Encryption, Information Security, Malware and VPN

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate.

VPN

VPN Ransomware Hacking Education

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

Magnet Goblin group used a new Linux variant of NerbianRAT malware

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN. 6 Run a Linux command immediately.

Malware

Malware VPN Encryption Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN

VPN Firewall Accountability Cybersecurity

China-linked APT groups targets orgs via Pulse Secure VPN devices

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. RAPIDPULSE can serve as an encrypted file downloader for the attacker. and Europe.”

VPN

VPN Government Malware Hacking

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. This ransomware encrypts data from victims with AES-256 + RSA-8192 and then demands a ~ 2 BTC ransom to get the files back. . SecurityAffairs – hacking, Fortinet VPN).

VPN

VPN Ransomware Antivirus Firmware

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

Security Affairs

FEBRUARY 21, 2022

Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files. ” continues the paper.

Encryption

Encryption Ransomware VPN Malware

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. The group used a variety of attack methods, including malspam campaigns, vulnerable RDP servers, and compromised VPN credentials. ” reads the post published by Microsoft.

Encryption

Encryption Ransomware Cybercrime Malware

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. Look for the “https” in the website’s URL—it means there’s some level of encryption.

DNS

DNS VPN Encryption Passwords

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. Europol said. Pierluigi Paganini.

VPN

VPN Cybercrime Ransomware Advertising

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. “Akira threat actors utilize a sophisticated hybrid encryption scheme to lock data.

Ransomware

Ransomware Encryption Antivirus VPN

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Security Affairs

SEPTEMBER 25, 2020

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes.

VPN

VPN Hacking IoT Advertising

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. The hackers used fake collaboration opportunities (i.e. Pierluigi Paganini.

Accountability

Accountability Malware Phishing Social Engineering

New RedLine malware version distributed as fake Omicron stat counter

Security Affairs

JANUARY 12, 2022

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. The malicious code can also act as a first-stage malware. Upon executing the Omicron Stats.exe, it unpacks resources encrypted with triple DES using ciphermode ECB and padding mode PKCS7.

Malware

Malware Manufacturing Cryptocurrency Cybercrime

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MAY 12, 2024

Ohio Lottery data breach impacted over 538,000 individuals Notorius threat actor IntelBroker claims the hack of the Europol A cyberattack hit the US healthcare giant Ascension Google fixes fifth actively exploited Chrome zero-day this year Russia-linked APT28 targets government Polish institutions Citrix warns customers to update PuTTY version installed (..)

Data breaches

Data breaches VPN Hacking Banking

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware

Malware Software Technology Accountability

Bronze Starlight targets the Southeast Asian gambling sector

Security Affairs

AUGUST 18, 2023

The malware and infrastructure employed in the campaign are linked to the ones observed in Operation ChattyGoblin attributed by the security firm ESET to China-linked threat actors. The attackers used modified installers for chat applications to download a.NET malware loaders. IP-based geolocation service.

VPN

VPN Malware Encryption Passwords

Black Kingdom ransomware is targeting Microsoft Exchange servers

Security Affairs

MARCH 24, 2021

Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents. It does indeed encrypt files. pic.twitter.com/POYlPYGjsz — MalwareTech (@MalwareTechBlog) March 21, 2021.

Ransomware

Ransomware Encryption VPN Malware

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. ” continues the alert.

Ransomware

Ransomware Encryption Passwords Malware

Korean cybersecurity agency released a free decryptor for Hive ransomware

Security Affairs

JUNE 30, 2022

The agency released an executable along with a user manual that provides step-by-step instructions to recover encrypted data for free. The group used a variety of attack methods, including malspam campaigns, vulnerable RDP servers, and compromised VPN credentials. The offset is stored in the encrypted file name of each file.

Ransomware

Ransomware Cybersecurity Encryption VPN

US HHS warns healthcare orgs of Royal Ransomware attacks

Security Affairs

DECEMBER 10, 2022

The ransomware encrypts the network shares, that are found on the local network and the local drives, with the AES algorithm. The Royal ransomware can either fully or partially encrypt a file depending on its size and the ‘-ep’ parameter. The malware changes the extension of the encrypted files to ‘.royal’.

Healthcare

Healthcare Ransomware Encryption Malware

FBI issued an alert on Ragnar Locker ransomware activity

Security Affairs

NOVEMBER 23, 2020

“The FBI first observed Ragnar Locker1ransomwarein April 2020, when unknown actors used it to encrypt a large corporation’s files for an approximately $11 million ransom and threatened to release 10 TB of sensitive company data,” reads the flash alert. Install and regularly update anti-virus or anti-malware software on all hosts.

Ransomware

Ransomware Encryption VPN Backups

Hades ransomware gang targets big organizations in the US

Security Affairs

MARCH 26, 2021

The ransom note left by the malware points to Tor pages that are uniquely generated for each victim. . Accenture researchers also noticed that the Hades ransom notes share portions with the one used by the REvil ransomware operators , unique differences are the operators’ contact information and the formatting of the ransom notes.

Ransomware

Ransomware Encryption Malware VPN

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

“As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.” Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.

