Authentication and Malware - Cyber Security Informer

Microsoft Patch Tuesday, November 2024 Edition

Krebs on Security

NOVEMBER 12, 2024

The second bug fixed this month that is already seeing in-the-wild exploitation is CVE-2024-43451 , a spoofing flaw that could reveal Net-NTLMv2 hashes , which are used for authentication in Windows environments. Narang notes that CVE-2024-43451 is the third NTLM zero-day so far this year. This bug has earned a CVSS severity rating of 9.8 (10

Authentication

Authentication Engineering Malware Passwords

PIN-Stealing Android Malware

Schneier on Security

JANUARY 9, 2024

The malware captures any PINs and passwords the victim enters to unlock their device and can later use them to unlock the device at will to perform malicious activities hidden from view.

Malware

Malware Banking Passwords Authentication

CISA warns of RESURGE malware exploiting Ivanti flaw

Security Affairs

MARCH 30, 2025

Cybersecurity and Infrastructure Security Agency (CISA) warns of RESURGE malware, targeting a vulnerability in Ivanti Connect Secure (ICS) appliances. Cybersecurity and Infrastructure Security Agency (CISA) published a Malware Analysis Report (MAR) on a new malware called RESURGE. reads the advisory. continues the advisory.

Malware

Malware Authentication Encryption Cybersecurity

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware.

DNS

DNS Malware Firmware Authentication

SK Telecom revealed that malware breach began in 2022

Security Affairs

MAY 20, 2025

In April, SK Telecom reported that threat actors gained access to USIM-related information for customers following a malware attack. SK Telecom announced it had enhanced defensive measures and blocked illegal SIM card changes and abnormal authentication attempts. million users affected by a malware breach that exposed sensitive data.

Malware

Malware Mobile Data breaches Wireless

Zanubis in motion: Tracing the active evolution of the Android banking malware

SecureList

MAY 28, 2025

Once these permissions are granted, the malware gains extensive capabilities that allow its operators to steal the user’s banking data and credentials, as well as perform remote actions and control the device without the user’s knowledge. Join us in this blogpost as we take a closer look at the malware’s evolution over time.

Banking

Banking Malware Energy and Utilities Encryption

Warning over free online file converters that actually install malware

Malwarebytes

MARCH 17, 2025

Instead of converting files, the tools actually load malware onto victims computers. The FBI warned specifically about that malware leading to ransomware attacks, but we’ve also seen similar sites that install browser hijackers, adware, and potentially unwanted programs (PUPs). This is the actual malware. Email addresses.

Malware

Malware Adware Education Phishing

Deceptive Google Meet Invites Lures Users Into Malware Scams

eSecurity Planet

OCTOBER 22, 2024

These malware scams lure individuals with fake conference invitations designed to mimic legitimate meeting requests and exploit users’ trust. You are then guided to execute PowerShell code designed to “fix” the supposed problem, unwittingly allowing malware to infiltrate their systems.

Scams

Scams Malware Phishing Social Engineering

Leaked Signing Keys Are Being Used to Sign Malware

Schneier on Security

DECEMBER 8, 2022

A bunch of Android OEM signing keys have been leaked or stolen, and they are actively being used to sign malware. The whole system of authentication rests on the assumption that signing keys are kept secret by the legitimate signers. This is a huge problem.

Malware

Malware Authentication Accountability

Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI

Troy Hunt

AUGUST 29, 2023

Today, the US Justice Department announced a multinational operation involving actions in the United States, France, Germany, the Netherlands, and the United Kingdom to disrupt the botnet and malware known as Qakbot and take down its infrastructure.

Malware

Malware Passwords Password Management Antivirus

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

Security Affairs

NOVEMBER 19, 2024

Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. BrazenBamboo is known to be the author of other malware families, including LIGHTSPY , DEEPDATA, and DEEPPOST.

