Antivirus, Hacking, Information Security and Passwords

Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes

Security Affairs

AUGUST 6, 2022

Slack is resetting passwords for approximately 0.5% of its users after a bug exposed salted password hashes when users created or revoked a shared invitation link for their workspace. Slack announced that it is resetting passwords for about 0.5% SecurityAffairs – hacking, Slack). Pierluigi Paganini.

Passwords

Passwords Password Management Antivirus Encryption

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Security Affairs

JULY 3, 2023

The malware also targets crypto wallet extensions, password managers, and 2FA extensions. “What’s more concerning is that a large portion of antivirus software has proven ineffective against the Meduza stealer binary, either failing to detect it statically or dynamically” reads the analysis published by Uptycs.

Password Management

Password Management Passwords Malware Antivirus

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Hackers compromise D-Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization. Pierluigi Paganini.

Passwords

Passwords DNS Malware Advertising

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

These pieces of malware are created with the intent of stealing valuable data, such as login credentials, financial information, personal details, and more. This data may include usernames, passwords, credit card numbers, social security numbers, and other sensitive information.

Banking

Banking Cybercrime Malware Accountability

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

Your IP address represents your digital identity online, hacking it not only allows attackers to access your device or your accounts, but it may cause even bigger damage. Cybercriminals are interested in hacking your IP address for various reasons. The hacked and stolen IPs are often used for carrying out illegal activities.

Hacking

Hacking VPN Internet Internet

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The Archiveus Trojan from 2006 was the first one to use RSA cipher, but it was reminiscent of a proof of concept and used a static 30-digit decryption password that was shortly cracked. In many cases, the crooks hack managed service providers (MSPs) first and then use this access to compromise the partnering organizations.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Shitcoin Wallet Chrome extension steals crypto-wallet private keys and passwords

Security Affairs

JANUARY 2, 2020

Security expert discovered a Google Chrome extension named Shitcoin Wallet that steals passwords and wallet private keys. Harry Denley, director of security at the MyCrypto , discovered that the Google Chrome extension named Shitcoin Wallet is stealing passwords and wallet private keys. Pierluigi Paganini.

Passwords

Passwords Cryptocurrency Advertising Antivirus

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

The end game for this particular hacking ring is to install crypto currency mining routines on compromised Linux servers. Xbash gets rolling by infecting one device, which then serves as the launch pad for deeper hacking forays limited only by the attacker’s initiative. Use a password manager.

Passwords

Passwords Password Management Antivirus Internet

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

Regularly back up data, password protect backup copies offline. Install and regularly update antivirus software on all hosts, and enable real time detection. Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes.

Ransomware

Ransomware DDOS Passwords Backups

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Security Affairs

JANUARY 16, 2023

Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. It is also recommendable to check the virus vault of your antivirus.

Ransomware

Ransomware Malware Antivirus Encryption

ZoneAlarm forum site hack exposed data of thousands of users

Security Affairs

NOVEMBER 11, 2019

ZonaAlarm , the popular security software firm owned by Check Point Technologies, has suffered a data breach. According to the post published by The Hacker News, the security breach exposed the data of ZonaAlarm discussion forum users. You will be requested to reset your password once joining the forum.”

Hacking

Hacking Data breaches Passwords Advertising

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

Regularly back up data, air gap, and password-protect backup copies offline. Review antivirus logs for indications they were unexpectedly turned off. Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (e.g.,

Ransomware

Ransomware Antivirus Passwords Malware

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

.” Upon executing the malware, the Rust binary prompts an error requiring a password to be passed as an argument. Passing the “—password” parameter in conjunction with a dummy password “AgendaPass,” the ransomware starts its malicious activity by terminating various processes and services. . Pierluigi Paganini.

Ransomware

Ransomware Encryption Healthcare Education

Ransomware realities in 2023: one employee mistake can cost a company millions

Security Affairs

OCTOBER 17, 2023

If your friend or colleague is suddenly asking you for money or to change your password, call them on the phone and ask if they really sent the message. Use a strong password and store it correctly: Strong passwords consist of a combination of uppercase and lowercase letters, numbers, and special symbols such as punctuation.

