Security Affairs

MARCH 26, 2024

The Black Lotus Labs team at Lumen Technologies uncovered an updated version of “ TheMoon ” bot targeting end-of-life (EoL) small home/small office (SOHO) routers and IoT devices. A new variant of TheMoon malware infected thousands of outdated small office and home office (SOHO) routers and IoT devices worldwide.

IoT 124

IoT Cybercrime Internet Internet 124

Security Affairs

APRIL 6, 2020

Chinese security-firm Qihoo 360 has uncovered a hacking campaign conducted by a DarkHotel APT group (APT-C-06) aimed at Chinese government agencies in Beijing and Shanghai. “Recently, Qihoo 360 captured malicious samples issued through hijacked security services of a domestic VPN vendor SangFor. ” continues the researchers.

VPN 130

VPN Government Advertising Firmware 130

Security Affairs

MARCH 8, 2021

The malware involved in the campaign was dubbed UnityMiner by 360 Netlab experts. ” reads the analysis published by 360 Netlab. . ” reads the analysis published by 360 Netlab. QNAP NAS users should check and update their firmware as soon as possible. The mining program is composed of unity_install.sh

Cryptocurrency 109

Cryptocurrency Firmware Malware Threat Detection 109

Security Affairs

FEBRUARY 4, 2024

Lurie Children’s is a Chicago-based pediatric acute care hospital with 360 beds, it is located on the university’s Streeterville campus with more than 1,665 physicians on its medical staff and 4,000 employees. ” states a first update provided by the hospital. ” reported the website Abc7chicago.

Cyber Attacks 116

Cyber Attacks Healthcare Internet Internet 116

Security Affairs

JUNE 10, 2021

Google released security updates to address 14 vulnerabilities in the Chrome browser, including a zero-day issue that has been exploited in the wild. Google awarded $25,000 researchers Rong Jian and Guang Gong from 360 Alpha Lab for reporting this vulnerability.

Engineering 140

Engineering Hacking Information Security Cybersecurity 140

Security Affairs

APRIL 19, 2023

Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2023-04-05 “The Stable and extended stable channel has been updated to 112.0.5615.137/138 for Windows and 112.0.5615.137 for Mac which will roll out over the coming days/weeks. Linux release coming soon.”

Education 91

Education Media Engineering Hacking 91

Security Affairs

JANUARY 9, 2020

Mozilla has released security updates for Firefox browser that address a zero-day vulnerability (CVE-2019-17026) that has been exploited in targeted attacks. Mozilla has released security updates for Firefox browser that address a zero-day flaw (CVE-2019-17026) that has been exploited in targeted attacks. and Firefox ESR 68.4.1

Advertising 72

Advertising Engineering Internet Internet 72

Security Affairs

AUGUST 17, 2022

Google this week released security updates to address a dozen vulnerabilities in its Chrome browser for desktops including an actively exploited high-severity zero-day flaw in the wild. Users should update to version 104.0.5112.101 for macOS and Linux and 104.0.5112.102/101 for Windows. Pierluigi Paganini.

Telecommunications 110

Telecommunications Mobile Engineering Hacking 110

Security Affairs

MARCH 13, 2019

Security experts at 360 Total Security have discovered a new modular cryptocurrency malware that implements worm capabilities to spread. “Recently, 360 Total Security team intercepted a new worm PsMiner written in Go, which uses CVE-2018-1273, CVE-2017-10271, CVE-2015-1427, CVE-2014-3120 and other high-risk vulnerabilities ?

Malware 78

Malware Cryptocurrency Advertising Passwords 78

Security Affairs

NOVEMBER 3, 2020

“ Access to bug details and links may be kept restricted until a majority of users are updated with a fix. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-10-15 [$15000][ 1139398 ] High CVE-2020-16005: Insufficient policy enforcement in ANGLE. Pierluigi Paganini.

Advertising 108

Advertising Engineering Hacking Information Security 108

Security Affairs

MAY 3, 2021

Apple has released security updates to patch three zero-days in the WebKit, the Apple’s browser engine, and fixed a zero-day exploited in the wild. Apple released security updates to address four zero-day vulnerabilities impacting WebKit, which is used by multiple products of the IT giant, including iPadOS, tvOS, and watchOS.

