Security Affairs

FEBRUARY 21, 2022

Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files.

Encryption 88

Encryption Ransomware VPN Malware 88

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. SecurityAffairs – hacking, VPNLab).

VPN 82

VPN Cybercrime Ransomware Advertising 82

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. Look for the “https” in the website’s URL—it means there’s some level of encryption.

DNS 123

DNS VPN Encryption Passwords 123

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. The group used a variety of attack methods, including malspam campaigns, vulnerable RDP servers, and compromised VPN credentials. ” reads the post published by Microsoft.

Encryption 115

Encryption Ransomware Cybercrime Malware 115

Security Affairs

APRIL 21, 2024

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. The Akira ransomware operators implement a double extortion model by exfiltrating victims’ data before encrypting it.

Ransomware 105

Ransomware Encryption Antivirus VPN 105

Security Affairs

SEPTEMBER 28, 2023

Cisco released security updates for an actively exploited zero-day flaw (CVE-2023-20109) that resides in the GET VPN feature of IOS and IOS XE software. The vulnerability resides in the Group Encrypted Transport VPN (GET VPN) feature of IOS and IOS XE. ” reads the advisory published by the IT giant.

VPN 109

VPN Software Encryption Authentication 109

Security Affairs

DECEMBER 5, 2019

Researchers discovered a vulnerability tracked as CVE-2019-14899 that can be exploited to hijack active TCP connections in a VPN tunnel. The experts explained that in this way, it is possible to hijack active connections within the VPN tunnel. ” reads the advisory published by the experts.

VPN 69

VPN Encryption Advertising Authentication 69

Security Affairs

FEBRUARY 17, 2020

Tutanota , the popular free and open-source end-to-end encrypted email software, has been blocked by Russian authorities. The popular free and open-source end-to-end encrypted email service Tutanota has been blocked in Russia on Friday evening. ” states Tutanota. We condemn the blocking of Tutanota. Pierluigi Paganini.

Encryption 71

Encryption VPN Government Internet 71

Security Affairs

MAY 12, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 79

Data breaches VPN Hacking Banking 79

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. Image: Lumen’s Black Lotus Labs. Usually, these users have no idea their systems are compromised.

Malware 203

Malware VPN Internet Internet 203

Daniel Miessler

SEPTEMBER 27, 2020

Example 2: Using a VPN. A lot of people are confused about VPNs. They think it’s giving them security that it isn’t because they haven’t properly understood the tech and haven’t considered the attack scenarios. If you log in at the end website you’ve identified yourself to them, regardless of VPN.

VPN 326

VPN Risk Hacking Encryption 326

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN.

Malware 99

Malware VPN Encryption Hacking 99

Security Affairs

AUGUST 20, 2019

Your IP address represents your digital identity online, hacking it not only allows attackers to access your device or your accounts, but it may cause even bigger damage. Cybercriminals are interested in hacking your IP address for various reasons. The hacked and stolen IPs are often used for carrying out illegal activities.

Hacking 90

Hacking VPN Internet Internet 90

Security Affairs

OCTOBER 11, 2023

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, CISA) The post CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog appeared first on Security Affairs. CISA orders federal agencies to fix this flaw by October 31, 2023.

VPN 115

VPN Encryption Hacking Risk 115

Security Affairs

AUGUST 18, 2023

Each of the archives we were able to retrieve consists of a legitimate executable vulnerable to DLL search order hijacking, a malicious DLL that gets sideloaded by the executable when started, and an encrypted data file named agent.data.” ” reads the analysis published by SentinelOne. IP-based geolocation service.

VPN 91

VPN Malware Encryption Passwords 91

Security Affairs

MARCH 24, 2021

Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents. It does indeed encrypt files. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Ransomware 139

Ransomware Encryption VPN Malware 139

Security Affairs

MAY 9, 2023

Researchers warn of a new ransomware family called CACTUS that exploits known vulnerabilities in VPN appliances to gain initial access to victims’ networks. The new ransomware strain outstands for the use of encryption to protect the ransomware binary. This technique allows the encryptor to avoid detection. We are in the final!

Ransomware 75

Ransomware VPN Antivirus Encryption 75

Security Affairs

APRIL 8, 2022

Not all providers are created equal, and it’s important to do your research to find one that will meet your specific needs and security requirements. Data encryption. In the cloud era, data encryption is more important than ever. It is also important to make sure that your data is encrypted both in motion and at rest.

Cybersecurity 100

Cybersecurity Passwords Penetration Testing Encryption 100

Security Affairs

AUGUST 29, 2021

. “Multiple vulnerabilities allow remote attackers to conduct denial-of-service attack or possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM), Synology Router Manager (SRM), VPN Plus Server or VPN Server.” SecurityAffairs – hacking, OpenSSL). Important Ongoing DSM 6.2

VPN 120

VPN Encryption Authentication Hacking 120

Security Affairs

DECEMBER 12, 2023

The volume of exposed data about the DTC drivers is impressive, as the database includes: Driving license number Work permit number Nationality Username Encrypted password Phone number According to the team, the MongoDB instance contained conversations with support totaling over 17K records, as well as complaints from customers.

