2007, Communications and Security - Information Management Today

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

Megatraffer explained that malware purveyors need a certificate because many antivirus products will be far more interested in unsigned software, and because signed files downloaded from the Internet don’t tend to get blocked by security features built into modern web browsers. “Why do I need a certificate? ru in 2008.

Healthcare

Healthcare Passwords Sales Ransomware

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Security

Security Phishing Information Security Communications

An Untrustworthy TLS Certificate in Browsers

Schneier on Security

NOVEMBER 10, 2022

The company’s Panamanian registration records show that it has the identical slate of officers, agents and partners as a spyware maker identified this year as an affiliate of Arizona-based Packet Forensics, which public contracting records and company documents show has sold communication interception services to U.S.

Paper

Paper Communications Government Security

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

. “In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. “Observed targeting includes pen testers, private offensive security researchers, and employees at security and tech companies. .” ” states the report published by Microsoft.

Security

Security Encryption Passwords Communications

Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities

Security Affairs

FEBRUARY 26, 2024

i-SOON is a prominent contractor for various agencies of the Chinese government, including Ministry of Public Security, Ministry of State Security, and the People’s Liberation Army. The APT41 group, aka Winnti , Axiom, Barium , Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007.

Government

Government IoT Marketing Data breaches

News Alert: Flexxon selects a Chief Technology Strategist, signals intent to expand into the US

The Last Watchdog

JUNE 26, 2023

. “Based on the strong value proposition and impact of Flexxon’s hardware-based solutions, I look forward to driving the adoption of this novel approach and supporting management, partners and customers in making this transition towards a safer and more secure digital footprint for businesses, governments and individuals globally.”

Cybersecurity

Cybersecurity Marketing Communications Government

French court indicted Nexa Technologies for complicity in acts of torture

Security Affairs

NOVEMBER 28, 2021

Nexa Technologies offers a range of solutions for homeland security, including surveillance solutions. ” The Cerebro surveillance software allows spying in real-time the electronic communications of a target. The post French court indicted Nexa Technologies for complicity in acts of torture appeared first on Security Affairs.

Sales

Sales Government Encryption Communications

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Security Affairs

JUNE 21, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Military

Military Phishing Government Communications

Nation-state actors are exploiting CVE-2020-0688 Microsoft Exchange server flaw

Security Affairs

MARCH 9, 2020

Security experts Simon Zuckerbraun from Zero Day Initiative published technical details on how to exploit the Microsoft Exchange CVE-2020-0688 along with a video PoC. Having accomplished this, an attacker would be positioned to divulge or falsify corporate email communications at will.” reads the advisory published by Microsoft.

Authentication

Authentication Communications Cybersecurity Security

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007. The post China-linked APT41 group targets Hong Kong with Spyder Loader appeared first on Security Affairs. ” continues the report. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

File names

File names Encryption Manufacturing Libraries

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

Security Affairs

FEBRUARY 27, 2020

Security experts Simon Zuckerbraun from Zero Day Initiative published technical details on how to exploit the Microsoft Exchange CVE-2020-0688 along with a video PoC. Having accomplished this, an attacker would be positioned to divulge or falsify corporate email communications at will.” ” wrote Zuckerbraun.

Authentication

Authentication Data breaches Communications Access

Belgium telecom operators Proximus and Orange drop Huawei

Security Affairs

OCTOBER 10, 2020

Orange Belgium is using Huawei equipment since 2007 for its mobile network in Belgium and Luxembourg, while the collaboration between Proximus and the Shenzhen-based company started in 2009 for the progressive upgrading of its network. The post Belgium telecom operators Proximus and Orange drop Huawei appeared first on Security Affairs.

Manufacturing

Manufacturing Risk Communications Security

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub , allegedly employed by Russia-linked the APT28 group. The post FBI and NSA joint report details APT28’s Linux malware Drovorub appeared first on Security Affairs. Pierluigi Paganini.

