Blog - Cyber Security Informer

Google Ads Exploited to Spread Malware

Heimadal Security

DECEMBER 29, 2022

Google Ads have become increasingly used by malware operators to spread malware to unsuspecting users searching for popular software products. The post Google Ads Exploited to Spread Malware appeared first on Heimdal Security Blog.

Malware

Malware Software Cybersecurity

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

ViperSoftX uses more sophisticated encryption and anti-analysis techniques Atomic macOS Stealer is advertised on Telegram for $1,000 per month CISA warns of a critical flaw affecting Illumina medical devices OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands Cisco discloses a bug in the Prime Collaboration Deployment (..)

Cybercrime

Cybercrime Malware Hacking Accountability

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. According to Thomas, the malware is executed using the command line and support multiple parameters to control the encryption operations. The malware changes the extension of the encrypted files to ‘.royal’.

Encryption

Encryption Ransomware Malware Healthcare

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

US HHS warns healthcare orgs of Royal Ransomware attacks

Security Affairs

DECEMBER 10, 2022

Once compromised a victim’s network, the threat actors deploy the post-exploitation tool Cobalt Strike to maintain persistence and perform lateral movements. The malware changes the extension of the encrypted files to ‘.royal’. Royal is a newer ransomware, and less is known about the malware and operators than others.

Healthcare

Healthcare Ransomware Encryption Malware

Malware targets 30 unpatched WordPress plugins

Malwarebytes

JANUARY 5, 2023

Ars Technica reports that unpatched vulnerabilities being exploited across no fewer than 30 plugins. One of the reasons it's so popular is that it can be easily extended by adding plugins, of which there are tens of thousands. So, news of a malware campaign targeting plugins with unpatched vulnerabilities is no surprise.

Malware

Malware Risk Authentication Software

Identifying Common Types of Cyberattacks

SiteLock

AUGUST 27, 2021

In this blog, we’ll discuss what cyberattacks are, the most common types of attacks your website is likely to face, and most importantly, how you can prevent them. A cyberattack is a malicious attempt to exploit, damage, and/or gain unauthorized access to websites, computer systems, or networks. Is your website behaving strangely?

Small Business

Small Business DDOS Malware Phishing

MY TAKE: Android users beware: Google says ‘potentially harmful apps’ on the rise

The Last Watchdog

MAY 20, 2019

Cybercriminals know this, of course, and for some time now they have been relentlessly seeking out and exploiting the fresh attack vectors spinning out of our smartphone obsession. To wit, Avast researchers recently discovered several “selfie beauty apps” on the Google Play Store posing as legitimate apps. Why did they go there?

Mobile

Mobile Spyware Banking Manufacturing

Ursnif: The Latest Evolution of the Most Popular Banking Malware

Security Affairs

APRIL 5, 2019

A few days ago, the researchers of ZLab Yoroi-Cybaze dissected another attack wave of the infamous Ursnif malware, also known as Gozi ISFB , an offspring of the original Gozi which source code was leaked in 2014. Ursnif/Gozi is active from over a decade and was one of the most active malware listed in 2017 and 2018.

Banking

Banking Malware Cryptocurrency Advertising

Taking down Gooligan: part 2 — inner workings

Elie

MARCH 17, 2018

This is the second post of a series dedicated to the hunt and takedown of Gooligan that we did at Google, in collaboration with Check Point, in November 2016. This encryption is used to escape the signatures that detect the code that Gooligan borrows from previous malware. Android malware. Kingroot exploit kit.

Encryption

Encryption Malware Marketing Manufacturing

Taking down Gooligan: part 2 — inner workings

Elie

MARCH 17, 2018

This is the second post of a series dedicated to the hunt and takedown of Gooligan that we did at Google, in collaboration with Check Point, in November 2016. This encryption is used to escape the signatures that detect the code that Gooligan borrows from previous malware. Android malware. Kingroot exploit kit.

Encryption

Encryption Malware Marketing Manufacturing

Analyzing AZORult malware using NSA Ghidra suite

Security Affairs

APRIL 2, 2019

Cybaze-Yoroi ZLAB malware researchers decided to use the NSA Ghidra suite in a real case study, the analysis of the AZORult malware. The sample is a PE32 file apparently coded in Visual C++, containing references to major IT companies in its metadata fields like Google and Amazon. Figure 3: API logging of the malware.

Malware

Malware Engineering Advertising InfoSec

Cyber Threats to the FIFA World Cup Qatar 2022

Digital Shadows

NOVEMBER 10, 2022

At the same time, hacktivist groups may exploit the public attention given to such events to exponentially increase the reach of their message. Just think, the last edition of the tournament in Russia was watched by a combined 3.57 billion viewers , equating to more than half of the global population aged four and over.

Cyber threats

Cyber threats Media Social Engineering Mobile

Spam and phishing in 2022

SecureList

FEBRUARY 16, 2023

The bait included the most awaited and talked-about releases: the new season of Stranger Things, the new Batman movie, and the Oscar nominees. Short-lived phishing sites often offered to see the premieres before the eagerly awaited movie or television show was scheduled to hit the screen.

