Security Affairs

OCTOBER 20, 2024

CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog Nation-state actor exploited three Ivanti CSA zero-days Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’ macOS HM Surf flaw in TCC allows bypass Safari privacy settings Iran-linked actors target critical infrastructure organizations (..)

Data breaches 122

Data breaches Cybercrime Cyber Insurance Marketing 122

Security Affairs

APRIL 2, 2025

FIN7 cybercrime group has been linked to Anubis, a Python-based backdoor that provides remote access to compromised Windows systems. The backdoor, targeting Windows, uses AES-CBC encryption with base64 encoding and loads the payload via the exec function.

Antivirus 131

Antivirus Cybercrime Malware Encryption 131

Security Affairs

JANUARY 10, 2025

The malicious code was advertised on cybercrime forums for $3,000 per month. A version discovered by Check Point in September relied on Apple’s XProtect encryption algorithm for obfuscation, allowing it to evade antivirus detection until its source code leak in November.

Malware 125

Malware Advertising Antivirus Cybercrime 125

Security Affairs

MARCH 8, 2025

The Akira ransomware gang exploited an unsecured webcam to bypass EDR and launch encryption attacks on a victim’s network. The ransomware group used an unsecured webcam to encrypt systems within atarget’s network, bypassing Endpoint Detection and Response (EDR). Akira successfully encrypted files across the network.

Ransomware 133

Ransomware IoT Encryption Passwords 133

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. ” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. . ” reads the post published by Microsoft.

Encryption 141

Encryption Ransomware Cybercrime Malware 141

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. The availability of the source in the cybercrime ecosystem can allow threat actors to develop their own version of the Hello Kitty ransomware. The HelloKitty gang has been active since January 2021.

Cybercrime 142

Cybercrime Ransomware DDOS Encryption 142

Security Affairs

JUNE 24, 2024

The cybercrime group ExCobalt targeted Russian organizations in multiple sectors with a previously unknown backdoor known as GoRed. Positive Technologies researchers reported that a cybercrime gang called ExCobalt targeted Russian organizations in multiple sectors with a previously unknown Golang-based backdoor known as GoRed.

Cybercrime 123

Cybercrime Telecommunications DNS Technology 123

Security Affairs

APRIL 30, 2025

The RAT supports advanced evasion techniques, including living-off-the-land ( LOTL ) tactics and encrypted command and control (C2) communications. opendnsapi.net), and uses IPFS to retrieve encrypted modules. Since mid-2022, theyve deployed RomCom via spear-phishing for espionage, lateral movement, and data theft.

Encryption 102

Encryption Ransomware Malware Phishing 102

Krebs on Security

OCTOBER 8, 2020

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” ” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in.

Cybercrime 353

Cybercrime Malware VPN Ransomware 353

Security Affairs

OCTOBER 13, 2024

CISA adds Synacor Zimbra Collaboration flaw to its Known Exploited Vulnerabilities catalog China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems Google Pixel 9 supports new security features to mitigate baseband attacks International Press – Newsletter Cybercrime Indiana Man Pleads Guilty to Conspiracies Involving (..)

Data breaches 120

Data breaches Cryptocurrency Cybercrime Artificial Intelligence 120

Security Affairs

MARCH 21, 2025

Strategic Cyber Warfare In geopolitical conflicts, access to Telegram accounts and devices could provide military and intelligence advantages, such as intercepting sensitive communications, and identifying informants. Gaining access without cooperation from Telegram itself could be highly valuable.

Government 144

Government Surveillance Mobile Hacking 144

Security Affairs

NOVEMBER 17, 2024

CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog Hackers target critical flaw CVE-2024-10914 in EOL D-Link NAS Devices China-linked threat actors compromised multiple telecos and spied on a limited number of U.S.

Cryptocurrency 114

Cryptocurrency Malware Hacking Ransomware 114

Security Affairs

FEBRUARY 13, 2025

The researchers pointed out that tools belonging to the arsenal of China-linked APT groups are often shared resources, however, many arent publicly available and arent usually associated with cybercrime activity. It also resembles Trend Micros documented PlugX type 2 variant, also linked to Fireant.