VPN

VPN Malware Spyware Passwords

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

Booking.com said it now requires 2FA , which forces partners to provide a one-time passcode from a mobile authentication app (Pulse) in addition to a username and password. In November 2023, the security firm SecureWorks detailed how scammers targeted booking.com hospitality partners with data-stealing malware.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

New sophisticate malware SuperCard X targets Androids via NFC relay attacks

Security Affairs

APRIL 21, 2025

Cleafy researchers discovered a new malware-as-a-service (MaaS) called SuperCard X targeting Android devices with NFC relay attacks for fraudulent cash-outs. Analysis of the SuperCard X campaign in Italy revealed custom malware builds tailored for regional use. The Reader and Tapper are linked via a shared C2 server over HTTP.

Malware

Malware Social Engineering Banking Engineering

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

The Disneyland Team’s Web interface, which allows them to interact with malware victims in real time to phish their login credentials using phony bank websites. The Disneyland Team uses common misspellings for top bank brands in its domains. For example, one domain the gang has used since March 2022 is ushank[.]com

Malware

Malware Banking Phishing DDOS

JPCERT warns of DslogdRAT malware deployed in Ivanti Connect Secure

Security Affairs

APRIL 25, 2025

Researchers identified a new malware, named DslogdRAT, deployed after exploiting a now-patched flaw in Ivanti Connect Secure (ICS). JPCERT/CC researchers reported that a new malware, dubbed DslogdRAT, and a web shell were deployed by exploiting a zero-day vulnerability during attacks on Japanese organizations in December 2024.

Malware

Malware Hacking Authentication Cybersecurity

DeepSeek and AI-Generated Malware Pose New Danger for Cybersecurity

SecureWorld News

MARCH 13, 2025

A recent report from Tenable highlights how DeepSeek R1, an open-source AI model, can generate rudimentary malware, including keyloggers and ransomware. While the AI-generated malware required manual debugging to function properly, its mere existence signals an urgent need for security teams to adapt their defenses.

Malware

Malware Cybersecurity Cyber threats Threat Detection

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Troy Hunt

APRIL 26, 2021

Earlier this year, the FBI in partnership with the Dutch National High Technical Crimes Unit (NHTCU), German Federal Criminal Police Office (BKA) and other international law enforcement agencies brought down what Europol rereferred to as the world's most dangerous malware: Emotet. Turn on 2 factor authentication wherever available.

Malware

Malware Passwords Banking Password Management

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname “ The Manipulaters ,” have been the subject of three stories published here since 2015.

Phishing

Phishing Cybercrime Advertising Malware

Not All MFA is Equal, and the Differences Matter a Lot

Daniel Miessler

MARCH 10, 2022

People are starting to get the fact that texts (SMS) are a weak form of multi-factor authentication (MFA). A growing percentage of malware packages now include prompts for not only a username and password, but also an MFA code. So that raises the question: is there a type of authentication that protects against this?

Authentication

Authentication Phishing Passwords Accountability

Threat actor impersonates Google via fake ad for Authenticator

Malwarebytes

JULY 30, 2024

Not only does this trick innocent victims into downloading malware or losing their data to phishing sites, it also erodes trust in brands and by association in Google Search itself. This was the case here with this ad for Authenticator: The truth is Larry Marr has nothing to do with Google, and is likely a fake account.

Authentication

Authentication Computers and Electronics Social Engineering Advertising

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware.

Malware

Malware Cybercrime Software Accountability

Phishing Campaign Impersonates Booking.com, Plants Malware

eSecurity Planet

MARCH 14, 2025

A recent phishing campaign has raised alarms among cybersecurity professionals after it impersonated Booking.com to deliver a suite of credential-stealing malware. This command, executed via mshta.exe, downloads and launches various malware families, such as XWorm, Lumma Stealer, VenomRAT, AsyncRAT, Danabot, and NetSupport RAT.

Phishing

Phishing Malware Social Engineering Authentication

ToxicPanda Android banking trojan targets Europe and LATAM, with a focus on Italy

Security Affairs

NOVEMBER 5, 2024

The ToxicPanda Android malware has infected over 1,500 devices, enabling attackers to perform fraudulent banking transactions. Cleafy researchers spotted a new Android banking malware, dubbed ToxicPanda, which already infected over 1,500 Android devices. ” reads the report published by Cleafy. ” continues the report.