Social Engineering

Social Engineering Ransomware Engineering Phishing

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

Security Affairs

JULY 8, 2022

In case a system was compromised through the Windows Remote Desktop feature, the experts recommend changing all passwords of all users that are allowed to login remotely and check the local user accounts for additional accounts the attacker might have added. SecurityAffairs – hacking, ransomware). ” reads the guide.

Ransomware

Ransomware Encryption Malware Accountability

Security Affairs newsletter Round 381

Security Affairs

AUGUST 28, 2022

SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 381 appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

DDOS

DDOS Data breaches Malware Antivirus

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. According to the company, most of the username and password combinations are available for free, and 5 billion of the above credentials are “unique.” Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

“Recently, a new infection vector that cracks Windows machines through SMB password brute force is on the rise” reads the analysis published by AVAST. The module that implements the warm capabilities was spotted scanning the internet and performing password brute-force attacks against Windows systems with SMB port open online.

DNS

DNS Cryptocurrency Internet Internet

Anti-malware firm Emsisoft accidentally exposes internal DB

Security Affairs

FEBRUARY 10, 2021

Antivirus firm Emsisoft discloses a data breach, a third-party had access to a publicly exposed database containing technical logs. The company already notified the affected users and implemented additional security measures to prevent similar incidents in the future. SecurityAffairs – hacking, data breach). Pierluigi Paganini.

Malware

Malware Data breaches Antivirus Passwords

New Agenda Ransomware appears in the threat landscape

Security Affairs

AUGUST 27, 2022

Our investigation showed that the samples had leaked accounts, customer passwords, and unique company IDs used as extensions of encrypted files.” Experts noticed that Agenda changes the default user’s password and enables automatic login with the new login credentials to evade detection. Trend Micro concludes. Pierluigi Paganini.

Ransomware

Ransomware Encryption Accountability Antivirus

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

Below are the recommended mitigations included in the alert: Implement regular backups of all data to be stored as air gapped, password protected copies offline. Install and regularly update antivirus software on all hosts, and enable real time detection. SecurityAffairs – hacking, Ranzy Locker ransomware). Pierluigi Paganini.

Ransomware

Ransomware Firmware Antivirus Accountability

Fake DDoS protection pages on compromised WordPress sites lead to malware infections

Security Affairs

AUGUST 21, 2022

Website owners are recommended to: Keep all software on your website up to date Use strong passwords Use 2FA on your administrative panel Place your website behind a firewall service. SecurityAffairs – hacking, WordPress). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

DDOS

DDOS Malware Antivirus Firewall

Foreign hackers breached Russian federal agencies, said FSB

Security Affairs

MAY 22, 2021

A joint report published by Rostelecom-Solar and the FSB National Coordination Center for Computer Incidents (NKTsKI) revealed that foreign hackers have stolen information from Russian federal agencies. The malware supports two authentication methods: basic (with login and password) and oauth (with using a token).”

Computers and Electronics

Computers and Electronics Malware Antivirus Government

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

ViperSoftX also checks for active antivirus products running on the machine. The script launches the main routine of the malware that installs malicious browser extensions to exfiltrate passwords and crypto wallet data. If all checks pass, the loader decrypts and executes a second-stage PowerShell script. ” concludes the report.

Encryption

Encryption Malware Cryptocurrency Software

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

Most of the stolen files (50%+) were text files, some of them containing software logs, passwords, personal notes, and other sensitive information. SecurityAffairs – hacking, custom malware). The post Mysterious custom malware used to steal 1.2TB of data from million PCs appeared first on Security Affairs.

Malware

Malware Computers and Electronics Software Financial Services

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs

SEPTEMBER 22, 2020

The malware is able to steal sensitive information (a variety of credentials, including FTP credentials, stored email passwords, passwords stored in the browser, as well as a whole host of other credentials) . Below the list of mitigations: Maintain up-to-date antivirus signatures and engines. Pierluigi Paganini.

