Event, Hacking, Information Security and Malware

Malware campaign hides a shellcode into Windows event logs

Security Affairs

MAY 7, 2022

Experts spotted a malware campaign that is the first one using a technique of hiding a shellcode into Windows event logs. In February 2022 researchers from Kaspersky spotted a malicious campaign using a novel technique that consists of hiding the shellcode in Windows event logs. SecurityAffairs – hacking, Windows event logs).

Malware

Malware Encryption Hacking Cybersecurity

Brokewell Android malware supports an extensive set of Device Takeover capabilities

Security Affairs

APRIL 27, 2024

ThreatFabric researchers identified a new Android malware called Brokewell, which implements a wide range of device takeover capabilities. ThreatFabric researchers uncovered a new mobile malware named Brokewell, which is equipped with sophisticated device takeover features. ” reads the report published by ThreatFabric.

Malware

Malware Spyware Authentication Mobile

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

The ransomware identifies user accounts by viewing successful logins in Windows Event Viewer, it also uses a modified variant of the open-source PSnmap Tool. Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine.

Ransomware

Ransomware Hacking Data breaches Digital transformation

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

DEF CON 31 – Jared Stroud’s ‘Packet Hacking Village – WINE Pairing With Malware’

Security Boulevard

NOVEMBER 17, 2023

Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada ; via the organizations YouTube channel. Permalink The post DEF CON 31 – Jared Stroud’s ‘Packet Hacking Village – WINE Pairing With Malware’ appeared first on Security Boulevard.

Hacking

Hacking Malware Architecture Education

Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites

Security Affairs

MARCH 11, 2024

Threat actors are hacking WordPress sites by exploiting a vulnerability, tracked as CVE-2023-6000, in old versions of the Popup Builder plugin. In January, Sucuri researchers reported that Balada Injector malware infected over 7100 WordPress sites using a vulnerable version of the Popup Builder WordPress plugin. traveltraffic[.]cc

Malware

Malware Hacking Cybercrime Information Security

Frebniis malware abuses Microsoft IIS feature to create a backdoor

Security Affairs

FEBRUARY 19, 2023

Experts spotted a malware dubbed Frebniis that abuses a Microsoft IIS feature to deploy a backdoor and monitor all HTTP traffic to the system. Frebniis operates by injecting code into the memory of the iisfreb.dll which is used by the IIS feature Failed Request Event Buffering (FREB) for troubleshooting failed requests.

Malware

Malware Passwords Internet Internet

New PowerDrop malware targets U.S. aerospace defense industry

Security Affairs

JUNE 7, 2023

aerospace defense sector with a new PowerShell malware dubbed PowerDrop. The PowerShell-based malware uses advanced techniques to evade detection, including deception, encoding, and encryption. The PowerShell-based malware uses advanced techniques to evade detection, including deception, encoding, and encryption.

Malware

Malware Encryption Internet Internet

Iranian Broadcaster IRIB hit by wiper malware

Security Affairs

FEBRUARY 23, 2022

Iranian national media corporation, Islamic Republic of Iran Broadcasting (IRIB), was hit by a wiper malware in late January 2022. Researchers from CheckPoint that investigated the attack reported that the attackers used a wiper malware to disrupt the state’s broadcasting networks, damaging both TV and radio networks.

Malware

Malware Passwords Backups Hacking

Ransomware gangs target companies involved in time-sensitive financial events, FBI warns

Security Affairs

NOVEMBER 2, 2021

The FBI warns of ransomware attacks on businesses involved in “time-sensitive financial events” such as corporate mergers and acquisitions. Ransomware gangs target these companies because there is a high likelihood that they will pay the ransom to avoid the impact of the disclosure of sensitive data during these events.

Ransomware

Ransomware Hacking Accountability Cybercrime

SUPERNOVA, a Backdoor Found While Investigating SolarWinds Hack

Security Affairs

DECEMBER 21, 2020

“The malware is secretly implanted onto a server, it receives C2 signals remotely and executes them in the context of the server user.” SecurityAffairs – hacking, SolarWinds). The post SUPERNOVA, a backdoor found while investigating SolarWinds hack appeared first on Security Affairs. Pierluigi Paganini.

Hacking

Hacking Software Malware Information Security

Researchers used electromagnetic signals to classify malware infecting IoT devices

Security Affairs

JANUARY 5, 2022

Cybersecurity researchers demonstrate how to use electromagnetic field emanations from IoT devices to detect malware. The team of experts presented their technique at the Annual Computer Security Applications Conference ( ACSAC ) that took place in December. ” reads a research paper published by the experts.

