Security Boulevard

JANUARY 24, 2022

cn A 64[.]86[.]17[.]9 cn A 64[.]86[.]17[.]9 ADWSearch[.]com. loadsprofit[.]com. exerevenue[.]com. adwaredollars[.]com. installing[.]cc. installconverter[.]com. bakasoftware[.]com. goldencashworld[.]net. niftystats[.]com. niftystats[.]com. royal-cash[.]com. dogmasoftware[.]com. 3xlsoftware[.]com. rashacash[.]com. vipinstall[.]cn.

Adware 105

Adware Software Accountability Cybercrime 105

Heimadal Security

JANUARY 17, 2023

The variant was nicknamed xdr33 after its digital certification code, CN=xdr33. A version of the Hive cyberattack kit created by the Central Intelligence Agency (CIA) was spotted in the wild. The pirated malicious code acts as spyware, secretly exfiltrating data from victims.

Spyware 86

Spyware Ransomware Cybersecurity 86

Security Affairs

APRIL 11, 2021

594 f1b49a444f554bb942fd8f5a9ff2a212d8db6247 Camera MX – Photo Video Camera com.sdkfj.uhbnji.dsfeff hxxps://cameramx-photovideocamera.oss-cn-wulanchabu.aliyuncs.com/ Android.Joker.594 660 57148c6e040fb15723e5ca040740ae8901fd2dae Happy Tapping com.tap.tap.duedd hxxp://happytapping.oss-cn-qingdao.aliyuncs.com/ Android.Joker.662

Malware 138

Malware Spyware Mobile Antivirus 138

SecureList

JULY 19, 2023

42 HTTP redirect to HTTPS, HTTPS cert Subject: C=US, CN= UBNT Router UI , O=Ubiquiti Networks, SSH on port 2222 181.209.99[.]204 204 HTTP redirect to HTTPS, HTTPS cert Subject: C=US, CN= UBNT Router UI , O=Ubiquiti Networks 213.32.252[.]221 IP Net exposed service history 5.199.162[.]132 132 No Info 101.255.119[.]42 No Info 61.14.68[.]33

Firmware 90

Firmware Internet Internet Government 90

Security Boulevard

JULY 27, 2022

Workloads can be distinguished by the Organizational Unit (OU) and Subject Common Name (CN) in the certificate. Both, the CN and OU are available in the aws:principalTag key to be used as a condition in the role's trust policy. Use CN and OU in a format that aligns with org naming conventions and enables accountability.

Risk 64

Risk Accountability Internet Internet 64

Security Affairs

FEBRUARY 9, 2023

The researchers also compared the preinstalled system apps on the Chinese (CN) and Global (e.g., The experts pointed out that also users that leave the country are exposed to surveillance, through the pre-installed software. EU) Android OS distributions from the same OS developers. ” reads the paper published by the experts.

Mobile 98

Mobile Malware Surveillance Spyware 98

The Last Watchdog

JULY 27, 2021

Last Watchdog went a bit deeper with Hakçil: LW : Please clarify: were these municipalities only in the states of MA, CN and NH? Hakçil: Most of the buckets of cities we found were MA, CN and NH but there were also a few from RI, PA and OH. This is all very helpful intelligence, commendably shared by WizCase.

Government 203

Government Encryption Passwords Internet 203

Security Boulevard

JANUARY 26, 2022

Sample personal emails known to have been currently in use by the "Jabber ZeuS" also known as "Aqua ZeuS" gang: donsft@hotmail[.]com. johnny@guru[.]bearin[.]donetsk[.]ua. airlord1988@gmail[.]com. alexeysafin@yahoo[.]com. aqua@incomeet[.]com. bashorg@talking[.]cc. benny@jabber[.]cz. bind@email[.]ru. bx1@hotmail[.]com. cruelintention@email[.]ru.

DNS 98

DNS Cyber threats Cyber Attacks Cybercrime 98

Security Affairs

JANUARY 21, 2024

Further investigation on VirusTotal revealed three pirated applications that contained the same malware. The experts also discovered many pirated applications hosted on the Chinese website macyy[.]cn. The experts also identified two more trojanized DMGs following a similar pattern that had not been reported on VirusTotal.

Malware 123

Malware Hacking Software Information Security 123

Security Affairs

JANUARY 16, 2023

This is the first time that the experts captured a variant of the CIA HIVE malware in the wild, the experts tracked is as “xdr33” based on its embedded Bot-side certificate CN=xdr33. ” reads the analysis published by the experts.

Malware 91

Malware Encryption Authentication Hacking 91

Security Affairs

APRIL 19, 2022

.” The scanner can exploit the command injection vulnerability in the web interface of the DVR by sending specially crafted HTTP POST requests to the URL paths /dvr/cmd and /cn/cmd. If the command injection to /dvr/cmd is not successful, the scanner attempts the same attack to the endpoint /cn/cmd.

Malware 88

Malware IoT Antivirus Architecture 88

Security Affairs

JUNE 24, 2019

cn for a list of infected IP addresses. “Readers are always welcomed to reach us on twitter , WeChat 360Netlab or email to netlab at 360 dot cn.” Netlab plans to share the list of infected servers with other security firms and law enforcement agencies. ” concludes the report.