Malware

Malware Passwords Advertising Antivirus

Chinese actors behind attacks on industrial enterprises and public institutions

Security Affairs

AUGUST 9, 2022

The information gathered by the experts led them into believing that the goal of the attacks was cyberespionage, the researchers linked the campaigns with a Chinese APT group tracked as TA428 (aka Colourful Panda, BRONZE DUDLEY). . Once gained control of a target’s IT infrastructure, threat actors started stealing sensitive information.

Antivirus

Antivirus Encryption Malware Hacking

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

JUNE 9, 2022

In addition to the rootkit capability, the malware provides a backdoor for the threat actor to log in as any user on the machine with a hardcoded password, and to execute commands with the highest privileges.” Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Pierluigi Paganini.

Malware

Malware DNS Antivirus Passwords

Kaspersky addressed multiple issues in online protection solutions

Security Affairs

NOVEMBER 26, 2019

Kaspersky has fixed several flaws affecting the web protection features implemented in some of its security products. The vulnerabilities were found by the security researcher Wladimir Palant that reported them to Kaspersky in December 2018. As in: under some circumstances, antivirus would still crash. ” reads the post.

Antivirus

Antivirus Advertising Password Management Passwords

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

Security Affairs

MARCH 18, 2023

ransomware, then a password argument is mandatory during the execution of the ransomware.” Use of PowerShell and Batch scripts are observed across most intrusions, which focus on system discovery, reconnaissance, password/credential hunting, and privilege escalation. ransomware appeared first on Security Affairs.

Ransomware

Ransomware Penetration Testing Encryption Accountability

Ezuri memory loader used in Linux and Windows malware

Security Affairs

JANUARY 8, 2021

Upon executing the code, it will ask the user the path for the payload to be encrypted and the password to be used for AES encryption to hide the malware within the loader. In case, the password is not provided, the tool generates one. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Malware

Malware Encryption Antivirus Passwords

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

The CISA agency provides recommendations for system administrators and owners to enhance the level of security of their organizations: Maintain up-to-date antivirus signatures and engines. If these services are required, use strong passwords or Active Directory authentication. SecurityAffairs – hacking, Taidoor).

Malware

Malware Government Passwords System Administration

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Security Affairs

FEBRUARY 14, 2020

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released reports on North Korea-linked HIDDEN COBRA malware. The FBI, the US Cyber Command, and the Department of Homeland Security have published technical details of a new North-Korea linked hacking operation.

Malware

Malware Passwords Advertising Antivirus

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

Regularly back up data, air gap, and password protect backup copies offline. Implement a recovery plan to restore sensitive or proprietary data from a physically separate, segmented, secure location (e.g., Regularly change passwords to network systems and accounts, and avoid reusing passwords for different accounts. .

Passwords

Passwords Government Firmware Accountability

White hat, black hat, grey hat hackers: What’s the difference?

Malwarebytes

JUNE 7, 2021

Ethical hackers look for security flaws and vulnerabilities for the purpose of fixing them. Ethical hackers don’t break laws when hacking. Security careers related to ethical hacking are in-demand. While some do it for cyber-adventure, others hack into computers for spying, activism, or financial gain.

Social Engineering

Social Engineering Hacking Spyware Antivirus

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

. “To secure against Emotet, CISA and MS-ISAC recommend implementing the mitigation measures described in this Alert, which include applying protocols that block suspicious attachments, using antivirus software, and blocking suspicious IPs.” SecurityAffairs – hacking, CISA). Pierluigi Paganini.

Government

Government Banking Advertising Malware

Russia behind a massive spear-phishing campaign that hit Ukraine

Security Affairs

JUNE 7, 2021

The Ukrainian Security Service shared indicators of compromise for this attack on the platform “MISP-UA” Below the recommendations by the CERT: Recommendations: Do not download encrypted archives or password archives from the Internet. SecurityAffairs – hacking, Ukraine). Pierluigi Paganini.

Phishing

Phishing Government Antivirus Passwords

BlackByte ransomware breached at least 3 US critical infrastructure organizations

Security Affairs

FEBRUARY 14, 2022

The advisory also provides mitigations: Implement regular backups of all data to be stored as air gapped, password protected copies offline. Install and regularly update antivirus software on all hosts, and enable real time detection. SecurityAffairs – hacking, ransomware). Follow me on Twitter: @securityaffairs and Facebook.