Ransomware 123

Ransomware Software Cybercrime Encryption 123

Security Affairs

MARCH 15, 2025

The malware, dubbed PackerE, downloads an encrypted DLL (PackerD1) that employs multiple anti-analysis techniques. It uses a configuration file with regex patterns to detect cryptocurrency wallet addresses and C2 addresses for downloading encrypted wallet lists (recovery.dat and recoverysol.dat).

Software 116

Software Cryptocurrency Malware Encryption 116

Security Affairs

DECEMBER 3, 2024

Securities and Exchange Commission (SEC), the company discovered the attack on November 25. The threat actors had access to the company’s information technology systems and encrypted some of its data files. “On November 25, 2024, ENGlobal Corporation (the “Company”) became aware of a cybersecurity incident. .

Ransomware 123

Ransomware Encryption Technology Cybersecurity 123

Security Affairs

MAY 4, 2025

“The ransomware either encrypted data from victims computer networks or claimed to take that data from the networks. Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents.

Ransomware 118

Ransomware Encryption VPN Malware 118

Security Affairs

MAY 27, 2025

This includes sensitive data like the serverconfig.xml file, which contains hashed admin and technician passwords, LDAP credentials, and other secrets, all encrypted with a hardcoded key. DragonForce runs a cybercrime affiliate service, letting affiliates use its tools to launch attacks and extort victims.

Ransomware 106

Ransomware Software Retail Data breaches 106

Security Affairs

NOVEMBER 18, 2024

The healthcare center discovered that a threat actor accessed and encrypted files on their systems between September 5, 2024 and September 8, 2024. We secured our systems and began an investigation with the help of a cybersecurity firm. ” reads the notice of security incident published by the organization.

Ransomware 129

Ransomware Insurance Encryption Healthcare 129

Security Boulevard

FEBRUARY 14, 2025

Meanwhile, an informal Tenable poll looks at cloud security challenges. And get the latest on ransomware trends and on cybercrime legislation and prevention! government is urging software makers to adopt secure application-development practices that help prevent buffer overflow attacks.

Banking 64

Banking Cybercrime Cybersecurity Ransomware 64

Security Affairs

MARCH 2, 2025

3 cyberattack led to unauthorized access, file withdrawals, and encryption of critical applications. “Preliminary investigations indicate that threat actors unlawfully accessed the Companys network, encrypted critical applications, and exfiltrated certain files. The company reported to the SEC that a Feb.

Ransomware 82

Ransomware Encryption Cybercrime Healthcare 82

Security Affairs

APRIL 25, 2025

. “On April 12, 2025, DaVita became aware of a ransomware incident affecting and encrypting certain on-premises systems. The group claimed the theft of 1510 GB of sensitive data, including patient records, insurance, and financial information. The DaVita network was encrypted by InterLock Ransomware.

Ransomware 101

Ransomware Encryption Insurance Marketing 101

Security Affairs

APRIL 6, 2025

Oracle confirms a data breach and started informing customers while downplaying the impact of the incident. A threat actor using the moniker rose87168 claimed to possess millions of data lines tied to over 140,000 Oracle Cloud tenants, including encrypted credentials. Oracle has since taken the server offline. “Oracle Corp.

Data breaches 130

Data breaches Encryption Hacking Passwords 130

Security Affairs

FEBRUARY 11, 2025

“They allegedly used the Phobos malware to encrypt information on the networks, blocking the companies from accessing the data unless a ransom was paid and a decryption key was provided by the gang. Generation of target list of extensions and folders to encrypt. ” reported the website Nation Thailand.

Ransomware 75

Ransomware Encryption Backups Malware 75

Security Affairs

MAY 18, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape PupkinStealer : A.NET-Based Info-Stealer Interlock ransomware evolving under the radar Technical Analysis of TransferLoader Sophisticated NPM Attack Leveraging Unicode Steganography and Google Calendar C2 Horabot Unleashed: (..)

Malware 107

Malware Encryption Phishing Hacking 107

Security Affairs

OCTOBER 21, 2021

Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. The Macaw Locker ransomware encrypts victims’ files and append the .macaw macaw extension to the file name of the encrypted files. In 2019, the U.S.