Military

Military IoT Phishing Government

From Cybercrime Saul Goodman to the Russian GRU

Krebs on Security

FEBRUARY 7, 2024

“Hiding with purely technical parameters will not help in a serious matter,” Djamix advised Maza members in September 2007. This Russian language news site’s tagline is, “We Create Communication,” and it focuses heavily on news about Sochi, Adler, Russia and the war in Ukraine, with a strong pro-Kremlin bent.

Military

Military IT Communications Risk

China-linked Winnti APT targets South Korean Gaming firm

Security Affairs

APRIL 22, 2020

Security experts from QuoIntelligence (QuoINT) firm reported that China-linked Winnti cyberespionage group targets South Korean video gaming company Gravity. The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. ” continues the report. Pierluigi Paganini.

Healthcare

Healthcare Communications IT Security

Russian spies are attempting to tap transatlantic undersea cables

Security Affairs

MARCH 1, 2020

Ireland is a strategic place for intercontinental communications because it represents the place where undersea cables which carry internet traffic connect to Europe. The post Russian spies are attempting to tap transatlantic undersea cables appeared first on Security Affairs. ” reported The Sunday Times. Source [link].

Military

Military Communications Data collection Access

79 Netgear router models affected by a dangerous Zero-day

Security Affairs

JUNE 18, 2020

79 Netgear router models are vulnerable to a severe unpatched security vulnerability that can be exploited by remote attackers to take over devices. The security experts reported the vulnerability to the vendor early this year. Oldest firmware versions have been released as far back as 2007. Pierluigi Paganini.

Security

Security Communications IT Information Security

News URSNIF variant doesn’t support banking features

Security Affairs

OCTOBER 21, 2022

It appeared on the threat landscape in 2007 and gained popularity in 2014 when its source code was leaked online giving the opportunity to several threat actors to develop their own version. The communication protocol used by LDR4 is quite similar to the protocol used by the older RM3 variant. Pierluigi Paganini.

Data structuring

Data structuring Communications Ransomware IT

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

MAY 9, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The Mac RAT implements a C&C communication similar to the Linux variant. This library has been used by several threat actors.”

Libraries

Libraries Communications Encryption Authentication

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Security Affairs

JANUARY 27, 2022

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The group keeps updating its toolset to evade security mechanisms.” ” reads t he analysis published by Malwarebytes.

Metadata

Metadata Phishing Communications Ransomware

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

Icamis and Sal were in daily communications with these botmasters, via the Spamdot forum and private messages. For years, security experts — and indeed, many top cybercriminals in the Spamit affiliate program — have expressed the belief that Sal and Icamis were likely the same person using two different identities.

Computer and Electronics

Computer and Electronics Passwords Sales Government

Russian APT Turla?s COMpfun malware uses HTTP status codes to receive commands

Security Affairs

MAY 15, 2020

Security experts from Kaspersky Lab have uncovered a new cyberespionage campaign carried out by Russia-linked APT Turla that employs a new version of the COMpfun malware. “We observed an interesting C2 communication protocol utilizing rare HTTP/HTTPS status codes (check IETF RFC 7231, 6585, 4918). Pierluigi Paganini.

Communications

Communications Government Security Access

Russia-linked APT Turla used a new malware toolset named Crutch

Security Affairs

DECEMBER 2, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations. ” Pierluigi Paganini. ” Pierluigi Paganini.

Archiving

Archiving Communications Government Access

Russia-linked Turla APT hacked European government organization

Security Affairs

OCTOBER 29, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations. ” continues the report. Pierluigi Paganini.

Government

Government Encryption Communications IT

Russia-Linked Turla APT uses new malware in watering hole attacks

Security Affairs

MARCH 13, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations. com / wp -includes/data_from_db_top [. ] Pierluigi Paganini.

Archiving

Archiving Government Communications IT

New Turla ComRAT backdoor uses Gmail for Command and Control

Security Affairs

MAY 26, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations. It communicates with the orchestrator using a named pipe.

Military

Military Communications Encryption Authentication

Russia-Linked Turla APT group Hijacked C2 of the Iranian OilRig

Security Affairs

JUNE 21, 2019

Turla (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ), has been active since at least 2007 targeting government organizations and private businesses. The post Russia-Linked Turla APT group Hijacked C2 of the Iranian OilRig appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – Turla, hacking).

