Antivirus, Encryption, Information Security and Phishing

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The Akira ransomware operators implement a double extortion model by exfiltrating victims’ data before encrypting it. Earlier versions of the ransomware were written in C++ and the malware added the.akira extension to the encrypted files. “Akira threat actors utilize a sophisticated hybrid encryption scheme to lock data.

Ransomware

Ransomware Encryption Antivirus VPN

Russia behind a massive spear-phishing campaign that hit Ukraine

Security Affairs

JUNE 7, 2021

Ukraine warned of a “massive” spear-phishing campaign carried out by Russia-linked threat actors against its government and private businesses. This is the third massive spear-phishing campaign that the Ukrainian government attributed to Russia-linked threat actors this year. Follow me on Twitter: @securityaffairs and Facebook.

Phishing

Phishing Government Antivirus Passwords

The U.S. CISA and FBI warn of Royal ransomware operation

Security Affairs

MARCH 3, 2023

“FBI and CISA believe this variant, which uses its own custom-made file encryption program, evolved from earlier iterations that used “Zeon” as a loader.” The Royal ransomware can either fully or partially encrypt a file depending on its size and the ‘-ep’ parameter. ” reads the alert. ” continues the alert.

Ransomware

Ransomware Healthcare Antivirus Encryption

Bitdefender released a free decryptor for the MortalKombat Ransomware family

Security Affairs

FEBRUARY 28, 2023

Antivirus company Bitdefender has released a free decryptor for the recently discovered ransomware family MortalKombat. Good news for the victims of the recently discovered MortalKombat ransomware , the antivirus firm Bitdefender has released a free decryptor that will allow them to recover their file without paying the ransom.

Ransomware

Ransomware Antivirus Backups Malware

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Security Affairs

APRIL 30, 2021

The state-sponsored hackers sent spear-phishing messages to a general director working at the Rubin Design Bureau , in Saint Petersburg, which is one of three main Russian centers of submarine design. The spear-phishing messages used a malicious Rich Text File (RTF) document that included descriptions of an autonomous underwater vehicle. .”

Phishing

Phishing Malware Antivirus Encryption

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

They may use various tactics to evade antivirus and other security measures. Some info stealers may use encryption techniques to hide their communication with command-and-control servers, making it more challenging for security systems to detect malicious activities.

Banking

Banking Cybercrime Malware Accountability

FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks

Security Affairs

MAY 11, 2021

The ACSC also provided the following recommendations: Patch operating systems and applications, and keep antivirus signatures up to date. Scan emails and attachments to detect and block malware, and implement training and processes to identify phishing and externally-sourced emails.

Ransomware

Ransomware Backups Antivirus DDOS

NCSC warns of a surge in ransomware attacks on education institutions

Security Affairs

SEPTEMBER 20, 2020

.” The NCSC also provided info about the initial infection vectors observed in the ransomware attacks: Insecure Remote Desktop Protocol (RDP) configurations Vulnerable Software or Hardware Phishing emails. backup servers, network shares, servers, auditing devices). PowerShell) to easily deploy tooling or ransomware.

Education

Education Ransomware Antivirus Backups

DEV-0569 group uses Google Ads to distribute Royal Ransomware

Security Affairs

NOVEMBER 19, 2022

. “When launched, BATLOADER uses MSI Custom Actions to launch malicious PowerShell activity or run batch scripts to aid in disabling security solutions and lead to the delivery of various encrypted malware payloads that is decrypted and launched with PowerShell commands.” anydeskos[.]com ” concludes the IT giant.

Ransomware

Ransomware Malware Antivirus Phishing

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Install and regularly update antivirus software on all hosts, and enable real time detection.

Ransomware

Ransomware DDOS Passwords Backups

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Security Affairs

MARCH 17, 2021

According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. locked to the filename of the encrypted files. The attackers implement a double extortion model using the PYSA ransomware to exfiltrate data from victims prior to encrypting their files.

Education

Education Ransomware Encryption Antivirus

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. Cryptolocker and exploit components.

Malware

Malware Computers and Electronics Encryption Ransomware

Chinese actors behind attacks on industrial enterprises and public institutions

Security Affairs

AUGUST 9, 2022

The threat actors launched spear-phishing campaigns against the victims, in some cases, the messages contained information related to the victims which were not publicly available. ” reads the report published by Kaspersky.

