Architecture, Cybercrime and Information Security

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

Microsoft has uncovered Zerologon attacks that were allegedly conducted by the infamous TA505 Russia-linked cybercrime group. Microsoft spotted a series of Zerologon attacks allegedly launched by the Russian cybercrime group tracked as TA505 , CHIMBORAZO and Evil Corp. Pierluigi Paganini. SecurityAffairs – hacking, Zerologon).

Cybercrime

Cybercrime Security Intelligence Authentication Banking

DEF CON 31 Policy – Panel: Blocking Pathways into Cybercrime Current Efforts, Future Opportunities

Security Boulevard

OCTOBER 31, 2023

Permalink The post DEF CON 31 Policy – Panel: Blocking Pathways into Cybercrime Current Efforts, Future Opportunities appeared first on Security Boulevard. Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada ; via the organizations YouTube channel.

Cybercrime

Cybercrime Architecture Education Information Security

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

According to a report published by security firm CyberArk, Raccoon is mostly delivered through Exploit Kits and Phishing Campaigns. The malware is also able to collect system details (OS version and architecture, language, hardware info, enumerate installed apps). “Like most of the credential stealers, the client (i.e.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Nurturing Our Cyber Talent

IT Security Guru

SEPTEMBER 25, 2023

Businesses and other organisations are being pushed both by customers and regulators to evidence how they are keeping their information secure. Consumers have increasing expectations of organisations that any information they provide will be kept safe and actively avoid organisations that have a history of breaches.

CISO

CISO Identity Theft Cybercrime Cybersecurity

BlackMatter ransomware group claims to be Darkside and REvil succesor

Security Affairs

JULY 28, 2021

The birth of the BlackMatter ransomware was first spotted by researchers at Recorded Future who also reported that the gang is setting up a network of affiliates using ads posted on two cybercrime forums, such as Exploit and XSS. ” reported The Record.

Ransomware

Ransomware Architecture Healthcare Encryption

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

ViperSoftX uses more sophisticated encryption and anti-analysis techniques Atomic macOS Stealer is advertised on Telegram for $1,000 per month CISA warns of a critical flaw affecting Illumina medical devices OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands Cisco discloses a bug in the Prime Collaboration Deployment (..)

Cybercrime

Cybercrime Malware Hacking Accountability

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. Then the script downloads the actual Enemybot binary which is compiled for the target device’s architecture.

DDOS

DDOS Architecture Malware Cybercrime

Amadey malware spreads via software cracks laced with SmokeLoader

Security Affairs

JULY 25, 2022

The malware is available for sale in illegal forums, in the past, it was used by cybercrime gangs like TA505 to install GandCrab ransomware or the FlawedAmmyy RAT. Then the malware contacts the C2 and sends system information (i.e. It also supports a feature to register itself to Task Scheduler for the same purpose.

Software

Software Malware Cybercrime VPN

The ultimate guide to Cyber risk management

CyberSecurity Insiders

FEBRUARY 2, 2022

Ambitious information security experts serve as a critical part of cyber risk management. The corporation is responsible for structuring IT and information security activities to protect its data resources, such as hardware, software, and procedures. This blog was written by an independent guest blogger. Risk assessment.

Cyber Risk

Cyber Risk Risk Architecture Identity Theft

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

Security Affairs

MARCH 8, 2024

Government experts discovered sensitive information, including personal data, technical information, classified details, and passwords, in approximately half of the Federal Administration’s files (5,182). ” continues the report.

Ransomware

Ransomware Data breaches Unstructured Data Architecture

45,654 VMware ESXi servers reached End of Life on Oct. 15

Security Affairs

OCTOBER 17, 2022

There will be no architectural, performance improvements, or feature additions. Security patches are limited to one roll-up per year.” Let’s remember that it is very important to keep VMware ESXi servers up to date, numerous cybercrime and ransomware gangs (i.e. ” reads the post published by Lansweeper.

Architecture

Architecture Cybercrime Software Internet

Lastpass discloses the second security breach this year

Security Affairs

NOVEMBER 30, 2022

Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.” ” reads the notice of security incident published by the company. The company pointed out that customers’ passwords were not compromised due to LastPass’s Zero Knowledge architecture. .