VPN 119

VPN Accountability Banking Marketing 119

Security Affairs

JUNE 30, 2022

The agency released an executable along with a user manual that provides step-by-step instructions to recover encrypted data for free. The group used a variety of attack methods, including malspam campaigns, vulnerable RDP servers, and compromised VPN credentials. The offset is stored in the encrypted file name of each file.

Ransomware 107

Ransomware Cybersecurity Encryption VPN 107

Security Affairs

DECEMBER 3, 2022

SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 396 appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook and Mastodon. Pierluigi Paganini.

Spyware 93

Spyware Data breaches VPN Hacking 93

Security Affairs

DECEMBER 6, 2020

The helicopter maker Kopter was hit by LockBit ransomware, the attackers compromised its internal network and encrypted the company’s files. LockBit ransomware operators told ZDNet that they have accessed the network of the helicopter maker via a VPN appliance that was poorly protected. SecurityAffairs – hacking, ransomware).

Ransomware 97

Ransomware VPN Encryption Authentication 97

Security Affairs

OCTOBER 18, 2020

SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 286 appeared first on Security Affairs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . Pierluigi Paganini.

VPN 78

VPN Surveillance Advertising Ransomware 78

Security Affairs

SEPTEMBER 1, 2021

The vulnerability ties the decryption of SM2 encrypted data, the changes depend on the targeted application and data it maintains (i.e. Moderate Ongoing VPN Plus Server Important Ongoing VPN Server Moderate Ongoing. Moderate Ongoing VPN Plus Server Important Ongoing VPN Server Moderate Ongoing. Pierluigi Paganini.

VPN 84

VPN Encryption Hacking Internet 84

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. ” reads the alert published by the FBI.

Ransomware 144

Ransomware Encryption Passwords Malware 144

Security Affairs

NOVEMBER 23, 2020

“The FBI first observed Ragnar Locker1ransomwarein April 2020, when unknown actors used it to encrypt a large corporation’s files for an approximately $11 million ransom and threatened to release 10 TB of sensitive company data,” reads the flash alert. Only use secure networks and avoid using public Wi-Fi networks.

Ransomware 145

Ransomware Encryption VPN Backups 145

Security Affairs

JULY 8, 2022

“Once the attacker successfully logs in to a device, they encrypt data in shared folders and leave a ransom note with the file name “!CHECKMATE_DECRYPTION_README” ” The ransomware appends the.checkmate extension to the filenames of encrypted files, it drops a ransom note named !CHECKMATE_DECRYPTION_README

Ransomware 93

Ransomware Encryption Passwords Internet 93

Security Affairs

AUGUST 29, 2023

Citrix reported that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. The attackers obtained encrypted passwords from NetScaler ADC configuration files, and the decryption key was stored on the ADC appliance. php) on victim machines.

VPN 103

VPN Ransomware DNS Malware 103

Security Affairs

APRIL 19, 2022

UPnP is an insecure protocol, it uses network UDP multicasts, and doesn’t support encryption and authentication. ” The vendor also recommends enabling the VPN server function on the user router to access QNAP NAS from the Internet. Only use encrypted HTTPS or other types of secure connections (SSH, etc.).

VPN 103

VPN Internet Internet Firewall 103

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.

Ransomware 97

Ransomware DDOS Passwords Backups 97

Security Affairs

DECEMBER 10, 2022

The ransomware encrypts the network shares, that are found on the local network and the local drives, with the AES algorithm. The Royal ransomware can either fully or partially encrypt a file depending on its size and the ‘-ep’ parameter. The malware changes the extension of the encrypted files to ‘.royal’. Pierluigi Paganini.

Healthcare 89

Healthcare Ransomware Encryption Malware 89

Security Affairs

OCTOBER 22, 2022

The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In one successful attack, the attackers likely exploited an unpatched vulnerability in the organization’s VPN server. In another compromise, the group leveraged on compromised credentials to access a legacy VPN server.

Ransomware 69

Ransomware VPN Cybercrime Accountability 69

Krebs on Security

APRIL 20, 2023

Mandiant found the earliest evidence of compromise uncovered within 3CX’s network was through the VPN using the employee’s corporate credentials, two days after the employee’s personal computer was compromised.

Malware 281

Malware Software Technology Accountability 281

Security Affairs

MARCH 26, 2021

The attack chain begins with attacks to internet-facing systems via Remote Desktop Protocol (RDP) or Virtual Private Network (VPN) using legitimate credentials. Then the malware perform a scan in local directories and network shares for content to encrypt. SecurityAffairs – hacking, Hades ransomware). Pierluigi Paganini.

Ransomware 140

Ransomware Encryption Malware VPN 140

Security Affairs

JULY 27, 2023

DepositFiles’ clients are at risk of their personally identifiable information, files, and passwords being stolen. Cybercriminals may exploit hacked email accounts to distribute harmful files or links to unwary users within the company or externally. These emails could be infected by malware or ransomware,” researchers said.

Data breaches 89

Data breaches VPN Media Passwords 89

Security Affairs

OCTOBER 20, 2021

According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, the attacks were launched by multiple hack-for-hire actors recruited on Russian-speaking forums. a demo for anti-virus software, VPN, music players, photo editing or online games) to hijack the channel of YouTube creators. .

Accountability 126

Accountability Malware Phishing Social Engineering 126