Blog - Cyber Security Informer

Are DDoS Simulation Tests Legal?

Security Boulevard

JANUARY 14, 2024

DDoS simulation tests fall into a different legal category than real DDoS attacks carried out by hackers. In the United States, for example, the Computer Fraud and Abuse Act considers a DDoS attack to be a cybercrime with serious prison time and fines.

DDOS

DDOS Cybercrime

Ransomware Vs. Malware: What’s The Difference?

Heimadal Security

AUGUST 24, 2023

Cyber-attacks can come in many forms. While both ransomware and malware fall under the broader category of malicious software, they serve different purposes and have unique impacts on organizations and society. appeared first on Heimdal Security Blog.

Malware

Malware Ransomware Cyber Attacks Software

Threat Spotlight: Data Extortion Ransomware Threats

Security Boulevard

MARCH 5, 2024

Between 2022 and 2023, ransomware attacks increased by more than 100% year-over-year, with more attacks consisting of double and triple extortion. Over the last few years, the ransomware landscape has changed significantly.

Ransomware

Ransomware Cyber threats Risk

Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks

Security Affairs

MAY 28, 2022

360 Qihoo reported DDoS attacks launched by APT-C-53 (aka Gamaredon) conducted through the open-source DDoS Trojan program LOIC. Researchers at 360 Qihoo observed a wave of DDoS attacks launched by Russia-linked APT-C-53 (aka Gamaredon) and reported that the threat actors also released as open-source the code of a DDoS Trojan called LOIC.

DDOS

DDOS Malware Phishing Hacking

A new WhatsApp OTP scam could allow the hijacking of users’ accounts

Security Affairs

MAY 30, 2022

Experts warn of a new ongoing WhatsApp OTP scam that could allow attackers to hijack users’ accounts through phone calls. Sasi explained that after a few minutes their WhatsApp account is logged out and attackers are able to take over them. To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Scams

Scams Accountability Mobile Hacking

Flaw Impacting LibreOffice & OpenOffice Enables Attackers to Spoof Signed Documents

Heimadal Security

OCTOBER 12, 2021

Even though the vulnerability is not placed in the ‘High’ severity category being rated as moderate, the consequences could be disastrous. The post Flaw Impacting LibreOffice & OpenOffice Enables Attackers to Spoof Signed Documents appeared first on Heimdal Security Blog.

Cybersecurity

DoD Adds Two More (ISC)² Certifications to Requirements for Cybersecurity Staff

CyberSecurity Insiders

JUNE 30, 2021

This means that the entire roster of (ISC)² certifications are now required for different security workforce categories within the Department, depending on the functional area the role covers. The HCISPP has been approved for the following categories: Information Assurance Manager Level 1 (IAM 1).

Cybersecurity

Cybersecurity Healthcare Engineering Government

CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

Security Affairs

MAY 25, 2022

is actively exploited in attacks in the wild, it resides in the health check RPM of Cisco IOS XR Software. An unauthenticated, remote attacker could trigger the issue to access the Redis instance that is running within the NOSi container. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Software

Software Hacking Cybersecurity Risk

Black Basta ransomware now supports encrypting VMware ESXi servers

Security Affairs

JUNE 8, 2022

Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. . Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Encryption

Encryption Ransomware Malware Hacking

New DFSCoerce NTLM relay attack allows taking control over Windows domains

Security Affairs

JUNE 21, 2022

Experts discovered a new kind of Windows NTLM relay attack dubbed DFSCoerce that allows taking control over a Windows domain. Researchers warn of a new Windows NTLM relay attack dubbed DFSCoerce that can be exploited by threat actors to take control over a Windows domain. Just like the attack chain starting with PetitPotam works.

Authentication

Authentication Hacking Cybersecurity Information Security

GUEST ESSAY: Stolen logons, brute force hacking get used the most to breach web, email servers

The Last Watchdog

AUGUST 29, 2022

Web application attacks directed at organizations’ web and mail servers continue to take the lead in cybersecurity incidents. Without strong, secure passwords or two-factor authentication ( 2FA ) enabled in an organization or startup, it becomes easy for attackers to access stolen credentials on their web and email servers.

