Duo's Security Blog

FEBRUARY 13, 2024

WebAuthn Public Key Cryptography allows a merchant or customer to send a 'secret' encrypted message using a public key and only the owner of that public key can decrypt it with their private key. So, we began with the use of passwords. Skip ahead several years, and it’s widely known that they are problematic.

eCommerce 72

eCommerce Authentication Encryption Passwords 72

Krebs on Security

OCTOBER 28, 2020

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. What’s more, Syrén seemed to downplay the severity of the exposure.

Hacking 344

Hacking Ransomware Banking Accountability 344

Security Affairs

JULY 11, 2022

BlackCat (aka ALPHV) Ransomware gang introduced an advanced search by stolen victim’s passwords, and confidential documents. They introduced an advanced search by stolen victim’s passwords, and confidential documents leaked in the TOR network. ALPHV seems to be significantly competing with Lockbit 3.0

Ransomware 96

Ransomware Passwords Data breaches Technology 96

Security Affairs

JANUARY 16, 2023

Security experts noticed that the Go-based ransomware was able to encrypt files at high speeds. Upon its execution, BianLian searches all available disk drives (from A: to Z:) and all files to encrypt. Once encrypted a file, the ransomware appends the.bianlian extension and drops a ransom note (instruction.txt) into each folder.

Ransomware 98

Ransomware Malware Antivirus Encryption 98

Krebs on Security

APRIL 20, 2023

Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. In many cases, the phony profiles spoofed chief information security officers at major corporations , and some attracted quite a few connections before their accounts were terminated.

Malware 287

Malware Software Technology Accountability 287

CyberSecurity Insiders

SEPTEMBER 7, 2022

As the adoption of cloud storage is growing, it is becoming easy to carry documents, passwords, movies, images, music, etc. Though it is convenient for us, data upload to a third-party platform might fetch some security risks that are as follows. Better to use mobile data as 4G and 5G are considered as most secure networks.

Passwords 105

Passwords Accountability Mobile Encryption 105

Security Affairs

DECEMBER 12, 2023

Businesses employ MongoDB to organize and store large swaths of document-oriented information. In addition to nearly 200K exposed customers, the DTC app’s open database also leaked information on 22,952 drivers. DTC app has over 100,000 downloads on the Google Play store.

VPN 132

VPN Accountability Banking Marketing 132

Security Affairs

MAY 20, 2021

The Java-based STRRAT RAT was distributed in a massive spam campaign, the malware shows ransomware-like behavior of appending the file name extension.crimson to files without actually encrypting them. This RAT is infamous for its ransomware-like behavior of appending the file name extension.crimson to files without actually encrypting them.

Ransomware 137

Ransomware Malware Encryption Security Intelligence 137

SecureList

MAY 28, 2024

But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. in their infrastructure, while the rest discovered they had been infiltrated via a third party only after data leakage or encryption. Rounding out the top three is targeted phishing.

VPN 79

VPN Accountability Passwords Antivirus 79

CyberSecurity Insiders

NOVEMBER 19, 2022

To prevent unauthorized users from getting into a vital call, ensure the video conferencing tool has end-to-end encryption. This feature will protect video conferences and guarantee those conversations are secure. Businesses must train employees to use strong passwords and change them as often as possible. Voice Calls.

Encryption 107

Encryption Risk Data breaches Technology 107

Security Affairs

FEBRUARY 26, 2021

It lists the IP addresses of the local ARP cache and sends them a packet, then it lists all the sharing resources opened on the found IPs, mounts each of them, and attempts to encrypt their content. “The Ryuk variant analyzed in this document does have self-replication capabilities. ” continues the report.

Ransomware 139

Ransomware Passwords Accountability Encryption 139

CyberSecurity Insiders

DECEMBER 12, 2021

The channel’s security must be impenetrable. They generally get into your system by guessing the password, leveraging API loopholes, or exploiting bad codes. For a channel to be secure, it should be reliable and trustworthy. The Best Ways to Secure Communication Channels . You can share passwords and secret notes.

VPN 107

VPN Passwords Encryption Mobile 107

Security Affairs

JULY 26, 2021

Microsoft published mitigations for the recently discovered PetitPotam attack that allows attackers to force remote Windows machines to share their password hashes. The NTLM authentication hash can be used to carry out a relay attack or can be lately cracked to obtain the victim’s password. ” reads the advisory.