Banking

Banking Malware Accountability Authentication

A large botnet targets M365 accounts with password spraying attacks

Security Affairs

FEBRUARY 24, 2025

A botnet of 130,000+ devices is attacking Microsoft 365 accounts via password-spraying, bypassing MFA by exploiting basic authentication. The attackers targeted accounts protected with basic authentication bypassing multi-factor authentication. The attackers used basic authentication methods. ” continues the report.

Passwords

Passwords Accountability Authentication Malware

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Malwarebytes

MARCH 26, 2025

Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor.

Phishing

Phishing Malware Passwords Password Management

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

Malwarebytes

NOVEMBER 5, 2024

The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are taking over email accounts via stolen session cookies, allowing them to bypass the multi-factor authentication (MFA) a user has set up. However, session cookies are usually stolen by malware on the your device. Here’s how it works.

Accountability

Accountability Authentication Malware Banking

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound encryption and steal browser cookies. The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.

Encryption

Encryption Password Management Cryptocurrency Social Engineering

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

RedLine and META targeted millions of victims worldwide, according to Eurojust it was one of the largest malware platforms globally. Authorities discovered that over 1 200 servers in dozens of countries were running the malware. ESET released a free online scanner for Redline and META that can help users detect and remove malware.

Identity Theft

Identity Theft Passwords Malware Banking

U.S. CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 23, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the Fortinet FortiManager missing authentication vulnerability CVE-2024-47575 (CVSS v4 score: 9.8) A missing authentication flaw in FortiManager and FortiManager Cloud versions allows attackers to execute arbitrary code or commands through specially crafted requests.

Authentication

Authentication Malware Risk Cybersecurity

FBI Hacker Dropped Stolen Airbus Data on 9/11

Krebs on Security

SEPTEMBER 13, 2023

Info-stealers like RedLine typically are deployed via opportunistic email malware campaigns, and by secretly bundling the trojans with cracked versions of popular software titles made available online. In June 2023, the FBI seized the BreachForums domain name , but the forum has since migrated to a new domain.

Cybercrime

Cybercrime Passwords Authentication Malware

Video: How Hackers Steal Your Cookies & How to Stop Them

eSecurity Planet

NOVEMBER 6, 2024

Attackers can steal your cookies through phishing, malware, and MITM attacks, leading to data theft, financial loss, and identity theft. They can also exploit vulnerabilities in websites you visit to install malware that extracts cookies from your browser. Let’s take a closer look at the process.

Identity Theft

Identity Theft Passwords Phishing Accountability

Turn on MFA Before Crooks Do It For You

Krebs on Security

JUNE 19, 2020

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. When the two of them sat down to reset his password, the screen displayed a notice saying there was a new Gmail address tied to his Xbox account.

Authentication

Authentication Accountability Passwords Mobile

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 19, 2024

This week, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. concludes Sophos.

Backups

Backups VPN Ransomware Authentication

Crime Shop Sells Hacked Logins to Other Crime Shops

Krebs on Security

JANUARY 21, 2022

One example is Genesis Market , where customers can search for stolen credentials and authentication cookies from a broad range of popular online destinations. Genesis mostly gets its inventory of botted computers and stolen logins from resellers who specialize in deploying infostealer malware via email and booby-trapped websites.

Hacking

Hacking Cybercrime Passwords Authentication

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

.” Echoing the FBI’s warning, Donahue said far too many police departments in the United States and other countries have poor account security hygiene, and often do not enforce basic account security precautions — such as requiring phishing-resistant multifactor authentication. dot-gov emails get hacked. ”

Hacking

Hacking Accountability Government Social Engineering

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware

The Hacker News

JULY 1, 2024

A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware.

Malware

Malware Authentication Software

More SolarWinds News

Schneier on Security

FEBRUARY 3, 2021

Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot , was deployed in September 2019, at the time hackers breached SolarWinds’ internal network.

Computers and Electronics

Computers and Electronics Malware Software Government

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. Image: Proofpoint.

Accountability

Accountability Advertising Passwords Phishing

As Seen on Channel 5’s Vanessa (Feltz) Show: What to Do if You’re Targeted by a Scam

Jane Frankland

MAY 16, 2025

in parking lots) redirect to malware ridden websites. MFA Bypass Methods: SIM swaps, malware, or phishing sites that trick you into revealing or approving access. App-based MFA (like Google Authenticator ) is more secure, but still vulnerable to SIM swaps or malware. Goods are never delivered or are counterfeit.

