Download, Encryption and Information Security

Information Security News headlines trending on Google

CyberSecurity Insiders

MAY 4, 2023

According to the advisory, all healthcare providers operating in the Indian subcontinent and in the whole of South Asia should be cautious about the said file-encrypting group that mainly targets the healthcare sector. The post Information Security News headlines trending on Google appeared first on Cybersecurity Insiders.

Information Security

Information Security Healthcare Social Engineering Ransomware

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

xyz pic.twitter.com/VLhISark8Y — Goldwave (@OGoldwave) March 13, 2023 The variant employed in the campaign supports a more sophisticated encryption method of byte remapping and a monthly rotation of the C2 server. #ViperSoftX is back, doesn't look like much has changed. c2 arrowlchat[.]com ” continues the report.

Encryption

Encryption Malware Cryptocurrency Software

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines. The malware changes the extension of the encrypted files to ‘.royal’.

Encryption

Encryption Ransomware Malware Healthcare

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

ESET researchers discovered a new downloader, dubbed DePriMon, that used new “Port Monitor” methods in attacks in the wild. . The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. The second stage installs itself and loads the third stage using an encrypted, hardcoded path.

Malware

Malware Telecommunications Advertising Encryption

Linux variant of Cerber ransomware targets Atlassian servers

Security Affairs

APRIL 17, 2024

The attackers use the web shell to download and run the primary Cerber payload. As such, the data the ransomware is able to encrypt is limited to files owned by the confluence user. It will of course succeed in encrypting the datastore for the Confluence application, which can store important information.”

Ransomware

Ransomware Encryption Malware Accountability

TeamTNT is back and targets servers to run Bitcoin encryption solvers

Security Affairs

SEPTEMBER 19, 2022

“What we discovered is that TeamTNT has been scanning for a misconfigured Docker Daemon and deploying alpine, a vanilla container image, with a command line to download a shell script (k.sh) to a C2 server (domain: whatwill[.]be “Breaking the cryptographic encryption is considered “Mission: Impossible”. be on IP 93[.]95[.]229[.]203).”

Encryption

Encryption Cybercrime Hacking Malware

ENC Security, the encryption provider for Sony and Lexar, leaked sensitive data for over a year

Security Affairs

NOVEMBER 30, 2022

When you buy a Sony, Lexar, or Sandisk USB key or any other storage device, it comes with an encryption solution to keep your data safe. The software is developed by a third-party vendor – ENC Security. Threat actors might switch the download file with an infected one. SecurityAffairs – hacking, ENC Security).

Encryption

Encryption Phishing Marketing Software

GravityRAT returns disguised as an end-to-end encrypted chat app

Security Affairs

NOVEMBER 13, 2021

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. in) used by the attackers. Pierluigi Paganini.

Encryption

Encryption Malware Media Authentication

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

Security Affairs

JULY 7, 2020

Here, it was distributed using fake webpages, where the victim downloaded an MSI file, which then held the remaining Lampion infection chain. As previously stated [ 1 ], [ 2 ], the VBS file is one that, when executed, serves as a downloader for the infection chain. Figure 4: VBS file – Lampion downloader – obfuscation layer.

Malware

Malware Banking Phishing Internet

Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems

Security Affairs

DECEMBER 14, 2021

The attackers exploited the Log4Shell remote code execution vulnerability to download a.NET binary from a remote server that encrypts the files on the target machine and adds the extension.khonsari to each file. NOT MODIFY OR DELETE THIS FILE OR ANY ENCRYPTED FILES. IF YOU DO, YOUR FILES MAY BE UNRECOVERABLE.

Ransomware

Ransomware Encryption Engineering Malware

Xamalicious Android malware distributed through the Play Store

Security Affairs

DECEMBER 27, 2023

Xamalicious relies on social engineering to gain accessibility privileges, then it connects to C2 to evaluate whether or not to download a second-stage payload. The authors also implemented different obfuscation techniques and custom encryption to avoid detection.

