Architecture, Cybercrime and Information Security

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. The malicious code was advertised on cybercrime forums for $3,000 per month. The malware can collect cookies, logins and browsing history, but from Safari only cookies can be collected.

Malware

Malware Advertising Antivirus Cybercrime

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

Microsoft has uncovered Zerologon attacks that were allegedly conducted by the infamous TA505 Russia-linked cybercrime group. Microsoft spotted a series of Zerologon attacks allegedly launched by the Russian cybercrime group tracked as TA505 , CHIMBORAZO and Evil Corp. Pierluigi Paganini. SecurityAffairs – hacking, Zerologon).

Cybercrime

Cybercrime Security Intelligence Authentication Banking

New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721

Security Affairs

JUNE 9, 2025

“Typically, bot infections involve shell scripts that initially survey the target machine to determine its architecture and select the corresponding binary. . “The request contains a malicious command that is a single-line shell script which downloads and executes an ARM32 binary on the compromised machine.”

IoT

IoT Firmware Malware Architecture

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

According to a report published by security firm CyberArk, Raccoon is mostly delivered through Exploit Kits and Phishing Campaigns. The malware is also able to collect system details (OS version and architecture, language, hardware info, enumerate installed apps). “Like most of the credential stealers, the client (i.e.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

In this latest campaign, our investigation also uncovered prebuilt Hiatus binaries that target new architectures such as Arm, Intel 80386, and x86-64 and previously targeted architectures such as MIPS, MIPS64, and i386. reads the report published by Black Lotus Labs.

Architecture

Architecture Internet Internet Malware

Mirai botnets exploit Wazuh RCE, Akamai warned

Security Affairs

JUNE 10, 2025

These samples, named “morte,” support multiple architectures and link to C2 domains like nuklearcnc.duckdns[.]org Like the first variant, it targets multiple IoT architectures. org and galaxias[.]cc. Other samples (e.g., neon,” “k03ldc”) showed ties to V3G4 and LZRD variants with unique console strings.

Architecture

Architecture IoT Threat Detection Malware

Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat

Security Boulevard

FEBRUARY 14, 2025

Meanwhile, an informal Tenable poll looks at cloud security challenges. And get the latest on ransomware trends and on cybercrime legislation and prevention! government is urging software makers to adopt secure application-development practices that help prevent buffer overflow attacks.

Banking

Banking Cybercrime Cybersecurity Ransomware

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

The most interesting characteristic of the Triada Trojan is its modular architecture, which gives it theoretically a wide range of abilities. Triada was designed with the specific intent to implement financial frauds, typically hijacking financial SMS transactions.

Malware

Malware Cryptocurrency Mobile Firmware

BlackMatter ransomware group claims to be Darkside and REvil succesor

Security Affairs

JULY 28, 2021

The birth of the BlackMatter ransomware was first spotted by researchers at Recorded Future who also reported that the gang is setting up a network of affiliates using ads posted on two cybercrime forums, such as Exploit and XSS. ” reported The Record.

Ransomware

Ransomware Encryption Architecture Healthcare

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. Then the script downloads the actual Enemybot binary which is compiled for the target device’s architecture.

DDOS

DDOS Architecture Malware Cybercrime

U.S. CISA adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

JUNE 12, 2025

These samples, named “morte,” support multiple architectures and link to C2 domains like nuklearcnc.duckdns[.]org Like the first variant, it targets multiple IoT architectures. org and galaxias[.]cc. Other samples (e.g., neon,” “k03ldc”) showed ties to V3G4 and LZRD variants with unique console strings.

Architecture

Architecture IoT Threat Detection Hacking

Aerial Direct, the O2’s largest UK partner suffered a data breach

Security Affairs

MARCH 16, 2020

Aerial Direct reported the incident to the Information Commissioner’s Office. SecurityAffairs – Aerial Direct , cybercrime). The post Aerial Direct, the O2’s largest UK partner suffered a data breach appeared first on Security Affairs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches Telecommunications Passwords Advertising

Nurturing Our Cyber Talent

IT Security Guru

SEPTEMBER 25, 2023

Businesses and other organisations are being pushed both by customers and regulators to evidence how they are keeping their information secure. Consumers have increasing expectations of organisations that any information they provide will be kept safe and actively avoid organisations that have a history of breaches.

