Encryption, Hacking, Malware and VPN - Cyber Security Informer

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate.

VPN

VPN Ransomware Hacking Education

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

Magnet Goblin group used a new Linux variant of NerbianRAT malware

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN. 6 Run a Linux command immediately.

Malware

Malware VPN Encryption Hacking

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Security Affairs

SEPTEMBER 25, 2020

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes.

VPN

VPN Hacking IoT Advertising

China-linked APT groups targets orgs via Pulse Secure VPN devices

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. Cybersecurity researchers from FireEye warn once again that Chinese APT groups continue to target Pulse Secure VPN devices to penetrate target networks and deliver malicious web shells to steal sensitive information.

VPN

VPN Government Malware Hacking

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN

VPN Firewall Accountability Cybersecurity

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. The Akira ransomware operators implement a double extortion model by exfiltrating victims’ data before encrypting it.

Ransomware

Ransomware Encryption Antivirus VPN

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. This ransomware encrypts data from victims with AES-256 + RSA-8192 and then demands a ~ 2 BTC ransom to get the files back. . SecurityAffairs – hacking, Fortinet VPN).

VPN

VPN Ransomware Antivirus Firmware

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

Security Affairs

FEBRUARY 21, 2022

Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files. ” continues the paper.

Encryption

Encryption Ransomware VPN Malware

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. The group used a variety of attack methods, including malspam campaigns, vulnerable RDP servers, and compromised VPN credentials. ” reads the post published by Microsoft.

Encryption

Encryption Ransomware Cybercrime Malware

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. SecurityAffairs – hacking, VPNLab).

VPN

VPN Cybercrime Ransomware Advertising

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. Below are the job descriptions used to recruit the hackers.

Accountability

Accountability Malware Phishing Social Engineering

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MAY 12, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches

Data breaches VPN Hacking Banking

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. Look for the “https” in the website’s URL—it means there’s some level of encryption.

DNS

DNS VPN Encryption Passwords

New RedLine malware version distributed as fake Omicron stat counter

Security Affairs

JANUARY 12, 2022

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. The malicious code can also act as a first-stage malware. Upon executing the Omicron Stats.exe, it unpacks resources encrypted with triple DES using ciphermode ECB and padding mode PKCS7.

Malware

Malware Manufacturing Cryptocurrency Cybercrime

Bronze Starlight targets the Southeast Asian gambling sector

Security Affairs

AUGUST 18, 2023

The malware and infrastructure employed in the campaign are linked to the ones observed in Operation ChattyGoblin attributed by the security firm ESET to China-linked threat actors. The attackers used modified installers for chat applications to download a.NET malware loaders. ” reads the analysis published by SentinelOne.

VPN

VPN Malware Encryption Passwords

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware

Malware Software Technology Accountability

Meet the Karakurt hacking group that is into data exfiltration and extortion

CyberSecurity Insiders

DECEMBER 14, 2021

Cybersecurity Researchers from Accenture Security have found that a new hacking group is on the prowl and is into the method of data exfiltration and extortion. Modus operandi of Karakurt is simple, to buy credentials related to VPN networks from dark web or by launching phishing attacks and then compromise a corporate computer network.

Hacking

Hacking Ransomware VPN Malware

Black Kingdom ransomware is targeting Microsoft Exchange servers

Security Affairs

MARCH 24, 2021

Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents. It does indeed encrypt files. SecurityAffairs – hacking, Microsoft Exchange). Pierluigi Paganini.

Ransomware

Ransomware Encryption VPN Malware

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

The Last Watchdog

MARCH 6, 2021

Related: Poll confirms rise of Covid 19-related hacks. Many people use a virtual private network (VPN) to bypass geographic restrictions on streaming sites or other location-specific content. Since a VPN tunnels traffic through a server in a location of your choosing. Firewalls help, but threats will inevitably get through.

VPN

VPN Firewall Antivirus Passwords

Currency Exchange Company Travelex Hit By Ransomware Attack

Adam Levin

JANUARY 9, 2020

To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. Researchers believe the hackers took advantage of an unpatched critical vulnerability on the company’s VPN servers.

Ransomware

Ransomware Encryption Insurance VPN

The Malwarebytes 2021 State of Malware report: Lock and Code S02E04

Malwarebytes

MARCH 15, 2021

In addition, we tune in to a special presentation from Adam Kujawa about the 2021 State of Malware report , which analyzed the top cybercrime goals of 2020 amidst the global pandemic. After all, malware detections for both consumers and businesses decreased in 2020 compared to 2019. Other cybersecurity news.

Malware

Malware VPN Cybercrime Encryption

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

Your IP address represents your digital identity online, hacking it not only allows attackers to access your device or your accounts, but it may cause even bigger damage. Cybercriminals are interested in hacking your IP address for various reasons. The hacked and stolen IPs are often used for carrying out illegal activities.

Hacking

Hacking VPN Internet Internet

Security Affairs newsletter Round 396

Security Affairs

DECEMBER 3, 2022

SecurityAffairs – hacking, newsletter). Follow me on Twitter: @securityaffairs and Facebook and Mastodon. Pierluigi Paganini. The post Security Affairs newsletter Round 396 appeared first on Security Affairs.