Malware

Malware Encryption Social Engineering Marketing

DinodasRAT Linux variant targets users worldwide

Security Affairs

MARCH 31, 2024

0x08 DownLoadFile Download remote file to system. 0x09 StopDownFile Stop file download. 0x27 DealFile Download and set up a new version of the implant. 0x27 DealFile Download and set up a new version of the implant. The library uses the Tiny Encryption Algorithm ( TEA ) in CBC mode to cipher and decipher the data.

Encryption

Encryption Malware Government Hacking

Expert warns of Turtle macOS ransomware

Security Affairs

DECEMBER 1, 2023

“If we download the archive and unzip it, we find it contains files (prefixed with “TurtleRansom”) that appear to be compiled for common platforms, including, Windows, Linux, and yes, macOS” reads the analysis published by Wardle. The malware adds the extension “ TURTLERANSv0 ” to the filenames of encrypted files.

Ransomware

Ransomware Encryption Malware Cybercrime

Carderbee APT targets Hong Kong orgs via supply chain attacks

Security Affairs

AUGUST 23, 2023

Cobra DocGuard Client is software produced by a Chinese firm EsafeNet, it is used to protect, encrypt, and decrypt software. EsafeNet is owned by Chinese information security firm NSFOCUS. The researchers observed attackers downloading multiple distinct malware families via this method. This file is not saved on disk.

Malware

Malware Software Encryption Firewall

Threat actor exploits MS ProxyShell flaws to deploy Babuk ransomware

Security Affairs

NOVEMBER 5, 2021

The attack chain starts with a downloader module on a victim’s server in the form of a standalone executable format and a DLL. The DLL downloader is run by the Exchange IIS worker process w3wp.exe. Attackers used a modified EfsPotato exploit to target proxyshell and PetitPotam flaws as an initial downloader.

Ransomware

Ransomware Backups Encryption DNS

NPM packages found containing the TurkoRat infostealer

Security Affairs

MAY 19, 2023

ReversingLabs discovered two malicious packages, respectively named nodejs-encrypt-agent and nodejs-cookie-proxy-agent, in the npm package repository containing an open-source info-stealer called TurkoRat. The nodejs-encrypt-agent was discovered due to name and version discrepancies noticed by the researchers while scanning the repository.

Encryption

Encryption Social Engineering Malware Cryptocurrency

Avast released a free decryptor for the Windows version of the Akira ransomware

Security Affairs

JULY 1, 2023

“During the run, the ransomware generates a symmetric encryption key using CryptGenRandom() , which is the random number generator implemented by Windows CryptoAPI. . Files are encrypted by Chacha 2008 ( D. “The symmetric key is encrypted by the RSA-4096 cipher and appended to the end of the encrypted file.

Ransomware

Ransomware Encryption Malware Hacking

DeathRansom ransomware evolves encrypting files, but experts identified its author

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. They share the naming pattern and infrastructure used.

Encryption

Encryption Ransomware Malware Scams

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. Look for the “https” in the website’s URL—it means there’s some level of encryption.

DNS

DNS VPN Encryption Passwords

Coldriver threat group targets high-ranking officials to obtain credentials

Malwarebytes

JANUARY 22, 2024

The group uses social engineering techniques to persuade their targets to open documents or download malware. These lure documents, which are harmless PDF files, are sent to the target, but when they open them the content appears to be encrypted. These targets are approached in spear phishing attacks.

Social Engineering

Social Engineering Government Media DNS

Statc Stealer, a new sophisticated info-stealing malware

Security Affairs

AUGUST 10, 2023

The user inadvertently downloads the Initial Sample file. To facilitate the download of the Statc payload through a PowerShell script, the Initial Sample file also drops and executes a Downloader Binary file. From here, Statc Stealer calls on its C&C server to deliver the stolen encrypted data.