Architecture

Architecture Passwords Data breaches Password Management

5ss5c Ransomware emerges after Satan went down in the hell

Security Affairs

JANUARY 15, 2020

The cybercrime group behind Satan ransomware and other malware seems to be involved in the development of a new threat named 5ss5c. SecurityAffairs – cybercrime, ransomware). The post 5ss5c Ransomware emerges after Satan went down in the hell appeared first on Security Affairs. dll –TargetIp . dll –TargetIp. .

Ransomware

Ransomware Cybercrime Architecture Advertising

New P2PInfect bot targets routers and IoT devices

Security Affairs

DECEMBER 4, 2023

Researchers at Cado Security Labs discovered a new variant of the P2Pinfect botnet that targets routers, IoT devices, and other embedded devices. This variant has been compiled for the Microprocessor without Interlocked Pipelined Stages (MIPS) architecture. ” The new bot targets devices embedded with 32-bit MIPS processor.

IoT

IoT Architecture Malware Hacking

DCRat, only $5 for a fully working remote access trojan

Security Affairs

MAY 9, 2022

Researchers warn of a remote access trojan called DCRat (aka DarkCrystal RAT) that is available for sale on Russian cybercrime forums. Cybersecurity researchers from BlackBerry are warning of a remote access trojan called DCRat (aka DarkCrystal RAT) that is available for sale on Russian cybercrime forums.

Cybercrime

Cybercrime Malware Surveillance DDOS

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Security Affairs

JULY 14, 2023

The experts discovered that the malicious code had been compiled for different architectures. On infected a router, the malware enumerates the victim’s SOHO router and sends that information back to a C2 server whose address is embedded in the code. ” concludes the report.

Malware

Malware Advertising Cybercrime Passwords

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

KmsdBot supports multiple architectures, including as Winx86, Arm64, and mips64, x86_64, and does not stay persistent to avoid detection. Since mid-July 2023, the binary observed in the attacks includes support for telnet scanning and support for more CPU architectures.

IoT

IoT DDOS Architecture Internet

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

Security Affairs

FEBRUARY 10, 2024

The malware impersonates a Visual Studio update and was designed to support Intel and Arm architectures. Researchers from Bitdefender discovered a new macOS backdoor, dubbed RustDoor, which appears to be linked to ransomware operations Black Basta and Alphv/BlackCat. RustDoor is written in Rust language and supports multiple features.

Ransomware

Ransomware Architecture Malware Passwords

IDAT Loader used to infect a Ukraine entity in Finland with Remcos RAT

Security Affairs

FEBRUARY 27, 2024

The modular architecture of the IDAT loader allows it to easily add new features. Researchers from cybersecurity firm Uptcycs observed a Remcos RAT campaign using phishing emails claiming to be from an Israel Defense Forces consultant.

Malware

Malware Architecture Phishing Hacking

Experts found a macOS version of the sophisticated LightSpy spyware

Security Affairs

MAY 30, 2024

” The plugins for the macOS version are different from those for other platforms, reflecting the architecture of the target systems. The difference was in lateral local privilege escalation, which is OS-specific.” Notably, the desktop version has fewer exfiltration functions compared to the mobile version.

Spyware

Spyware Malware Surveillance Mobile

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices.

Mobile

Mobile Advertising Malware Cybercrime

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Security Affairs

NOVEMBER 9, 2021

Threat actors also scan the web for ports 2375, 2376, 2377, 4243, 4244, and attempt to gather server info such as the OS type, container registry, architecture, number of CPU cores, and the current swarm participation status. Experts noticed that the IP address 45[.]9[.]148[.]182

Cryptocurrency

Cryptocurrency Malware Cybercrime Architecture

Aerial Direct, the O2’s largest UK partner suffered a data breach

Security Affairs

MARCH 16, 2020

Aerial Direct reported the incident to the Information Commissioner’s Office. SecurityAffairs – Aerial Direct , cybercrime). The post Aerial Direct, the O2’s largest UK partner suffered a data breach appeared first on Security Affairs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches Telecommunications Passwords Advertising

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

. “Tools like SoftPerfect and Advanced IP Scanner are often used for network device discovery (reconnaissance) purposes and net Windows commands are used to identify domain controllers and gather information on domain trust relationships. It was this first time that the operators adopted this tactic.