Hacking

Hacking Passwords Password Management Data breaches

Hackers stole over $250,000 in Ethereum from Bored Ape Yacht Club

Security Affairs

JUNE 5, 2022

The hacker conducted a phishing attack, they set up a phishing site that impersonated the official BAYC site claiming that BAYC, MAYC and OthersideMeta holders were able to claim a free NFT for a short period of time. .” Following the theft of NFTs, the attacker began to sell the collected assets at 08:25:42 AM UTC.

Phishing

Phishing Hacking Accountability Scams

GUEST ESSAY: How SIEMS, UEBAs fall short in today’s turbulent threat landscape

The Last Watchdog

JULY 30, 2018

The average small and medium-size business experiences a cyber attack 44 times every day. The painful impact of cyber attacks on businesses is worsening despite advances in technology aimed at protecting enterprises from malicious network traffic, insider threats, malware, denial of service attacks and phishing campaigns.

CISO

CISO Cyber Attacks Data collection Cybersecurity

GitLab addressed critical account take over via SCIM email change

Security Affairs

JUNE 4, 2022

GitLab addresses a critical security vulnerability, tracked as CVE-2022-1680, that could be exploited by an attacker to take over users’ accounts. “It is also possible for the attacker to change the display name and username of the targeted account.” The vulnerability impacts all versions starting from 11.10

Accountability

Accountability Hacking Cybersecurity Information Security

Pro-Russian hacker group KillNet plans to attack Italy on May 30

Security Affairs

MAY 29, 2022

Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. “With different levels of superiority, command lines and tasking. Pierluigi Paganini.

Banking

Banking Cyber Attacks Media Hacking

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

Security Affairs

JUNE 12, 2022

A remote attacker could exploit this OGNL injection vulnerability to take over vulnerable servers, then exploit the remote code execution to implant malware, including ransomware. BleepingComputer also reported that operators behind Cerber2021 ransomware (aka CerberImposter) are actively exploiting the Confluence flaw in recent attacks.

Ransomware

Ransomware Encryption Malware Hacking

LockBit ransomware attack impacted production in a Mexican Foxconn plant

Security Affairs

JUNE 2, 2022

LockBit ransomware gang claimed responsibility for an attack against the electronics manufacturing giant Foxconn that impacted production in Mexico. The electronics manufacturing giant Foxconn confirmed that its production plant in Tijuana (Mexico) has been impacted by a ransomware attack in late May. Pierluigi Paganini.

Ransomware

Ransomware Manufacturing Cybersecurity Hacking

Tackling Cyber Threats: Is AI Cybersecurity Our Only Hope?

Jane Frankland

MAY 8, 2024

This is what I’ll be delving into in this blog, where I’ll be exploring how these two fields are intersecting and what that means for our digital landscape. In fact, according to G2, there’s been a growth rate of 39% – double the next closest software category.

Cyber threats

Cyber threats Cybersecurity Artificial Intelligence CISO

Threat Trends: DNS Security, Part 1

Cisco Security

MARCH 11, 2021

Part 1: Top threat categories. The challenge is that the most active threats change over time, as the prevalence of different attacks ebb and flows. Reading up on these trends can inform you as to what types of attacks are currently active. When it comes to security, deciding where to dedicate resources is vital.

DNS

DNS Phishing Ransomware Internet

Threat Trends: DNS Security, Part 2

Cisco Security

MARCH 23, 2021

In our Threat Trends blog series , we attempt to provide insight into the prevalent trends on the threat landscape. We’ll focus on specific industries, looking at two things: the top threat categories they face, and the categories that they’re more likely to encounter when compared to other industries. Part 2: Industry trends.

