2007, Analysis and Encryption - Information Management Today

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007. ” reads the analysis published by Symantec. Spyder Loader loads AES-encrypted blobs to create the wlbsctrl.dll which acts as a next-stage loader that executes the content.

File names

File names Encryption Manufacturing Libraries

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Security Affairs

FEBRUARY 23, 2022

The forensic analysis conducted by researchers revealed the presence of multiple instances of the general-purpose Dridex malware which was also used to distribute other malware. In a first stage it allocates the memory space where to copy the encrypted data and whose content is executed by the packer. ” continues the report.

Ransomware

Ransomware Encryption IT Government

Dacls RAT, the first Lazarus malware that targets Linux devices

Security Affairs

DECEMBER 17, 2019

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. ” reads the analysis published by Qihoo 360 Netlab. ” continues the analysis.

CMS

CMS File names Encryption Access

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

North Korea-linked group Lazarus targets Latin American banks

Security Affairs

NOVEMBER 24, 2018

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. ” reads the analysis published by Trend Micro. n = number of characters in the loader dll’s filename.

Encryption

Encryption Ransomware Privacy Security

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

MAY 9, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. ” reads the analysis published by the researchers. The Mac RAT implements a C&C communication similar to the Linux variant.

Libraries

Libraries Communications Encryption Authentication

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Security Affairs

APRIL 20, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. ” reads the analysis published by MalwareBytes. ” states the analysis. ” concludes the report.

Phishing

Phishing Encryption Communications Ransomware

Turla APT group adds Topinambour Trojan to its arsenal

Security Affairs

JULY 17, 2019

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America and former Soviet bloc nations. ” reads the analysis published by Kaspersky.

IT

IT Encryption Security Government

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

” This week, Google Threat Analysis Group (TAG) also warned of North Korea-linked hackers targeting security researchers through social media. Attackers also employed an encrypted Chrome password-stealer hosted on ZINC domain [link]. . “If you visited the referenced ZINC-owned blog (br0vvnn[.]io),

Security

Security Encryption Passwords Communications

New Turla ComRAT backdoor uses Gmail for Command and Control

Security Affairs

MAY 26, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

Military

Military Communications Encryption Authentication

Latest Turla backdoor leverages email PDF attachments as C&C mechanism

Security Affairs

AUGUST 23, 2018

Malware researchers from ESET have conducted a new analysis of a backdoor used by the Russia-linked APT Turla in targeted espionage operations. The new analysis revealed a list of high-profile victims that was previously unknown. ” reads the analysis published by ESET. ” reads the analysis published by ESET.

Metadata

Metadata Military Libraries Access

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

For more details on this finding see the Technical Analysis below. Technical Analysis. The structure of this stream is fully specified in Microsoft Office Excel 97-2007 – Binary File Format Specification. This temp file is the Ammyy RAT encrypted file, which will be decrypted and renamed at a later stage ( wsus.exe ).

File names

File names Phishing Libraries IT

The Cathay Pacific Breach: Is Data Protection and Cyber Security Law in Hong Kong About to Receive an Upgrade?

HL Chronicle of Data Protection

JUNE 17, 2019

DPP 4 Analysis: Data Security. Cathay Pacific did not encrypt database backup files used to support database migrations carried out between 2016 and 2018. DPP 2 Analysis: Data Retention. This may accelerate the Working Group’s analysis.

Personal data

Personal data Data breaches Security Compliance

Best Digital Forensics Tools & Software for 2021

eSecurity Planet

AUGUST 13, 2021

While several open-source tools exist for disk and data capture, network analysis, and specific device forensics, a growing number of vendors are building off what’s publicly available. Critical capabilities include timeline analysis, hash filtering, file and folder flagging, and multimedia extraction. The Sleuth Kit and Autopsy.

e-Discovery

e-Discovery Computer and Electronics Marketing Compliance

Top Network Detection & Response (NDR) Solutions

eSecurity Planet

AUGUST 26, 2022

Whereas older solutions like antivirus, firewalls, and endpoint detection and response (EDR) have long focused on threats at the network perimeter, the intent of NDR is to monitor and act on malicious threats within organization networks using artificial intelligence (AI) and machine learning (ML) analysis. ExtraHop Networks.

Analytics

Analytics Cloud Artificial Intelligence Cybersecurity

A taste of the latest release of QakBot

Security Affairs

MAY 6, 2021

A taste of the latest release of QakBot – one of the most popular and mediatic trojan bankers active since 2007. The malware QakBot , also known as Qbot , Pinkslipbot , and Quakbot is a banking trojan that has been made headlines since 2007. Figure 15: Identification of Delphi forms and unknown resources (encrypted QakBot DLL).

