developed by Nosophoros (aka Aesculapius, and Nebuchadnezzar), a threat actor offering for sale the malware on several Dark Web communities. The DoJ believes that Gonzalez is Nosophoros, the man was charged with charged for use and sale of ransomware, and profit sharing arrangements with cybercriminals.

Ransomware

Ransomware Cybercrime VPN Malware

Security Affairs newsletter Round 274

Security Affairs

JULY 26, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Advertising

Advertising Phishing VPN Hacking

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

Who and What is Behind the Malware Proxy Service SocksEscort?

Webinars

Trending Sources

Bulletproof VPN services took down in a global police operation

Webinars

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Fortinet VPN with default certificate exposes 200,000 businesses to hack

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

Experts link AVRecon bot to the malware proxy service SocksEscort

7 VPN services left data of millions of users exposed online

New TA886 group targets companies with custom Screenshotter malware

Privilege Escalation flaw found in Forcepoint VPN Client for Windows

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Experts warn of self-spreading malware targeting gamers looking for cheats on YouTube

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

The Pirate Bay clones target millions of users with malware and malicious ads?

REvil Ransomware member win the auction for KPot stealer source code

CISA says federal agency compromised by malicious cyber actor

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Interview With a Crypto Scam Investment Spammer

Crooks target Ukraine’s IT Army with a tainted DDoS tool

+60,000 Android apps spotted hiding adware for past six months

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

NASA warns of a significant increase in cyber attacks during Coronavirus outbreak

Doki, an undetectable Linux backdoor targets Docker Servers

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs newsletter Round 276

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

Security Affairs newsletter Round 283

Dozens of unsecured databases wiped by mysterious Meow attack

US DoJ charges Iranian hackers for attacks on US satellite companies

REVil ransomware infected 18,000 computers at Telecom Argentina

US CISA report shares details on web shells used by Iranian hackers

Netwalker ransomware operators claim to have stolen data from Forsee Power

Avoslocker ransomware gang targets US critical infrastructure

Multiple DDoS botnets were observed targeting Zyxel devices

SeaChange video delivery software solutions provider hit by Sodinokibi ransomware

Security Affairs newsletter Round 269

U.S. Bookstore giant Barnes & Noble hit by cyberattack

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Venezuelan cardiologist accused of operating and selling Thanos ransomware

Security Affairs newsletter Round 274

Stay Connected