Authentication 120

Authentication Passwords Encryption Hacking 120

Security Affairs

SEPTEMBER 10, 2020

To avoid detection of malicious functionalities, the authors encrypted all suspicious-looking strings with the Corrected Block TEA (XXTEA) cipher and then running Base64 encoding. “Interestingly, the password from the configuration file is stored encrypted. ” continues the analysis.

Malware 133

Malware Encryption Advertising Passwords 133

Security Affairs

DECEMBER 6, 2020

The helicopter maker Kopter was hit by LockBit ransomware, the attackers compromised its internal network and encrypted the company’s files. The files published by the ransomware gang on the leak site include internal projects, business documents, and various aerospace and defense industry standards. Source ZDNet.

Ransomware 114

Ransomware VPN Encryption Authentication 114

Security Affairs

AUGUST 1, 2022

In early July, BlackCat (aka ALPHV) Ransomware gang introduced an advanced search by stolen victim’s passwords, and confidential documents. In a recent post from 10 Jul 2022, 15:35 pm in Dark Web , “ALPHV” introduced search not only by text signatures, but also supporting tags for search of passwords and compromised PII.

Ransomware 128

Ransomware Passwords Cyber Attacks Hacking 128

Security Affairs

SEPTEMBER 7, 2022

The Mirai -based Moobot botnet was first documented by Palo Alto Unit 42 researchers in February 2021, in November 2021, it started exploiting a critical command injection flaw ( CVE-2021-36260 ) in the webserver of several Hikvision products. . ” At the time of the analysis, the C2 server was offline.

DDOS 106

DDOS Encryption Passwords Hacking 106

Security Affairs

NOVEMBER 12, 2020

One of the modules analyzed by the experts, named GetMicInfo, implements an algorithm that allows operators to gather database passwords by decrypting them from Windows registry values. . Other modules detailed by ESET are “ModScan 2.20,” that is used to collect additional information about the installed POS system (e.g.,

Malware 135

Malware Architecture Passwords Software 135

Security Affairs

JULY 23, 2021

This breach compromised citizens’ physical addresses, phone numbers, IDs, tax documents, and more. Due to the large number and various types of unique documents, it is difficult to estimate the number of people exposed in this breach. Pictured: Example of Leaked Documents: Real Estate Tax Bill. Sensitive information redacted.

Data breaches 99

Data breaches Identity Theft Government Phishing 99

Security Affairs

JULY 8, 2021

. “On May 20, 2021, Morgan Stanley was notified by Guidehouse, a vendor that provides account maintenance services to Morgan Stanley’s StockPlan Connect business, that it had suffered an information security incident. “There was no data security breach of any Morgan Stanley applications,” continues the letter.

Data breaches 121

Data breaches Hacking Banking Financial Services 121

Pen Test Partners

SEPTEMBER 13, 2023

Justification must be documented within the newly added Appendix E (Customized Approach Template). Section 3 Sensitive authentication data must now be encrypted or protected if stored before authorization. Disk level encryption is no longer permitted for protection unless it is a form of removeable media (e.g.,

Authentication 52

Authentication Passwords Media Encryption 52

Security Affairs

JUNE 29, 2022

RansomHouse launched its operation in December 2021, unlike other extortion group, the gang doesn’t encrypt data, but focuses on data theft to speed up its activity. Another leaked file, sample_passwords.txt, includes a list of weak AMD user credentials, such as ‘password’, ‘P@ssw0rd’, and ‘amd!23.’

Encryption 97

Encryption Passwords Hacking Data breaches 97

Security Affairs

AUGUST 9, 2022

The emails used weaponized Microsoft Word documents exploiting the CVE-2017-11882 vulnerability. EXE which is responsible for the insertion and editing of equations (OLE objects) in documents. Once gained control of a target’s IT infrastructure, threat actors started stealing sensitive information.

Encryption 112

Encryption Antivirus Malware Hacking 112

Security Affairs

APRIL 19, 2022

SolarMarker is mainly delivered through search engine optimization (SEO) manipulation to trick users into downloading malicious documents. The SolarMarker backdoor communicates with the C2 server through the encrypted channel. The RAT is also used to deliver other malicious payloads on the infected devices.

Encryption 97

Encryption Malware Engineering Passwords 97

Malwarebytes

MAY 28, 2021

In the case of phishing campaigns, Wizard Spider and its affiliates have been known to use legitimate Google document URLs in the email body. The files are then held for ransom and the victim is threatened by data loss, because of the encryption, and leaking of the exfiltrated data. Known ransom note file names are CONTI.txt , R3ADM3.txt

Healthcare 114

Healthcare Ransomware Encryption Passwords 114

Security Affairs

FEBRUARY 5, 2022

enumerates system information to include hostname, host configuration, domain information, local drive configuration, remote shares, and mounted external storage devices. attempts to encrypt any data saved to any local or remote device but skips files associated with core system functions.” ” reads the flash alert.