Antivirus

Antivirus Encryption Malware Hacking

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware

Ransomware Hacking Encryption Penetration Testing

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Security Affairs

AUGUST 31, 2022

The phishing emails contain a Microsoft Office attachment that includes an external reference in its metadata which downloads a malicious template file. “This technique works by sending an encrypted string appended to the DNS query set as a subdomain. ” reads the analysis published by the experts.

Malware

Malware DNS Antivirus Encryption

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

Security Affairs

MARCH 18, 2023

” By protecting the code with encryption, the latest LockBit version can avoid the detection of signature-based anti-malware solutions. ransomware include remote desktop protocol (RDP) exploitation, drive-by compromise, phishing campaigns, abuse of valid accounts, and exploitation of public-facing applications.

Ransomware

Ransomware Penetration Testing Encryption Accountability

Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats

Security Affairs

MARCH 14, 2022

The trojan has been disseminated via phishing templates impersonating Tax services in Portugal. The victims’ data is encrypted and sent to the C2 server geolocated in Russia. Phishing wave. At this moment, the infection chain is able to bypass the antivirus detection, with the latter EXE ( WpfApp14.exe Key findings.

Banking

Banking Encryption Malware Phishing

Report: Threat of Emotet and Ryuk

Security Affairs

JANUARY 31, 2020

Ryuk infects computers by encrypting all local and shared files, not allowing the user’s access without paying the ransom. The term malware has been gaining prominence as a result of the wave of malware and phishing campaigns that anyone is subject to”, says Cipher. This enhancement appeared in the middle of September 2019.

Malware

Malware Retail Advertising Antivirus

US CISA and FBI publish joint alert on DarkSide ransomware

Security Affairs

MAY 13, 2021

According to open-source reporting, since August 2020, DarkSide actors have been targeting multiple large, high-revenue organizations, resulting in the encryption and theft of sensitive data. Enable strong spam filters to prevent phishing emails from reaching end users. 3 ],[ 4 ]” reads the joint alert.

Ransomware

Ransomware Healthcare Phishing Risk

Astaroth Trojan leverages Facebook and YouTube to avoid detection

Security Affairs

SEPTEMBER 15, 2019

Researchers at Cofense have uncovered a phishing campaign targeting Brazilian citizens with the Astaroth Trojan that uses Facebook and YouTube in the infection process. The attach chain appears to be very complex and starts with phishing messages that come with an.htm file attached. ” reads the analysis published by Cofense.”

Phishing

Phishing Malware Encryption Network Security

16 Remote Access Security Best Practices to Implement

eSecurity Planet

AUGUST 22, 2023

As the internet has enabled us to access work, data, and equipment from any location, remote access security has become increasingly crucial. Strong passwords, two-factor authentication, firewalls, encryption, and monitoring systems are just a few of the tools and procedures used to maintain security.

Passwords

Passwords Authentication Encryption VPN

AMT Games data breach: Millions of Users’ Messages, Account IDs, and IP Addresses Exposed

Security Affairs

JUNE 2, 2021

There was no need for a password or login credentials to access the information, and the data was not encrypted. The leak has since been secured. Scams, Phishing, and Malware: It is common for unethical hackers and criminals on the Internet to use personal data to create trustworthy phishing emails.

Data breaches

Data breaches Accountability Mobile Phishing

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

We believe that these archive files have been distributed using spear phishing emails. The used lure is in Russian is called “ Information security memo ” which provide security practices for passwords, confidential information, etc. Data encryption with HTTP requests. RSA Encryption routine.

Malware

Malware Encryption Antivirus Architecture

The 5 C’s of Audit Reporting

Centraleyes

MARCH 12, 2024

Controls: Objective: Evaluate the effectiveness of security controls and measures to safeguard assets and data. Audit Focus: Assess access controls to ensure only authorized personnel have access to sensitive information. Review encryption methods and protocols to protect data in transit and at rest.

Risk

Risk Cybersecurity Government Firewall

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

. “The APT actors may be using any or all of these CVEs to gain access to networks across multiple critical infrastructure sectors to gain access to key networks as pre-positioning for follow-on data exfiltration or data encryption attacks,” continues the advisory. Disable hyperlinks in received emails.

Passwords

Passwords Government Firmware Accountability

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

We believe that these archive files have been distributed using spear phishing emails. The used lure is in Russian is called " Information security memo " which provide security practices for passwords, confidential information, etc. Data encryption with HTTP requests. RSA Encryption routine.