Communications

Communications Government Data collection Education

Russia-linked APT28 targets govt bodies with fake NATO training docs

Security Affairs

SEPTEMBER 23, 2020

Even today, less than half of the known antivirus engines are flagging the infection on VirusTotal , as observed by BleepingComputer: The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Military

Military Government Encryption Communications

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

Its author maintains Orcus is a legitimate R emote A dministration T ool that is merely being abused, but security experts say it includes multiple features more typically seen in malware known as a R emote A ccess T rojan. Tips from international private cyber security firms triggered the investigation.”.

Marketing

Marketing Passwords Systems administration Access

Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East

Security Affairs

JUNE 17, 2020

Security experts from ESET uncovered a new sophisticated cyber-espionage campaign, dubbed “ Operation In(ter)recepti on ,” aimed at aerospace and military organizations in Europe and the Middle East. For further communication with the customer, they used their own email address mimicking the victim’s.”

Military

Military Archiving Passwords Communications

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Security Affairs

APRIL 20, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. ” concludes the report.

Phishing

Phishing Encryption Communications Ransomware

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

Security Affairs

AUGUST 6, 2019

The STRONTIUM APT group (aka APT28 , Fancy Bear , Pawn Storm , Sofacy Group , and Sednit ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. link] #MSFTatBlackHat — Security Response (@msftsecresponse) August 5, 2019. ” concludes Microsoft.

IoT

IoT Military Access Education

Emissary Panda updated its weapons for attacks in the past 2 years

Security Affairs

MARCH 1, 2019

In 2018, Emissary Panda was observed using an updated version of the ZxShell RAT first developed in 2006 and whom code was released in 2007. “This Gh0st RAT sample communicated with IP address 43 [. ] “ SysUpdate Main employs HTTP communications and uses the hard-coded User-Agent “Mozilla/5.0 Windows NT 6.3;

IT

IT File names Financial Services Communications

Dacls RAT, the first Lazarus malware that targets Linux devices

Security Affairs

DECEMBER 17, 2019

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The post Dacls RAT, the first Lazarus malware that targets Linux devices appeared first on Security Affairs. Pierluigi Paganini.

CMS

CMS File names Encryption Access

Lazarus APT continues to target cryptocurrency businesses with Mac malware

Security Affairs

MARCH 28, 2019

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. “They have developed custom PowerShell scripts that communicate with malicious C2 servers and execute commands from the operator.

Communications

Communications Ransomware IT Security

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Security Affairs

OCTOBER 3, 2018

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. Security Affairs – Hidden Cobra, FastCash ). Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Retail

Retail Libraries Phishing Authentication

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Security Affairs

OCTOBER 14, 2019

Security experts at ESET revealed that Winnti Group continues to update its arsenal, they observed that the China-linked APT group using a new modular Windows backdoor that they used to infect the servers of a high-profile Asian mobile hardware and software manufacturer. Pierluigi Paganini. SecurityAffairs – Winnti, malware).

Manufacturing

Manufacturing Paper Communications IT

This is the old ChiefTech blog.: Gartner's top 10 - what about liquid security?

ChiefTech

OCTOBER 11, 2007

Friday, 12 October 2007 Gartner's top 10 - what about liquid security? Graham got to this one before me - Gartners top 10 IT trends for 2008 : Green IT Unified Communications Business Process Management Metadata Management Virtualisation 2.0 CSC calls this " liquid security ". Also, what about deperimeterization ?

Metadata

Metadata Security Communications Paper

Experts link attack on Chilean interbank network Redbanc NK Lazarus APT

Security Affairs

JANUARY 16, 2019

Security experts at Flashpoint linked the recently disclosed attack on the Chilean interbank network to the dreaded Lazarus APT group. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Communications

Communications Ransomware Security IT

Best Enterprise VPN Solutions for 2021

eSecurity Planet

JULY 3, 2021

The downside to this long-term trend is that communications online, never mind on public cloud platforms, present vulnerabilities via web attacks and malware. Also Read: Best Enterprise Network Security Tools & Solutions for 2021. Golden Frog is a Switzerland-based software provider focused on securing online communication.