Malware

Malware Encryption Advertising Cryptocurrency

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

In late March 2023, 3CX disclosed that its desktop applications for both Windows and macOS were compromised with malicious code that gave attackers the ability to download and run code on all machines where the app was installed. “This could cause the file to run when double-clicked instead of opening it with a PDF viewer.”

Malware

Malware Software Technology Accountability

Recently discovered IceFire Ransomware now also targets Linux systems

Security Affairs

MARCH 9, 2023

In an attack observed by the experts, the ransomware successfully encrypted a CentOS host running a vulnerable version of IBM Aspera Faspex file server software. The ransomware encrypts files and appends the “.ifire” IceFire doesn’t encrypt the files with “.sh” IceFire targets user and shared directories (e.g., /mnt,

Ransomware

Ransomware Encryption Media Phishing

Crooks manipulate GitHub’s search results to distribute malware

Security Affairs

APRIL 13, 2024

On April 3rd, the attacker updated the code in one of their repositories, linking to a new URL that downloads a different encrypted.7z Threat actors padded the executable with numerous zeros to artificially increase the file size surpassing the limit of various security solutions, notably VirusTotal, making it unscannable. .

Malware

Malware Cryptocurrency Encryption Hacking

macOS: Bashed Apples of Shlayer and Bundlore

Security Affairs

JULY 14, 2021

The malicious shell scripts used by Shlayer and Bundlore are usually malvertising-focused adware bundlers using shell scripts in the kill chain to download and install an adware payload. Bash scripts invoking encrypted Zip file. Figure 4: Bash script invoking encrypted zip file. Figure 2: Fake flash player installation.

Adware

Adware Encryption Malware Passwords

RedEnergy Stealer-as-a-Ransomware employed in attacks in the wild

Security Affairs

JULY 5, 2023

Once inside the system, this malicious variant stealthily extracts sensitive information and proceeds to encrypt the compromised files.” The downloaded file is an executable file known as RedStealer. org/assets/programs/setupbrowser.exe ) which downloads the file setupbrowser.exe. igrejaatos2[.]org/assets/programs/setupbrowser.exe

Energy and Utilities

Energy and Utilities Ransomware Backups Malware

GitCaught campaign relies on Github and Filezilla to deliver multiple malware

Security Affairs

MAY 20, 2024

During the investigation, the researchers identified twelve websites that falsely advertised downloads of legitimate macOS applications, but instead directed victims to a GitHub profile to distribute the Atomic macOS Stealer (AMOS).

Malware

Malware Banking Software Advertising

ConnectWise Quietly Patches Flaw That Helps Phishers

Krebs on Security

DECEMBER 1, 2022

When a support technician wants to use it to remotely administer a computer, the ConnectWise website generates an executable file that is digitally signed by ConnectWise and downloadable by the client via a hyperlink. ” A composite of screenshots researcher Ken Pyle put together to illustrate the ScreenConnect vulnerability.

Phishing

Phishing Architecture Passwords Accountability

StrelaStealer targeted over 100 organizations across the EU and US

Security Affairs

MARCH 25, 2024

Upon downloading and opening the archive, a JScript file is dropped onto the system. “The JScript file then drops a Base64-encrypted file and a batch file. The Base64-encrypted file is decoded with the certutil -f decode command, resulting in the creation of a Portable Executable (PE) DLL file.”

Malware

Malware Encryption Manufacturing Phishing

Trustwave released a free decryptor for the BlackByte ransomware

Security Affairs

OCTOBER 19, 2021

Unlike other ransomware that may have a unique key in each session, BlackByte uses the same raw key to encrypt files and it uses the symmetric-key algorithm AES. To decrypt a file, one only needs the raw key to be downloaded from the host. Anyone that could access the raw key would be able to decrypt the files.

