Security Affairs

OCTOBER 28, 2021

AbstractEmu is a new Android malware that can root infected devices to take complete control and evade detection with different tricks. Security researchers at the Lookout Threat Labs have discovered a new Android malware, dubbed AbstractEmu , with rooting capabilities that is distributed on Google Play and prominent third-party stores (i.e.

Malware 95

Malware Cybercrime Mobile Banking 95

Security Affairs

AUGUST 10, 2023

Experts warn that a new info-stealer named Statc Stealer is infecting Windows devices to steal a broad range of sensitive information. Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices. ” concludes the report.

Malware 86

Malware Encryption Advertising Cryptocurrency 86

Security Affairs

JUNE 29, 2022

Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators. solutions. .

Malware 97

Malware Authentication Software Accountability 97

Security Affairs

JANUARY 9, 2023

The crypto-miner Kinsing was first spotted by security firm Aqua Security in April 2020, at the time the experts spotted threat actors scanning the Internet for Docker servers running API ports exposed without a password. The Kinsing malware abuses the resources of the Docker installations to mine cryptocurrency.

Malware 92

Malware Authentication Cryptocurrency Internet 92

Security Affairs

MAY 12, 2024

Some of the victims’ ransom payments were sent by both Conti and Black Basta groups to the gang behind the Qakbot malware. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, cybercrime) 61,9% of the victims are in the US, 15.8% in Germany, and 5.9%

Ransomware 114

Ransomware Hacking Healthcare Retail 114

Security Affairs

MARCH 17, 2024

France Travail data breach impacted 43 Million people Scranton School District in Pennsylvania suffered a ransomware attack Lazarus APT group returned to Tornado Cash to launder stolen funds Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case UK Defence Secretary jet hit by an electronic warfare attack in Poland Cisco (..)

Data breaches 106

Data breaches Computers and Electronics Cybercrime Ransomware 106

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN 108

VPN Cybercrime Ransomware Hacking 108

Security Affairs

AUGUST 26, 2021

Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. ” reads CISA’s advisory.

Malware 130

Malware VPN Authentication Hacking 130

Security Affairs

SEPTEMBER 27, 2022

Threat actors behind the new ‘Erbium’ information-stealing malware are distributing it as fake cracks and cheats for popular video games to steal victims’ credentials and cryptocurrency wallets. The Erbium info-stealing malware was first spotted by researchers at threat intelligence firm Cluster25 on July 21, 2022.

Malware 82

Malware Password Management Authentication Passwords 82

Security Affairs

JULY 19, 2022

Google blocked dozens of malicious apps from the official Play Store that were spreading Joker, Facestealer, and Coper malware families. Google has removed dozens of malicious apps from the official Play Store that were distributing Joker, Facestealer, and Coper malware families. ” reads the analysis published by Zscaler.

Malware 122

Malware Spyware Banking Mobile 122

Security Affairs

APRIL 30, 2023

ViperSoftX uses more sophisticated encryption and anti-analysis techniques Atomic macOS Stealer is advertised on Telegram for $1,000 per month CISA warns of a critical flaw affecting Illumina medical devices OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands Cisco discloses a bug in the Prime Collaboration Deployment (..)

Cybercrime 89

Cybercrime Malware Hacking Accountability 89

Security Affairs

MARCH 26, 2024

A new variant of TheMoon malware infected thousands of outdated small office and home office (SOHO) routers and IoT devices worldwide. Once the rules have been created, a thread connects to an NTP server from a roster of authentic NTP servers.

IoT 124

IoT Cybercrime Internet Internet 124

Security Affairs

MARCH 10, 2024

Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp Cybercrime BlackCat Ransomware Affiliate TTPs American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack LockBit 3.0’S

Spyware 88

Spyware Data breaches Hacking Ransomware 88

The Last Watchdog

APRIL 13, 2022

Additionally, there are also Russian cybercrime organizations that are not state-sponsored but are allowed to operate. Although there’s no one magic solution to eliminating cyberattacks and cybercrime risks, there are steps you can take to reduce the chances of becoming a victim. businesses called #ShieldsUp.

Cybersecurity 214

Cybersecurity Cybercrime Education Passwords 214

Security Affairs

OCTOBER 31, 2022

The infection chain was divided into four stages : The malware was installed through a dropper, a program executed by opening an attachment to a deceptive e-mail, probably a fake pdf or doc file, or executed directly from the Internet, without user interaction, exploiting the exploit described in the point 4. The infection chain.

Malware 98

Malware Computers and Electronics Encryption Ransomware 98

Security Affairs

JULY 2, 2023

Illicit Telegram Communities Dismantling of an encrypted network sends shockwaves through organised crime groups across Europe TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant Malware Trojanized Super Mario Game Installer Spreads SupremeBot Malware Initial research exposing JOKERSPY Who is 8BASE?

Cybercrime 87

Cybercrime Hacking Ransomware Malware 87

Security Affairs

MAY 9, 2024

In early January, the software firm reported that threat actors are exploiting two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x,

Authentication 97

Authentication Backups Cyber threats Malware 97

Security Affairs

SEPTEMBER 3, 2023

ransomware builder used by multiple threat actors Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software Cybercrime Unpacking the MOVEit Breach: Statistics and Analysis Cl0p Ups The Ante With Massive MOVEit Transfer Supply-Chain Exploit FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown U.S.