Malware

Malware Encryption Antivirus Architecture

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. The malicious activity starts with a phishing email sent to the target victims in Latin American – Brazil, Mexico, Chile, and Peru – and Europe – Spain and Portugal. In short, the phishing email is received by victims.

Antivirus

Antivirus Malware Banking Internet

On the Irish Health Services Executive Hack

Schneier on Security

FEBRUARY 11, 2022

Under-resourced Information Security Managers were not performing their business as usual role (including a NIST-based cybersecurity review of systems) but were working on evaluating security controls for the COVID-19 vaccination system. The antivirus server was later encrypted in the attack).

Antivirus

Antivirus Hacking CISO Ransomware

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

VPN also provides an encrypted tunnel for all your online activities and closes all doors for spies and cybercriminals. Whether you access the internet with a secure private connection or use public Wi-Fi, VPN ensures your complete online safety. Your router is needed to be secured in the same way your device requires security.

Hacking

Hacking VPN Internet Internet

Brazilian trojan banker is targeting Portuguese users using browser overlay

Security Affairs

MAY 7, 2020

The malware is disseminated via malspam campaigns – phishing emails distributed for a high range of users and using a template that impersonates an invoice email from the Vodafone group. The reason why two paths were identified on the server is simple: the threat is the same but used in different phishing campaigns.

Banking

Banking Malware Phishing Social Engineering

The Best Ransomware Protection for G Suite and Office 365: SpinOne

Spinone

JANUARY 24, 2020

There are five main ways to get a ransomware infection: Phishing emails Exploit kits Brute force attacks Malicious apps and extensions Infected executables You can get more details in our article, revealing 5 main ransomware sources. Ransomware encrypts your files, and backup is the best way to get them back.

Ransomware

Ransomware Backups Encryption Antivirus

Playing Cat and Mouse: Three Techniques Abused to Avoid Detection

Security Affairs

MAY 23, 2019

Classic phishing document view. Another interesting technique abused by cyber-criminals in the wild is the “ Certificate Spoofing “, allowing malware to easily bypass a relevant portion of anti-virus engines, even if they employ identification techniques theoretically able to detect encrypted and packed threats.

Antivirus

Antivirus Malware Advertising Cyber Attacks

TA505 is expanding its operations

Security Affairs

MAY 29, 2019

Information about initial dropper. The intercepted attack starts with a spear-phishing email embedding a spreadsheet. su”, using an SSL encrypted communication, and stores them in “C:UsersPublic” path: “ rtegre.exe ” and “ wprgxyeqd79.exe Information about MPress packer used in “winserv.exe” payload. The TA505 Connection.

Retail

Retail Banking Advertising Encryption

The Analyst Prompt #05: Russo-Ukrainian Cyberattacks, and Updates on Lapsus$ and Conti Ransomware Operations

Security Boulevard

MARCH 24, 2022

On March 12th, Ukraine's Computer Emergency Response Team (UA-Cert) warned about phishing emails impersonating Ukrainian government entities. [ 3 ] The emails redirected victims to a website delivering fake antivirus updates that eventually downloaded Cobalt Strike beacons, or two custom Go malware variants named GraphSteel and GrimPlant.

Ransomware

Ransomware Malware Government Antivirus

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

In February 2019, SI-LAB captured multiple samples of phishing campaigns using an Office Excel document carrying a malicious Excel 4.0 This technology is stored in the Workbook OLE stream in Excel 97-2003 format which makes it very difficult to detect and parse by antivirus (AV) engines.

Malware

Malware Antivirus Technology Phishing

How to Avoid Phishing Attacks

Spinone

JANUARY 9, 2019

In this article we will discuss how to avoid phishing attacks in G Suite and provide phishing prevention best practices on how companies can enhance G Suite security awareness and protection against phishing scams. What is phishing and what risks are presented by phishing scams? What are Phishing Scams?

Phishing

Phishing Scams Firewall Antivirus

7 Cyber Security Courses Online For Everybody

Spinone

NOVEMBER 21, 2019

Phishing Simulations from Cyber Aware Phishing simulation is a program designed for business owners and employers to train their staff to identify phishing scams. Given that phishing accounts for 90% of data breaches , this simulation must be a part of every company’s security education.

