Krebs on Security

FEBRUARY 18, 2019

This post seeks to document the extent of those attacks, and traces the origins of this overwhelmingly successful cyber espionage campaign back to a cascading series of breaches at key Internet infrastructure providers. federal civilian agencies to secure the login credentials for their Internet domain records. That changed on Jan.

DNS 267

DNS Internet Internet Government 267

SecureWorld News

DECEMBER 23, 2020

Pegasus spyware is a phone surveillance solution that enables customers to remotely exploit and monitor devices. The company sells its surveillance technology to governments around the world. And watchdog groups say its products are often found to be used in surveillance abuses. What can this Pegasus iOS attack do?

Spyware 52

Spyware Surveillance Hacking Media 52

Malwarebytes

MARCH 29, 2021

But, while Apple has taken several, commendable steps into protecting users, the company’s reach only goes so far, which means that it alone cannot stop threat actors from snooping on users’ unencrypted web traffic, poorly configured apps from leaking user data to rogue WiFi networks, or mobile phone carriers from selling user data to make money.

VPN 115

VPN Mobile Internet Internet 115

SecureList

NOVEMBER 26, 2021

Mobile statistics. The vulnerability is in MSHTML, the Internet Explorer engine. We started detecting some suspicious backdoored installer packages (including TeamViewer, VLC Media Player and WinRAR); then in the middle of 2019 we found a host that served these installers along with FinSpy Mobile implants for Android.

Malware 87

Malware Banking Energy and Utilities Accountability 87

SecureList

MAY 31, 2021

For example, before making the first internet connection to its C2s, the Sunburst malware lies dormant for up to two weeks, preventing easy detection of this behaviour in sandboxes. Out of the 18,000 Orion IT customers affected by the malware, it seems that only a handful were of interest to the attackers.

Malware 95

Malware Adware Encryption Architecture 95

SecureList

APRIL 27, 2021

Although Lyceum still prefers taking advantage of DNS tunneling, it appears to have replaced the previously documented.NET payload with a new C++ backdoor and a PowerShell script that serve the same purpose. Domestic Kitten is a threat group mainly known for its mobile backdoors. Other interesting discoveries.

Malware 139

Malware Spyware Government Social Engineering 139

SecureList

OCTOBER 26, 2021

In June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control – probably achieved by obtaining credentials to the control panel of the victims’ registrar.

Malware 141

Malware Government Surveillance Spyware 141