Scams

Scams Password Management Passwords Banking

184 million logins for Instagram, Roblox, Facebook, Snapchat, and more exposed online

Malwarebytes

MAY 27, 2025

More likely, it was amassed by infostealersmalicious software (malware) that are designed specifically to gather sensitive information from infected devices. These malware variants silently extract credentials stored in browsers, email clients, messaging apps, and even crypto wallets. Use unique, complex passwords for every service.

Identity Theft

Identity Theft Passwords Accountability Phishing

RSAC insights: Malware is now spreading via weaponized files circulating in data lakes, file shares

The Last Watchdog

JUNE 3, 2022

Lots of innovation has come down the pike with respect to imbuing zero trust into two pillars of security operations: connectivity and authentication. Much has been done with connectivity and authentication. Zero trust, put simply, means eliminating implicit trust. But that needs to change, he says. “Bad

Unstructured Data

Unstructured Data Malware Digital transformation Authentication

News alert: SpyCloud operationalizes darknet data, pioneers shift to holistic identity threat protection

The Last Watchdog

FEBRUARY 4, 2025

This innovative approach empowers security teams to proactively protect against previously unseen risks, including the darknet exposures of identity and authentication data stolen about employees, consumers, and suppliers that have been beyond their visibility to date.

Cybercrime

Cybercrime Accountability Phishing Malware

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. The Federal Bureau of Investigation (FBI) released a Private Industry Notification (PIN) to warn of HiatusRAT malware campaigns targeting Chinese-branded web cameras and DVRs. ” reads the PIN report.

Architecture

Architecture Internet Internet Malware

New botnet HTTPBot targets gaming and tech industries with surgical attacks

Security Affairs

MAY 16, 2025

” The malware hides its GUI to evade detection and ensures persistence by adding itself to the Windows startup registry. CookieAttack : Enhances BrowserAttack with advanced cookie handling to further imitate authentic web interactions. ” continues the report.

DDOS

DDOS Education Malware IoT

Microsoft Patch Tuesday, November 2024 Edition

PIN-Stealing Android Malware

Trending Sources

CISA warns of RESURGE malware exploiting Ivanti flaw

MikroTik botnet relies on DNS misconfiguration to spread malware

SK Telecom revealed that malware breach began in 2022

Zanubis in motion: Tracing the active evolution of the Android banking malware

Warning over free online file converters that actually install malware

Deceptive Google Meet Invites Lures Users Into Malware Scams

Leaked Signing Keys Are Being Used to Sign Malware

Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

Booking.com Phishers May Leave You With Reservations

New sophisticate malware SuperCard X targets Androids via NFC relay attacks

Disneyland Malware Team: It’s a Puny World After All

JPCERT warns of DslogdRAT malware deployed in Ivanti Connect Secure

DeepSeek and AI-Generated Malware Pose New Danger for Cybersecurity

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Not All MFA is Equal, and the Differences Matter a Lot

Threat actor impersonates Google via fake ad for Authenticator

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Phishing Campaign Impersonates Booking.com, Plants Malware

ToxicPanda Android banking trojan targets Europe and LATAM, with a focus on Italy

A large botnet targets M365 accounts with password spraying attacks

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

International law enforcement operation dismantled RedLine and Meta infostealers

U.S. CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalog

FBI Hacker Dropped Stolen Airbus Data on 9/11

Video: How Hackers Steal Your Cookies & How to Stop Them

Turn on MFA Before Crooks Do It For You

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Crime Shop Sells Hacked Logins to Other Crime Shops

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware

More SolarWinds News

Malicious Office 365 Apps Are the Ultimate Insiders

As Seen on Channel 5’s Vanessa (Feltz) Show: What to Do if You’re Targeted by a Scam

184 million logins for Instagram, Roblox, Facebook, Snapchat, and more exposed online

RSAC insights: Malware is now spreading via weaponized files circulating in data lakes, file shares

News alert: SpyCloud operationalizes darknet data, pioneers shift to holistic identity threat protection

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

New botnet HTTPBot targets gaming and tech industries with surgical attacks

Stay Connected