Architecture, Cybercrime, Hacking and Information Security

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

Microsoft has uncovered Zerologon attacks that were allegedly conducted by the infamous TA505 Russia-linked cybercrime group. Microsoft spotted a series of Zerologon attacks allegedly launched by the Russian cybercrime group tracked as TA505 , CHIMBORAZO and Evil Corp. SecurityAffairs – hacking, Zerologon). Pierluigi Paganini.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. The Raccoon stealer is written in C++ by Russian-speaking developers that initially promoted it exclusively on Russian-speaking hacking forums. SecurityAffairs – hacking, malware).

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter ) The post Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Cybercrime

Cybercrime Malware Hacking Accountability

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

BlackMatter ransomware group claims to be Darkside and REvil succesor

Security Affairs

JULY 28, 2021

The birth of the BlackMatter ransomware was first spotted by researchers at Recorded Future who also reported that the gang is setting up a network of affiliates using ads posted on two cybercrime forums, such as Exploit and XSS. SecurityAffairs – hacking, ransomware). ” reported The Record. Pierluigi Paganini.

Ransomware

Ransomware Architecture Healthcare Encryption

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. It was this first time that the operators adopted this tactic.

Ransomware

Ransomware Encryption Antivirus VPN

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

Security Affairs

MARCH 8, 2024

Government experts discovered sensitive information, including personal data, technical information, classified details, and passwords, in approximately half of the Federal Administration’s files (5,182). ” Follow me on Twitter: @securityaffairs and Facebook Pierluigi Paganini ( SecurityAffairs – hacking, Xplain)

Ransomware

Ransomware Data breaches Unstructured Data Architecture

Nurturing Our Cyber Talent

IT Security Guru

SEPTEMBER 25, 2023

Attacks such as hacking, phishing, ransomware and social engineering are on the rise. Businesses and other organisations are being pushed both by customers and regulators to evidence how they are keeping their information secure. In the eyes of many, the war on cybercrime is being lost. Luckily, I was very determined.

CISO

CISO Identity Theft Cybercrime Cybersecurity

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. Then the script downloads the actual Enemybot binary which is compiled for the target device’s architecture. To nominate, please visit:?

DDOS

DDOS Architecture Malware Cybercrime

45,654 VMware ESXi servers reached End of Life on Oct. 15

Security Affairs

OCTOBER 17, 2022

There will be no architectural, performance improvements, or feature additions. Security patches are limited to one roll-up per year.” Let’s remember that it is very important to keep VMware ESXi servers up to date, numerous cybercrime and ransomware gangs (i.e. SecurityAffairs – hacking, VMware).

Architecture

Architecture Cybercrime Software Internet

Amadey malware spreads via software cracks laced with SmokeLoader

Security Affairs

JULY 25, 2022

The malware is available for sale in illegal forums, in the past, it was used by cybercrime gangs like TA505 to install GandCrab ransomware or the FlawedAmmyy RAT. Then the malware contacts the C2 and sends system information (i.e. SecurityAffairs – hacking, malware). ” Follow me on Twitter: @securityaffairs and Facebook.

Software

Software Malware Cybercrime VPN

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

Security Affairs

FEBRUARY 10, 2024

The malware impersonates a Visual Studio update and was designed to support Intel and Arm architectures. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, backdoor) RustDoor is written in Rust language and supports multiple features. ” concludes the report.

Ransomware

Ransomware Architecture Malware Passwords

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Security Affairs

JULY 14, 2023

Lumen Black Lotus Labs uncovered a long-running hacking campaign targeting SOHO routers with a strain of malware dubbed AVrecon. The experts discovered that the malicious code had been compiled for different architectures. The AVrecon malware was written in C to ensure portability and designed to target ARM-embedded devices.

Malware

Malware Advertising Cybercrime Passwords

New P2PInfect bot targets routers and IoT devices

Security Affairs

DECEMBER 4, 2023

Researchers at Cado Security Labs discovered a new variant of the P2Pinfect botnet that targets routers, IoT devices, and other embedded devices. This variant has been compiled for the Microprocessor without Interlocked Pipelined Stages (MIPS) architecture. ” The new bot targets devices embedded with 32-bit MIPS processor. .