Advertising 65

Advertising Malware Hacking Information Security 65

Fox IT

DECEMBER 7, 2021

Subject Name: C=US, ST=TX, L=Texas, O=lol, OU=, CN=idrivedownload[ ]com Issuer Name: C=US, ST=TX, L=Texas, O=lol, OU=, CN=idrivedownload[ ]com. Attribute C Country of the entity S State of province L Locality O Organizational name OU Organizational Unit CN Common Name Table 1.

Encryption 79

Encryption Ransomware Internet Internet 79

Thales Cloud Protection & Licensing

JANUARY 13, 2021

Thales is enabling OES to remove complexity towards ensuring compliance at scale, across hybrid IT and multi-cloud infrastructures in the following ways: The Thales CN Series of high-speed hardware encryptors delivers certified high-assurance encryption security.

Encryption 102

Encryption Energy and Utilities Firewall Marketing 102

Malwarebytes

JANUARY 25, 2024

cn) dedicated to security frequented by Chinese users keeps up with malware from these campaigns that they refer to as FakeAPP. (PlugX is a RAT from China that also performs DLL side-loading). Not all dropped malware is new, in fact some were previously used in other campaigns and are variants of Gh0st RAT.

Malware 103

Malware Advertising Accountability Encryption 103

Security Boulevard

NOVEMBER 23, 2023

A handshake failure may also occur when the hostname doesn't match the common name (CN) in the certificate. Verify that the certificate chain is complete and your server's SNI configuration matches the certificate's CN and hostnames. Certificate issues:  Revoked, inactive, or expired certificates can cause TLS errors.

Encryption 59

Encryption Firewall Antivirus Data privacy 59

Security Affairs

AUGUST 11, 2022

The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against a target chosen by the attackers.

Firewall 112

Firewall DDOS Hacking Cybersecurity 112

Security Boulevard

APRIL 10, 2023

cn; cmickler@mpi-klsb.mpg[.]de cn cmickler@mpi-klsb[.]mpg[.]de cn; cmickler@mpi-klsb.mpg[.]de cn cmickler@mpi-klsb[.]mpg[.]de Here are all of Genesis Market's primary domains: hxxp://tracecontrol[.]net net hxxp://genesis-security[.]net net hxxp://gsconnects[.]com com hxxp://g3n3sis[.]net net hxxp://approveconnects[.]com

Marketing 52

Marketing Internet Internet Cybercrime 52

Security Affairs

JUNE 1, 2022

TA413 CN APT spotted ITW exploiting the #Follina #0Day using URLs to deliver Zip Archives which contain Word Documents that use the technique. Researchers from Proofpoint reported that TA413 is conducting a spear-phishing campaign that uses ZIP archives containing weaponized Word Documents. app for the attacks.

Malware 101

Malware Phishing Hacking Cybersecurity 101

Malwarebytes

APRIL 11, 2022

cn/eg/fr/de/in/it/co.jp/nl/pl/sa/sg/es/se/ae/co.uk/com/com.au/com.br/mx/tr It uses specific methods for each browser to exfiltrate the data stored in the target browsers: Google Chrome Mozilla Firefox Internet Explorer Microsoft Edge. The target websites it looks for are: www.facebook.com www.instagram.com www.amazon.ca/cn/eg/fr/de/in/it/co.jp/nl/pl/sa/sg/es/se/ae/co.uk/com/com.au/com.br/mx/tr

Media 132

Media Malware Spyware Accountability 132

Security Affairs

MARCH 23, 2020

The zero-day flaw could allow attackers to modify a DVR’s configuration file and inject backdoor commands when the FTP or NTP server configurations are synchronized.

Firmware 104

Firmware Surveillance Manufacturing Advertising 104

Security Affairs

AUGUST 3, 2022

The attribution of this campaign to Chinese threat actors is based on the following evidence: the maldoc refers to a COVID-19 outbreak in Golmud City. the Rust-based implant does not use the standard crates.io library repository for the dependency resolving. the C2 menus and options are all written in Simplified Chinese.

Malware 110

Malware Technology Advertising Passwords 110

Security Affairs

AUGUST 23, 2022

The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against a target chosen by the attackers.

Firewall 86

Firewall DDOS Cybersecurity Risk 86

Security Affairs

JULY 10, 2020

The CDATA OLTs are sold under different brands, including Cdata, OptiLink, V-SOL CN, and BLIY. Two security researchers have discovered undocumented Telnet admin account accounts in 29 Fiber-To-The-Home (FTTH) devices from Chinese vendor C-Data.

Firmware 93

Firmware Accountability Advertising Manufacturing 93

SecureWorld News

JANUARY 19, 2022

cn' on port 8099. Regarding the second vulnerability: "However, we also found that some sensitive data is transmitted without any SSL encryption or any security at all. We found that MY2022 transmits non-encrypted data to 'tmail.beijing2022.cn'

Encryption 91

Encryption Telecommunications Government Mobile 91

Security Affairs

SEPTEMBER 4, 2018

The Common Name (CN) field of the certificate reports the.onion address of the hidden service. .” The expert highlighted that it is quite easy to find misconfigured servers that expose their public IP address.