Ransomware

Ransomware Encryption Malware Hacking

Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats

Security Affairs

MARCH 14, 2022

An HTML file downloads a.lnk file mascaraed of an MSI file that takes advantage of the LoL bins to execute an MSI file (segunda.msi). segunda.msi” downloads and executes an EXE file that will drop the final stage. The victims’ data is encrypted and sent to the C2 server geolocated in Russia. Phishing wave.

Banking

Banking Encryption Malware Phishing

Encryption – A Feasible Savior against Prevalent Privacy Issues in Business Communication

Security Affairs

OCTOBER 26, 2019

Even though encryption should be taken seriously by businesses of all sizes, only a small fraction of the corporate sector puts their back on it. Why is Encryption a Feasible Option against Digital Threats? Encryption plays an integral role in securing the online data as well as its integrity. Final Thoughts.

Encryption

Encryption Ransomware Cyber threats Cybercrime

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

The ransomware encrypts files on the targeted systems using the “ cuba” extension. The Hancitor downloader has been active since at least 2016 for dropping Pony and Vawtrak. The Hancitor downloader has been active since at least 2016 for dropping Pony and Vawtrak.

Ransomware

Ransomware Hacking Malware Encryption

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

The Last Watchdog

MAY 19, 2022

You also don’t want unscrupulous individuals to download your content in bulk or re-host it on their own websites without permission. percent of CMS users worry about the security of their CMS—while 46.4 percent actually had a CMS security issue affect their content. A big concern on Wikipedia is vandalism.

Data breaches

Data breaches Encryption Mobile Technology

Magnet Goblin group used a new Linux variant of NerbianRAT malware

Security Affairs

MARCH 11, 2024

. “While tracking the recent waves of Ivanti exploitation, we identified a number of activities leading to the download and deployment of an ELF file which turned out to be a Linux version of NerbianRAT. The malware uses AES encryption for C2 communication, however, depending on the transmitted data, RSA may also be utilized.

Malware

Malware VPN Encryption Hacking

DEV-0569 group uses Google Ads to distribute Royal Ransomware

Security Affairs

NOVEMBER 19, 2022

The DEV-0569 group carries out malvertising campaigns to spread links to a signed malware downloader posing as software installers or fake updates embedded in spam messages, fake forum pages, and blog comments. The downloader, tracked as BATLOADER , shares similarities with another malware called ZLoader. anydeskos[.]com

Ransomware

Ransomware Malware Antivirus Phishing

Lazarus targets blockchain engineers with new KandyKorn macOS Malware

Security Affairs

NOVEMBER 5, 2023

The attackers attempted to trick victims into downloading and decompress a ZIP archive (Cross-Platform Bridges.zip) containing the malicious Python code masqueraded by an arbitrage bot. The SUGARLOADER connects to the C2 server to download the KANDYKORN and executes it directly in memory. .” reads the report.

Engineering

Engineering Malware Cryptocurrency Encryption

GoTrim botnet actively brute forces WordPress and OpenCart sites

Security Affairs

DECEMBER 14, 2022

The experts noticed PHP scripts that download and execute GoTrim bot clients. “Typically, each script downloads the GoTrim malware from a hardcoded URL to a file in the same directory as the script itself and executes it.” The analysis also revealed that the bot does not maintain persistence in the infected system.

Malware

Malware Encryption Accountability Risk

Experts spotted a new variant of the Cuba Ransomware with optimized infection techniques

Security Affairs

JUNE 10, 2022

The ransomware encrypts files on the targeted systems using the “.cuba” The Hancitor downloader has been active since at least 2016 for dropping Pony and Vawtrak. The experts reported the use of a new variant in recent attacks, the samples employed in March and April used the BUGHATCH custom downloader. cuba” extension.

Ransomware

Ransomware Malware Encryption Hacking

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

Security Affairs

JANUARY 18, 2024

When the victims opens the PDF, an encrypted text is displayed. Upon downloading and executing the tool, a decoy document is displayed while a backdoor, tracked as SPICA, is installed. If the target contacts the threat actors because it cannot read the content, the cyberspies send it a link where is hosted a decryption tool.

