Blog - Cyber Security Informer

What is a Cloud Native Application Protection Platform (CNAPP)?

Security Boulevard

JANUARY 19, 2022

When I first joined DeepFactor, I set out to learn as much as I could about the relevant markets and technology categories to inform our go-to-market strategy. One of the first questions I asked myself was “What category does DeepFactor fit into and what are the trends that are shaping that category?”.

Marketing

Marketing Technology

Black Basta ransomware now supports encrypting VMware ESXi servers

Security Affairs

JUNE 8, 2022

Researchers from Uptycs first reported the discovery of the new Black Basta ransomware variant that supports encryption of VMWare ESXi servers. Researchers from NCC Group recently spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation. Pierluigi Paganini.

Encryption

Encryption Ransomware Malware Hacking

Upcoming Launch of Dancho Danchev’s Dark Web Content Media Empire! Visit Us Today!

Security Boulevard

SEPTEMBER 23, 2022

Dear blog readers, After approximately 17 years of operation of this blog I've decided that the time has finally come to launch a new big blogging and security and cybercrime research project this time on the Dark Web. Therefore I would like to welcome you do visit my Dark Web Content Media Empire network of blogs.

Media

Media Cybercrime

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks

Security Affairs

MAY 28, 2022

Researchers at 360 Qihoo observed a wave of DDoS attacks launched by Russia-linked APT-C-53 (aka Gamaredon) and reported that the threat actors also released as open-source the code of a DDoS Trojan called LOIC. ” concludes the researchers that also shared Indicators of compromise for the attacks. To nominate, please visit:?.

DDOS

DDOS Malware Phishing Hacking

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

Security Affairs

JUNE 12, 2022

Researchers from cybersecurity firm GreyNoise reported that 23 unique IP addresses were observed exploiting the Atlassian vulnerabilities. Researchers from security firm Prodaft first reported that AvosLocker ransomware operators have already started exploiting the Atlassian Confluence bug, BleepingComputer reported.

Ransomware

Ransomware Encryption Malware Hacking

Clipminer Botnet already allowed operators to make at least $1.7 Million

Security Affairs

JUNE 3, 2022

million, according to a report published by security researchers at Symantec. Researchers at Symantec’s Threat Hunter Team uncovered a cryptomining operation that has potentially made the actors behind it at least $1.7 Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Cryptocurrency

Cryptocurrency Malware Hacking Software

Note to Self: Create Non-Exhaustive List of Competitors

Krebs on Security

APRIL 20, 2021

The bulk of Gartner’s revenue comes from subscription-based IT market research. ” They also break companies out into categories such as “challengers,” “leaders,” “visionaries” and “niche players.” Those enticements have mostly fallen on deaf ears.

Marketing

Marketing Technology Software Cybercrime

New DFSCoerce NTLM relay attack allows taking control over Windows domains

Security Affairs

JUNE 21, 2022

Researchers warn of a new Windows NTLM relay attack dubbed DFSCoerce that can be exploited by threat actors to take control over a Windows domain. The security researcher Filip Dragovic published a proof-of-concept script for the new NTLM relay attack. To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Authentication

Authentication Hacking Cybersecurity Information Security

Multiple Microsoft Office versions impacted by an actively exploited zero-day

Security Affairs

MAY 30, 2022

The cybersecurity researcher nao_sec discovered a malicious Word document (“05-2022-0438.doc”) Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”).

Cybersecurity

Cybersecurity Hacking Information Security Malware

Experts warn of ransomware attacks against government organizations of small states

Security Affairs

MAY 31, 2022

Cyber Research Labs reported a rise in ransomware attacks in the second quarter of 2022, small states are more exposed to these attacks. Cyble researchers warn that cybercriminal organizations have changed tactics, switching from businesses to small states threatening to subvert government apparatus. ” continues Cyble.