Social Engineering 107

Social Engineering Spyware Data breaches Surveillance 107

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 87

Spyware Hacking Malware Social Engineering 87

Security Affairs

SEPTEMBER 22, 2020

US Cybersecurity and Infrastructure Security Agency (CISA) is warning of a notable increase in the use of LokiBot malware by threat actors since July 2020. The Agency’s EINSTEIN Intrusion Detection System has detected persistent malicious activity associated with the LokiBot malware. Enforce multi-factor authentication.

Malware 66

Malware Passwords Advertising Antivirus 66

Security Affairs

JULY 23, 2020

North Korea-linked Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA, to target entities worldwide. The MATA malware framework could target Windows, Linux, and macOS operating systems. The malware framework implements a wide range of features that allow attackers to fully control the infected systems.

Malware 100

Malware Ransomware Advertising Encryption 100

Security Affairs

APRIL 10, 2021

Microsoft researchers spotted a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. Security experts from Microsoft have uncovered a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. SecurityAffairs – hacking, IcedID malware).

Malware 99

Malware Banking Marketing Authentication 99

Security Affairs

JANUARY 28, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center Participants earned more than $1.3M

Artificial Intelligence 96

Artificial Intelligence Hacking Malware Cyber Attacks 96

Security Affairs

JANUARY 13, 2024

According to the NCSC-FI, six out of seven infections were caused by Akira family malware. “Of these, three were found to be activated during the longer vacations of the Christmas season. In addition, during Christmas, there was one incident caused by another ransomware malware family.”

Ransomware 112

Ransomware Backups VPN Authentication 112

Security Affairs

FEBRUARY 16, 2021

Experts provided a list of ngrok -based attacks conducted by cybercrime organizations and nation-stated actors such as Fox Kitten and Pioneer Kitten APT groups. The experts reported multiple malware strains and phishing campaigns abusing ngrok tunnelling, including. “Interestingly, we found multiple ngrok.io Pierluigi Paganini.

Phishing 128

Phishing Cybercrime Mobile Internet 128

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware 78

Malware Cybercrime Cryptocurrency Social Engineering 78

Security Affairs

FEBRUARY 25, 2024

Uninstall it immediately Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers ConnectWise fixed critical flaws in ScreenConnect remote access tool More details about Operation Cronos that disrupted Lockbit operation Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider (..)

Spyware 96

Spyware Cyber Insurance Hacking Advertising 96

Security Affairs

AUGUST 15, 2022

Researchers from Cyber looked for VNC exposed over the internet and discovered over 8000 VNC instances with authentication disabled, most of them in China, Sweden, and the United States. Cyble also reported that threat actors are selling access to systems exposed on the Internet via VNC on cybercrime forums. ” Cyble states.

Internet 96

Internet Internet Risk Cybercrime 96

Security Affairs

JANUARY 13, 2024

According to the NCSC-FI, six out of seven infections were caused by Akira family malware. In addition, during Christmas, there was one incident caused by another ransomware malware family.” The Finish researchers pointed out that the attack cannot bypass multi-step authentication. ” reads the NCSC-FI’s alert.

Ransomware 87

Ransomware Backups VPN Authentication 87

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 94

Data breaches Malware Mobile Spyware 94

Security Affairs

FEBRUARY 19, 2024

The malware previously focused its activities on the UK, Germany, and Spain, but the latest campaigns targeted Slovakia, Slovenia, and Czechia, which suggests a shift in its operational strategy. TeaBot supports common features of Android banking Trojan and like other similar malware families it abuses Accessibility Services.

Banking 103

Banking Malware Mobile Authentication 103

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware 107

Ransomware Encryption Antivirus VPN 107

Security Affairs

FEBRUARY 27, 2024

ConnectWise recently warned of the following two critical vulnerabilities in its ScreenConnect remote desktop access product: CVE-2024-1709 – CWE-288 Authentication bypass using an alternate path or channel (CVSS score 10) CVE-2024-1708 – CWE-22 Improper limitation of a pathname to a restricted directory (“path traversal”) (CVSS score 8.4)

Ransomware 117

Ransomware Malware Software Authentication 117

Security Affairs

MARCH 12, 2021

Below the details of the ProxyLogon vulnerabilities: The first zero-day, tracked as CVE-2021-26855 , is a server-side request forgery (SSRF) vulnerability in Exchange that could be exploited by an attacker to authenticate as the Exchange server by sending arbitrary HTTP requests. 2/5 — ESET research (@ESETresearch) March 2, 2021.

Cyber Attacks 124

Cyber Attacks Cybercrime Authentication Hacking 124

Security Affairs

MAY 18, 2022

Data stolen from this kind of malware includes private keys, seed phrases, and wallet addresses, that could be used by threat actors to initiate fraudulent transactions. “Cryware are information stealers that collect and exfiltrate data directly from non-custodial cryptocurrency wallets, also known as hot wallets.

Cryptocurrency 93

Cryptocurrency Social Engineering Malware Cybercrime 93

Security Affairs

APRIL 25, 2022

The BlackCat/ALPHV a Ransomware was first discovered in December by malware researchers from Recorded Future and MalwareHunterTeam. The malware is the first professional ransomware strain that was written in the Rust programming language. Use multifactor authentication where possible. hard drive, storage device, the cloud).

Ransomware 107

Ransomware Antivirus Passwords Malware 107

Security Affairs

MARCH 23, 2023

Nexus is available via a Malware-as-a-Service (MaaS) subscription and is advertised on underground forums or through private channels (e.g., Like other malware, Nexus doesn’t infect systems located in Russia and CIS countries. Telegram) since January 2023. It was available for rent at a price of $3000 per month.

Banking 79

Banking Cryptocurrency Malware Advertising 79