Encryption

Encryption Libraries Ransomware IT

The Burden of Privacy In Discovery

Data Matters

SEPTEMBER 29, 2021

Should privacy be considered a “burden” under the proportionality analysis required by Federal Rule of Civil Procedure Rule 26(b)? 3 As a result, an emerging consensus of courts and commentators has concluded that privacy interests may — and indeed, should — be considered as part of the proportionality analysis required under Rule 26(b)(1).

Privacy

Privacy e-Discovery Computer and Electronics e-Delivery

SHARED INTEL: How NTA/NDR systems get to ‘ground truth’ of cyber attacks, unauthorized traffic

The Last Watchdog

OCTOBER 14, 2019

But ExtraHop noticed that the tool also opening encrypted connections to vendor-owned cloud storage, a major HIPAA violation. Launched in Seattle in 2007, ExtraHop set out to help companies gain an actionable understanding of their IT environments. Since then it has raised $61.6 Mukerji: Data is indisputable.

Cloud

Cloud Analytics Cybersecurity Digital transformation

Winnti APT Group targeted Hong Kong Universities

Security Affairs

FEBRUARY 1, 2020

” reads the analysis p ublished by ESET. ” The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. Other technical details are reported in the ESET’s analysis, including Indicators of Compromise ( IoCs ).

Paper

Paper Encryption Security IT

Is APT27 Abusing COVID-19 To Attack People ?!

Security Affairs

MARCH 19, 2020

The following VBScript is run through cscript.exe, It’s an obfuscated and xor-encrypted payload. The encryption is performed by a simple xor having as key the single byte 0 while the encoding procedure is a multi conversion routine which could be summarized as follows: chr(asc(chr(“&h”&mid(x,y,2)))). OCX VT coverage.

Computer and Electronics

Computer and Electronics IT Encryption Security

Top Cybersecurity Companies for 2021

eSecurity Planet

AUGUST 13, 2021

The solution includes cloud sandboxing technology, preventing zero-day threats, and full disk encryption capability for enhanced data protection. ESET Protect Advanced complies with data regulation thanks to full disk encryption capabilities on Windows and macOS. Founded: 2007. Get started today! Visit website. Founded: 1911.

Cybersecurity

Cybersecurity Cloud Encryption Marketing

APT28 and Upcoming Elections: evidence of possible interference

Security Affairs

APRIL 12, 2019

Technical Analysis. This Office password protection could be easily bypassed using the classic malware analysis tools and after the code extraction, it’s possible to analyze the plain-text code as follows. Further detail about AMSI have been described in a previous analysis report. Figure 1: Overview of the malicious document.

Passwords

Passwords Metadata Military Government

Best Network Security Tools 2021

eSecurity Planet

MAY 27, 2021

Read more about the solution in our comparative analysis of Kaspersky and Symantec. The Trend Micro Vision One solution offers various features from machine learning and behavioral analysis to sandbox integration and phishing protection. Runner up: Trend Micro Vision One. Trend Micro is also a global leader in cybersecurity.

Security

Security Cloud Analytics Access

Information Management Today

China-linked APT41 group targets Hong Kong with Spyder Loader

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Webinars

Trending Sources

Dacls RAT, the first Lazarus malware that targets Linux devices

Webinars

North Korea-linked group Lazarus targets Latin American banks

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Turla APT group adds Topinambour Trojan to its arsenal

Microsoft: North Korea-linked Zinc APT targets security experts

New Turla ComRAT backdoor uses Gmail for Command and Control

Latest Turla backdoor leverages email PDF attachments as C&C mechanism

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

The Cathay Pacific Breach: Is Data Protection and Cyber Security Law in Hong Kong About to Receive an Upgrade?

Best Digital Forensics Tools & Software for 2021

Top Network Detection & Response (NDR) Solutions

A taste of the latest release of QakBot

The Burden of Privacy In Discovery

SHARED INTEL: How NTA/NDR systems get to ‘ground truth’ of cyber attacks, unauthorized traffic

Winnti APT Group targeted Hong Kong Universities

Is APT27 Abusing COVID-19 To Attack People ?!

Top Cybersecurity Companies for 2021

APT28 and Upcoming Elections: evidence of possible interference

Best Network Security Tools 2021

Stay Connected