Engineering 60

Engineering Hacking Information Security Cybersecurity 60

SiteLock

AUGUST 27, 2021

Platform Scan for WordPress runs daily as part of SiteLock’s 360° Website Malware & Vulnerability Scanning, and requires no additional setup. Customers who already have SiteLock website security that includes 360° Website Malware & Vulnerability Scanning now receive this additional feature at no additional charge.

Malware 52

Malware Risk 52

Security Affairs

DECEMBER 13, 2021

A few hours ago, researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library. ” Talos researchers also updated the list of IOCs to include information about mining activity carried out by exploiting the CVE-2021-44228 flaw.

Malware 121

Malware Hacking Cybercrime Information Security 121

Digital Shadows

AUGUST 3, 2022

This 360-degree view of security threats, coupled with the ability to take action to mitigate these threats, will provide our customers with powerful new ways to stay ahead of attackers. We’re also excited to announce that the first set of integrations of Digital Shadows threat insights and threat intelligence data are available immediately.

Architecture 52

Architecture Threat Detection Cyber Attacks Technology 52

Security Affairs

SEPTEMBER 1, 2021

The Mozi botnet was spotted by security experts from 360 Netlab, at the time of its discovered it was actively targeting Netgear, D-Link, and Huawei routers by probing for weak Telnet passwords to compromise them. link] — 360 Netlab (@360Netlab) July 28, 2021. One botnet down more to go. ” continues the post.

IoT 78

IoT DNS Manufacturing Passwords 78

Security Affairs

MARCH 24, 2020

“Adobe has released a security update for Adobe Creative Cloud Desktop Application for windows. This update address a critical vulnerability. Last week, Adobe released a set of out-of-band software updates that address a total of 41 vulnerabilities in six of its products. ” reads the advisory published by Adobe.

Advertising 44

Advertising Mobile Technology Software 44

Security Affairs

FEBRUARY 12, 2021

The fresh release of the Latin American Lampion trojan was updated with a new C2 address. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Lampion trojan disseminated in Portugal using COVID-19 template. Communication process. 0x64d6474 (108): O|210X|.|FF|############00000000|5.188.9.28|||@-@

Banking 108

Banking Malware Information Security Hacking 108

SiteLock

AUGUST 27, 2021

SiteLock® 360° Website Malware & Vulnerability Scanning) and white box analysis (e.g. If you want to check out our WordCamp Miami talk, “ Beyond the Basics: Building Security into Your Development Projects ,” and the corresponding slides are available online. SiteLock® SMART™ Scanning ), basically wherever text-based analysis is possible.

Malware 52

Malware Antivirus Software 52

Security Affairs

MARCH 15, 2019

The exploitation of the flaw in the wild is worrisome because the WinRAR software doesn’t have an auto-update feature, leaving millions of users potentially exposed to cyber attacks. Several threat actors are actively exploiting a critical remote code execution vulnerability recently addressed in WinRAR.

Advertising 84

Advertising Malware Antivirus Software 84

Security Affairs

SEPTEMBER 10, 2018

Even if the vendor released a security fix that addresses the flaw in April, the number of not updated routers is still very high. million MikroTik routers are still vulnerable to the CVE-2018-14847 exploit because owners have not updated them. Summarizing, more than 370,000 of 1.2

Cryptocurrency 64

Cryptocurrency IoT Advertising Internet 64

Security Affairs

DECEMBER 6, 2018

This week, Adobe released security updates for Flash Player that address two vulnerabilities, including a zero-day flaw, tracked as CVE-2018-15982, exploited in targeted attacks. Experts observed the exploitation of the Flash zero-day exploit in an attack aimed at the FSBI “Polyclinic No.

Telecommunications 82

Telecommunications Malware Advertising Government 82

eSecurity Planet

DECEMBER 13, 2021

Researchers with Netlab, a security unit of Chinese tech giant Qihoo 360, wrote over the weekend that their Anglerfish and Apacket honeypots detected two efforts to leverage Log4Shell to create Muhstik and Mirai botnets to attack Linux devices. Attackers are running obfuscation efforts around the requests to bypass string-matching detections.