IoT

IoT Malware Internet Internet

Ragnar Locker ransomware gang advertises Campari hack on Facebook

Security Affairs

NOVEMBER 11, 2020

Ragnar Locker gangs started hacking into a Facebook advertiser’s account and creating advertisements their hack, this has already happened with the recent attack on the Italian liquor company Campari Group. 3 that its computer systems had been sidelined by a malware attack.” 9, on Facebook. . 9, on Facebook.

Advertising

Advertising Hacking Ransomware Accountability

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Security Affairs

JUNE 20, 2022

The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. “TAs are modifying their code in order to tailor their malware on specific banking institutions.

Malware

Malware Banking Antivirus Phishing

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

Italy was also marginally affected by the attack and the case was dealt with by the Computer Crime Operations Centre of the Postal Police (CNAIPIC ) [link] , which promptly issued an alert [link] on the very day of the event, recommending some useful actions also to prevent further possible propagation. SecurityAffairs – hacking, Wannacry).

Malware

Malware Computers and Electronics Encryption Ransomware

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

Security Affairs

FEBRUARY 21, 2024

Upon opening the reports, the infection process starts leading to the deployment of malware on the victim’s system. In the recent campaign, threat actors used a customized PlugX malware that includes a completed backdoor command module, the researchers named it DOPLUGS. ” reads the report published by Trend Micro.

Malware

Malware Phishing Government Passwords

UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw

Security Affairs

AUGUST 29, 2023

On May 30, 2023, the vendor provided a Preliminary Summary of Key Findings related to its investigation that includes a timeline of events, Indicators of Compromise (IOCs), and recommended actions for impacted customers. The company notified via the ESG user interface the customers whose appliances they believe were impacted.

Government

Government Hacking Malware Accountability

Security Affairs newsletter Round 452 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 31, 2023

INC RANSOM ransomware gang claims to have breached Xerox Corp Spotify music converter TuneFab puts users at risk Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania Russia-linked APT28 used new malware in a recent phishing campaign Clash of Clans gamers at risk while using third-party app New Version of Meduza (..)

Artificial Intelligence

Artificial Intelligence Cyber Attacks Malware Ransomware

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware

Malware Encryption Advertising Passwords

Balada Injector continues to infect thousands of WordPress sites

Security Affairs

JANUARY 15, 2024

Balada Injector malware infected more than 7100 WordPress sites using a vulnerable version of the Popup Builder plugin. The Balada injector is a malware family that has been active since 2017. The malware supports multiple attack vectors and persistence mechanisms.

Malware

Malware Hacking Accountability Information Security

iShutdown lightweight method allows to discover spyware infections on iPhones

Security Affairs

JANUARY 17, 2024

The iOS devices log any reboot event in this file along with multiple environment information. The analysis of the infections also revealed other similarities such as the path associated with malware execution (“/private/var/db/”). The experts noticed some log entry notes related to processes that prevented a normal reboot.

Spyware

Spyware Mobile Malware Surveillance

Sophisticated hacking campaign uses Windows and Android zero-days

Security Affairs

JANUARY 12, 2021

Google Project Zero researchers uncovered a sophisticated hacking campaign that targeted Windows and Android users. And who puts "informational" event logging in their Android downloader malware? SecurityAffairs – hacking, Project Zero). Pierluigi Paganini.

Hacking

Hacking Engineering Malware Information Security

PRIVATELOG, a new malware that leverages Common Log File System (CLFS) to avoid detection

Security Affairs

SEPTEMBER 3, 2021

Mandiant researchers spotted a new malware family, dubbed PRIVATELOG, that relies on the Common Log File System (CLFS) to evade detection solutions. CLFS can be used for both data logging as well as for event logging. Mandiant provides YARA rules to detect PRIVATELOG and STASHLOG malware as well as possible variants.

Malware

Malware Encryption Hacking Cybersecurity

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Security Affairs

FEBRUARY 19, 2024

The gang also published several pictures of passports and company documents as proof of the hack. The ransomware identifies user accounts by viewing successful logins in Windows Event Viewer, it also uses a modified variant of the open-source PSnmap Tool. Cactus Ransomware has just posted Schneider Electric.

Ransomware

Ransomware Digital transformation Retail Antivirus

Analysis of the 2021 Verizon Data Breach Report (DBIR)

Daniel Miessler

MAY 19, 2021

My Definitions of Event, Alert, and Incident. A definitions reminder: Incident : A security event that compromises the integrity, confidentiality or availability of an information asset. For incidents, the breakdown was: dos (hacking), phishing (social), other, and then ransomware (malware).