Encryption

Encryption Communications Marketing Cloud

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Security Affairs

OCTOBER 21, 2019

Security experts have a new malware, dubbed skip-2.0 Security experts at ESET have discovered a new malware, dubbed skip-2.0, The Winnti group was first spotted by Kaspersky in 2013, according to the researchers the gang has been active since 2007. malware to control Microsoft SQL Servers appeared first on Security Affairs.

Passwords

Passwords Authentication Manufacturing Communications

Summary – “Industry in One: Financial Services”

ARMA International

NOVEMBER 7, 2019

Shaped by several financial catastrophes of modern history, such as the Great Depression of 1929 and the Great Recession of 2007, the U.S. By far, the most stringent recordkeeping regulations in the United States are those imposed on the securities broker-dealer industry. Electronic Communications Retention and Supervision.

Financial Services

Financial Services Communications Compliance Risk

The Scammers’ Playbook: How Cybercriminals Get Ahold of Your Data

eSecurity Planet

SEPTEMBER 14, 2022

since Q3 of 2007. Read More At: Top Secure Email Gateway Solutions for 2022. This is the same trick business professionals might use to secure a sale (i.e. According to data from the Federal Reserve , the 55-69 age group currently controls 41.2% of the wealth in the United States as of Q1 2022, compared to 6.5% Business targets.

Energy and Utilities

Energy and Utilities Phishing Blockchain Cybersecurity

Sandboxing: Advanced Malware Analysis in 2021

eSecurity Planet

APRIL 23, 2021

To fill this gap and aid in the analysis, detection, and testing of malware, sandboxing is widely used to give organizations the setting, isolation, and security tools needed to preserve the integrity of the host network. Most include common security tools like: Threat analysis. Also Read: How VMI Can Improve Cloud Security.

Cybersecurity

Cybersecurity Cloud Risk Marketing

Ask Fitis, the Bear: Real Crooks Sign Their Malware

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Webinars

Trending Sources

An Untrustworthy TLS Certificate in Browsers

Webinars

Microsoft: North Korea-linked Zinc APT targets security experts

Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities

News Alert: Flexxon selects a Chief Technology Strategist, signals intent to expand into the US

French court indicted Nexa Technologies for complicity in acts of torture

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Nation-state actors are exploiting CVE-2020-0688 Microsoft Exchange server flaw

China-linked APT41 group targets Hong Kong with Spyder Loader

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

Belgium telecom operators Proximus and Orange drop Huawei

FBI and NSA joint report details APT28’s Linux malware Drovorub

From Cybercrime Saul Goodman to the Russian GRU

China-linked Winnti APT targets South Korean Gaming firm

Russian spies are attempting to tap transatlantic undersea cables

79 Netgear router models affected by a dangerous Zero-day

News URSNIF variant doesn’t support banking features

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Russian APT Turla?s COMpfun malware uses HTTP status codes to receive commands

Russia-linked APT Turla used a new malware toolset named Crutch

Russia-linked Turla APT hacked European government organization

Russia-Linked Turla APT uses new malware in watering hole attacks

New Turla ComRAT backdoor uses Gmail for Command and Control

Russia-Linked Turla APT group Hijacked C2 of the Iranian OilRig

Russia-linked APT28 targets govt bodies with fake NATO training docs

Canadian Police Raid ‘Orcus RAT’ Author

Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

Emissary Panda updated its weapons for attacks in the past 2 years

Dacls RAT, the first Lazarus malware that targets Linux devices

Lazarus APT continues to target cryptocurrency businesses with Mac malware

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

This is the old ChiefTech blog.: Gartner's top 10 - what about liquid security?

Experts link attack on Chilean interbank network Redbanc NK Lazarus APT

Best Enterprise VPN Solutions for 2021

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Summary – “Industry in One: Financial Services”

The Scammers’ Playbook: How Cybercriminals Get Ahold of Your Data

Sandboxing: Advanced Malware Analysis in 2021

Stay Connected