Government

Government Ransomware Cybercrime Banking

Android pre-installed apps are affected by high-severity vulnerabilities

Security Affairs

MAY 27, 2022

The Microsoft 365 Defender Research Team discovered four vulnerabilities ( CVE-2021-42598 , CVE-2021-42599 , CVE-2021-42600 , and CVE-2021-42601 ) in a mobile framework, owned by mce Systems , that is used by several mobile carriers in pre-installed Android System apps. ” concludes the report. To nominate, please visit:?.

Mobile

Mobile Hacking Cybersecurity Information Security

GhostTouch: how to remotely control touchscreens with EMI

Security Affairs

MAY 27, 2022

Security researchers devised a technique, dubbed GhostTouch, to remotely control touchscreens using electromagnetic signals. A team of researchers from Zhejiang University and Technical University of Darmstadt devised a technique, dubbed GhostTouch, to remotely control capacitive touchscreens using electromagnetic signals.

Authentication

Authentication Passwords Hacking Software

GoodWill Ransomware victims have to perform socially driven activities to decryption their data

Security Affairs

MAY 30, 2022

Researchers discovered a new ransomware family called GoodWill that asks victims to donate the ransom for social causes. CloudSEK ’s Threat Intelligence Research team has disclosed a new ransomware strain called GoodWill, that demands victims the payment of a ransom through donations for social causes and financially helping people in need.

Ransomware

Ransomware Media Hacking Cybersecurity

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Security Affairs

MAY 26, 2022

Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. VMware did not provide technical details about the flaw, then Horizon3 researchers performed an analysis of the patch. . ” reads the analysis published by the researchers.

Authentication

Authentication Healthcare Education Cybersecurity

Russia-linked Turla APT targets Austria, Estonia, and NATO platform

Security Affairs

MAY 23, 2022

Researchers from SEKOIA.IO SEKOIA researchers started their investigation after the publication of Google’s Threat Analysis Group (TAG)’s report “ Update on cyber activity in Eastern Europe ” which detailed the activity of nation-state actors against Eastern Europe. org jadlactnato.webredirect[.]org. Pierluigi Paganini.

Government

Government Hacking Cybersecurity Information Security

ERMAC 2.0 Android Banking Trojan targets over 400 apps

Security Affairs

MAY 27, 2022

ERMAC was first spotted by researchers from Threatfabric in July 2021, it is based on the popular banking trojan Cerberus. was discovered by ESET researchers after a campaign impersonating Bolt Food targeted Polish users. ESETresearch @LukasStefanko 1/3 pic.twitter.com/hGeD4ZSwve — ESET research (@ESETresearch) May 18, 2022.

Banking

Banking Malware Cybercrime Phishing

Evil Corp gang starts using LockBit Ransomware to evade sanctions

Security Affairs

JUNE 7, 2022

Mandiant researchers associate multiple LockBit ransomware attacks with the notorious Evil Corp Cybercrime Group. Mandiant researchers have investigated multiple LOCKBIT ransomware attacks that have been attributed to the financially motivated threat actor UNC2165. ” reads the analysis published by Mandiant. Pierluigi Paganini.

Ransomware

Ransomware Cybercrime Malware Hacking

Black Basta ransomware operators leverage QBot for lateral movements

Security Affairs

JUNE 7, 2022

Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation. The researchers shared technical details about the ransomware along with the Indicators of Compromise (IoCs). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware

Ransomware Backups Malware Firewall

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

JUNE 11, 2022

The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new.NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Pierluigi Paganini.

DNS

DNS Telecommunications Malware Phishing

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

JUNE 9, 2022

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. For this reason, security researchers defined this threat as nearly impossible to detect.

Malware

Malware DNS Antivirus Passwords

New XLoader Botnet version uses new techniques to obscure its C2 servers

Security Affairs

JUNE 1, 2022

Researchers from Check Point have discovered a new version of the XLoader botnet, which implements significant enhancements, such as a new technique to obscure the Command and Control infrastructure. The researchers pointed out that all XLoader samples have 64 domains and one URI in their configurations. To nominate, please visit:?.

