2014, Analysis, Encryption and Security - Information Management Today

Snake Ransomware isolates infected Systems before encrypting files

Security Affairs

JULY 5, 2020

Experts spotted recent samples of the Snake ransomware that were isolating the infected systems while encrypting files to avoid interference. The Snake ransomware kills processes from a predefined list, including ICS-related processes, to encrypt associated files. ” continues the analysis. ” concludes the report.

Encryption

Encryption Ransomware Cybersecurity Archiving

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

Researchers at SEC Consult Vulnerability Lab discovered multiple issues in several security products from Fortinet, including hardcoded key and encryption for communications. ” reads the analysis published by the experts. “The messages are encrypted using XOR “encryption” with a static key.”

Communications

Communications Encryption Cloud Security

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

MAY 25, 2020

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. ” continues the analysis. Mounting all the shared drives to encrypt.

Encryption

Encryption Ransomware Energy and Utilities File names

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. GDPR (among other legal requirements in the EU and elsewhere) can expose multinational organizations to hefty financial penalties, additional rules for disclosing data breaches, and increased scrutiny of the adequacy of their data security.

Data Privacy

Data Privacy Compliance Privacy Security

GCHQ implements World War II cipher machines in encryption app CyberChef

Security Affairs

MARCH 18, 2019

UK intelligence agency GCHQ released emulators for World War II cipher machines (Enigma, Typex and The Bombe) that can be executed in the encryption app CyberChef. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Encryption

Encryption Military Education Communications

Sodinokibi ransomware uses MS API to encrypt open and locked files

Security Affairs

MAY 11, 2020

Researchers warn of a new feature implemented in the Sodinokibi ransomware, the threat can now encrypt open and locked files. The Sodinokibi ransomware (REvil) continues to evolve, operators implemented a new feature that allows the malware to encrypt victim’s files, even if they are opened and locked by another process.

Encryption

Encryption Ransomware Cybersecurity Security

DeathRansom ransomware evolves encrypting files, but experts identified its author

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. Pierluigi Paganini.

Encryption

Encryption Ransomware IT Phishing

Maze ransomware uses Ragnar Locker virtual machine technique

Security Affairs

SEPTEMBER 17, 2020

The Maze ransomware operators now use a virtual machine to encrypt a computer, a tactic previously adopted by the Ragnar Locker malware. The Maze ransomware operators have adopted a new tactic to evade detection, their malware now encrypts a computer from within a virtual machine. ” reads the analysis published by Sophos. .

Ransomware

Ransomware Encryption File names Security

Spotting RATs: Delphi wrapper makes the analysis harder

Security Affairs

JULY 8, 2019

Experts observed an increase of the malware spreading using less-known archive types as dropper,in particular ISO image.Delphi wrapper makes analysis harder. Technical Analysis. As expected, the malicious payload is stored in the resource section in encrypted way (probably using a simple XOR-encryption). Introduction.

File names

File names Encryption Archiving Phishing

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

Security experts from ESET discovered a new piece of malware, tracked as CDRThief, that targets the Linux VoIP platform, Linknat VOS2009/3000 softswitches, to steal call data records (CDR) from telephone exchange equipment. . ” reads the analysis published by ESET. ” continues the analysis.

Metadata

Metadata Encryption File names Passwords

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Security researchers provided technical details about an IoT botnet dubbed Ttint that has been exploiting two zero-days in Tenda routers. Security researchers at Netlab, the network security division Qihoo 360, have published a report that details an IoT botnet dubbed Ttint. Pierluigi Paganini.

IoT

IoT Encryption Communications Access

Experts warn of a new strain of ransomware, the PXJ Ransomware

Security Affairs

MARCH 16, 2020

Security experts from IBM X-Force have spotted a new strain of ransomware, dubbed PXJ Ransomware, that does share the same code with other known ransomware families. The name PXJ ransomware comes from the file extension that it appends to encrypted files. ” reads the analysis post by IBM X-Force. .

Ransomware

Ransomware Encryption Communications IT

Experts observed a spike in COVID-19 related malspam emails containing GuLoader

Security Affairs

MAY 23, 2020

Security experts observed a spike in the use of the GuLoader since March 2020 while investigating COVID-19-themed malspam campaigns. In the last campaign observed by experts, the downloader utilizes cloud hosting services to keep the payload encrypted. ” reads the analysis. Pierluigi Paganini.