CISO

CISO Identity Theft Cybercrime Cybersecurity

Amadey malware spreads via software cracks laced with SmokeLoader

Security Affairs

JULY 25, 2022

The malware is available for sale in illegal forums, in the past, it was used by cybercrime gangs like TA505 to install GandCrab ransomware or the FlawedAmmyy RAT. Then the malware contacts the C2 and sends system information (i.e. It also supports a feature to register itself to Task Scheduler for the same purpose.

Software

Software Malware Cybercrime Architecture

5ss5c Ransomware emerges after Satan went down in the hell

Security Affairs

JANUARY 15, 2020

The cybercrime group behind Satan ransomware and other malware seems to be involved in the development of a new threat named 5ss5c. SecurityAffairs – cybercrime, ransomware). The post 5ss5c Ransomware emerges after Satan went down in the hell appeared first on Security Affairs. dll –TargetIp . dll –TargetIp. .

Ransomware

Ransomware Cybercrime Architecture Advertising

Maastricht University finally paid a 30 bitcoin ransom to crooks

Security Affairs

FEBRUARY 9, 2020

.” N ow all critical systems at the University are online and offline backups were secured by the company. According to security experts at Fox-IT, the ransomware attack is compatible with other attacks carried out by the TA505 cybercrime gang. “It is a decision that was not taken lightly by the Executive Board.

Ransomware

Ransomware Cyber Attacks Backups Architecture

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 35

Security Affairs

MARCH 2, 2025

DragonForce Ransomware Group is Targeting Saudi Arabia Massive Botnet Targets M365 with Stealthy Password Spraying Attacks Notorious Malware, Spam Host Prospero Moves to Kaspersky Lab ACRStealer Infostealer Exploiting Google Docs as C2 #StopRansomware: Ghost (Cring) Ransomware The GitVenom campaign: cryptocurrency theft using GitHub Silent Killers: (..)

Malware

Malware Architecture IoT Cryptocurrency

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 30, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. The IT giant urged Windows administrators to install the released security updates as soon as possible.

Authentication

Authentication Advertising Architecture Cybercrime

45,654 VMware ESXi servers reached End of Life on Oct. 15

Security Affairs

OCTOBER 17, 2022

There will be no architectural, performance improvements, or feature additions. Security patches are limited to one roll-up per year.” Let’s remember that it is very important to keep VMware ESXi servers up to date, numerous cybercrime and ransomware gangs (i.e. ” reads the post published by Lansweeper.

Architecture

Architecture Cybercrime Software Internet

Taiwanese vendor QNAP issues advisory on Zerologon flaw

Security Affairs

OCTOBER 22, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. ” reads the advisory issued by the vendor.

Authentication

Authentication Advertising Architecture Cybercrime

The ultimate guide to Cyber risk management

CyberSecurity Insiders

FEBRUARY 2, 2022

Ambitious information security experts serve as a critical part of cyber risk management. The corporation is responsible for structuring IT and information security activities to protect its data resources, such as hardware, software, and procedures. This blog was written by an independent guest blogger. Risk assessment.

Cyber Risk

Cyber Risk Risk Architecture Firewall

Large-scale extortion campaign targets publicly accessible environment variable files (.env)

Security Affairs

AUGUST 18, 2024

This extortion campaign involved several security failures, including exposing environment variables, using long-lived credentials, and the lack of a least privilege architecture. This indicates that these threat actor groups are both skilled and knowledgeable in advanced cloud architectural processes and techniques.”

Architecture

Architecture Internet Internet Media

New variant of Necro Trojan infected more than 11 million devices

Security Affairs

SEPTEMBER 25, 2024

The analysis of Happy SDK likely revealed a different variant of Necro that doesn’t have a modular architecture. Between August 26th and September 15th, security solutions blocked over 10,000 Necro attacks globally, with most of the infections in Russia, Brazil, and Vietnam. ” concludes the report.

