Encryption, Information Security, Malware and Passwords

Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies

Security Affairs

JANUARY 1, 2024

An attacker can use the exploit to access Google services, even after a user’s password reset. Subsequently, other malware integrated the exploit, including Rhadamanthys, Risepro, Meduza , Stealc Stealer and recently the White Snake. The experts pointed out that the exploit works even after users have reset their passwords.

Malware

Malware Penetration Testing Passwords Encryption

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

A new variant of the information-stealing malware ViperSoftX implements sophisticated techniques to avoid detection. Trend Micro researchers observed a new ViperSoftX malware campaign that unlike previous attacks relies on DLL sideloading for its arrival and execution technique. c2 arrowlchat[.]com c2 arrowlchat[.]com

Encryption

Encryption Malware Cryptocurrency Software

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Statc Stealer, a new sophisticated info-stealing malware

Security Affairs

AUGUST 10, 2023

Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices. The malware can steal sensitive information from various web browsers, including login data, cookies, web data, and preferences. ” concludes the report.

Malware

Malware Encryption Advertising Cryptocurrency

Plex discloses data breach and urges password reset

Security Affairs

AUGUST 24, 2022

The streaming media platform Plex is urging its users to reset passwords after threat actors gained access to its database. Exposed data includes emails, usernames, and encrypted passwords. The company is urging all users to immediately reset account passwords and log out of all devices connected to its service.

Data breaches

Data breaches Passwords Media Accountability

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Security Affairs

JANUARY 16, 2023

Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. The BianLian ransomware emerged in August 2022, the malware was employed in attacks against organizations in various industries, including manufactoring, media and entertainment, and healthcare.

Ransomware

Ransomware Malware Antivirus Encryption

Iran-linked DEV-0270 group abuses BitLocker to encrypt victims’ devices

Security Affairs

SEPTEMBER 9, 2022

Iran-linked APT group DEV-0270 (aka Nemesis Kitten) is abusing the BitLocker Windows feature to encrypt victims’ devices. Microsoft Security Threat Intelligence researchers reported that Iran-linked APT group DEV-0270 ( Nemesis Kitten ) has been abusing the BitLocker Windows feature to encrypt victims’ devices.

Encryption

Encryption Internet Internet Firewall

Ezuri memory loader used in Linux and Windows malware

Security Affairs

JANUARY 8, 2021

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. ” concludes the report.

Malware

Malware Encryption Antivirus Passwords

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware

Malware Encryption Advertising Passwords

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Security Affairs

APRIL 1, 2020

Researchers spotted a campaign using Excel files to spread LimeRAT malware using the 8-year-old and well-known VelvetSweatshop bug. Researchers at the Mimecast Threat Center spotted a new campaign using Excel files to spread LimeRAT malware using the 8-year-old VelvetSweatshop bug. ” reads the analysis published by the experts.

Malware

Malware Passwords Encryption Advertising

New modular ModPipe POS Malware targets restaurants and hospitality sectors

Security Affairs

NOVEMBER 12, 2020

Cybersecurity researchers spotted a new modular PoS malware, dubbed ModPipe, that targets PoS restaurant management software from Oracle. ESET has been aware of the existence of modules since the end of 2019 when its experts first spotted the “basic” components of the malware. ” reads the analysis published by ESET.

Malware

Malware Architecture Passwords Software

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. Once they’re in, they can grab your emails, usernames, passwords, and more. They might even lock you out of your own accounts by resetting your passwords.

DNS

DNS VPN Encryption Passwords

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. ” reads the analysis published by Google TAG. Pierluigi Paganini.

Accountability

Accountability Malware Phishing Social Engineering

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

The used lure is in Russian is called “ Information security memo ” which provide security practices for passwords, confidential information, etc. The threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat: Debug Information.

Malware

Malware Encryption Antivirus Architecture

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. Threat actors used custom malware to steal data from 3.2 NordLocker experts speculate the malware campaign leveraged tainted Adobe Photoshop versions, pirated games, and Windows cracking tools.

