Security Affairs

NOVEMBER 24, 2023

North Korea-linked Konni APT group used Russian-language Microsoft Word documents to deliver malware. FortiGuard Labs researchers observed the North Korea-linked Konni APT group using a weaponized Russian-language Word document in an ongoing phishing campaign. The Word document seems to be in the Russian language.

Encryption 135

Encryption Malware Phishing Hacking 135

Security Affairs

AUGUST 31, 2021

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. Sophos researchers discovered that the group is now leveraging a new technique called “intermittent encryption” to speed up the encryption process.

Encryption 143

Encryption Ransomware Financial Services Antivirus 143

Security Affairs

NOVEMBER 11, 2024

The phishing messages contain a malicious Excel document disguised as an order file to trick the recipient into opening the document. The malicious code downloads an encrypted Remcos RAT file from a remote server, using APIs such as InternetOpenA() , InternetOpenUrlA() , and InternetReadFile() to facilitate the download.

Phishing 131

Phishing Malware Banking Encryption 131

Security Affairs

APRIL 7, 2025

In Dark Web environments as well as on specialized forums, sellers are posting synthetic ads inviting potential buyers to contact them privately, often via Telegram, Session, and other encrypted messaging apps. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,EDR-as-a-Service)

Cybercrime 140

Cybercrime Social Engineering Accountability Government 140

Graham Cluley

MARCH 6, 2024

Ukraine claims its hackers have gained possession of "the information security and encryption software" used by Russia's Ministry of Defence , as well as secret documents, reports, and instructions exchanged between over 2,000 units of Russia's security services. Read more in my article on the Hot for Security blog.

Encryption 133

Encryption Hacking Information Security Software 133

Security Affairs

MARCH 4, 2024

The Main Intelligence Directorate (GUR) of Ukraine’s Ministry of Defense claims that it hacked the Russian Ministry of Defense. Stolen documents include: confidential documents, including orders and reports circulated among over 2000 structural units of the Russian military service.

Hacking 142

Hacking Data breaches Encryption Government 142

Security Affairs

MAY 4, 2025

“The ransomware either encrypted data from victims computer networks or claimed to take that data from the networks. Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents.

Ransomware 115

Ransomware Encryption VPN Malware 115

Security Affairs

FEBRUARY 13, 2021

Court documents obtained by Forbes revealed that the FBI may have a tool that allows accessing private Signal messages on iPhones. Court documents related to a recent gun-trafficking case in New York and obtained by Forbes revealed that the FBI may have a tool to access private Signal messages. SecurityAffairs – hacking, iPhone).

Mobile 137

Mobile Encryption Software Hacking 137

Security Affairs

OCTOBER 31, 2020

The REvil ransomware operators made the headlines again, this time the gang claims to have hacked the Gaming Partners International (GPI). The REvil ransomware gang (aka Sodinokibi) claims to have stolen info from the systems at the company before encrypting them. SecurityAffairs – hacking, Gaming Partners International (GPI)).

Hacking 145

Hacking Ransomware Advertising Encryption 145

Security Affairs

MAY 29, 2025

Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a hacked site. ” APT41 used spear phishing emails with a ZIP file hosted on a hacked government site. The ZIP pretended to be a document about export declarations and included a disguised LNK file and images of arthropods.

Malware 118

Malware Government Encryption Hacking 118

Security Affairs

OCTOBER 24, 2023

The ex-NSA employee had Top Secret clearance that give him access to top secret documents. All three documents from which the excerpts were taken contain NDI, are classified as Top Secret//Sensitive Compartmented Information (SCI) and were obtained by Dalke during his employment with the NSA.”

Encryption 130

Encryption Hacking Accountability Information Security 130

Security Affairs

DECEMBER 16, 2024

“In at least two cases Amnesty International documented, the Cellebrite UFED product and associated exploits were used to covertly bypass phone security features, enabling Serbian authorities to infect the devices with NoviSpy spyware. ” reads the report published by Amnesty. ” reported the Associated Press.