Data breaches

Data breaches Social Engineering Ransomware Phishing

BlackCat claims the hack of the Casepoint legal technology platform used by US agencies

Security Affairs

JUNE 1, 2023

The BlackCat ransomware gang claims to have hacked the Casepoint legal technology platform used US agencies, including SEC and FBI. ” In the event that the security breach is verified, it is reasonable to speculate that the ransomware group might have compromised sensitive and possibly classified information.

Technology

Technology Hacking Ransomware Manufacturing

Pwn2Own Tokyo Day two: TP-Link router and Synology NAS hacked

Security Affairs

NOVEMBER 7, 2020

On the second day of the Pwn2Own Tokyo 2020 hacking competition, bug bounty hunters hacked a TP-Link router and a Synology NAS. Day 2 of the popular Pwn2Own Tokyo hacking competition is concluded, due to the COVID-19 pandemic the competition has been arranged as a virtual event. Pierluigi Paganini.

Hacking

Hacking Information Security Malware

New SPIKEDWINE APT group is targeting officials in Europe

Security Affairs

FEBRUARY 29, 2024

The cyberspies used a bait PDF document masqueraded as an invitation letter from the Ambassador of India, inviting diplomats to a wine-tasting event in February 2024. The researchers pointed out that WINELOADER is not injected into the DLLs that contain exported functions used by the malware.

Malware

Malware Hacking Information Security

REvil ransomware gang recommends that Apple buy back its data stolen in Quanta hack

Security Affairs

APRIL 21, 2021

REvil ransomware gang is attempting to extort Apple ahead of the Apple Spring Loaded event threatening to sell stolen blueprints belonging to the IT giant that were stolen from Quanta Computer. As proof of the hack, REvil operators leaked some schematics of MacBook components on the leak site. SecurityAffairs – hacking, Quanta).

Computers and Electronics

Computers and Electronics Ransomware Hacking Wireless

Mar 06- Mar 12 Ukraine – Russia the silent cyber conflict

Security Affairs

MARCH 13, 2022

This post provides a timeline of the events related to the Russia invasion of Ukraine from the cyber security perspective. March 11 – Anonymous hacked Roskomnadzor agency revealing Russian disinformation. Threat actors are spreading password-stealing malware disguised as a security tool to target Ukraine’s IT Army.

Hacking

Hacking DDOS Phishing Malware

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

Security Affairs

NOVEMBER 6, 2023

Google Calendar RAT is a PoC of Command&Control (C2) over Google Calendar Events, it was developed red teaming activities. “The script creates a ‘Covert Channel’ by exploiting the event descriptions in Google Calendar. “To use GRC, only a Gmail account is required.” ” reads the Google Report.

Accountability

Accountability Hacking Information Security Malware

Multiple WhatsApp mods spotted containing the CanesSpy Spyware

Security Affairs

NOVEMBER 3, 2023

The bad news is that, in some cases, threat actors spread malware-laced mods to infect as many devices as possible. The broadcast receiver gets a message like that, it calls the event handler. Then the malware contacts the command-and-control (C2) server and sends information about the compromised device (i.e.

Spyware

Spyware Malware Mobile Advertising

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Security Affairs

FEBRUARY 16, 2024

The malware uses Windows events for synchronization, with the first primary malware thread initiated in the DLL’s ServiceMain function. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Turla) The report includes indicators of compromise (IoCs).

Password Management

Password Management Malware Passwords Hacking

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware

Malware Encryption Advertising Passwords

Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

Security Affairs

MAY 1, 2024

Attackers used “super-aged” domains, usually registered before the year 2000, to avoid DNS blocklists and blending in with old malware at the same time The attackers manipulate MX (Mail Exchange) records by injecting fake responses through China’s Great Firewall. ” concludes the report.

DNS

DNS Firewall DDOS Hacking

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Security Affairs

MAY 4, 2020

Hackers are conducting a mass-scanning the Internet for vulnerable Salt installs that could allow them to hack the organizations, the last victim is the Ghost blogging platform. Salt (aka SaltStack) is Python-based, open-source software for event-driven IT automation, remote task execution, and configuration management.

Internet

Internet Internet Hacking Advertising

City of Wichita disclosed a data breach after the recent ransomware attack

Security Affairs

MAY 17, 2024

These files contained law enforcement incident and traffic information, which include names, Social Security numbers, driver’s license or state identification card numbers, and payment card information.” ” reads the Notice of Data Event updated on May 14, 2024.

Data breaches

Data breaches Ransomware Hacking Cybercrime

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Malware

Malware Phishing Antivirus Hacking

Apr 10 – Apr 16 Ukraine – Russia the silent cyber conflict

Security Affairs

APRIL 18, 2022

This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the ongoing invasion that occurred in the previous weeks: April 16 – The unceasing action of Anonymous against Russia. To nominate, please visit:?