Phishing

Phishing Malware Encryption Accountability

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

The campaign has been active since at least 2021, threat actors employed downloaders and loaders to deploy next-stage malware. The first downloader discovered by the researchers, called CurKeep, was employed in attacks aimed at entities in Vietnam, Uzbekistan, and Kazakhstan. In turn, the C2 responds with strings of commands.

Government

Government Encryption Phishing Malware

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

The researchers noticed that the downloaded package file is replaced with a malware-laced one on the wire because the process doesn’t use an HTTPS connection. dlz is downloaded and unpacked by eScan updater The contents of the package contain a malicious DLL (usually called version.dll ) that is sideloaded by eScan.

Antivirus

Antivirus Malware DNS Cryptocurrency

Bronze Starlight targets the Southeast Asian gambling sector

Security Affairs

AUGUST 18, 2023

The attackers used modified installers for chat applications to download a.NET malware loaders. “The zip archives downloaded by agentupdate_plugins.exe and AdventureQuest.exe contain sideloading capabilities. Bronze Starlight is a nation-state group that was observed using ransomware as means for distraction or misattribution.

VPN

VPN Malware Encryption Passwords

Cyclops Ransomware group offers a multiplatform Info Stealer

Security Affairs

JUNE 6, 2023

The ransomware supports a complex encryption process “The encryption is complex; all functions statically implemented using a combination of asymmetric and symmetric encryptions.” “After encryption in both Windows and Linux using the public key, CRC32 and a file marker are appended to the end of the file.

Ransomware

Ransomware Encryption Cybercrime Malware

Information Security News headlines trending on Google

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Webinars

Trending Sources

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Webinars

DePriMon downloader uses a never seen installation technique

Linux variant of Cerber ransomware targets Atlassian servers

TeamTNT is back and targets servers to run Bitcoin encryption solvers

ENC Security, the encryption provider for Sony and Lexar, leaked sensitive data for over a year

GravityRAT returns disguised as an end-to-end encrypted chat app

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems

Xamalicious Android malware distributed through the Play Store

DinodasRAT Linux variant targets users worldwide

Expert warns of Turtle macOS ransomware

Carderbee APT targets Hong Kong orgs via supply chain attacks

Threat actor exploits MS ProxyShell flaws to deploy Babuk ransomware

NPM packages found containing the TurkoRat infostealer

Avast released a free decryptor for the Windows version of the Akira ransomware

DeathRansom ransomware evolves encrypting files, but experts identified its author

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Coldriver threat group targets high-ranking officials to obtain credentials

Statc Stealer, a new sophisticated info-stealing malware

3CX Breach Was a Double Supply Chain Compromise

Recently discovered IceFire Ransomware now also targets Linux systems

Crooks manipulate GitHub’s search results to distribute malware

macOS: Bashed Apples of Shlayer and Bundlore

RedEnergy Stealer-as-a-Ransomware employed in attacks in the wild

GitCaught campaign relies on Github and Filezilla to deliver multiple malware

ConnectWise Quietly Patches Flaw That Helps Phishers

StrelaStealer targeted over 100 organizations across the EU and US

Trustwave released a free decryptor for the BlackByte ransomware

Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats

Encryption – A Feasible Savior against Prevalent Privacy Issues in Business Communication

Cuba ransomware gang hacked 49 US critical infrastructure organizations

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

Magnet Goblin group used a new Linux variant of NerbianRAT malware

DEV-0569 group uses Google Ads to distribute Royal Ransomware

Lazarus targets blockchain engineers with new KandyKorn macOS Malware

GoTrim botnet actively brute forces WordPress and OpenCart sites

Experts spotted a new variant of the Cuba Ransomware with optimized infection techniques

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Bronze Starlight targets the Southeast Asian gambling sector

Cyclops Ransomware group offers a multiplatform Info Stealer

Stay Connected