IoT

IoT Architecture Malware Hacking

Security Affairs newsletter Round 380

Security Affairs

AUGUST 20, 2022

SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 380 appeared first on Security Affairs. If you want to also receive for free the newsletter with the international press subscribe here. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

DDOS

DDOS Architecture Malware Cybercrime

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

KmsdBot supports multiple architectures, including as Winx86, Arm64, and mips64, x86_64, and does not stay persistent to avoid detection. Since mid-July 2023, the binary observed in the attacks includes support for telnet scanning and support for more CPU architectures.

IoT

IoT DDOS Architecture Internet

The ultimate guide to Cyber risk management

CyberSecurity Insiders

FEBRUARY 2, 2022

Ambitious information security experts serve as a critical part of cyber risk management. The corporation is responsible for structuring IT and information security activities to protect its data resources, such as hardware, software, and procedures. This blog was written by an independent guest blogger. Risk assessment.

Cyber Risk

Cyber Risk Risk Architecture Identity Theft

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Security Affairs

NOVEMBER 9, 2021

Threat actors also scan the web for ports 2375, 2376, 2377, 4243, 4244, and attempt to gather server info such as the OS type, container registry, architecture, number of CPU cores, and the current swarm participation status. SecurityAffairs – hacking, Dockers). Experts noticed that the IP address 45[.]9[.]148[.]182

Cryptocurrency

Cryptocurrency Malware Cybercrime Architecture

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices.

Mobile

Mobile Advertising Malware Cybercrime

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 30, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. The IT giant urged Windows administrators to install the released security updates as soon as possible. Pierluigi Paganini.

Authentication

Authentication Advertising Architecture Cybercrime

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

Researchers from Black Lotus Labs at Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed to target devices based on multiple architectures, including Windows and Linux. SecurityAffairs – hacking, Chaos malware). ” concludes the report. Pierluigi Paganini.

Malware

Malware DDOS Architecture Financial Services

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

The most interesting characteristic of the Triada Trojan apart is its modular architecture, which gives it theoretically a wide range of abilities. Triada was designed with the specific intent to implement financial frauds, typically hijacking the financial SMS transactions. ” concludes the report.

Firmware

Firmware Mobile Malware Retail

New Go-based botnet Zerobot exploits dozens of flaws

Security Affairs

DECEMBER 7, 2022

Zerobot targets multiple architectures, including i386, amd64, arm, arm64, mips, mips64, mips64le, mipsle, ppc64, ppc64le, riscv64, and s390x. SecurityAffairs – hacking, Zerobot). The post New Go-based botnet Zerobot exploits dozens of flaws appeared first on Security Affairs. The bot is saved using the filename “zero.”.

IoT

IoT Architecture Internet Internet

Cisco and Netflix execs: The pandemic brought good, and some bad changes in security standards

SC Magazine

MAY 17, 2021

Robbins and Jimmy Sanders, head of information security at Netflix, both noted during the RSA Conference the degree of change in security driven by the pandemic. If cybercrime were a country, Robbins said, the $6 trillion dollar a year industry would have the third highest GDP in the world after the U.S.

Architecture

Architecture Cybercrime Information Security Mobile

Talos wars of customizations of the open-source info stealer SapphireStealer

Security Affairs

SEPTEMBER 1, 2023

SapphireStealer is an open-source information stealer written in.NET, which is available in multiple public malware repositories since its public release in December 2022. SapphireStealer allows operators to gather system data (i.e. The malware is also able to siphon files stored with specific extensions and take screenshots.

Malware

Malware Data collection Architecture Hacking

Golang-Based Botnet GoBruteforcer targets web servers

Security Affairs

MARCH 13, 2023

The botnet targets x86, x64 and ARM processor architectures, experts noticed that it relies on an internet relay chat (IRC) bot on the victim server to communicate with the attacker’s server. “Once a host is found, GoBruteforcer tries to get access to the server via brute force.

Passwords

Passwords Malware Architecture Authentication

Fortinet warns of a spike of the activity linked to AndoryuBot DDoS botnet

Security Affairs

MAY 9, 2023

” The variant analyzed by the researchers targets multiple architectures, including arm, m68k, mips, mpsl, sh4, spc, and x86. . “Users should be aware of this new threat and actively apply patches on affected devices as soon as they become available.”