Malware

Malware Computers and Electronics Software Financial Services

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

The main reasons to rewrite malware in Rust is to have lower AV detection rates, compared to malware written in most common languages, and to target multiple architectures. ” Upon executing the malware, the Rust binary prompts an error requiring a password to be passed as an argument. ” continues the analysis.

Ransomware

Ransomware Encryption Healthcare Education

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

The ZIP archives contain a compressed executable payload that, if executed, will start the encryption process with LockBit Black ransomware. Password Management : Use strong, unique passwords and implement multi-factor authentication (MFA) whenever possible, prioritizing authentication apps or hardware tokens over SMS text-based codes.

Phishing

Phishing Ransomware Security Awareness Authentication

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

Info stealers, the type of malware with its purpose in the name, can cripple businesses and everyday users alike. Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network.

Banking

Banking Cybercrime Malware Accountability

Sophisticated JaskaGO info stealer targets macOS and Windows

Security Affairs

DECEMBER 20, 2023

JaskaGO is a new Go-based information stealer malware that targets both Windows and Apple macOS systems, experts warn. Researchers from AT&T Alien Labs uncovered a previously undetected Go-based information stealer dubbed JaskaGO that targets Windows and macOS systems. Password encryption keys key4.db

Malware

Malware Passwords Cryptocurrency Software

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. ” continues the alert.

Ransomware

Ransomware Encryption Passwords Malware

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware

Malware Encryption Advertising Passwords

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware

Malware Software Technology Accountability

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

Security Affairs

JULY 8, 2022

The security firm states that the AstraLocker decryptor works for ransomware versions based on the Babuk malware that appends the.Astra or.babyk extensions to the name of the encrypted files. “Be sure to quarantine the malware from your system first, or it may repeatedly lock your system or encrypt files.

Ransomware

Ransomware Encryption Malware Accountability

Two PoS Malware used to steal data from more than 167,000 credit cards

Security Affairs

OCTOBER 25, 2022

Researchers reported that threat actors used 2 PoS malware variants to steal information about more than 167,000 credit cards. Cybersecurity firm Group-IB discovered two PoS malware to steal data associated with more than 167,000 credit cards from point-of-sale payment terminals. MajikPOS is written using the “.NET

Malware

Malware Cybercrime Banking Marketing

DeathRansom ransomware evolves encrypting files, but experts identified its author

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. ru website. ” continues the report. .

Encryption

Encryption Ransomware Malware Scams

A renewed espionage campaign targets South Asia with iOS spyware LightSpy

Security Affairs

APRIL 16, 2024

The malware also grants attackers access to the device’s system, enabling them to retrieve user KeyChain data, device lists, and execute shell commands, potentially gaining full control over the device. “The Loader initiates the process by loading both the encrypted and subsequently decrypted LightSpy kernel.

Spyware

Spyware Mobile Malware Encryption

New Coronavirus-themed malspam campaign delivers FormBook Malware

Security Affairs

MARCH 8, 2020

Experts uncovered a new Coronavirus (COVID-19 ) -themed campaign that is distributing a malware downloader that delivers the FormBook information-stealing Trojan. Experts at MalwareHunterTeam uncovered a new malspam campaign exploiting the fear in the Coronavirus (COVID-19) to deliver malware.

Malware

Malware Scams Social Engineering Phishing

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The QSnatch malware implements multiple functionalities, such as: . These are encrypted with the actor’s public key and sent to their infrastructure over HTTPS.

Malware

Malware Firmware Advertising Manufacturing

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

The used lure is in Russian is called " Information security memo " which provide security practices for passwords, confidential information, etc. The threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat: Debug Information.

