Security Affairs

JANUARY 20, 2022

Diavol encrypts files solely using an RSA encryption key, and its code is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker. “The FBI has not yet observed Diavol leak victim data, despite ransom notes including threats to leak stolen information.”

Ransomware 109

Ransomware Banking Malware Encryption 109

Security Affairs

FEBRUARY 18, 2024

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks CISA adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalog US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders U.S.

Cybercrime 96

Cybercrime Ransomware Malware Data breaches 96

Security Affairs

NOVEMBER 5, 2021

Over the past months, other ransomware gangs, including Conti and Lockfile , exploited ProxyShell flaws to deliver their malware. It also deletes volume shadow service (VSS) snapshots from the server using vssadmin utility to make sure the encrypted files cannot be restored from their VSS copies. Pierluigi Paganini.

Ransomware 125

Ransomware Backups Encryption DNS 125

Security Affairs

AUGUST 18, 2021

However, Fortinet researchers that analyzed the malware discovered that ransomware operators have yet to implement data-stealing capabilities. The comparison of the two versions allowed the researchers to get insight into the development process of Diavol and of future versions of the malware. reads the analysis published by Fortinet.

Ransomware 100

Ransomware DNS Cybercrime Malware 100

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 94

Data breaches Malware Mobile Spyware 94

Security Affairs

SEPTEMBER 25, 2022

Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. gov adds more Chinese Telecom firms to the Covered List Imperva blocked a record DDoS attack with 25.3

Cryptocurrency 84

Cryptocurrency Data breaches DNS DDOS 84

Security Affairs

JANUARY 29, 2023

If you want to also receive for free the newsletter with the international press subscribe here.

DNS 85

DNS Data breaches Hacking Backups 85

Security Affairs

MAY 15, 2023

“Lancefly’s custom malware, which we have dubbed Merdoor, is a powerful backdoor that appears to have existed since 2018.” Lancefly APT used a multiple non-malware techniques for credential theft on victim machines, including: PowerShell was used to launch rundll32.exe ” reads the analysis published by Symantec.

Encryption 82

Encryption DNS Phishing Malware 82

Security Affairs

JUNE 12, 2022

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers HID Mercury Access Controller flaws could allow to unlock Doors Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal PACMAN, a new attack technique against Apple M1 CPUs Threat actors exploit recently disclosed Atlassian Confluence flaw in cryptomining campaign (..)

Ransomware 114

Ransomware DNS Cybercrime Hacking 114

Security Affairs

OCTOBER 22, 2021

The FiveSys rootkit uses the same technique to remain under the radar, it is very similar to the Undead malware and likely originate from China where is used to target domestic games. xyz” TLD that are randomly generated and that stored in an encrypted form inside the binary. .”

Malware 109

Malware DNS Internet Internet 109

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. This botnet does not seem to be a very typical player.”

IoT 138

IoT Firmware DNS Advertising 138

Security Affairs

JANUARY 2, 2023

The malicious binary performs the following actions: Get system information; Reads the following files: /etc/passwd. Exfiltrate the collected data via encrypted DNS queries to the domain *.h4ck[.]cfd, cfd, using the DNS server wheezy[.]io. The first 1,000 files in $HOME/*. Is is a real supply chain attack?

DNS 86

DNS Encryption Hacking Information Security 86

Security Affairs

DECEMBER 12, 2019

Experts pointed out that GALLIUM threat actors were using common versions of malware and publicly available tools with a few changes to evade detection. The operators leverage on low cost and easy to replace infrastructure using dynamic-DNS domains and regularly reused hop points. ” continues the analysis.

Telecommunications 66

Telecommunications DNS Malware Advertising 66

Security Affairs

AUGUST 29, 2023

The attackers obtained encrypted passwords from NetScaler ADC configuration files, and the decryption key was stored on the ADC appliance. The attackers attempted to verify outbound network connectivity with a ping command and executed host commands for a subnet-wide DNS lookup. 189) for malware staging and a second C2 IP (85.239.53[.]49)

VPN 103

VPN Ransomware DNS Malware 103

Security Affairs

JUNE 18, 2020

They use DNS tunneling for stealthier C&C communications, and place execution guardrails on the malicious components to hide the malware from security researchers.” Experts also observed attackers using a DNS downloader that was designed for long-term, covert access to the target machine.