DDOS

DDOS Wireless Architecture Advertising

Ransomware Toolkit Cryptonite turning into an accidental wiper

Security Affairs

DECEMBER 6, 2022

“This sample demonstrates how a ransomware’s weak architecture and programming can quickly turn it into a wiper that does not allow data recovery. SecurityAffairs – hacking, cryptonite ransomware toolkit). The post Ransomware Toolkit Cryptonite turning into an accidental wiper appeared first on Security Affairs.

Ransomware

Ransomware Encryption Malware Architecture

Experts found the first LockBit encryptor that targets macOS systems

Security Affairs

APRIL 16, 2023

BleepingComputer confirmed that the zip archive contained “previously unknown encryptors for macOS, ARM, FreeBSD, MIPS, and SPARC” architectures. The experts pointed out that the archive has been bundled as March 20, 2023, it also includes builds for PowerPC CPUs, which are used in older macOS systems.

Encryption

Encryption Architecture Ransomware Education

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. SecurityAffairs – hacking, EnemyBot).

Malware

Malware DDOS IoT Cybercrime

Taiwanese vendor QNAP issues advisory on Zerologon flaw

Security Affairs

OCTOBER 22, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. SecurityAffairs – hacking, QNap). The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon.

Authentication

Authentication Advertising Architecture Cybercrime

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

Security Affairs

NOVEMBER 4, 2023

. “He further clarifies that the exploit is grounded in the exploitation methodology detailed in the Qualys writeup, asserting its compatibility with x86(_64) and aarch64 architectures, and highlighting its potential for extension through the addition of new target offsets. The script is accessible for review here.

Architecture

Architecture Cryptocurrency Hacking Cybercrime

Experts discovered a previously undocumented initial access vector used by P2PInfect worm

Security Affairs

JULY 31, 2023

Replication allows instances of Redis to be run in a distributed architecture, aka leader/follower topology. This variant exploiting the replication feature to compromises exposed instances of the Redis data store. ” The report includes Indicators of Compromise (IoCs) and Yara rules for binary detection.

Malware

Malware Architecture Firewall Passwords

Maastricht University finally paid a 30 bitcoin ransom to crooks

Security Affairs

FEBRUARY 9, 2020

According to security experts at Fox-IT, the ransomware attack is compatible with other attacks carried out by the TA505 cybercrime gang. TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. “It is a decision that was not taken lightly by the Executive Board.

Ransomware

Ransomware Cyber Attacks Architecture Backups

Experts link AVRecon bot to the malware proxy service SocksEscort

Security Affairs

JULY 31, 2023

The experts discovered that the malicious code had been compiled for different architectures. On infected a router, the malware enumerates the victim’s SOHO router and sends that information back to a C2 server whose address is embedded in the code. Usually, these users have no idea their systems are compromised.”

Malware

Malware Small Business Advertising Passwords

KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks

Security Affairs

NOVEMBER 14, 2022

Akamai Security Research discovered a new evasive Golang-based malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak login credentials. KmsdBot supports multiple architectures, including as Winx86, Arm64, and mips64, x86_64, and does not stay persistent to avoid detection. ” Pierluigi Paganini.

DDOS

DDOS Malware Cryptocurrency Architecture

A new Mirai botnet variant targets TP-Link Archer A21

Security Affairs

APRIL 25, 2023

” The Mirai botnet is exploiting the issue to gain access to the device and downloads the malicious payload for the targeted architecture. . “Most of the initial activity was seen attacking devices in Eastern Europe, but we are now observing detections in other locations around the globe.”

DDOS

DDOS Engineering Firmware Architecture

New Go-based Redigo malware targets Redis servers

Security Affairs

DECEMBER 1, 2022

“The first use of the command is activated to receive information about the CPU architecture. SecurityAffairs – hacking, Redis). The post New Go-based Redigo malware targets Redis servers appeared first on Security Affairs. ” reads the analysis published by AquaSec. Pierluigi Paganini.

Malware

Malware DDOS Architecture Cryptocurrency

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Security Affairs

MAY 29, 2023

” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, RPMSG files ) The post Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks appeared first on Security Affairs. “These phishing attacks are challenging to counter.