Cybersecurity 135

Cybersecurity Software Government Threat Detection 135

SecureList

NOVEMBER 23, 2022

Juniper Research assesses the BNPL user base at 360 million in 2022 and predicts this number to surpass 900 million globally by 2027. The email body employs social engineering techniques, for instance, to convince the user that they need to update their payment data, or that a lucrative deal awaits them on the phishing site.

Phishing 98

Phishing Banking Scams Retail 98

eSecurity Planet

DECEMBER 3, 2021

So far, the EwDoor in our view has undergone 3 versions of updates, and its main functions can be summarized into 2 main categories of DDoS attacks and Backdoor,” they wrote. The three updates occurred during November. It also reinforces the oft-repeated message to enterprises that they need to keep their systems updated.

DDOS 132

DDOS IoT Malware Internet 132

SecureWorld News

MARCH 24, 2022

Records affected: 360 million. Attorney General said it appears to be Russia-backed hackers; however, Microsoft reported it had detected two different sets of attacks which were compromising SolarWinds software updates. They also managed to digitally "sign" the updates, which made them seem legitimate. government agencies.

Data breaches 116

Data breaches Passwords Accountability Government 116

SecureWorld News

DECEMBER 29, 2020

Records affected: 360 million. Attorney General says it appears to be Russian backed hacker, however, Microsoft reported it had detected two different sets of attacks which were compromising SolarWinds software updates. They also managed to digitally 'sign' the updates, which made them look legitimate. Government agencies.

Data breaches 97

Data breaches Passwords Accountability Government 97

Security Affairs

APRIL 10, 2022

A new round of the weekly Security Affairs newsletter arrived! The post Security Affairs newsletter Round 360 by Pierluigi Paganini appeared first on Security Affairs. Every week the best security articles from Security Affairs free for you in your email box. To nominate, please visit:? Pierluigi Paganini.

DDOS 71

DDOS Data breaches Marketing Manufacturing 71

Krebs on Security

AUGUST 19, 2019

A search on the Joshua Powder and tthack email addresses at Hyas , a startup that specializes in combining data from a number of sources to provide attribution of cybercrime activity , further associates those to mafiacloud@gmail.com and to the phone number 868-360-9983 , which is a mobile number assigned by Digicel Trinidad and Tobago Ltd.

Wireless 219

Wireless Mobile Advertising Internet 219

Security Affairs

JANUARY 10, 2021

The Solarwinds Orion Cybersecurity product itself became the target of a Cyber-attack , with the software product updates being infected with the SUNBURST malware which created a backdoor into 18,000 customers who updated their Orion software with the infected updates. Share price fell by 2.3% SolarWinds Inc. 4securitas.com ).

Cyber Attacks 91

Cyber Attacks Government Surveillance Software 91

Security Affairs

MARCH 28, 2019

A few days after the disclosure of the flaw, researchers at the 360 Threat Intelligence Center discovered a malspam campaign that was distributing a malicious RAR archive that could exploit the flaw to install deliver malware on a computer. Dropping a malicious code into Windows Startup folder it would automatically run on the next reboot.

Education 82

Education Malware Advertising Hacking 82

Security Affairs

MAY 2, 2019

If the agent is already registered to C2 this command acts like a ping, it updates basic informations to the corresponding “agent” folder. ” + fileNameTmp.substring(0, 2) + “ ” + fileNameTmp.substring(2, 5); and time to live a random number between 0 to 360. (Source: MISP Project ). It is not a TXT request.

DNS 87

DNS Computers and Electronics Penetration Testing Government 87

eSecurity Planet

MARCH 9, 2023

Key Features Automatic and continuous scans to update website, application and API inventories Avoids scanning queues by allowing multiple concurrent scans and scanners that feed into a centralized repository for reporting Deploys on-premise, in the cloud, within Docker images, or as a hybrid solution.

Penetration Testing 78

Penetration Testing Software Engineering Small Business 78

Security Affairs

JULY 22, 2018

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal. 20% discount. Kindle Edition. Paper Copy. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising 42

Advertising Healthcare IoT Data breaches 42

SecureList

AUGUST 3, 2022

The attacks followed an update that targeted cheaters. The 360 Netlab company published a report on a new zombie net named Fodcha, which expanded through brute-force attacks and by exploiting known vulnerabilities in IoT devices. Besides, the system would need to be updated and trained to make it fit the purpose.

DDOS 104

DDOS Government Marketing IoT 104