Encryption

Encryption Cloud Access Security

Visa warns of new sophisticated credit card skimmer dubbed Baka

Security Affairs

SEPTEMBER 6, 2020

The skimmer loads dynamically to avoid static malware scanners and uses unique encryption parameters for each victim to obfuscate the malicious code.” The JavaScript URL is hardcoded in the loader script in encrypted format, experts observed that the attackers can change the URL for each victim. Pierluigi Paganini.

e-Delivery

e-Delivery Encryption Passwords Authentication

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

NOVEMBER 26, 2019

Security experts at Microsoft analyzed a new strain of cryptocurrency miner tracked as Dexphot that has been active since at least October 2018. “The Dexphot attack used a variety of sophisticated methods to evade security solutions. ”reads the analysis published by Microsoft. msiexec.exe, unzip.exe, rundll32.exe,

File names

File names Encryption Mining Security

Experts disclose security flaws in Oracle’s iPlanet Web Server

Security Affairs

MAY 11, 2020

Researchers discovered two security flaws impacting Oracle’s iPlanet Web Server, tracked as CVE-2020-9315 and CVE-2020-9314, that could cause sensitive data exposure and limited injection attacks. The vulnerability could result in the leak of sensitive data, including configuration information and encryption keys. .

Security

Security Phishing Encryption Authentication

Hacker broke into super secure French Government’s Messaging App Tchap hours after release

Security Affairs

APRIL 20, 2019

A white hat hacker discovered how to break Tchap, a new secure messaging app launched by the French government for officials and politicians. The key point Tchap is that encrypted communications flow through internal servers to prevent cyber attacks carried out by foreign nation-state actors. or @elysee.fr Pierluigi Paganini.

Security

Security Encryption Communications Government

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

. “In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. “Observed targeting includes pen testers, private offensive security researchers, and employees at security and tech companies. ” states the report published by Microsoft.

Security

Security Encryption Passwords Communications

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

Security Affairs

MARCH 17, 2020

Last week, security experts from MalwareHunterTeam detected new ransomware dubbed CoronaVirus has been distributed through a malicious web site that was advertising a legitimate system optimization software and utilities from WiseCleaner. The filename of the encrypted files will be changed to the attacker’s email address (i.e.

Ransomware

Ransomware Passwords File names Encryption

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Numerous strains of this destructive code have been the front-page news in global computer security chronicles for almost a decade now, with jaw-dropping ups and dramatic downs accompanying its progress. File encryption 2013 – 2015. Ransomware is undoubtedly one of the most unnerving phenomena in the cyber threat landscape.

Ransomware

Ransomware Encryption Privacy Security awareness

A new variant of the IcedID banking Trojan spreads using COVID-19 lures

Security Affairs

JUNE 22, 2020

” reads the analysis published by Juniper, “Previous versions of IcedID injected into svchost.exe and downloaded encrypted modules and config as “.dat” The size of the image is more than 600KB and embedded in it is the encrypted IcedID main module. ” continues the analysis. “[The dat” files.

Encryption

Encryption IT Security Information Security

Underestimating the FONIX – Ransomware as a Service could be an error

Security Affairs

OCTOBER 11, 2020

Experts believe that However the FONIX RaaS can quickly become rampant if security firms and authorities underestimate it. “Notably, FONIX varies somewhat from many other current RaaS offerings in that it employs four methods of encryption for each file and has an overly-complex post-infection engagement cycle.”

Ransomware

Ransomware Encryption Compliance Communications

Multi-platform Tycoon Ransomware employed in targeted attacks

Security Affairs

JUNE 5, 2020

” reads the analysis published by BlackBerry. Attackers timestamped files with date timestamps of 11th April 2020, 15:16:22: Upon establishing a foothold onto the target network, the attackers executed the Java ransomware module, which encrypted the files on connected servers. ”continues the analysis.

Ransomware

Ransomware Encryption Archiving Education

Snatch Ransomware force systems to Windows Safe Mode to bypass security solutions

Security Affairs

DECEMBER 10, 2019

Experts spotted a new piece of the Snatch ransomware that reboots computers it infects into Safe Mode to bypass resident security solutions. Researchers discovered a new strain of the Snatch ransomware that reboots computers it infects into Safe Mode to bypass resident security solutions and encrypt files on the system.

Ransomware

Ransomware Security Encryption Access

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Security Affairs

APRIL 1, 2020

In malspam attacks, attackers could encrypt the Excel file by setting up a password, then when the victims receive the email, hackers trick them into opening the attachment using a password included in the content of the message. ” reads the analysis published by the experts. Pierluigi Paganini.

Passwords

Passwords Encryption Security IT

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. ” reads the analysis published by Cybereason. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the report.