Encryption

Encryption Phishing Accountability Authentication

Aerial Direct, the O2’s largest UK partner suffered a data breach

Security Affairs

MARCH 16, 2020

Aerial Direct reported the incident to the Information Commissioner’s Office. SecurityAffairs – Aerial Direct , cybercrime). The post Aerial Direct, the O2’s largest UK partner suffered a data breach appeared first on Security Affairs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches Telecommunications Passwords Advertising

Attackers abuse open redirects in Snapchat and Amex in phishing attacks

Security Affairs

AUGUST 7, 2022

Domain owners can prevent this abuse by avoiding the implementation of redirection in the site architecture.” SecurityAffairs – hacking, open redirects). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Phishing

Phishing Architecture Hacking Accountability

FiXS, a new ATM malware that is targeting Mexican banks

Security Affairs

MARCH 4, 2023

XFS (extensions for financial services) provides a client-server architecture for financial applications on the Microsoft Windows platform, especially peripheral devices such as EFTPOS terminals and ATMs which are unique to the financial industry. “Normally this DLL MSXFS.dll comes with the necessary XFS APIs to control the Dispenser.”

Banking

Banking Malware Financial Services Architecture

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Zerobot targets multiple architectures, including i386, amd64, arm, arm64, mips, mips64, mips64le, mipsle, ppc64, ppc64le, riscv64, and s390x. “The continuous evolution and rapid addition of new capabilities in the latest Zerobot version underscores the urgency of implementing comprehensive security measures.”

IoT

IoT DDOS Malware Firmware

EvilProxy used in massive cloud account takeover scheme

Security Affairs

AUGUST 9, 2023

“Threat actors utilized EvilProxy – a phishing tool based on a reverse proxy architecture, which allows attackers to steal MFA-protected credentials and session cookies.” Approximately 39% of the victims were C-level executives of which 17% were Chief Financial Officers, and 9% were Presidents and CEOs.

Accountability

Accountability Phishing Authentication Architecture

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

.” reads the advisory published by the UK National Cyber Security Centre. “The actor has so far primarily deployed Cyclops Blink to WatchGuard devices, but it is likely that Sandworm would be capable of compiling the malware for other architectures and firmware.” SecurityAffairs – hacking, CISA).

Malware

Malware Firmware Architecture Firewall

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Raccoon Malware, a success case in the cybercrime ecosystem

Webinars

Trending Sources

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Webinars

BlackMatter ransomware group claims to be Darkside and REvil succesor

Akira ransomware received $42M in ransom payments from over 250 victims

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

Nurturing Our Cyber Talent

Enemybot, a new DDoS botnet appears in the threat landscape

45,654 VMware ESXi servers reached End of Life on Oct. 15

Amadey malware spreads via software cracks laced with SmokeLoader

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

New P2PInfect bot targets routers and IoT devices

Security Affairs newsletter Round 380

Updated Kmsdx botnet targets IoT devices

The ultimate guide to Cyber risk management

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Android devices shipped with backdoored firmware as part of the BADBOX network

New Go-based botnet Zerobot exploits dozens of flaws

Cisco and Netflix execs: The pandemic brought good, and some bad changes in security standards

Talos wars of customizations of the open-source info stealer SapphireStealer

Golang-Based Botnet GoBruteforcer targets web servers

Fortinet warns of a spike of the activity linked to AndoryuBot DDoS botnet

Ransomware Toolkit Cryptonite turning into an accidental wiper

Experts found the first LockBit encryptor that targets macOS systems

EnemyBot malware adds new exploits to target CMS servers and Android devices

Taiwanese vendor QNAP issues advisory on Zerologon flaw

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

Experts discovered a previously undocumented initial access vector used by P2PInfect worm

Maastricht University finally paid a 30 bitcoin ransom to crooks

Experts link AVRecon bot to the malware proxy service SocksEscort

KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks

A new Mirai botnet variant targets TP-Link Archer A21

New Go-based Redigo malware targets Redis servers

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Aerial Direct, the O2’s largest UK partner suffered a data breach

Attackers abuse open redirects in Snapchat and Amex in phishing attacks

FiXS, a new ATM malware that is targeting Mexican banks

A new Zerobot variant spreads by exploiting Apache flaws

EvilProxy used in massive cloud account takeover scheme

US and UK link new Cyclops Blink malware to Russian state hackers?

Stay Connected