DNS 80

DNS Advertising Spyware Software 80

Security Affairs

JULY 23, 2019

The attackers demonstrated an increasing level of sophistication across the years, they used custom-malware and various exploits in their attacks. “Second, we identified a previously undocumented malware family with strong links to the Ke3chang group – a backdoor we named Okrum. ” reads the report published by ESET.

DNS 86

DNS Malware Advertising Manufacturing 86

Security Affairs

OCTOBER 20, 2021

” The MSI package first removes registry keys associated with the old Purple Fox installations if any are present, then it replaces the components of the malware with new ones. . “The goal is to install the MSI package as an admin without any user interaction.” ” continues the analysis.

Encryption 88

Encryption DNS Architecture Firewall 88

Security Affairs

NOVEMBER 19, 2020

Impacted systems included WordPress and DotNetNuke managed hosting platforms, online databases, email servers, DNS servers, RDP access points, and FTP servers. Our Technology and Information Security teams are working diligently to eliminate the threat and restore our customers to full capacity.”

Ransomware 113

Ransomware DNS Encryption Hacking 113

Security Affairs

NOVEMBER 9, 2020

“The Snugy backdoor uses a DNS tunneling channel to run commands on the compromised server. The threat actor would log into the same legitimate email account and create an email draft with a subject of “555,” which includes the command in an encrypted and base64 encoded format. ” reads the analysis published by the experts.

DNS 112

DNS Accountability Government Cyber Attacks 112

Security Affairs

JULY 11, 2022

Operators can easily make this configuration through an interface that uses the CloudFlare API for configuring new DNS zones. As observed, criminals are using the Let’s Encrypt CA to create valid HTTPs certificates. The ANUBIS network phishing campaigns are masked through the Cloudflare CDN. The Phishing template.

Phishing 100

Phishing Social Engineering Banking Engineering 100

Pen Test Partners

SEPTEMBER 13, 2023

Section 3 Sensitive authentication data must now be encrypted or protected if stored before authorization. Disk level encryption is no longer permitted for protection unless it is a form of removeable media (e.g., IDS/IPS solutions must detect and alert on any covert malware communications being used such as DNS tunnelling.

Authentication 52

Authentication Passwords Media Encryption 52

Security Affairs

JUNE 20, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS.

Spyware 70

Spyware DNS Surveillance Ransomware 70

eSecurity Planet

JUNE 21, 2022

CISA is ISACA’s (Information Systems Audit and Control Association) high-level certification designed for those who audit, control, monitor, and assess an organization’s information technology and business systems. GSEC is intended for anyone new to cyber security who has some background in information systems and networks.

Cybersecurity 120

Cybersecurity Penetration Testing System Administration Cyber Attacks 120

SecureList

DECEMBER 2, 2022

Usually after the phrase there are MD5 hashes [1] , IP addresses and other technical data that should help information security specialists to counter a specific threat. Onyphe ), passive DNS databases, public sandbox reports, etc. But how exactly can indicators of compromise help them in their everyday work?

Cyber threats 102

Cyber threats DNS Technology Engineering 102

Security Affairs

NOVEMBER 21, 2019

.” The analysis of the bot revealed that it supports seven functions: reverse shell, self-uninstall, gather process’ network information, gather Bot information, execute system commands, run encrypted files specified in URLs, DDoS attack, etc. SecurityAffairs – Roboto botnet , malware). Pierluigi Paganini.

DDOS 80

DDOS System Administration Advertising DNS 80

Security Affairs

OCTOBER 12, 2019

The new loader is able to drop the malware directly in memory, it was dubbed BOOSTWRITE and allows threat actors to load several malicious codes, including the Carbanak backdoor. In March, the group carried out attacks delivering a previously unseen malware tracked as SQLRat that drops files and executes SQL scripts on the host.