Spyware

Spyware Data breaches VPN Hacking

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. ” continues the alert.

Ransomware

Ransomware Encryption Passwords Malware

Hackers target over 330 Britons a minute, says research

CyberSecurity Insiders

JULY 6, 2022

Research conducted by Nord VPN says about 330 Britons are hacked every minute, i.e. one Brit, for every 0.2 Concernedly, the hacking has gone on a rampage and is increasing at epic proportions. A trend observed to date in the corporate world. Some attacks take place often, after which victims stop treating them as cyber crimes.

VPN

VPN Hacking Scams Cybercrime

Black Hat insights: Will Axis Security’s ZTNA solution hasten the sunsetting of VPNs, RDP?

The Last Watchdog

JULY 30, 2021

Then a global pandemic came along and laid bare just how brittle company VPNs truly are. Criminal hackers recognized the golden opportunity presented by hundreds of millions employees suddenly using a company VPN to work from home and remotely connect to an array of business apps. Two sweeping trends resulted: one bad, one good.

VPN

VPN Firewall Encryption Accountability

Korean cybersecurity agency released a free decryptor for Hive ransomware

Security Affairs

JUNE 30, 2022

The agency released an executable along with a user manual that provides step-by-step instructions to recover encrypted data for free. The group used a variety of attack methods, including malspam campaigns, vulnerable RDP servers, and compromised VPN credentials. The offset is stored in the encrypted file name of each file.

Ransomware

Ransomware Cybersecurity Encryption VPN

Is Your Small Business Safe Against Cyber Attacks?

CyberSecurity Insiders

MARCH 21, 2021

With a VPN like Surfshark to encrypt your online traffic and keep it protected against any security breach, your valuable data isn’t going to get compromised easily anytime soon. Anti-virus and anti-malware . Use a VPN to protect your online security and privacy. Protecting your data is very simple. Firewalls .

Small Business

Small Business Cyber Attacks VPN Backups

US HHS warns healthcare orgs of Royal Ransomware attacks

Security Affairs

DECEMBER 10, 2022

The ransomware encrypts the network shares, that are found on the local network and the local drives, with the AES algorithm. The Royal ransomware can either fully or partially encrypt a file depending on its size and the ‘-ep’ parameter. The malware changes the extension of the encrypted files to ‘.royal’.

Healthcare

Healthcare Ransomware Encryption Malware

FBI issued an alert on Ragnar Locker ransomware activity

Security Affairs

NOVEMBER 23, 2020

“The FBI first observed Ragnar Locker1ransomwarein April 2020, when unknown actors used it to encrypt a large corporation’s files for an approximately $11 million ransom and threatened to release 10 TB of sensitive company data,” reads the flash alert. Install and regularly update anti-virus or anti-malware software on all hosts.

Ransomware

Ransomware Encryption VPN Backups

Hades ransomware gang targets big organizations in the US

Security Affairs

MARCH 26, 2021

The ransom note left by the malware points to Tor pages that are uniquely generated for each victim. . The attack chain begins with attacks to internet-facing systems via Remote Desktop Protocol (RDP) or Virtual Private Network (VPN) using legitimate credentials. SecurityAffairs – hacking, Hades ransomware). Pierluigi Paganini.

Ransomware

Ransomware Encryption Malware VPN

New CACTUS ransomware appeared in the threat landscape

Security Affairs

MAY 9, 2023

Researchers warn of a new ransomware family called CACTUS that exploits known vulnerabilities in VPN appliances to gain initial access to victims’ networks. The new ransomware strain outstands for the use of encryption to protect the ransomware binary. This technique allows the encryptor to avoid detection. We are in the final!

Ransomware

Ransomware VPN Antivirus Encryption

FBI issued a flash alert about Netwalker ransomware attacks

Security Affairs

AUGUST 2, 2020

“Two of the most common vulnerabilities exploited by actors using Netwalker are Pulse Secure VPN (CVE-2019-11510) and Telerik UI (CVE-2019-18935).” “Two of the most common vulnerabilities exploited by actors using Netwalker are Pulse Secure VPN (CVE-2019-11510) and Telerik UI (CVE-2019-18935).”

Ransomware

Ransomware VPN Advertising Government

FIN8-linked actor targets Citrix NetScaler systems

Security Affairs

AUGUST 29, 2023

Citrix reported that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. The attackers obtained encrypted passwords from NetScaler ADC configuration files, and the decryption key was stored on the ADC appliance. php) on victim machines.

VPN

VPN Ransomware DNS Malware

DepositFiles exposed config file, jeopardizing user security

Security Affairs

JULY 27, 2023

Attackers could also target the company with malware, ransomware, unauthorized access to business payment systems, etc.,” This would make it extremely complicated for the company to inform its clients about a data breach or to warn them of malware attacks,” researchers said. researchers said. What DepositFiles data was exposed?

Data breaches

Data breaches VPN Media Passwords

A week in security (March 29 – April 4)

Malwarebytes

APRIL 5, 2021

Last week on Malwarebytes Labs, our podcast featured Malwarebytes senior security researcher JP Taggart, who talked to us about why you need to trust your VPN. But obscuring your Internet activity—including the websites you visit, the searches you make, the files you download—doesn’t mean that a VPN magically disappears those things.