Ransomware

Ransomware Encryption Antivirus VPN

Security Affairs newsletter Round 380

Security Affairs

AUGUST 20, 2022

If you want to also receive for free the newsletter with the international press subscribe here.

DDOS

DDOS Architecture Malware Cybercrime

LastPass data breach: threat actors stole a portion of source code

Security Affairs

AUGUST 25, 2022

We utilize an industry standard Zero Knowledge architecture that ensures LastPass can never know or gain access to our customers’ Master Password. The company engaged a leading cybersecurity and forensics firm to investigate the incident, it confirmed that the data breach did not compromise users’ Master Passwords.

Data breaches

Data breaches Password Management Passwords Architecture

FBI warns of dual ransomware attacks

Security Affairs

SEPTEMBER 30, 2023

The FBI’s PIN provides recommendations to network defenders for being prepared to respond to cyber incidents, optimizing identity and access management, implementing protective controls and architecture, and enhancing vulnerability and configuration management.

Ransomware

Ransomware Architecture Encryption Malware

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 30, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. The IT giant urged Windows administrators to install the released security updates as soon as possible.

Authentication

Authentication Advertising Architecture Cybercrime

Cisco and Netflix execs: The pandemic brought good, and some bad changes in security standards

SC Magazine

MAY 17, 2021

Robbins and Jimmy Sanders, head of information security at Netflix, both noted during the RSA Conference the degree of change in security driven by the pandemic. If cybercrime were a country, Robbins said, the $6 trillion dollar a year industry would have the third highest GDP in the world after the U.S.

Architecture

Architecture Cybercrime Information Security Mobile

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

Researchers from Black Lotus Labs at Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed to target devices based on multiple architectures, including Windows and Linux. A new multifunctional Go-based malware dubbed Chaos is targeting both Windows and Linux systems, experts warn.

Malware

Malware DDOS Architecture Financial Services

Maastricht University finally paid a 30 bitcoin ransom to crooks

Security Affairs

FEBRUARY 9, 2020

.” N ow all critical systems at the University are online and offline backups were secured by the company. According to security experts at Fox-IT, the ransomware attack is compatible with other attacks carried out by the TA505 cybercrime gang. “It is a decision that was not taken lightly by the Executive Board.

Ransomware

Ransomware Cyber Attacks Architecture Backups

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. The botnet was first discovered by Fortinet in March, the DDoS botnet targeted several routers and web servers by exploiting known vulnerabilities.

Malware

Malware DDOS IoT Cybercrime

Meet the 2021 SC Awards judges

SC Magazine

MAY 1, 2021

Prior to Mastercard, Abdullah was the chief information security officer at Xerox, where she established and led a corporate-wide information risk management program. She also served as the deputy chief information officer of the White House. She is also the host of the Mastering Cyber podcast.

Computers and Electronics

Computers and Electronics Technology Education Information Security

New Redis miner Migo uses novel system weakening techniques

Security Affairs

FEBRUARY 21, 2024

This ELF file can target x86_64 architecture. . “One key is assigned a string value corresponding to a malicious attacker-controlled SSH key, and the other to a Cron job that retrieves the malicious primary payload from Transfer.sh (a relatively uncommon distribution mechanism previously covered by Cado) via Pastebin.”

Malware

Malware Architecture Marketing Engineering

New ransomware trends in 2023

SecureList

MAY 11, 2023

Security researchers discovered an archive that contained test builds of the malware for a number of less common platforms, including macOS and FreeBSD, as well as for various non-standard processor architectures, such as MIPS and SPARC. As for the second trend, we saw that BlackCat adjusted their TTPs midway through the year.

Ransomware

Ransomware Malware Architecture Telecommunications

Taiwanese vendor QNAP issues advisory on Zerologon flaw

Security Affairs

OCTOBER 22, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. ” reads the advisory issued by the vendor.

Authentication

Authentication Advertising Architecture Cybercrime

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

The most interesting characteristic of the Triada Trojan apart is its modular architecture, which gives it theoretically a wide range of abilities. Triada was designed with the specific intent to implement financial frauds, typically hijacking the financial SMS transactions.

Firmware

Firmware Mobile Malware Retail

New Go-based botnet Zerobot exploits dozens of flaws

Security Affairs

DECEMBER 7, 2022

Zerobot targets multiple architectures, including i386, amd64, arm, arm64, mips, mips64, mips64le, mipsle, ppc64, ppc64le, riscv64, and s390x. . “It also communicates with its command-and-control server using the WebSocket protocol. The bot is saved using the filename “zero.”.