Ransomware 143

Ransomware Cybercrime Banking Encryption 143

Security Affairs

JUNE 30, 2021

Law enforcement seized the servers and customer logs for DoubleVPN, a double-encryption service widely used by threat actors for malicious purposes. “International law enforcement continues to work collectively against facilitators of cybercrime, wherever and however it is committed. SecurityAffairs – hacking, cybercrime ).

VPN 143

VPN Cybercrime Encryption Advertising 143

SecureWorld News

NOVEMBER 14, 2024

Attackers are not only encrypting systems but also targeting sensitive data, including Protected Health Information (PHI) and Personally Identifiable Information (PII), such as diagnoses, therapy records, genetic data, and Social Security numbers.

Healthcare 119

Healthcare Ransomware Identity Theft Data breaches 119

Security Affairs

OCTOBER 20, 2024

Expanding the Investigation: Deep Dive into Latest TrickMo Samples HijackLoader evolution: abusing genuine signing certificates FASTCash for Linux Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware Technical Analysis of DarkVision RAT Encrypted Symphony: Infiltrating the Cicada3301 Ransomware-as-a-Service (..)

Malware 128

Malware Ransomware Encryption Phishing 128

Security Affairs

DECEMBER 8, 2024

Hackers stole millions of dollars from Uganda Central Bank International Press Newsletter Cybercrime INTERPOL financial crime operation makes record 5,500 arrests, seizures worth over USD 400 million Hackers Stole $1.49

Artificial Intelligence 105

Artificial Intelligence Spyware Hacking Ransomware 105

Security Affairs

APRIL 17, 2025

Rolling XOR Key: Utilized for encrypting communications with the command-and-control (C2) server, with key sizes varying among variants. Once active, it proxies traffic between infected devices and command-and-control servers using TCP sockets and FakeTLS, encrypting data with a custom XOR-based algorithm. ” concludes the report.

Encryption 119

Encryption Government Malware Hacking 119

Security Affairs

NOVEMBER 17, 2024

New Campaign Uses Remcos RAT to Exploit Victims Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign Ymir: new stealthy ransomware in the wild ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again Stealthy Attributes of APT Lazarus: Evading Detection with Extended Attributes Glove Stealer: Leveraging IElevator (..)

Malware 118

Malware Antivirus Encryption Education 118

Security Affairs

SEPTEMBER 2, 2024

Since June, the operators behind Cicada3301 have started recruiting affiliates on the RAMP cybercrime forum. ui : Displays real-time progress and statistics of the encryption process, such as the number of files encrypted. The Cicada3301 ransomware generates a symmetric key for encryption using the OsRng random number generator.

Ransomware 139

Ransomware Encryption Malware Cybercrime 139

Security Affairs

JANUARY 4, 2025

Attackers steal sensitive data like mnemonics and private keys from Hardhat, encrypt it with AES, and exfiltrate it to endpoints under their control. .” Threat actors behind this campaign mimicked the names of legitimate packages and organizations to trick developed into using them. ” continues the report.

Encryption 137

Encryption Hacking Cybercrime Information Security 137

Security Affairs

NOVEMBER 26, 2024

The ZIP file is then XOR encrypted, base64 encoded, and sent via a POST request to a specified URL using the built-in cURL command. Banshee Stealer can also steal cryptocurrency from different wallets, including Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic and Ledger. concludes the report.

Malware 144

Malware Cryptocurrency Encryption Passwords 144

Security Affairs

NOVEMBER 12, 2024

Attackers initially accessed systems remotely, installed tools like Process Hacker and Advanced IP Scanner, then weakened security before launching the ransomware. The ransomware uses the stream cipher ChaCha20 algorithm to encrypt files, then appends the extension “ 6C5oy2dVr6” to the filenames of the encrypted files.

Ransomware 124

Ransomware Malware Encryption Hacking 124

Security Affairs

FEBRUARY 28, 2025

Vo1d botnet has enhanced its stealth and resilience with RSA encryption to secure communication, preventing C2 takeover. Payload delivery is optimized with unique Downloaders using XXTEA encryption and RSA-protected keys, making analysis and detection significantly harder. .

Antivirus 68

Antivirus Firmware Encryption Manufacturing 68

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. It’s just some kind of sabotage.”

Ransomware 303

Ransomware Healthcare Cybercrime Government 303