Social Engineering

Social Engineering Accountability Phishing Cybersecurity

The stealthy email stealer in the TA505 hacker group’s arsenal

Security Affairs

MAY 16, 2019

Firstly, we noticed this secondary component was well protected against antivirus detection, in fact, the PE file was signed by Sectigo in the first half of May, one of the major Russian Certification Authority. Figure 3: Malware Signature by SLON LTD. Conclusion.

Banking

Banking Malware Surveillance Retail

Top Cybersecurity Companies for 2022

eSecurity Planet

JUNE 7, 2022

Protect your company computers, laptops and mobile devices with security products all managed via a cloud-based management console. The solution includes cloud sandboxing technology, preventing zero-day threats, and full disk encryption capability for enhanced data protection. Improved Data Security. Get started today!

Cybersecurity

Cybersecurity Identity Theft Encryption Antivirus

What Are The 6 Types Of Cyber Security?

Cytelligence

FEBRUARY 25, 2023

Phishing: Phishing is a type of social engineering attack where cybercriminals trick people into giving away sensitive information such as usernames, passwords, and credit card details. Application Security: Application security refers to the measures taken to secure software applications from cyber-attacks.

Cyber Attacks

Cyber Attacks IoT Authentication Antivirus

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

The Last Watchdog

FEBRUARY 28, 2021

Regardless of how familiar you are with Information Security, you’ve probably come across the term ‘malware’ countless times. From accessing your business-critical resources and sensitive information to halting business operations and services, a malware infection can quickly become an organization’s worst nightmare come true.

Cyber threats

Cyber threats Computers and Electronics Adware Spyware

The Most Common Types of Malware in 2021

CyberSecurity Insiders

JANUARY 31, 2021

Regardless of how familiar you are with Information Security, you’ve probably come across the term ‘malware’ countless times. From accessing your business-critical resources and sensitive information to halting business operations and services, a malware infection can quickly become an organization’s worst nightmare come true.

Malware

Malware Computers and Electronics Adware Spyware

Cyber mercenaries group DeathStalker uses a new backdoor

Security Affairs

DECEMBER 5, 2020

. “In strict accordance with DeathStalker’s traditions, the implant will try to evade detection or sandboxes execution with various tricks such as detecting mouse movements, filtering the client’s MAC addresses, and adapting its execution flow depending on detected antivirus products.”

DNS

DNS Phishing Antivirus Encryption

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Russian software engineer Eugene Kaspersky’s frustration with the malware of the 80s and 90s led to the founding of antivirus and cybersecurity vendor Kaspersky Lab.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Akira ransomware received $42M in ransom payments from over 250 victims

Russia behind a massive spear-phishing campaign that hit Ukraine

Trending Sources

The U.S. CISA and FBI warn of Royal ransomware operation

Bitdefender released a free decryptor for the MortalKombat Ransomware family

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Info stealers and how to protect against them

FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks

NCSC warns of a surge in ransomware attacks on education institutions

DEV-0569 group uses Google Ads to distribute Royal Ransomware

Avoslocker ransomware gang targets US critical infrastructure

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Wannacry, the hybrid malware that brought the world to its knees

Chinese actors behind attacks on industrial enterprises and public institutions

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats

Report: Threat of Emotet and Ryuk

US CISA and FBI publish joint alert on DarkSide ransomware

Astaroth Trojan leverages Facebook and YouTube to avoid detection

16 Remote Access Security Best Practices to Implement

AMT Games data breach: Millions of Users’ Messages, Account IDs, and IP Addresses Exposed

Woody RAT: A new feature-rich malware spotted in the wild

The 5 C’s of Audit Reporting

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Woody RAT: A new feature-rich malware spotted in the wild

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

On the Irish Health Services Executive Hack

5 Ways to Protect Yourself from IP Address Hacking

Brazilian trojan banker is targeting Portuguese users using browser overlay

The Best Ransomware Protection for G Suite and Office 365: SpinOne

Playing Cat and Mouse: Three Techniques Abused to Avoid Detection

TA505 is expanding its operations

The Analyst Prompt #05: Russo-Ukrainian Cyberattacks, and Updates on Lapsus$ and Conti Ransomware Operations

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

How to Avoid Phishing Attacks

7 Cyber Security Courses Online For Everybody

The stealthy email stealer in the TA505 hacker group’s arsenal

Top Cybersecurity Companies for 2022

What Are The 6 Types Of Cyber Security?

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

The Most Common Types of Malware in 2021

Cyber mercenaries group DeathStalker uses a new backdoor

Top Cybersecurity Accounts to Follow on Twitter

Stay Connected