Architecture

Architecture Malware Mobile Advertising

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Security Affairs

NOVEMBER 9, 2021

Threat actors also scan the web for ports 2375, 2376, 2377, 4243, 4244, and attempt to gather server info such as the OS type, container registry, architecture, number of CPU cores, and the current swarm participation status. Experts noticed that the IP address 45[.]9[.]148[.]182

Cryptocurrency

Cryptocurrency Malware Cybercrime Architecture

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

ViperSoftX uses more sophisticated encryption and anti-analysis techniques Atomic macOS Stealer is advertised on Telegram for $1,000 per month CISA warns of a critical flaw affecting Illumina medical devices OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands Cisco discloses a bug in the Prime Collaboration Deployment (..)

Cybercrime

Cybercrime Malware Hacking Accountability

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14

Security Affairs

OCTOBER 6, 2024

Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0

Malware

Malware Architecture Cryptocurrency Cyber Attacks

LastPass data breach: threat actors stole a portion of source code

Security Affairs

AUGUST 25, 2022

We utilize an industry standard Zero Knowledge architecture that ensures LastPass can never know or gain access to our customers’ Master Password. The company engaged a leading cybersecurity and forensics firm to investigate the incident, it confirmed that the data breach did not compromise users’ Master Passwords.

Data breaches

Data breaches Password Management Passwords Architecture

Security Affairs newsletter Round 380

Security Affairs

AUGUST 20, 2022

If you want to also receive for free the newsletter with the international press subscribe here.

DDOS

DDOS Architecture Malware Cybercrime

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

Security Affairs

MARCH 8, 2024

Government experts discovered sensitive information, including personal data, technical information, classified details, and passwords, in approximately half of the Federal Administration’s files (5,182). ” continues the report.

Ransomware

Ransomware Data breaches Unstructured Data Architecture

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon.

VPN

VPN Government Authentication Advertising

DCRat, only $5 for a fully working remote access trojan

Security Affairs

MAY 9, 2022

Researchers warn of a remote access trojan called DCRat (aka DarkCrystal RAT) that is available for sale on Russian cybercrime forums. Cybersecurity researchers from BlackBerry are warning of a remote access trojan called DCRat (aka DarkCrystal RAT) that is available for sale on Russian cybercrime forums.

Cybercrime

Cybercrime Malware Surveillance DDOS

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

Researchers from Black Lotus Labs at Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed to target devices based on multiple architectures, including Windows and Linux. A new multifunctional Go-based malware dubbed Chaos is targeting both Windows and Linux systems, experts warn.

Malware

Malware DDOS Architecture Financial Services

New P2PInfect bot targets routers and IoT devices

Security Affairs

DECEMBER 4, 2023

Researchers at Cado Security Labs discovered a new variant of the P2Pinfect botnet that targets routers, IoT devices, and other embedded devices. This variant has been compiled for the Microprocessor without Interlocked Pipelined Stages (MIPS) architecture. ” The new bot targets devices embedded with 32-bit MIPS processor.

IoT

IoT Architecture Malware Hacking

Lastpass discloses the second security breach this year

Security Affairs

NOVEMBER 30, 2022

Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.” ” reads the notice of security incident published by the company. The company pointed out that customers’ passwords were not compromised due to LastPass’s Zero Knowledge architecture. .

Architecture

Architecture Passwords Data breaches Password Management

Meet the 2021 SC Awards judges

SC Magazine

MAY 1, 2021

Prior to Mastercard, Abdullah was the chief information security officer at Xerox, where she established and led a corporate-wide information risk management program. She also served as the deputy chief information officer of the White House. She is also the host of the Mastering Cyber podcast.

Computers and Electronics

Computers and Electronics Technology Information Security Education

DEF CON 31 Policy – Panel: Blocking Pathways into Cybercrime Current Efforts, Future Opportunities

Security Boulevard

OCTOBER 31, 2023

Permalink The post DEF CON 31 Policy – Panel: Blocking Pathways into Cybercrime Current Efforts, Future Opportunities appeared first on Security Boulevard. Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada ; via the organizations YouTube channel.

Cybercrime

Cybercrime Architecture Education Information Security

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. The botnet was first discovered by Fortinet in March, the DDoS botnet targeted several routers and web servers by exploiting known vulnerabilities.

Malware

Malware DDOS IoT Cybercrime

FBI warns of dual ransomware attacks

Security Affairs

SEPTEMBER 30, 2023

The FBI’s PIN provides recommendations to network defenders for being prepared to respond to cyber incidents, optimizing identity and access management, implementing protective controls and architecture, and enhancing vulnerability and configuration management.