Ransomware

Ransomware Accountability Firmware Antivirus

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Security Affairs

MARCH 17, 2021

Once compromised the target network, attackers attempt to exfiltrate the company’s accounts and passwords database. Operators behind the Pysa ransomware, also employed a version of the PowerShell Empire penetration-testing tool, they were able to stop antivirus products. SecurityAffairs – hacking, FBI). Pierluigi Paganini.

Education

Education Ransomware Encryption Antivirus

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

While many organizations are now focusing more on perimeter defenses and two-factor authentication after recent public examples of password reuse or VPN appliance exploitation, monitoring on endpoints is often overlooked or left to traditional antivirus.” SecurityAffairs – hacking, UNC2465). ” concludes the report.

Cybercrime

Cybercrime Ransomware Antivirus Software

PYSA ransomware gang is the most active group in November

Security Affairs

DECEMBER 22, 2021

Once compromised the target network, attackers attempt to exfiltrate the company’s accounts and passwords database. Operators behind the Pysa malware, also employed a version of the PowerShell Empire penetration-testing tool, they were able to stop antivirus products. SecurityAffairs – hacking, PYSA). Pierluigi Paganini.

Ransomware

Ransomware Penetration Testing Healthcare Government

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs

JUNE 27, 2019

. “Teams of hackers connected to the Chinese Ministry of State Security had penetrated HPE’s cloud computing service and used it as a launchpad to attack customers, plundering reams of corporate and government secrets for years in what U.S. “The hacking campaign, known as “ Cloud Hopper ,” was the subject of a U.S.

Identity Theft

Identity Theft Hacking System Administration Advertising

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Security Affairs

MAY 2, 2021

The researchers believe that the coder is an Italian vixer that previously created the “Zodiac Crypto Stealer” and “Spartan Crypter” for obfuscating malware to avoid antivirus detection. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, WeSteal).

Cryptocurrency

Cryptocurrency Malware Advertising System Administration

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln

Security Affairs

JUNE 23, 2020

Fxmsp gained worldwide fame in May 2019, after it was reported that the networks belonging to leading antivirus software companies had been compromised. Soon enough, the threat actor started talking about hacking into IBM and Microsoft. Then, he carries out brute-force attacks on the victim’s server to guess the RDP password.

Antivirus

Antivirus Advertising Hacking Banking

Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Trending Sources

Linksys force password reset to prevent Router hijacking

Info stealers and how to protect against them

5 Ways to Protect Yourself from IP Address Hacking

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Shitcoin Wallet Chrome extension steals crypto-wallet private keys and passwords

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Avoslocker ransomware gang targets US critical infrastructure

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

ZoneAlarm forum site hack exposed data of thousands of users

BlackCat Ransomware gang breached over 60 orgs worldwide

Experts spotted a variant of the Agenda Ransomware written in Rust

Ransomware realities in 2023: one employee mistake can cost a company millions

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

Security Affairs newsletter Round 381

15 billion credentials available in the cybercrime marketplaces

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Anti-malware firm Emsisoft accidentally exposes internal DB

New Agenda Ransomware appears in the threat landscape

Ranzy Locker ransomware hit tens of US companies in 2021

Fake DDoS protection pages on compromised WordPress sites lead to malware infections

Foreign hackers breached Russian federal agencies, said FSB

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Mysterious custom malware used to steal 1.2TB of data from million PCs

CISA’s advisory warns of notable increase in LokiBot malware

Chinese actors behind attacks on industrial enterprises and public institutions

Symbiote, a nearly-impossible-to-detect Linux malware?

Kaspersky addressed multiple issues in online protection solutions

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

Ezuri memory loader used in Linux and Windows malware

US govt agencies share details of the China-linked espionage malware Taidoor

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

White hat, black hat, grey hat hackers: What’s the difference?

CISA alert warns of Emotet attacks on US govt entities

Russia behind a massive spear-phishing campaign that hit Ukraine

BlackByte ransomware breached at least 3 US critical infrastructure organizations

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

PYSA ransomware gang is the most active group in November

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln

Stay Connected