Financial Services

Financial Services Libraries Encryption Authentication

Z-LAB Report – Analyzing the GandCrab v5 ransomware

Security Affairs

OCTOBER 2, 2018

GandCrab operates like a classic ransomware, it encrypts all user files and drops some ransom notes on the infected machine. to allow the code to encrypt the files opened by these applications. Technical details, including IoCs and Yara Rules, are reported in the analysis shared by researchers at the ZLab. Pierluigi Paganini.

Ransomware

Ransomware Encryption Security IT

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

” continues the analysis. The binaries are stored encrypted and obfuscated too, with a slightly different format, the AES Initialization vector being stored within the core module binary instead of in the encrypted module files.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Encryption

Encryption Communications IT Government

A new NAS Ransomware targets QNAP Devices

Security Affairs

JULY 11, 2019

Malware researchers at two security firms Intezer and Anomali have discovered a new piece of ransomware targeting Network Attached Storage (NAS) devices. Experts at security firms Intezer and Anomali have separately discovered a new piece of ransomware targeting Network Attached Storage (NAS) devices. base64 encoded encrypted data].

Ransomware

Ransomware Encryption Manufacturing Security

D-Link releases a security firmware update that only fixes 3 out 6 issues in DIR-865L home routers

Security Affairs

JUNE 13, 2020

D-Link has released a firmware update to address three security flaws impacting the DIR-865L home router model, but left some issue unpatched. D-Link has recently released a firmware update to address three out of six security flaws impacting the DIR-865L wireless home router. ” reads the analysis published by Palo Alto Networks.

Security

Security Encryption Risk Access

New KilllSomeOne APT group leverages DLL side-loading

Security Affairs

NOVEMBER 5, 2020

” reads the analysis published by Sophos. The attackers use a simple XOR encryption algorithm with the string “Hapenexx is very bad” as a key. ” continues the analysis. . In these attacks, the encryption key used is the string “HELLO_USA_PRISIDENT.” Pierluigi Paganini.

File names

File names Encryption Libraries IT

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

Security experts from ESET discovered a new piece of malware, tracked as CDRThief, that targets the Linux VoIP platform, Linknat VOS2009/3000 softswitches, to steal call data records (CDR) from telephone exchange equipment. . ” reads the analysis published by ESET. ” continues the analysis.

Metadata

Metadata Encryption File names Passwords

Google removes 17 Joker -infected apps from the Play Store

Security Affairs

SEPTEMBER 27, 2020

Security researchers from Zscaler spotter 17 apps in the Play Store that were infected with the Joker (Bread) malware. In February, the infamous Joker malware has found a way to bypass the security checks to be published in the official Play Store, Check Point researchers discovered a new clicker.

Encryption

Encryption Paper Security IT

Security Affairs newsletter Round 201 – News of the week

Security Affairs

FEBRUARY 17, 2019

The best news of the week with Security Affairs. Adiantum will bring encryption on Android devices without cryptographic acceleration. Malicious PDF Analysis. SAP security fixes address Critical flaw in SAP HANA XSA. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. 20% discount.

Security

Security Sales Data breaches Paper

New variant of Konni RAT used in a campaign that targeted Russia

Security Affairs

AUGUST 29, 2021

So far, Konni RAT has managed to evade detection as only 3 security solutions on VirusTotal were able to detect the malware. Security researchers at Malwarebytes Labs have uncovered an ongoing malware campaign that is mainly targeting Russia with the Konni RAT. ” reads the analysis published by Malwarebytes.

Encryption

Encryption IT Security Information Security

The Mystery of Fbot

Security Affairs

JANUARY 21, 2020

In a few days back, the MalwareMustDie team’s security researcher unixfreaxjp has published a new Linux malware analysis of Fbot that has focused on the decryption of the last encryption logic used by its bot client. This article explains what we have learned about the Fbot traced back from the year of 2014.

IoT

IoT Honeypots Encryption IT

Intel investigates security breach after the leak of 20GB of internal documents

Security Affairs

AUGUST 7, 2020

“Per our analysis, the leaked files contained Intel intellectual property respective to the internal design of various chipsets. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . ” reported ZDNet.

Security

Security Encryption Authentication Marketing

Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug

Security Affairs

JULY 4, 2019

Researchers published a technical analysis of the privilege escalation process that allows the threat to gain SYSTEM privileges. The body of each Sodin sample includes an encrypted configuration block that stores the settings and data used by the malware. ” continues the analysis. Pierluigi Paganini.

Ransomware

Ransomware Encryption Government IT

Security Affairs newsletter Round 207 – News of the week

Security Affairs

MARCH 31, 2019

The best news of the week with Security Affairs. Malware Static Analysis. How to get back files encrypted by the Hacked Ransomware for free. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Kindle Edition.