DNS

DNS Financial Services Healthcare Manufacturing

Multiple Microsoft Office versions impacted by an actively exploited zero-day

Security Affairs

MAY 30, 2022

A zero-day flaw in Microsoft Office that could be exploited by attackers to achieve arbitrary code execution on Windows systems. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. The cybersecurity researcher nao_sec discovered a malicious Word document (“05-2022-0438.doc”)

Cybersecurity

Cybersecurity Hacking Information Security Malware

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

The FBI issued an alert to inform the higher education sector about the availability of login credentials on dark web forums that can be used by threat actors to launch attacks against individuals and organizations in the industry. The alert also includes recommendations and mitigations for these attacks. To nominate, please visit:?.

Cybercrime

Cybercrime Education Accountability Phishing

Zyxel addresses four flaws affecting APs, AP controllers, and firewalls

Security Affairs

MAY 26, 2022

7.8): CVE-2022-0734 : A cross-site scripting vulnerability was identified in the CGI program of some firewall versions that could allow an attacker to obtain some information stored in the user’s browser, such as cookies or session tokens, via a malicious script. To nominate, please visit:?. Pierluigi Paganini.

Firewall

Firewall VPN Authentication Cyber Attacks

Experts warn of ransomware attacks against government organizations of small states

Security Affairs

MAY 31, 2022

Cyber Research Labs reported a rise in ransomware attacks in the second quarter of 2022, small states are more exposed to these attacks. The experts warn of ransomware attacks against government organizations. They observed a total of 48 government organizations from 21 countries that were hit by 13 ransomware attacks in 2022.

Government

Government Ransomware Cybercrime Banking

The Next Disruptive ICS Attacker: Only Time Will Tell

Security Boulevard

AUGUST 25, 2021

Throughout this blog series, I have examined real-world ICS cyber-related incidents as a way of looking back to predict what the next attack may look like. The three categories of attacker that I have considered so far are disgruntled insiders, ransomware groups, and APT.

Ransomware

Ransomware Cyber Attacks

Unknown APT group is targeting Russian government entities

Security Affairs

MAY 25, 2022

The threat actors behind the attacks aimed at implanting a Remote Access Trojan (RAT) to gain full control over the infected systems. In the first campaign, attackers distributed a custom malware disguised as an interactive map of Ukraine ( interactive_map_UA.exe ). This campaign primarily targeted RT TV employees. exe for its malware.

Government

Government Malware Phishing Hacking

Microsoft seized 41 domains used by Iran-linked Bohrium APT

Security Affairs

JUNE 6, 2022

The IT giant has seized the domains used by the threat actors employed in its attacks aimed at organizations in tech, transportation, government, and education sectors located in the U.S., The threat actors’ spear-phishing attacks were aimed at gathering intelligence over the targets. Middle East, and India. Pierluigi Paganini.

Phishing

Phishing Manufacturing Education Cybercrime

Security Affairs newsletter Round 368 by Pierluigi Paganini

Security Affairs

JUNE 5, 2022

Anonymous: Operation Russia after 100 days of war GitLab addressed critical account take over via SCIM email change LuoYu APT delivers WinDealer malware via man-on-the-side attacks Clipminer Botnet already allowed operators to make at least $1.7 Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Spyware

Spyware Firmware Ransomware Scams

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited

Security Affairs

JUNE 3, 2022

Atlassian is warning of a critical unpatched remote code execution vulnerability affecting all Confluence Server and Data Center supported versions, tracked as CVE-2022-26134, that is being actively exploited in attacks in the wild. The attackers targeted two Internet-facing web servers that were running Atlassian Confluence Server software.

Internet

Internet Internet Authentication Hacking

Clipminer Botnet already allowed operators to make at least $1.7 Million

Security Affairs

JUNE 3, 2022

The attack chain starts in the form of a self-extracting WinRAR archive that drops and executes a downloader in the form of a packed portable executable DLL file with CPL file extension (although it does not follow the CPL format). “The malware includes a total of 4,375 unique addresses of wallets controlled by the attacker.