Ransomware

Ransomware Architecture Encryption Malware

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

Security Affairs

FEBRUARY 10, 2024

The malware impersonates a Visual Studio update and was designed to support Intel and Arm architectures. Researchers from Bitdefender discovered a new macOS backdoor, dubbed RustDoor, which appears to be linked to ransomware operations Black Basta and Alphv/BlackCat. RustDoor is written in Rust language and supports multiple features.

Ransomware

Ransomware Architecture Malware Passwords

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Security Affairs

JULY 14, 2023

The experts discovered that the malicious code had been compiled for different architectures. On infected a router, the malware enumerates the victim’s SOHO router and sends that information back to a C2 server whose address is embedded in the code. ” concludes the report.

Malware

Malware Advertising Cybercrime Passwords

The Problem With the Small Business Cybersecurity Assistance Act

Security Affairs

JULY 18, 2019

The Small Business Cybersecurity Assistance Act may provide business owners with access to government-level tools to secure small business against attacks. Perhaps the best approach to rampant malware, ransomware and cybercrime is stronger cooperation between the public and private sectors. Safety on the Internet Isn’t a Luxury.

Small Business

Small Business Cybersecurity Cybercrime Education

IDAT Loader used to infect a Ukraine entity in Finland with Remcos RAT

Security Affairs

FEBRUARY 27, 2024

The modular architecture of the IDAT loader allows it to easily add new features. Researchers from cybersecurity firm Uptcycs observed a Remcos RAT campaign using phishing emails claiming to be from an Israel Defense Forces consultant.

Malware

Malware Architecture Phishing Hacking

New ransomware trends in 2023

SecureList

MAY 11, 2023

Security researchers discovered an archive that contained test builds of the malware for a number of less common platforms, including macOS and FreeBSD, as well as for various non-standard processor architectures, such as MIPS and SPARC. As for the second trend, we saw that BlackCat adjusted their TTPs midway through the year.

Ransomware

Ransomware Malware Architecture Telecommunications

Ransomware Toolkit Cryptonite turning into an accidental wiper

Security Affairs

DECEMBER 6, 2022

“This sample demonstrates how a ransomware’s weak architecture and programming can quickly turn it into a wiper that does not allow data recovery. The problem with this flaw is that due to the design simplicity of the ransomware if the program crashes—or is even closed—there is no way to recover the encrypted files.”

Ransomware

Ransomware Encryption Malware Architecture

Banshee macOS stealer supports new evasion mechanisms

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Trending Sources

New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721

Raccoon Malware, a success case in the cybercrime ecosystem

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Mirai botnets exploit Wazuh RCE, Akamai warned

Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat

New Triada Trojan comes preinstalled on Android devices

BlackMatter ransomware group claims to be Darkside and REvil succesor

Enemybot, a new DDoS botnet appears in the threat landscape

U.S. CISA adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog

Aerial Direct, the O2’s largest UK partner suffered a data breach

Nurturing Our Cyber Talent

Amadey malware spreads via software cracks laced with SmokeLoader

5ss5c Ransomware emerges after Satan went down in the hell

Maastricht University finally paid a 30 bitcoin ransom to crooks

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 35

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

45,654 VMware ESXi servers reached End of Life on Oct. 15

Taiwanese vendor QNAP issues advisory on Zerologon flaw

The ultimate guide to Cyber risk management

Large-scale extortion campaign targets publicly accessible environment variable files (.env)

New variant of Necro Trojan infected more than 11 million devices

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14

LastPass data breach: threat actors stole a portion of source code

Security Affairs newsletter Round 380

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

DCRat, only $5 for a fully working remote access trojan

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

New P2PInfect bot targets routers and IoT devices

Lastpass discloses the second security breach this year

Meet the 2021 SC Awards judges

DEF CON 31 Policy – Panel: Blocking Pathways into Cybercrime Current Efforts, Future Opportunities

EnemyBot malware adds new exploits to target CMS servers and Android devices

FBI warns of dual ransomware attacks

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

The Problem With the Small Business Cybersecurity Assistance Act

IDAT Loader used to infect a Ukraine entity in Finland with Remcos RAT

New ransomware trends in 2023

Ransomware Toolkit Cryptonite turning into an accidental wiper

Stay Connected