Security

Security Data breaches Ransomware Paper

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

The second stage installs itself and loads the third stage using an encrypted, hardcoded path. ” reads the analysis. ” The malware leverages the Microsoft implementation of SSL/TLS, Secure Channel, for C2 communication. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Communications

Communications Encryption Education Authentication

Experts linked multiple ransomware strains North Korea-backed APT38 group

Security Affairs

MAY 4, 2022

APT38 appears to be a North Korea-linked group separate from the infamous Lazarus group, it has been active since at least 2014 and it has been observed targeting over 16 organizations across 11 countries. The investigation of the security firm started with the discovery of ‘ VHD ransomware ’ in the threat landscape in March 2020.

Ransomware

Ransomware Encryption Cybersecurity Security

XCSSET Mac spyware spreads via Xcode Projects

Security Affairs

AUGUST 15, 2020

The malware also implements ransomware behavior, it is able to encrypt files and display a ransom note. ” reads the analysis published by Trend Micro. The analysis of the C&C server revealed a list of 380 victim IP addresses, most of them in China (152) and India (103). Xcode developers are at risk. Pierluigi Paganini.

Ransomware

Ransomware Encryption Risk IT

ZINC Hackers Leverage Open-source Software to Lure IT Pros

eSecurity Planet

OCTOBER 3, 2022

Then they moved the conversation away from the platform to encrypted messaging apps like WhatsApp. See the Best Open Source Security Tools. ZINC cybercriminals are considered sophisticated attackers who made themselves known with an attack against Sony Pictures Entertainment in 2014. Putty) and networking tools. UK, and India.

IT

IT Phishing Encryption Archiving

New Virobot malware combines ransomware and botnet capabilities

Security Affairs

SEPTEMBER 23, 2018

Security experts from Trend Micro discovered a new malware tracked as Virobot that combines ransomware and botnet capabilities. Virobot encrypts files on infected machines and is also implements spam botnet abilities and leverages it target other systems. ” reads the analysis published by Trend Micro. Pierluigi Paganini.

Ransomware

Ransomware Encryption Risk Security

Snake Ransomware isolates infected Systems before encrypting files

Some Fortinet products used hardcoded keys and weak encryption for communications

Webinars

Trending Sources

Ragnar Ransomware encrypts files from virtual machines to evade detection

Webinars

Security Compliance & Data Privacy Regulations

GCHQ implements World War II cipher machines in encryption app CyberChef

Sodinokibi ransomware uses MS API to encrypt open and locked files

DeathRansom ransomware evolves encrypting files, but experts identified its author

Maze ransomware uses Ragnar Locker virtual machine technique

Spotting RATs: Delphi wrapper makes the analysis harder

CDRThief Linux malware steals VoIP metadata from Linux softswitches

New Ttint IoT botnet exploits two zero-days in Tenda routers

Experts warn of a new strain of ransomware, the PXJ Ransomware

Experts observed a spike in COVID-19 related malspam emails containing GuLoader

Visa warns of new sophisticated credit card skimmer dubbed Baka

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Experts disclose security flaws in Oracle’s iPlanet Web Server

Hacker broke into super secure French Government’s Messaging App Tchap hours after release

Microsoft: North Korea-linked Zinc APT targets security experts

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

A new variant of the IcedID banking Trojan spreads using COVID-19 lures

Underestimating the FONIX – Ransomware as a Service could be an error

Multi-platform Tycoon Ransomware employed in targeted attacks

Snatch Ransomware force systems to Windows Safe Mode to bypass security solutions

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

EventBot, a new Android mobile targets financial institutions across Europe

Z-LAB Report – Analyzing the GandCrab v5 ransomware

Unknown FinSpy Mac and Linux versions found in Egypt

A new NAS Ransomware targets QNAP Devices

D-Link releases a security firmware update that only fixes 3 out 6 issues in DIR-865L home routers

New KilllSomeOne APT group leverages DLL side-loading

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Google removes 17 Joker -infected apps from the Play Store

Security Affairs newsletter Round 201 – News of the week

New variant of Konni RAT used in a campaign that targeted Russia

The Mystery of Fbot

Intel investigates security breach after the leak of 20GB of internal documents

Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug

Security Affairs newsletter Round 207 – News of the week

DePriMon downloader uses a never seen installation technique

Experts linked multiple ransomware strains North Korea-backed APT38 group

XCSSET Mac spyware spreads via Xcode Projects

ZINC Hackers Leverage Open-source Software to Lure IT Pros

New Virobot malware combines ransomware and botnet capabilities

Stay Connected