Cryptocurrency

Cryptocurrency Malware Hacking Software

GitHub: Nearly 100,000 NPM Users’ credentials stolen in the April OAuth token attack

Security Affairs

MAY 28, 2022

GitHub provided additional details about the incident that suffered in April, the attackers were able to steal nearly 100K NPM users’ credentials. The attackers abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm.

Backups

Backups Passwords Hacking Cybersecurity

Security Affairs newsletter Round 369 by Pierluigi Paganini

Security Affairs

JUNE 12, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Ransomware

Ransomware DNS Cybercrime Hacking

Three quick takes regarding the 2021 updates to the OWASP Top 10 list

Security Boulevard

DECEMBER 28, 2021

It’s been four years since OWASP updated its Top 10 list , but this year we got three brand new categories along with a reshuffling of the rest. After all, the number of ways a malicious party could attack your application is high, so one way to get started was to focus on the items mentioned on the OWASP Top 10 list.

Software

Software Risk Authentication

Google announced its Mobile VRP (vulnerability rewards program)

Security Affairs

MAY 23, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog. ” states the announcement.

Mobile

Mobile Hacking Accountability Cybersecurity

Chaining Zoom bugs is possible to hack users in a chat by sending them a message

Security Affairs

MAY 25, 2022

This issue could be used in a more sophisticated attack to forge XMPP messages from the server.” This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version.” ” reads the advisory. ” reads the advisory for the CVE-2022-22786 issue.

Hacking

Hacking Cybersecurity Information Security

GhostTouch: how to remotely control touchscreens with EMI

Security Affairs

MAY 27, 2022

According to the experts, GhostTouch is the first active contactless attack against capacitive touchscreens. answering an eavesdropping phone call, pressing the button, swiping up to unlock), the attack technique was successful on nine smartphone models. “We demonstrate the feasibility of this attack in the real world.”

Authentication

Authentication Passwords Hacking Software

Russia-linked APT targets Ukraine by exploiting the Follina RCE vulnerability

Security Affairs

JUNE 13, 2022

“Attackers continue to exploit vulnerability CVE-2022-30190 and are increasingly resorting to emails from compromised government emails.” CERT-UA also shared indicators of compromise for these attacks. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Media

Media Government Hacking Cybersecurity

Threat actors exploit recently disclosed Atlassian Confluence flaw in cryptomining campaign

Security Affairs

JUNE 10, 2022

Last week, Atlassian warned of a critical unpatched remote code execution vulnerability affecting all Confluence Server and Data Center supported versions, tracked as CVE-2022-26134, that is being actively exploited in attacks in the wild. The attacks were aimed at both Linux and Windows operating systems using different infection chains.

Cryptocurrency

Cryptocurrency Malware Hacking Cybersecurity

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

Security Affairs

JUNE 3, 2022

Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor. An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. ” reads the analysis published by Kaspersky. ” concludes Kaspersky. . ” concludes Kaspersky.

Malware

Malware Telecommunications Internet Internet

Evil Corp gang starts using LockBit Ransomware to evade sanctions

Security Affairs

JUNE 7, 2022

Mandiant researchers associate multiple LockBit ransomware attacks with the notorious Evil Corp Cybercrime Group. Mandiant researchers have investigated multiple LOCKBIT ransomware attacks that have been attributed to the financially motivated threat actor UNC2165. Previously, the UNC2165 actors also deployed the HADES ransomware.

Ransomware

Ransomware Cybercrime Malware Hacking

Russian APT28 hacker accused of the NATO think tank hack in Germany

Security Affairs

JUNE 20, 2022

The Attorney General has issued an arrest warrant for the Russian hacker Nikolaj Kozachek (aka “blabla1234565” and “kazak”) who is accused to have carried out a cyber espionage attack against the NATO think tank Joint Air Power Competence Center in Germany. ” reported the Tagesschau website. Pierluigi Paganini.