Spyware 106

Spyware Surveillance Technology Mobile 106

Security Affairs

MAY 1, 2024

NSA employee has been sentenced to nearly 22 years in prison for attempting to sell classified documents to Russia. Dalke pleaded guilty to six counts of attempting to transmit classified documents to a foreign agent while he was working at the NSA. A former U.S.

Accountability 132

Accountability Encryption Government Hacking 132

Security Affairs

JUNE 8, 2021

Trojan Shield operation: The FBI and Australian Federal Police ran an encrypted chat platform that was used by crime gangs and intercepted their communications. The FBI and Australian Federal Police (AFP) ran an encrypted chat platform that was used by crime gangs and intercepted their communications.

Encryption 136

Encryption Cryptocurrency Cybercrime Advertising 136

Adam Shostack

JANUARY 2, 2025

This month runs quite heavy on AI, but the CISA Safe by Design and Default document is going to be important for the next several years. Google plans to add end-to-end encryption to Authenticator is a bit of a jaw-dropper. How did you roll out a feature that copies super-sensitive data to the cloud and not encrypt it?

Passwords 130

Passwords Encryption Risk Advertising 130

Security Affairs

JANUARY 23, 2024

The Black Basta ransomware gang claimed to have hacked the UK water utility Southern Water, a major player in the UK water industry. In early January, independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor.

Hacking 144

Hacking Encryption Ransomware Insurance 144

Security Affairs

JANUARY 8, 2024

Documents belonging to the Swiss Air Force were leaked on the dark web as a result of cyberattack on a US security provider. Documents belonging to the Swiss Air Force were leaked on the dark web after the US security company Ultra Intelligence & Communications suffered a data breach. ” reported the SwissInfo website.

Hacking 144

Hacking Ransomware Data breaches Manufacturing 144

Krebs on Security

JUNE 16, 2021

First debuting in early 2019, CLOP is one of several ransomware groups that hack into organizations, launch ransomware that encrypts files and servers, and then demand an extortion payment in return for a digital key needed to unlock access. ? /.

Ransomware 361

Ransomware Cybercrime Malware Encryption 361

Security Affairs

FEBRUARY 13, 2025

It also resembles Trend Micros documented PlugX type 2 variant, also linked to Fireant. Both variants use the same RC4 encryption key (qwedfgx202211) and have similar configuration structures, reinforcing their connection to the espionage group. Evidence suggests the attacker may have prior ransomware involvement. .”

Ransomware 120

Ransomware Software Cybercrime Encryption 120

Krebs on Security

FEBRUARY 19, 2020

It is perhaps best known for selling virtual private networking (VPN) software that lets users remotely access networks and computers over an encrypted connection. Iranian hackers recently have been blamed for hacking VPN servers around the world in a bid to plant backdoors in large corporate networks.

VPN 363

VPN Passwords Software Telecommunications 363

Security Affairs

MARCH 20, 2021

The ransomware gang claimed to have stolen data from the systems of the vendor before encrypting them, then published on their data leak site some images of allegedly stolen documents (i.e. financial spreadsheets, bank documents and communications) as proof of the hack. SecurityAffairs – hacking, ransoware).

Ransomware 145

Ransomware Hacking Computers and Electronics Malware 145

Security Affairs

MARCH 31, 2025

” Threat actor distributes LNK files compressed inside ZIP archives as part of the recent phishing campaign, usually disguising the file as an Office document and uses names related to the military invasion. This DLL acts as a loader, decrypting and executing the final Remcos payload from encrypted files within the ZIP.

Phishing 114

Phishing Antivirus Encryption Hacking 114

The Last Watchdog

DECEMBER 13, 2023

Each time we use a mobile app or website-hosted service, digital certificates and the Public Key Infrastructure ( PKI ) come into play — to assure authentication and encrypt sensitive data transfers. This is a fundamental component of Digital Trust – and the foundation for securing next-gen digital connections.

Encryption 311

Encryption Technology CISO IoT 311

Malwarebytes

JULY 8, 2022

Specifically: The lack of backups when dealing with hacking incidents. Assuming the attackers don’t just vanish into the night, the business may decide to pay the ransom and recover the encrypted files. The report notes that various initiatives already exist to get people talking about the need for both encryption and backing up.