Ransomware

Ransomware DDOS Passwords Backups

New CACTUS ransomware appeared in the threat landscape

Security Affairs

MAY 9, 2023

Researchers warn of a new ransomware family called CACTUS that exploits known vulnerabilities in VPN appliances to gain initial access to victims’ networks. The new ransomware strain outstands for the use of encryption to protect the ransomware binary. This technique allows the encryptor to avoid detection. We are in the final!

Ransomware

Ransomware VPN Antivirus Encryption

FIN8-linked actor targets Citrix NetScaler systems

Security Affairs

AUGUST 29, 2023

Citrix reported that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. The attackers obtained encrypted passwords from NetScaler ADC configuration files, and the decryption key was stored on the ADC appliance. php) on victim machines.

VPN

VPN Ransomware DNS Malware

Security Affairs newsletter Round 396

Security Affairs

DECEMBER 3, 2022

Google fixed the ninth actively exploited Chrome zeroday this year A new Linux flaw can be chained with other two bugs to gain full root privileges Attack of drones: airborne cybersecurity nightmare Cuba Ransomware received over $60M in Ransom payments as of August 2022 Android Keyboard Apps with 2 Million downloads can remotely hack your device New (..)

Spyware

Spyware Data breaches VPN Hacking

15 Cybersecurity Measures for the Cloud Era

Security Affairs

APRIL 8, 2022

Not all providers are created equal, and it’s important to do your research to find one that will meet your specific needs and security requirements. Data encryption. In the cloud era, data encryption is more important than ever. It is also important to make sure that your data is encrypted both in motion and at rest.

Cybersecurity

Cybersecurity Passwords Penetration Testing Encryption

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In one successful attack, the attackers likely exploited an unpatched vulnerability in the organization’s VPN server. In another compromise, the group leveraged on compromised credentials to access a legacy VPN server.

Ransomware

Ransomware VPN Cybercrime Accountability

Iran-linked APT TA453 targets Windows and macOS systems

Security Affairs

JULY 8, 2023

Iran-linked APT group tracked TA453 has been linked to a new malware campaign targeting both Windows and macOS systems. The Iran-linked threat actor TA453 has been linked to a malware campaign that targets both Windows and macOS. GorjolEcho maintains persistence by copying the initial stages malware in a StartUp entry.

Malware

Malware VPN Media Encryption

DepositFiles exposed config file, jeopardizing user security

Security Affairs

JULY 27, 2023

DepositFiles’ clients are at risk of their personally identifiable information, files, and passwords being stolen. Attackers could also target the company with malware, ransomware, unauthorized access to business payment systems, etc.,” These emails could be infected by malware or ransomware,” researchers said. researchers said.

Data breaches

Data breaches VPN Media Passwords

NASA warns of a significant increase in cyber attacks during Coronavirus outbreak

Security Affairs

APRIL 8, 2020

The memo was obtained by the website SpaceRef, it warns of both phishing attacks and malware-based attacks. According to the advisory issued by NASA, the number of phishing attempts doubled in the past few days, at the same time the number of malware attacks on its systems has grown exponentially. ” reads the memo.

Cyber Attacks

Cyber Attacks Computers and Electronics VPN Phishing

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

Security Affairs

MARCH 17, 2020

Last week, security experts from MalwareHunterTeam detected new ransomware dubbed CoronaVirus has been distributed through a malicious web site that was advertising a legitimate system optimization software and utilities from WiseCleaner. The filename of the encrypted files will be changed to the attacker’s email address (i.e.

Ransomware

Ransomware Cryptocurrency Advertising Passwords

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Security Affairs

DECEMBER 6, 2020

The helicopter maker Kopter was hit by LockBit ransomware, the attackers compromised its internal network and encrypted the company’s files. LockBit ransomware operators told ZDNet that they have accessed the network of the helicopter maker via a VPN appliance that was poorly protected. ” reported ZDNet.

Ransomware

Ransomware VPN Encryption Authentication

Security Affairs newsletter Round 300

Security Affairs

FEBRUARY 7, 2021

Hackers abuse Plex Media servers for DDoS amplification attacks TeamTNT group uses Hildegard Malware to target Kubernetes Systems Experts found critical flaws in Realtek Wi-Fi Module Packaging giant WestRock is still working to resume after recent Ransomware Attack Watch out! The Great Suspender Chrome extension contains Malware.

DDOS

DDOS Firewall Ransomware Encryption

FBI warns of increase in PYSA ransomware attacks targeting education

Malwarebytes

MARCH 17, 2021

PYSA, aka Mespinoza, is a malware capable of exfiltrating data and encrypting users’ critical files and data stored on their systems. The threat actors deactivate security protection on the network, exfiltrate files, and upload the stolen data to Mega.nz, a cloud-storage and file-sharing service.

Education

Education Ransomware Phishing Passwords

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

CyberSecurity Insiders

SEPTEMBER 24, 2021

Even with high-level security measures, no one is safe from such threats. That is why most companies hire professional information security services to mitigate the risks arising from data breaches. Thus, it would be best if you secured all networks by incorporating firewalls and advanced encryption technology.