VPN

VPN Scams Internet Internet

7 Cyber Safety Tips to Outsmart Scammers

Webroot

FEBRUARY 26, 2024

Safeguard your privacy with a trustworthy VPN In the digital-verse, protecting your online privacy is paramount, like guarding the secret recipe to your grandma’s famous carrot cake. That’s where a virtual private network (VPN) swoops in like a digital superhero to save the day. But fear not!

Scams

Scams VPN Passwords Phishing

15 Cybersecurity Measures for the Cloud Era

Security Affairs

APRIL 8, 2022

Data encryption. In the cloud era, data encryption is more important than ever. Hackers are constantly finding new ways to access data, and encrypting your data makes it much more difficult for them to do so. There are many different ways to encrypt your data, so you should choose the method that best suits your needs.

Cybersecurity

Cybersecurity Passwords Penetration Testing Encryption

A Comprehensive Answer to the Frequently Asked Question “What is WannaCry Ransomware?’

Hacker Combat

JUNE 1, 2021

Ransomware is a prevalent form of malware or malicious software used by criminals. Ransomware is a form of malware that encrypts your sensitive data, meaning you cannot access your computer or the data. This form of encryption is called crypto-ransomware. An app that encrypts and decrypts data. 5. Use a VPN.

Ransomware

Ransomware Encryption VPN Cybercrime

Iran-linked APT TA453 targets Windows and macOS systems

Security Affairs

JULY 8, 2023

Iran-linked APT group tracked TA453 has been linked to a new malware campaign targeting both Windows and macOS systems. The Iran-linked threat actor TA453 has been linked to a malware campaign that targets both Windows and macOS. GorjolEcho maintains persistence by copying the initial stages malware in a StartUp entry.

Malware

Malware VPN Media Encryption

Ukrainian police arrested Ransomware gang behind attacks on 50 companies

Security Affairs

JANUARY 14, 2022

The gang was targeting organizations via spam campaigns to spread ransomware, however, the police did not disclose the malware family used by the group in its attacks. The gang was also providing VPN-like services used by other cybercriminal organizations to carry out malicious activities used to deliver malware to the target organization.

Ransomware

Ransomware DDOS Telecommunications Malware

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In one successful attack, the attackers likely exploited an unpatched vulnerability in the organization’s VPN server. In another compromise, the group leveraged on compromised credentials to access a legacy VPN server.

Ransomware

Ransomware VPN Cybercrime Accountability

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Security Affairs

DECEMBER 6, 2020

The helicopter maker Kopter was hit by LockBit ransomware, the attackers compromised its internal network and encrypted the company’s files. LockBit ransomware operators told ZDNet that they have accessed the network of the helicopter maker via a VPN appliance that was poorly protected. SecurityAffairs – hacking, ransomware).

Ransomware

Ransomware VPN Encryption Authentication

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Who and What is Behind the Malware Proxy Service SocksEscort?

Trending Sources

Magnet Goblin group used a new Linux variant of NerbianRAT malware

Fortinet VPN with default certificate exposes 200,000 businesses to hack

China-linked APT groups targets orgs via Pulse Secure VPN devices

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Akira ransomware received $42M in ransom payments from over 250 victims

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

New Hive ransomware variant is written in Rust and use improved encryption method

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

New RedLine malware version distributed as fake Omicron stat counter

Bronze Starlight targets the Southeast Asian gambling sector

3CX Breach Was a Double Supply Chain Compromise

Meet the Karakurt hacking group that is into data exfiltration and extortion

Black Kingdom ransomware is targeting Microsoft Exchange servers

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

Currency Exchange Company Travelex Hit By Ransomware Attack

The Malwarebytes 2021 State of Malware report: Lock and Code S02E04

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs newsletter Round 396

FBI published a flash alert on Mamba Ransomware attacks

Hackers target over 330 Britons a minute, says research

Black Hat insights: Will Axis Security’s ZTNA solution hasten the sunsetting of VPNs, RDP?

Korean cybersecurity agency released a free decryptor for Hive ransomware

Is Your Small Business Safe Against Cyber Attacks?

US HHS warns healthcare orgs of Royal Ransomware attacks

FBI issued an alert on Ragnar Locker ransomware activity

Hades ransomware gang targets big organizations in the US

New CACTUS ransomware appeared in the threat landscape

FBI issued a flash alert about Netwalker ransomware attacks

FIN8-linked actor targets Citrix NetScaler systems

DepositFiles exposed config file, jeopardizing user security

A week in security (March 29 – April 4)

7 Cyber Safety Tips to Outsmart Scammers

15 Cybersecurity Measures for the Cloud Era

A Comprehensive Answer to the Frequently Asked Question “What is WannaCry Ransomware?’

Iran-linked APT TA453 targets Windows and macOS systems

Ukrainian police arrested Ransomware gang behind attacks on 50 companies

Daixin Team targets health organizations with ransomware, US agencies warn

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Stay Connected