Malware

Malware Hacking Cybersecurity Mobile

Deepfake cyberthreats – The next evolution

CyberSecurity Insiders

MARCH 13, 2021

This blog was written by an independent guest blogger. Since then, research published in Crime Science has delved into the topic in-depth. Among these categories, the following were deemed the highest risk: Audio/video impersonation. In 2019, we published an article about deepfakes and the technology behind them.

Cybercrime

Cybercrime Technology Ransomware Phishing

Google announced its Mobile VRP (vulnerability rewards program)

Security Affairs

MAY 23, 2023

Only apps published by the developers in the list below or apps in the Tier 1 list (Google’s Play Services, AGSA (Android Google Search app), Chrome, Cloud, Gmail, and Chrome Remote Desktop) are in covered by the new program: Google LLC Developed with Google Research at Google Red Hot Labs Google Samples Fitbit LLC Nest Labs Inc.

Mobile

Mobile Hacking Accountability Cybersecurity

GUEST ESSAY: A breakout of how Google, Facebook, Instagram enable third-party snooping

The Last Watchdog

OCTOBER 17, 2022

To provide even further insight into the data safety and privacy practices of app developers, researchers at Incogni conducted a study of the top 500 paid and top 500 free Google Play Store apps. One possible explanation that Incogni researchers offered is that free apps have, on average, 400 times more downloads than paid apps.

Data privacy

Data privacy Media Data collection Data breaches

The Pwn2Own Vancouver 2022: Trend Micro and ZDI awarded $1,155,000

Security Affairs

MAY 22, 2022

The researchers earned $40,000 and 4 Master of Pwn points. This year, 17 contestants are attempted to exploit 21 targets across multiple categories and Trend Micro and ZDI awarded $1,155,000! With all of the points totaled, @starlabs_sg has been crowned Master of Pwn for #Pwn2Own Vancouver 2022! To nominate, please visit:?

Hacking

Hacking Cybersecurity Information Security

Malicious apps continue to spread through the Google Play Store

Security Affairs

JUNE 16, 2022

Researchers at antivirus firm Dr. Web discovered malware in the Google Play Store that was downloaded two million times. The most common unwanted program discovered by the researchers is Program.FakeAntiVirus.1 Researchers discovered five malicious apps in the Google Play Store that totalized two million downloads.

Adware

Adware Antivirus Malware Software

Experts warn of a new malvertising campaign spreading the ChromeLoader

Security Affairs

MAY 26, 2022

Researchers warn of a new malvertising campaign spreading the ChromeLoader malware that hijacks the victims’ browsers. Researchers from Red Canary observed a new malvertising campaign spreading the ChromeLoader malware that hijacks the victims’ browsers. ” continues the analysis. To nominate, please visit:?.

Malware

Malware Spyware Threat Detection Engineering

The strange link between Industrial Spy and the Cuba ransomware operation

Security Affairs

MAY 28, 2022

MalwareHunterTeam researchers spotted malware samples [ 1 , 2 ] that drop the following wallpaper that promotes the site. Recently MalwareHunterTeam researchers discovered a new sample of the Industrial Spy malware, which appeared like a ransom note. Here is the wallpaper that gets dropped on systems where one of their samples run.

Ransomware

Ransomware Malware Hacking Accountability

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited

Security Affairs

JUNE 3, 2022

Volexity researchers discovered the issue as part of an investigation into an attack that took over the Memorial Day weekend. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. ” This isn’t the first time that flaws in Atlassian Confluence are exploited in attacks in the wild.

Internet

Internet Internet Authentication Hacking

Pro-Russian hacker group KillNet plans to attack Italy on May 30

Security Affairs

MAY 29, 2022

Cyberknow researchers published a timeline of the attacks conducted by the group: CyberKnown speculates the group has a semi-formal structured organization, KillNet Order of Battle (ORBAT). Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. To nominate, please visit:?. Pierluigi Paganini.

Banking

Banking Cyber Attacks Media Hacking

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild

Security Affairs

JUNE 19, 2022

The researchers believe that this vulnerability is being actively exploited in the wild, it has been rated with a CVSS score of 9.8. One of the potentially critical exploit chain described by the researchers involves the use of the NF_Admin_Processes_ImportForm class to achieve remote code execution via deserialization. and 3.6.11.