Identity Theft 75

Identity Theft Hacking Advertising DNS 75

Security Affairs

AUGUST 10, 2020

Our findings show that both Telenor and MPT block websites using DNS tampering. MPT is ignoring the DNS requests to the blocked domains, while Telenor is redirecting them to an IP address outside of the country. Adding this information to the block page would increase the transparency and trustworthiness of Telenor Myanmar.

Internet 74

Internet Internet Telecommunications DNS 74

Security Affairs

AUGUST 7, 2019

T1388) , from group_b to group_d time frames OilRig used real Compromised User Accountsextracted by Malware (rif. T1094) mainly developed using DNS resolutions (which is actually one of the main characteristic of the attacker group). I do have a MD in computer engineering and a PhD on computer security from University of Bologna.

Computers and Electronics 80

Computers and Electronics Penetration Testing DNS Phishing 80

Security Affairs

FEBRUARY 5, 2021

The TeamTNT hacker group has been employing a new piece of malware, dubbed Hildegard, to target Kubernetes installs. The hacking group TeamTNT has been employing a new piece of malware, dubbed Hildegard, in a series of attacks targeting Kubernetes systems. The malware deploys the XMRig mining tool to mine Monero cryptocurrency.

Malware 110

Malware DNS Cryptocurrency Internet 110

Security Affairs

AUGUST 10, 2020

Pavel explained that attackers could also collect information even when the traffic is encrypted. The analysis of DNS could reveal the user’s Internet browsing history while the analysis of TLS certificates could allow fingerprinting the servers the user connected.

Internet 92

Internet Internet Advertising Encryption 92

SecureList

APRIL 24, 2023

Introduction We introduced Tomiris to the world in September 2021, following our investigation of a DNS-hijack against a government organization in the Commonwealth of Independent States (CIS). We hypothesize that the general aim is to provide operators with “full-spectrum malware” in order to evade security products.

Malware 88

Malware DNS Government Software 88

Security Affairs

FEBRUARY 19, 2019

Over the last few days, a phishing campaign from DHL and entitled “ DHL Shipment Notification ” has been targeted users worldwide distribution the Muncy malware. Now, the malware is targeting user’s worldwide and has been spread via phishing campaigns. The process flow diagram below shown how the malware works.

Malware 77

Malware Phishing DNS Engineering 77

Cisco Security

AUGUST 29, 2022

25+ Years of Black Hat (and some DNS stats), by Alejo Calaoagan. Cisco is a Premium Partner of the Black Hat NOC , and is the Official Wired & Wireless Network Equipment, Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider of Black Hat. Cisco Secure Endpoint for iOS/Security Connector.

DNS 86

DNS Wireless Malware Firewall 86

Security Affairs

AUGUST 20, 2019

The Trojan is used during the lateral movement stage and is designed to control compromised systems by performing tasks through the command shell and tunneling traffic using the DNS protocol. Silence has also changed its encryption alphabets, string encryption, and commands for the bot and the main module.

Banking 56

Banking Cybercrime Cybersecurity Advertising 56

Security Affairs

JULY 14, 2021

Uptycs threat research team analyzed macOS malware threat landscape and discovered that Shlayer and Bundlore are the most predominant malware. The Uptycs threat research team has been observing over 90% of macOS malware in our daily analysis and customer telemetry alerts using shell scripts.

Adware 121

Adware Encryption Malware Passwords 121

Cisco Security

NOVEMBER 29, 2021

Cisco Secure supports the NOC operations with DNS visibility and architecture intelligence ( Cisco Umbrella and Cisco Umbrella Investigate ) and automated malware analysis and threat intelligence ( Cisco Secure Malware Analytics (Threat Grid) , backed by Cisco Talos Intelligence and Cisco SecureX ).

DNS 135

DNS Mobile Malware Firewall 135

eSecurity Planet

MAY 28, 2021

Malware detection has long been a game of signature detection. With ML and artificial intelligence (AI) using thousands of strains to train algorithms, one would surmise that the ability to detect malware is only improving. Hackers are using the same ML and AI technology to avoid using recognized malware. Old way New way.

Software 105

Software Firmware DNS VPN 105