Hacking

Hacking Ransomware Government Malware

Threat actors hacked a server of a Queensland water supplier and remained undetected for 9 months

Security Affairs

NOVEMBER 11, 2021

The hacked server was used by the company to manage customer information for the Queensland water supplier. The security breach took place between August 2020 and May 2021, the intrusion has been attributed to a financially motivated attacker that deployed a custom implant to redirect visitor traffic to an online video platform.

Hacking

Hacking Passwords Government Security Awareness

Security Affairs newsletter Round 383

Security Affairs

SEPTEMBER 11, 2022

SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 383 appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Data breaches

Data breaches Ransomware Phishing Malware

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

Your IP address represents your digital identity online, hacking it not only allows attackers to access your device or your accounts, but it may cause even bigger damage. Cybercriminals are interested in hacking your IP address for various reasons. The hacked and stolen IPs are often used for carrying out illegal activities.

Hacking

Hacking VPN Internet Internet

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Security Affairs

SEPTEMBER 27, 2023

US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries. The nation-state actors employed multiple custom malware families targeting Windows, Linux, and FreeBSD operating systems.

Firmware

Firmware Telecommunications System Administration Malware

MaliBot Android Banking Trojan targets Spain and Italy

Security Affairs

JUNE 18, 2022

Malibot is a new Android malware targeting online banking and cryptocurrency wallet customers in Spain and Italy. F5 Labs researchers spotted a new strain of Android malware, named Malibot, that is targeting online banking and cryptocurrency wallet customers in Spain and Italy. ” reads the advisory published by F5 Labs.

Banking

Banking Cryptocurrency Malware Mobile

Xenomorph Android banking trojan distributed via Google Play Store

Security Affairs

FEBRUARY 21, 2022

Researchers speculate that the two malware could have been developed by the same actor, or at least by someone familiar with the codebase of the Alien banking Trojan. Alien operation was providing a Malware-as-a-Service (MaaS) an it was advertised on several underground hacking forums. SecurityAffairs – hacking, Xenomorph).

Banking

Banking Malware Marketing Cryptocurrency

Malware campaign hides a shellcode into Windows event logs

Brokewell Android malware supports an extensive set of Device Takeover capabilities

Webinars

Trending Sources

Cactus ransomware gang claims the Schneider Electric hack

Webinars

DEF CON 31 – Jared Stroud’s ‘Packet Hacking Village – WINE Pairing With Malware’

Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites

Frebniis malware abuses Microsoft IIS feature to create a backdoor

New PowerDrop malware targets U.S. aerospace defense industry

Iranian Broadcaster IRIB hit by wiper malware

Ransomware gangs target companies involved in time-sensitive financial events, FBI warns

SUPERNOVA, a Backdoor Found While Investigating SolarWinds Hack

Researchers used electromagnetic signals to classify malware infecting IoT devices

Ragnar Locker ransomware gang advertises Campari hack on Facebook

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Wannacry, the hybrid malware that brought the world to its knees

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw

Security Affairs newsletter Round 452 by Pierluigi Paganini – INTERNATIONAL EDITION

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Balada Injector continues to infect thousands of WordPress sites

iShutdown lightweight method allows to discover spyware infections on iPhones

Sophisticated hacking campaign uses Windows and Android zero-days

PRIVATELOG, a new malware that leverages Common Log File System (CLFS) to avoid detection

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Analysis of the 2021 Verizon Data Breach Report (DBIR)

BlackCat claims the hack of the Casepoint legal technology platform used by US agencies

Pwn2Own Tokyo Day two: TP-Link router and Synology NAS hacked

New SPIKEDWINE APT group is targeting officials in Europe

REvil ransomware gang recommends that Apple buy back its data stolen in Quanta hack

Mar 06- Mar 12 Ukraine – Russia the silent cyber conflict

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

Multiple WhatsApp mods spotted containing the CanesSpy Spyware

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

City of Wichita disclosed a data breach after the recent ransomware attack

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Apr 10 – Apr 16 Ukraine – Russia the silent cyber conflict

Threat actors hacked a server of a Queensland water supplier and remained undetected for 9 months

Security Affairs newsletter Round 383

5 Ways to Protect Yourself from IP Address Hacking

China-linked APT BlackTech was spotted hiding in Cisco router firmware

MaliBot Android Banking Trojan targets Spain and Italy

Xenomorph Android banking trojan distributed via Google Play Store

Stay Connected