Hacking

Hacking Cybersecurity Information Security

Threat actors exploit recently disclosed Atlassian Confluence flaw in cryptomining campaign

Security Affairs

JUNE 10, 2022

CheckPoint researchers have observed threat actors exploiting the recently disclosed CVE-2022-26134 remote code execution vulnerability in Atlassian Confluence servers to deploy cryptocurrency miners. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Malware Hacking Cybersecurity

Threat Trends: DNS Security, Part 1

Cisco Security

MARCH 11, 2021

Part 1: Top threat categories. Our Threat Trends blog series takes a look at the activity that we see in the threat landscape and reports on those trends. We’ll look at DNS queries to domains that fall into certain categories of malicious activity, and in some cases specific threats, between January and December of 2020.

DNS

DNS Phishing Ransomware Internet

Google expert detailed a 5-Year-Old flaw in Apple Safari exploited in the wild

Security Affairs

JUNE 20, 2022

Researchers from the Google Project Zero team have disclosed details of a vulnerability in Apple Safari that was actively exploited in the wild. “This blog is the story of a “zombie” Safari 0-day and how it came back from the dead to be disclosed as exploited in-the-wild in 2022. the google researcher Maddie Stone added.

Hacking

Hacking Software Cybersecurity Data breaches

Russia-linked Fronton botnet could run disinformation campaigns

Security Affairs

MAY 23, 2022

Researchers warn that the Fronton botnet was used by Russia-linked threat actors for coordinated disinformation campaigns. “Nisos research focused on the distribution of the numerous content types. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Pierluigi Paganini.

DDOS

DDOS Media Hacking Engineering

Chinese DriftingCloud APT exploited Sophos Firewall Zero-Day before it was fixed

Security Affairs

JUNE 17, 2022

Volexity researchers discovered that the zero-day vulnerability, tracked as CVE-2022-1040 , in Sophos Firewall was exploited by Chinese threat actors to compromise a company and cloud-hosted web servers it was operating. “An It was reported via the Sophos bug bounty program by an external security researcher. Pierluigi Paganini.

Firewall

Firewall DNS Authentication Malware

PACMAN, a new attack technique against Apple M1 CPUs

Security Affairs

JUNE 11, 2022

The researchers who devised the attack technique speculate that the principles behind the PACMAN attacks could be used for much more than just PAC. The technique was discovered by researchers at MIT’s Computer Science & Artificial Intelligence Laboratory (CSAIL), Joseph Ravichandran , Weon Taek Na , Jay Lang , and Mengjia Yan.

Authentication

Authentication Artificial Intelligence Architecture Hacking

Unknown APT group is targeting Russian government entities

Security Affairs

MAY 25, 2022

Researchers from Malwarebytes observed an unknown Advanced Persistent Threat (APT) group targeting Russian government entities with at least four separate spear-phishing campaigns since the beginning of the Russian invasion of Ukraine. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Government

Government Malware Phishing Hacking

SideWinder carried out over 1,000 attacks since April 2020

Security Affairs

MAY 31, 2022

Researchers from Kaspersky have analyzed the activity of an aggressive threat actor tracked as SideWinder (aka RattleSnake and T-APT-04). The group stands out for the high frequency and persistence of its attacks, researchers believe that the APT group has carried out over 1,000 attacks since April 2020. To nominate, please visit:?

Encryption

Encryption Malware Phishing Hacking

Security Affairs newsletter Round 369 by Pierluigi Paganini

Security Affairs

JUNE 12, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Ransomware

Ransomware DNS Cybercrime Hacking

Trend Micro addressed a flaw exploited by China-linked Moshen Dragon APT

Security Affairs

MAY 24, 2022

In early May, SentinelOne researchers observed a China-linked APT group, tracked as Moshen Dragon, targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Pierluigi Paganini.