Hacking

Hacking Accountability Malware Cybersecurity

Chinese DriftingCloud APT exploited Sophos Firewall Zero-Day before it was fixed

Security Affairs

JUNE 17, 2022

The vulnerability was exploited by the Chinese attackers to drop a webshell into the target systems weeks before it was fixed by the security vendor. A remote attacker with access to the Firewall’s User Portal or Webadmin interface can exploit the flaw to bypass authentication and execute arbitrary code. Source Sophos community.

Firewall

Firewall DNS Authentication Malware

4 Startups Driving Cybersecurity Innovation

Security Boulevard

JUNE 23, 2021

Information technology evolves and bad actors adjust with new attack vectors. Cybersecurity must innovate to keep pace with both IT and attackers by improving cybersecurity tools. Constant innovation is a constant within cybersecurity.

Cybersecurity

Cybersecurity Firewall Technology CISO

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

JUNE 11, 2022

” “The malware leverages a DNS attack technique called “DNS Hijacking” in which an attacker- controlled DNS server manipulates the response of DNS queries and resolve them as per their malicious requirements.” The attackers leveraged the AutoClose() function to drop the DNS backdoor onto the system.

DNS

DNS Telecommunications Malware Phishing

Are DDoS Simulation Tests Legal?

Ransomware Vs. Malware: What’s The Difference?

Trending Sources

Threat Spotlight: Data Extortion Ransomware Threats

Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks

A new WhatsApp OTP scam could allow the hijacking of users’ accounts

Flaw Impacting LibreOffice & OpenOffice Enables Attackers to Spoof Signed Documents

DoD Adds Two More (ISC)² Certifications to Requirements for Cybersecurity Staff

CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

Black Basta ransomware now supports encrypting VMware ESXi servers

New DFSCoerce NTLM relay attack allows taking control over Windows domains

GUEST ESSAY: Stolen logons, brute force hacking get used the most to breach web, email servers

Hackers stole over $250,000 in Ethereum from Bored Ape Yacht Club

GUEST ESSAY: How SIEMS, UEBAs fall short in today’s turbulent threat landscape

GitLab addressed critical account take over via SCIM email change

Pro-Russian hacker group KillNet plans to attack Italy on May 30

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

LockBit ransomware attack impacted production in a Mexican Foxconn plant

Tackling Cyber Threats: Is AI Cybersecurity Our Only Hope?

Threat Trends: DNS Security, Part 1

Threat Trends: DNS Security, Part 2

Multiple Microsoft Office versions impacted by an actively exploited zero-day

FBI: Compromised US academic credentials available on various cybercrime forums

Zyxel addresses four flaws affecting APs, AP controllers, and firewalls

Experts warn of ransomware attacks against government organizations of small states

The Next Disruptive ICS Attacker: Only Time Will Tell

Unknown APT group is targeting Russian government entities

Microsoft seized 41 domains used by Iran-linked Bohrium APT

Security Affairs newsletter Round 368 by Pierluigi Paganini

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited

Clipminer Botnet already allowed operators to make at least $1.7 Million

GitHub: Nearly 100,000 NPM Users’ credentials stolen in the April OAuth token attack

Security Affairs newsletter Round 369 by Pierluigi Paganini

Three quick takes regarding the 2021 updates to the OWASP Top 10 list

Google announced its Mobile VRP (vulnerability rewards program)

Chaining Zoom bugs is possible to hack users in a chat by sending them a message

GhostTouch: how to remotely control touchscreens with EMI

Russia-linked APT targets Ukraine by exploiting the Follina RCE vulnerability

Threat actors exploit recently disclosed Atlassian Confluence flaw in cryptomining campaign

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

Evil Corp gang starts using LockBit Ransomware to evade sanctions

Russian APT28 hacker accused of the NATO think tank hack in Germany

Chinese DriftingCloud APT exploited Sophos Firewall Zero-Day before it was fixed

4 Startups Driving Cybersecurity Innovation

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Stay Connected