Phishing

Phishing Scams Accountability Energy and Utilities

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Security Affairs

JULY 24, 2018

Based upon recent spikes in scans of TCP port 5555, someone believes that there is an exploitable vulnerability out there. ” The Trend Micro researchers’ analysis shows a fairly typical command & control (C&C) malware infection process with many similarities to the Satori variant of the Mirai botnet.

Cryptocurrency

Cryptocurrency IoT Mobile Advertising

Apex Legends for Android: a Fake App could Compromise your Smartphone

Security Affairs

MARCH 12, 2019

Yoroi -Cybaze ZLab malware researchers have analyzed four different fake android APKs that pretend to be versions of the Apex Legends game. Despite the usage of Apex Legends references, the first two applications do not contain a real malware, but their main purpose is to obtain an economic return through Google Mobile Ads SDK.

Spyware

Spyware Mobile Malware Phishing

IT threat evolution in Q2 2021. PC statistics

SecureList

AUGUST 12, 2021

Attempts to run malware for stealing money from online bank accounts were stopped on the computers of 119,252 unique users. In Q2 2021, Kaspersky solutions blocked the launch of at least one piece of banking malware on the computers of 119,252 unique users. Number of unique users attacked by financial malware, Q2 2021 ( download ).

Adware

Adware Malware Ransomware IoT

Black Hat USA 2022 Continued: Innovation in the NOC

Cisco Security

AUGUST 29, 2022

In part one of our Black Hat USA 2022 NOC blog, we discussed building the network with Meraki: Adapt and Overcome. Cisco is a Premium Partner of the Black Hat NOC , and is the Official Wired & Wireless Network Equipment, Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider of Black Hat.

DNS

DNS Wireless Malware Firewall

Data Driven Security Hardening in Android

Google Security

JANUARY 29, 2021

The overall approach to Android Security is multi-pronged and leverages several principles and techniques to arrive at data-guided solutions to make future exploitation more difficult. What mitigations are available, how can they be improved, and where should they be enabled?

Architecture

Architecture Media Engineering Risk

Black Hat USA 2022: Creating Hacker Summer Camp

Cisco Security

AUGUST 29, 2022

In part one of this issue of our Black Hat USA NOC (Network Operations Center) blog, you will find: Adapt and Overcome. Building the Hacker Summer Camp network, by Evan Basta. The Cisco Stack’s Potential in Action, by Paul Fidler. Port Security, by Ryan MacLennan, Ian Redden and Paul Fiddler. The Buck Stops Here. Full stop.

Engineering

Engineering Wireless Malware DNS

Spam and phishing in Q3 2021

SecureList

NOVEMBER 1, 2021

There was no way that cybercriminals and profiteers could pass up such a golden opportunity. Fans wanting to attend events live encountered fake ticket-selling websites. Scammers also laid traps for those preferring to watch the action online from the comfort of home. Fraudulent websites popped up offering free live broadcasts.

Phishing

Phishing Scams Accountability Computers and Electronics

APT trends report Q3 2021

SecureList

OCTOBER 26, 2021

Following this, they were tricked into downloading previously unknown malware. The backdoor, dubbed Tomiris, bears a number of similarities to the second-stage malware, Sunshuttle (aka GoldMax), used by DarkHalo last year. They are designed to highlight the significant events and findings that we feel people should be aware of.

Malware

Malware Government Surveillance Spyware

RM3 – Curiosities of the wildest banking malware

Fox IT

MAY 4, 2021

In this post we provide some history, analysis and observations on this most pernicious family of banking malware targeting Oceania, the UK, Germany and Italy. Despite its long and rich history in the cyber-criminal underworld, the Gozi malware family is surrounded with mystery and confusion. fumik0_ & the RIFT Team. Introduction.

Banking

Banking Malware Encryption Architecture

Cyber Security Informer

Google Ads Exploited to Spread Malware

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Webinars

Trending Sources

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Webinars

US HHS warns healthcare orgs of Royal Ransomware attacks

Malware targets 30 unpatched WordPress plugins

Identifying Common Types of Cyberattacks

MY TAKE: Android users beware: Google says ‘potentially harmful apps’ on the rise

Ursnif: The Latest Evolution of the Most Popular Banking Malware

Taking down Gooligan: part 2 — inner workings

Taking down Gooligan: part 2 — inner workings

Analyzing AZORult malware using NSA Ghidra suite

Cyber Threats to the FIFA World Cup Qatar 2022

Spam and phishing in 2022

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Apex Legends for Android: a Fake App could Compromise your Smartphone

IT threat evolution in Q2 2021. PC statistics

Black Hat USA 2022 Continued: Innovation in the NOC

Data Driven Security Hardening in Android

Black Hat USA 2022: Creating Hacker Summer Camp

Spam and phishing in Q3 2021

APT trends report Q3 2021

RM3 – Curiosities of the wildest banking malware

Stay Connected