Cybersecurity

Cybersecurity Data breaches Backups Firewall

U.S. Bookstore giant Barnes & Noble hit by cyberattack

Security Affairs

OCTOBER 15, 2020

2/2) Please be assured that there is no compromise of customer payment details which are encrypted and tokenized. Please be assured that there is no compromise of customer payment details, which are encrypted and tokenized.” SecurityAffairs – hacking, malware). 1/2 — NOOK (@nookBN) October 14, 2020. (2/2)

Cyber Attacks

Cyber Attacks VPN Backups Ransomware

Fileless SockDetour backdoor targets U.S.-based defense contractors

Security Affairs

FEBRUARY 26, 2022

Researchers provided details about a stealthy custom malware dubbed SockDetour that targeted U.S.-based ” Once SockDetour is injected into the process’s memory, it hijacks legitimate processes’ network sockets to establish an encrypted C2 channel, then it loads an unidentified plugin DLL file retrieved from the server.

Backups

Backups VPN Healthcare Malware

Which is the Threat landscape for the ICS sector in 2020?

Security Affairs

MARCH 22, 2021

of computers in the ICS engineering and integration sector protected by Kaspersky were targeted by malware, an increase compared with detections for H1 2020 (31.5%). Latin America, the Middle East, Asia and North America were the regions with the highest number infections attempts blocked by the security solutions in H2 2020.

Engineering

Engineering VPN Accountability Software

Ukrainian police arrested Ransomware gang behind attacks on 50 companies

Security Affairs

JANUARY 14, 2022

The gang was targeting organizations via spam campaigns to spread ransomware, however, the police did not disclose the malware family used by the group in its attacks. The gang was also providing VPN-like services used by other cybercriminal organizations to carry out malicious activities used to deliver malware to the target organization.

Ransomware

Ransomware DDOS Telecommunications Malware

US CISA report shares details on web shells used by Iranian hackers

Security Affairs

SEPTEMBER 16, 2020

Cybersecurity and Infrastructure Security Agency (CISA) released a malware analysis report (MAR) that includes technical details about web shells employed by Iranian hackers. The malware used by the threat actors includes the ChunkyTuna, Tiny, and China Chopper web shells.

VPN

VPN Passwords Advertising Password Management

New Checkmate ransomware target QNAP NAS devices

Security Affairs

JULY 8, 2022

“Once the attacker successfully logs in to a device, they encrypt data in shared folders and leave a ransom note with the file name “!CHECKMATE_DECRYPTION_README” ” The ransomware appends the.checkmate extension to the filenames of encrypted files, it drops a ransom note named !CHECKMATE_DECRYPTION_README

Ransomware

Ransomware Encryption Passwords Internet

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

“Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems. Install and regularly update anti-virus and anti-malware software on all hosts. Pierluigi Paganini.

Ransomware

Ransomware Passwords Backups Firmware

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Who and What is Behind the Malware Proxy Service SocksEscort?

Webinars

Trending Sources

Magnet Goblin group used a new Linux variant of NerbianRAT malware

Webinars

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

China-linked APT groups targets orgs via Pulse Secure VPN devices

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

New Hive ransomware variant is written in Rust and use improved encryption method

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Akira ransomware received $42M in ransom payments from over 250 victims

Fortinet VPN with default certificate exposes 200,000 businesses to hack

YouTube creators’ accounts hijacked with cookie-stealing malware

New RedLine malware version distributed as fake Omicron stat counter

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

3CX Breach Was a Double Supply Chain Compromise

Bronze Starlight targets the Southeast Asian gambling sector

Black Kingdom ransomware is targeting Microsoft Exchange servers

FBI published a flash alert on Mamba Ransomware attacks

Korean cybersecurity agency released a free decryptor for Hive ransomware

US HHS warns healthcare orgs of Royal Ransomware attacks

FBI issued an alert on Ragnar Locker ransomware activity

Hades ransomware gang targets big organizations in the US

Avoslocker ransomware gang targets US critical infrastructure

New CACTUS ransomware appeared in the threat landscape

FIN8-linked actor targets Citrix NetScaler systems

Security Affairs newsletter Round 396

15 Cybersecurity Measures for the Cloud Era

Daixin Team targets health organizations with ransomware, US agencies warn

Iran-linked APT TA453 targets Windows and macOS systems

DepositFiles exposed config file, jeopardizing user security

NASA warns of a significant increase in cyber attacks during Coronavirus outbreak

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Security Affairs newsletter Round 300

FBI warns of increase in PYSA ransomware attacks targeting education

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

U.S. Bookstore giant Barnes & Noble hit by cyberattack

Fileless SockDetour backdoor targets U.S.-based defense contractors

Which is the Threat landscape for the ICS sector in 2020?

Ukrainian police arrested Ransomware gang behind attacks on 50 companies

US CISA report shares details on web shells used by Iranian hackers

New Checkmate ransomware target QNAP NAS devices

FBI warns of ransomware attacks targeting the food and agriculture sector

Stay Connected