Advertising 53

Advertising Firewall Internet Internet 53

SecureList

MARCH 13, 2024

cn vnotepad[.]com Indicators of compromise Files: MD5 File type File name 43447f4c2499b1ad258371adff4f503f Mach-O 64-bit DPysMac64 00fb77b83b8ab13461ea9dd27073f54f DMG Notepad‐‐v2.0.0-mac_x64_12.3.dmg mac_x64_12.3.dmg dmg 5ece6281d57f16d6ae773a16f83568db AppImage Notepad‐‐-x86_64.AppImage transferusee[.]com fuwenkeji[.]cn

DNS 101

DNS Advertising Engineering Internet 101

SecureList

JULY 28, 2023

They typically have a name that begins with “CN=” and a two-digit serial number, usually 01. In this case, the certificate data is written to the msDS-KeyCredentialLink attribute, and the key is programmatically generated ( NCRYPT_IMPL_SOFTWARE_FLAG ). The attackers’ toolkit is free of this error, which is suspicious.

Authentication 74

Authentication Passwords Accountability Software 74

Security Boulevard

JANUARY 30, 2024

ldapsearch (netbiosname=*) * 0 "" "CN=Partitions,CN=Configuration,DC=domain,DC=local" Figure 9 — Referral Object Containing the nETBIOSName Attribute TL;DR if you opt to use this second method for session enum, execute the above LDAP query so that BOFHound can properly tie the session to a computer.

DNS 64

DNS Data collection Accountability 64

eSecurity Planet

DECEMBER 2, 2021

CN-Series’ containerized NGFWs protect traffic between container trust zones in Kubernetes environments along with other workload types, all without hampering the speed of development.

Firewall 128

Firewall DNS Network Security Artificial Intelligence 128

Krebs on Security

JUNE 25, 2019

cn who advertises a mobile game called “Xiaojun Junji,” and says the game is available at blazefire[.]com. An online search for the term “yehuo” reveals an account on the Chinese Software Developer Network which uses that same nickname and references the domain blazefire[.]com. Research on blazefire[.]com

Mobile 254

Mobile Technology Manufacturing Malware 254

Security Boulevard

NOVEMBER 15, 2022

Here’s a few examples of what you’ll see immediately: Certificates and certificate metadata such as CN, SAN, Chains and expiration dates. Without having to do anything else, you immediately take the first step to getting full visibility of TLS machine identities.

Internet 52

Internet Internet DNS Risk 52

Krebs on Security

JUNE 25, 2019

cn who advertises a mobile game called “Xiaojun Junji,” and says the game is available at blazefire[.]com. An online search for the term “yehuo” reveals an account on the Chinese Software Developer Network which uses that same nickname and references the domain blazefire[.]com. Research on blazefire[.]com

Mobile 169

Mobile Technology Manufacturing Software 169

Security Affairs

SEPTEMBER 10, 2018

We informed the company about the issue via CN-CERT.” . “Interestingly, this driver is signed with a digital certificate that belongs to Chinese company LeagSoft, a developer of information security software based in Shenzhen, Guangdong. Attackers show a specific interest in the regional political agenda.

Advertising 65

Advertising Financial Services Malware Government 65

Security Affairs

SEPTEMBER 20, 2018

56 (Org: ChinaUnicom, Country: CN). 59 (Org: CHINANET-FJ Country: CN). The extracted attacker’s unwanted communications are the following ones: 103[.]99[.]115[.]220 220 (Org: HOST EDU (OPC) PRIVATE LIMITED, Country: IN). 94 (Org: Sharktech Country: USA). 57 (Org: Sharktech Country: USA). Country: USA).

Malware 90

Malware Computers and Electronics Penetration Testing Cryptocurrency 90

Malwarebytes

DECEMBER 13, 2023

Indicators of Compromise Case #1 IOCs Description Indicator Fake Zoom site zoom-us[.]tech tech Download URL zoom-us[.]tech/ZoomInstaller.zip 127 Case #2 IOCs Description Indicator Fake Zoom site z00nn.one-platform-to-connect[.]group group Fake Zoom site info-zoomapp[.]com com Fake Zoom site zoomnewsonly[.]site site Fake Zoom site zoonn[.]virtual-meetings[.]cn[.]com

Cryptocurrency 66

Cryptocurrency Advertising Malware Accountability 66

Security Boulevard

APRIL 10, 2023

cn hxxp://b-hls-05[.]strpst[.]com cn hxxp://www[.]fe-dumps[.]ru cn hxxp://zhenskie-krossovki-nike-magazin-v-moskve[.]thaddu[.]com cn hxxp://b-hls-05[.]strpst[.]com cn hxxp://www[.]fe-dumps[.]ru COM imakoos85@gmail[.]com com powerdave1@gmail[.]com com lunaritsolution@outlook[.]com com ajewoletimmy@gmail[.]com

Marketing 52

Marketing Media Internet Internet 52