Ransomware 97

Ransomware Backups Encryption Accountability 97

Malwarebytes

AUGUST 3, 2022

This advanced custom Rat is mainly the work of a threat actor that targets Russian entities by using lures in archive file format and more recently Office documents leveraging the Follina vulnerability. The earliest versions of this Rat was typically archived into a zip file pretending to be a document specific to a Russian group.

Malware 117

Malware Encryption Antivirus Architecture 117

Centraleyes

DECEMBER 17, 2023

The 12 technical and operational control requirements of the PCI DSS were established to ensure data security competence and are accepted as a benchmark for information security. The answer to this is password and configuration management and should be one of your highest security priorities.

Passwords 52

Passwords Computers and Electronics Software Risk 52

Security Affairs

DECEMBER 9, 2020

The most common algorithms are those patented by RSA Data Security: This algorithm, also called asymmetric key cryptography, provides a pair of keys (a public and private key) associated with an entity that authenticates the identity of the key itself. Hash encryption is used to ensure integrity and authentication. The hash function.

Authentication 101

Authentication Encryption Passwords Social Engineering 101

SecureWorld News

SEPTEMBER 7, 2023

Quantum computing poses a potential threat to current cybersecurity practices, which are based on encryption algorithms that can be broken by quantum computers. Director of Information Security, State of Colorado Governor's Office of Information Technology; and Toby Zimmerer, Sr. Demand and Delivery Director, Optiv.

Encryption 94

Encryption Technology Risk Architecture 94

eSecurity Planet

SEPTEMBER 23, 2022

After SOX, executives must sign a document every year that states, under penalty of criminal prosecution if they lie, that the executives understand their financial statement. However, for compliance, the term policy actually refers to a written document that contains the goals, objectives, and minimum standards the company will enact.

Cybersecurity 132

Cybersecurity Risk Passwords Encryption 132

Security Affairs

FEBRUARY 12, 2022

service account, admin accounts, and domain admin accounts) to have strong, unique passwords. If using Linux, use a Linux security module (such as SELinux, AppArmor, or SecComp) for defense in depth. Protect cloud storage by backing up to multiple locations, requiring MFA for access, and encrypting data in the cloud.

Ransomware 98

Ransomware Backups Encryption Accountability 98

Security Affairs

MARCH 17, 2020

This brand new Ursnif campaign is delivered as a malicious mail containing a password protected document: Hash e9697d963d66792a91991e64537707a94f466421615277d91675b83a408eef93 Threat Ursnif document dropper Brief Description Ursnif Document Dropper Password Protected Ssdeep 12288:9ZPntL7GQw8jzl7v4MvvnaTiIY11jTW84LYMdX9:ftXGxQ7vBvvnjVbTWthdt.

Passwords 141

Passwords Malware Advertising Engineering 141

Security Affairs

JUNE 26, 2021

We believe Hive to be a ransomware group, because it currently states the data to be “encrypted”, potentially suggesting that Altus Group is given an opportunity to pay itself out of further trouble. The provided sample of exfiltrated files includes business data and documents, as well as Argus certificates and development files.

Ransomware 119

Ransomware Software Encryption Passwords 119

Security Affairs

JUNE 11, 2021

Most of the stolen files (50%+) were text files, some of them containing software logs, passwords, personal notes, and other sensitive information. Experts found over 650,000 Word documents and.pdf files in the archive. More than 1 million images have been stolen by the malware, including 696,000.png png and 224,000.jpg

Malware 119

Malware Computers and Electronics Software Financial Services 119

Security Affairs

MARCH 19, 2020

. “The purpose of this document is to describe the operating mode used during these attacks and the associated compromise indicators, then to provide recommendations to limit the impact of this type of incident.” locked to the filename of the encrypted files. The malicious code appended the extension.

Government 121

Government Ransomware Encryption Penetration Testing 121

Security Affairs

JUNE 7, 2021

The Ukrainian Security Service shared indicators of compromise for this attack on the platform “MISP-UA” Below the recommendations by the CERT: Recommendations: Do not download encrypted archives or password archives from the Internet. The SEI EB is used by the Ukrainian government agencies to share documents.

Phishing 102

Phishing Government Antivirus Passwords 102