Encryption 134

Encryption Backups Ransomware Cybercrime 134

Security Affairs

FEBRUARY 11, 2025

“They allegedly used the Phobos malware to encrypt information on the networks, blocking the companies from accessing the data unless a ransom was paid and a decryption key was provided by the gang. Generation of target list of extensions and folders to encrypt. ” reported the website Nation Thailand.

Ransomware 73

Ransomware Encryption Backups Malware 73

Security Affairs

APRIL 20, 2025

BPFDoors Hidden Controller Used Against Asia, Middle East Targets Gorilla, a newly discovered Android malware Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia Unmasking the new XorDDoS controller and infrastructure Byte Bandits: How (..)

Malware 80

Malware Cryptocurrency Encryption Phishing 80

Security Affairs

MARCH 2, 2025

3 cyberattack led to unauthorized access, file withdrawals, and encryption of critical applications. “Preliminary investigations indicate that threat actors unlawfully accessed the Companys network, encrypted critical applications, and exfiltrated certain files. The company reported to the SEC that a Feb.

Ransomware 79

Ransomware Cybercrime Encryption Healthcare 79

Security Affairs

JULY 8, 2021

The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server of a third-party vendor. The hack of the FTA server took place in March, but the hacker had access to the data of Morgan Stanley customers in May. ” reads the letter.

Data breaches 133

Data breaches Hacking Banking Financial Services 133

Security Affairs

MARCH 13, 2025

Kaspersky first documented the operations of the group in 2016. Upon execution, the spyware retrieves an encrypted configuration from Firebase Firestore, controlling activation and the C2 server address. The configuration request, sent as an encrypted JSON, controls parameters like C2 ping frequency, plugin URLs, and victim messages.

Spyware 80

Spyware Surveillance Encryption Malware 80

Krebs on Security

DECEMBER 18, 2024

A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click “yes” to a Google prompt on his mobile device.

Cryptocurrency 363

Cryptocurrency Accountability Authentication Phishing 363

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption 98

Encryption Phishing Accountability Authentication 98

Schneier on Security

OCTOBER 10, 2019

The malware is able to compromise TLS traffic by infecting the computer with hacked TLS engine substituted on the fly, "marking" infected TLS handshakes by compromising the underlining random-number generator, and adding new digital certificates. The COMpfun malware was initially documented by G-DATA in 2014.

Malware 240

Malware Engineering Encryption Hacking 240

Krebs on Security

APRIL 20, 2023

Mandiant concluded that the 3CX attack was orchestrated by the North Korean state-sponsored hacking group known as Lazarus , a determination that was independently reached earlier by researchers at Kaspersky Lab and Elastic Security. The malware was found inside of a document that offered an employment contract at the multinational bank HSBC.

Malware 331

Malware Software Technology Accountability 331

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. LastPass disclosed that criminal hackers had compromised encrypted copies of some password vaults, as well as other personal information.

Cryptocurrency 361

Cryptocurrency Passwords Encryption Accountability 361

eSecurity Planet

APRIL 8, 2025

A new and dangerous AI-powered hacking tool is making waves across the cybercrime underworld and experts say it could change the way digital attacks are launched. Xanthorox vision can analyze images and screenshots to extract sensitive data or interpret visual content useful for cracking passwords or reading stolen documents.

Social Engineering 110

Social Engineering Phishing Engineering Cyber threats 110

SecureList

OCTOBER 16, 2023

On October 8, a major hack on the Israeli Dorad private power station was announced on underground channels by the Cyber Av3ngers group. The group shared photos of the alleged hack with a logo that has the Palestinian flag colors and political messages, inferring the hack was in support.

Hacking 117

Hacking DDOS Encryption Malware 117

Security Affairs

DECEMBER 12, 2024

The researchers analyzed multiple samples of the malware and gained access to internal documents obtained from open directories on attacker infrastructure. These documents suggest the existence of an iOS conversion of the spyware that has yet to be uncovered. The tool encrypts data before exfiltrate it to a command-and-control server.

Surveillance 66

Surveillance Mobile Spyware Malware 66