IoT

IoT Architecture Internet Internet

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

Security Affairs

OCTOBER 11, 2023

Upon executing the script, it deletes logs and downloads and executes various bot clients to target specific Linux architectures. Upon exploiting one of the above vulnerabilities, a shell script downloader “l.sh” is downloaded from hxxp://194[.]180[.]48[.]100. ” reads the analysis published by Fortinet.

DDOS

DDOS Wireless Architecture IoT

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon.

VPN

VPN Government Authentication Advertising

Golang-Based Botnet GoBruteforcer targets web servers

Security Affairs

MARCH 13, 2023

The botnet targets x86, x64 and ARM processor architectures, experts noticed that it relies on an internet relay chat (IRC) bot on the victim server to communicate with the attacker’s server. “Once a host is found, GoBruteforcer tries to get access to the server via brute force.

Passwords

Passwords Malware Architecture Authentication

Black Hat USA 2021 Network Operations Center

Cisco Security

AUGUST 12, 2021

This requires a robust connection to the Internet (Lumen and Gigamon), firewall protection (Palo Alto Networks), segmented wireless network (Commscope Ruckus) and network full packet capture & forensics and SIEM (RSA NetWitness); with Cisco providing cloud-based security and intelligence support. Threat Grid (Secure Malware Analytics).

DNS

DNS Firewall Phishing Mobile

Talos wars of customizations of the open-source info stealer SapphireStealer

Security Affairs

SEPTEMBER 1, 2023

SapphireStealer is an open-source information stealer written in.NET, which is available in multiple public malware repositories since its public release in December 2022. SapphireStealer allows operators to gather system data (i.e. The malware is also able to siphon files stored with specific extensions and take screenshots.

Malware

Malware Data collection Architecture Hacking

Fortinet warns of a spike of the activity linked to AndoryuBot DDoS botnet

Security Affairs

MAY 9, 2023

” The variant analyzed by the researchers targets multiple architectures, including arm, m68k, mips, mpsl, sh4, spc, and x86. . “Users should be aware of this new threat and actively apply patches on affected devices as soon as they become available.”

DDOS

DDOS Wireless Architecture Advertising

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

DEF CON 31 Policy – Panel: Blocking Pathways into Cybercrime Current Efforts, Future Opportunities

Webinars

Trending Sources

Raccoon Malware, a success case in the cybercrime ecosystem

Webinars

Nurturing Our Cyber Talent

BlackMatter ransomware group claims to be Darkside and REvil succesor

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Enemybot, a new DDoS botnet appears in the threat landscape

Amadey malware spreads via software cracks laced with SmokeLoader

The ultimate guide to Cyber risk management

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

45,654 VMware ESXi servers reached End of Life on Oct. 15

Lastpass discloses the second security breach this year

5ss5c Ransomware emerges after Satan went down in the hell

New P2PInfect bot targets routers and IoT devices

DCRat, only $5 for a fully working remote access trojan

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Updated Kmsdx botnet targets IoT devices

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

IDAT Loader used to infect a Ukraine entity in Finland with Remcos RAT

Experts found a macOS version of the sophisticated LightSpy spyware

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Aerial Direct, the O2’s largest UK partner suffered a data breach

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs newsletter Round 380

LastPass data breach: threat actors stole a portion of source code

FBI warns of dual ransomware attacks

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Cisco and Netflix execs: The pandemic brought good, and some bad changes in security standards

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Maastricht University finally paid a 30 bitcoin ransom to crooks

EnemyBot malware adds new exploits to target CMS servers and Android devices

Meet the 2021 SC Awards judges

New Redis miner Migo uses novel system weakening techniques

New ransomware trends in 2023

Taiwanese vendor QNAP issues advisory on Zerologon flaw

Android devices shipped with backdoored firmware as part of the BADBOX network

New Go-based botnet Zerobot exploits dozens of flaws

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Golang-Based Botnet GoBruteforcer targets web servers

Black Hat USA 2021 Network Operations Center

Talos wars of customizations of the open-source info stealer SapphireStealer

Fortinet warns of a spike of the activity linked to AndoryuBot DDoS botnet

Stay Connected