Malware

Malware Encryption Antivirus Architecture

QNAP urges users to update Malware Remover after QSnatch joint alert

Security Affairs

AUGUST 2, 2020

The Taiwanese vendor QNAP urges its users to update the Malware Remover app following the alert on the QSnatch malware. The Taiwanese company QNAP is urging its users to update the Malware Remover app to prevent NAS devices from being infected by the QSnatch malware. Webshell functionality for remote access.

Malware

Malware Advertising Passwords Manufacturing

Avast releases a free decryptor for some Hades ransomware variants

Security Affairs

OCTOBER 5, 2022

The security firm discovered a bug in the encryption process implemented by the Hades ransomware that can be used to recover the files encrypted by some variants. “We discovered a vulnerability in the encryption schema that allows some of the variants to be decrypted without paying the ransom.

Ransomware

Ransomware Encryption Backups Passwords

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

“As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.” Regularly back up data, password protect backup copies offline. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware DDOS Passwords Backups

STRRAT RAT spreads masquerading as ransomware

Security Affairs

MAY 20, 2021

Microsoft warns of a malware campaign that is spreading a RAT dubbed named STRRAT masquerading as ransomware. Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. The latest version of the Java-based STRRAT malware (1.5)

Ransomware

Ransomware Malware Encryption Security Intelligence

3 of the Worst Data Breaches in the World That Could Have Been Prevented

Security Affairs

DECEMBER 1, 2022

While no plaintext passwords or financial data was stolen, the hack did expose answers to security questions. Experts believe Yahoo was using outdated, easy-to-crack encryption, which led to the attack. The attack is a good reminder of how critical strong encryption is in protecting your website users. Pierluigi Paganini.

Data breaches

Data breaches Passwords Social Engineering Encryption

Cyclops Ransomware group offers a multiplatform Info Stealer

Security Affairs

JUNE 6, 2023

In an unprecedented move, the group is also offering a separate information-stealer malware that can be used to steal sensitive data from infected systems. The Cyclops group is advertising the ransomware on multiple cybercrime forums, the gang requests a share of profits from those using its malware in financially motivated attacks.

Ransomware

Ransomware Encryption Cybercrime Malware

Try2Cry ransomware implements wormable capability to infect other Windows systems

Security Affairs

JULY 4, 2020

The Try2Cry ransomware was discovered by the malware researcher Karsten Hahn while analyzing an unidentified malware sample. The researcher identified the sample as being a variant of the “Stupid” ransomware family after a private conversation with the malware researcher Michael Gillespie.

Ransomware

Ransomware Encryption Malware Passwords

CafePress faces $500,000 fine for data breach cover up

Malwarebytes

MARCH 16, 2022

In February 2019, a threat actor was able to access millions of email addresses and passwords. According to the complaint by the FTC this was made possible because CafePress failed to implement reasonable security measures to protect the sensitive information of buyers and sellers stored on its network.

Data breaches

Data breaches Passwords Authentication Social Engineering

GoTrim botnet actively brute forces WordPress and OpenCart sites

Security Affairs

DECEMBER 14, 2022

The malware uses a bot network to perform distributed brute force attacks against target websites. “Typically, each script downloads the GoTrim malware from a hardcoded URL to a file in the same directory as the script itself and executes it.” ” continues the report. ” concludes the report.

Malware

Malware Encryption Accountability Risk

Is White Rabbit ransomware linked to FIN8 financially motivated group?

Security Affairs

JANUARY 18, 2022

In December the popular malware researcher Michael Gillespie, first mentioned the group and called to action the experts to hunt the new threat. This method of hiding malicious activity is a trick that the ransomware family Egregor uses to hide malware techniques from analysis.” scrypt.txt.” .

Ransomware

Ransomware Encryption Malware Passwords

New Linux botnet RapperBot brute-forces SSH servers

Security Affairs

AUGUST 5, 2022

The bot borrows a large portion of its code from the original Mirai botnet, but unlike other IoT malware families, it implements a built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai. The bulk of the malware code contains an implementation of an SSH 2.0 ” . .