Malware

Malware Telecommunications Internet Internet

GALLIUM APT used a new PingPull RAT in recent campaigns

Security Affairs

JUNE 13, 2022

Researchers from Palo Alto Networks defined the PingPull RAT as a “difficult-to-detect” backdoor that leverages the Internet Control Message Protocol (ICMP) for C2 communications. . Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. To nominate, please visit:?.

Telecommunications

Telecommunications Government Internet Internet

SHARED INTEL: A foolproof consumer’s guide to creating and managing bulletproof passwords

The Last Watchdog

MARCH 24, 2022

Research shows that the best passwords are 14 characters long. First, make a list of all of the sites you have a username and password for, and then put those sites into categories. Next, remember your categories? This is made up like the following: Eight-character + three-character password (category) + three-character (site).

Passwords

Passwords Password Management Banking Accountability

ALPHV/BlackCat ransomware gang starts publishing victims’ data on the clear web

Security Affairs

JUNE 16, 2022

The ALPHA/BlackCat gang has been active since at least December 2021 when malware researchers from Recorded Future and MalwareHunterTeam discovered their operation. The popular malware researcher Michael Gillespie said that the BlackCat ransomware is “very sophisticated. To nominate, please visit:?. Pierluigi Paganini.

Ransomware

Ransomware Cybercrime Malware Advertising

What is a Cloud Native Application Protection Platform (CNAPP)?

Black Basta ransomware now supports encrypting VMware ESXi servers

Webinars

Trending Sources

Upcoming Launch of Dancho Danchev’s Dark Web Content Media Empire! Visit Us Today!

Webinars

Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

Clipminer Botnet already allowed operators to make at least $1.7 Million

Note to Self: Create Non-Exhaustive List of Competitors

New DFSCoerce NTLM relay attack allows taking control over Windows domains

Multiple Microsoft Office versions impacted by an actively exploited zero-day

Experts warn of ransomware attacks against government organizations of small states

Android pre-installed apps are affected by high-severity vulnerabilities

GhostTouch: how to remotely control touchscreens with EMI

GoodWill Ransomware victims have to perform socially driven activities to decryption their data

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Russia-linked Turla APT targets Austria, Estonia, and NATO platform

ERMAC 2.0 Android Banking Trojan targets over 400 apps

Evil Corp gang starts using LockBit Ransomware to evade sanctions

Black Basta ransomware operators leverage QBot for lateral movements

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Symbiote, a nearly-impossible-to-detect Linux malware?

New XLoader Botnet version uses new techniques to obscure its C2 servers

Deepfake cyberthreats – The next evolution

Google announced its Mobile VRP (vulnerability rewards program)

GUEST ESSAY: A breakout of how Google, Facebook, Instagram enable third-party snooping

The Pwn2Own Vancouver 2022: Trend Micro and ZDI awarded $1,155,000

Malicious apps continue to spread through the Google Play Store

Experts warn of a new malvertising campaign spreading the ChromeLoader

The strange link between Industrial Spy and the Cuba ransomware operation

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited

Pro-Russian hacker group KillNet plans to attack Italy on May 30

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild

Threat actors exploit recently disclosed Atlassian Confluence flaw in cryptomining campaign

Threat Trends: DNS Security, Part 1

Google expert detailed a 5-Year-Old flaw in Apple Safari exploited in the wild

Russia-linked Fronton botnet could run disinformation campaigns

Chinese DriftingCloud APT exploited Sophos Firewall Zero-Day before it was fixed

PACMAN, a new attack technique against Apple M1 CPUs

Unknown APT group is targeting Russian government entities

SideWinder carried out over 1,000 attacks since April 2020

Security Affairs newsletter Round 369 by Pierluigi Paganini

Trend Micro addressed a flaw exploited by China-linked Moshen Dragon APT

GALLIUM APT used a new PingPull RAT in recent campaigns

SHARED INTEL: A foolproof consumer’s guide to creating and managing bulletproof passwords

ALPHV/BlackCat ransomware gang starts publishing victims’ data on the clear web

Stay Connected