IoT

IoT Malware Passwords Authentication

New Woody RAT used in attacks aimed at Russian entities

Security Affairs

AUGUST 4, 2022

The attackers were delivering the malware using archive files and Microsoft Office documents exploiting the Follina Windows flaw ( CVE-2022-30190 ). The lure document, called “ Information security memo ,” provides security practices for passwords, confidential information, etc.

Malware

Malware Information Security Encryption Phishing

Retail giant Home Depot agrees to a $17.5 million settlement over 2014 data breach

Security Affairs

NOVEMBER 25, 2020

Hackers compromised the company point-of-sale (PoS) systems with malware that was designed to steal payment card data. . Home Depot also agreed to implement and maintain additional security practices in the future to prevent similar attacks. ” .

Retail

Retail Data breaches Penetration Testing Password Management

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

The ransomware encrypts files on the targeted systems using the “ cuba” extension. Cuba ransomware has been actively distributed through the Hancitor malware , a commodity malware that partnered with ransomware gangs to help them gain initial access to target networks. ” states the alert.

Ransomware

Ransomware Hacking Malware Encryption

Bronze Starlight targets the Southeast Asian gambling sector

Security Affairs

AUGUST 18, 2023

The malware and infrastructure employed in the campaign are linked to the ones observed in Operation ChattyGoblin attributed by the security firm ESET to China-linked threat actors. The attackers used modified installers for chat applications to download a.NET malware loaders. IP-based geolocation service.

VPN

VPN Malware Encryption Passwords

Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Webinars

Trending Sources

Who and What is Behind the Malware Proxy Service SocksEscort?

Webinars

Statc Stealer, a new sophisticated info-stealing malware

Plex discloses data breach and urges password reset

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Iran-linked DEV-0270 group abuses BitLocker to encrypt victims’ devices

Ezuri memory loader used in Linux and Windows malware

CDRThief Linux malware steals VoIP metadata from Linux softswitches

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

New modular ModPipe POS Malware targets restaurants and hospitality sectors

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

YouTube creators’ accounts hijacked with cookie-stealing malware

Woody RAT: A new feature-rich malware spotted in the wild

Mysterious custom malware used to steal 1.2TB of data from million PCs

Experts spotted a variant of the Agenda Ransomware written in Rust

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Info stealers and how to protect against them

Sophisticated JaskaGO info stealer targets macOS and Windows

FBI published a flash alert on Mamba Ransomware attacks

CDRThief Linux malware steals VoIP metadata from Linux softswitches

3CX Breach Was a Double Supply Chain Compromise

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

Two PoS Malware used to steal data from more than 167,000 credit cards

DeathRansom ransomware evolves encrypting files, but experts identified its author

A renewed espionage campaign targets South Asia with iOS spyware LightSpy

New Coronavirus-themed malspam campaign delivers FormBook Malware

QSnatch malware infected over 62,000 QNAP NAS Devices

Woody RAT: A new feature-rich malware spotted in the wild

QNAP urges users to update Malware Remover after QSnatch joint alert

Avast releases a free decryptor for some Hades ransomware variants

Avoslocker ransomware gang targets US critical infrastructure

STRRAT RAT spreads masquerading as ransomware

3 of the Worst Data Breaches in the World That Could Have Been Prevented

Cyclops Ransomware group offers a multiplatform Info Stealer

Try2Cry ransomware implements wormable capability to infect other Windows systems

CafePress faces $500,000 fine for data breach cover up

GoTrim botnet actively brute forces WordPress and OpenCart sites

Is White Rabbit ransomware linked to FIN8 financially motivated group?

New Linux botnet RapperBot brute-forces SSH servers

New Woody RAT used in attacks aimed at Russian entities

Retail giant Home Depot agrees to a $17.5 million settlement over 2014 data breach

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Bronze Starlight targets the Southeast Asian gambling sector

Stay Connected