2018, Analysis and Encryption - Information Management Today

Iran-linked DEV-0270 group abuses BitLocker to encrypt victims’ devices

Security Affairs

SEPTEMBER 9, 2022

Iran-linked APT group DEV-0270 (aka Nemesis Kitten) is abusing the BitLocker Windows feature to encrypt victims’ devices. Microsoft Security Threat Intelligence researchers reported that Iran-linked APT group DEV-0270 ( Nemesis Kitten ) has been abusing the BitLocker Windows feature to encrypt victims’ devices.

Encryption

Encryption Ransomware Access Passwords

Patch Tuesday, November 2018 Edition

Krebs on Security

NOVEMBER 14, 2018

This week’s patch batch addresses two flaws of particular urgency: One is a zero-day vulnerability ( CVE-2018-8589 ) that is already being exploited to compromise Windows 7 and Server 2008 systems. Of course, if the target has Adobe Reader or Acrobat installed, it might be easier for attackers to achieve that log in.

Encryption

Encryption Passwords Security IT

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

Researchers at SEC Consult Vulnerability Lab discovered multiple issues in several security products from Fortinet, including hardcoded key and encryption for communications. ” reads the analysis published by the experts. “The messages are encrypted using XOR “encryption” with a static key.”

Communications

Communications Encryption Cloud Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug

Security Affairs

JULY 4, 2019

Kaspersky experts discovered that Sodinokibi, aka Sodin, Ransomware currently also exploits the CVE-2018-8453 vulnerability to elevate privileges in Windows. Researchers published a technical analysis of the privilege escalation process that allows the threat to gain SYSTEM privileges. ” continues the analysis.

Ransomware

Ransomware Encryption Government IT

ESET PROTECT Advanced Review: Features & Benefits

eSecurity Planet

OCTOBER 8, 2021

With a multi-layered approach to endpoint protection, the ESET PROTECT Advanced solution fits small to medium-sized businesses and offers advanced EPP capabilities, full disk encryption , and an automated sandbox for dynamic threat analysis. Full Disk Encryption. Read more: 19 Best Encryption Software & Tools of 2021.

Encryption

Encryption Cloud MDM Cybersecurity

RansomExx Ransomware upgrades to Rust programming language

Security Affairs

NOVEMBER 24, 2022

RansomExx operation has been active since 2018, the list of its victims includes government agencies, the computer manufacturer and distributor GIGABYTE , and the Italian luxury brand Zegna. ” reads the analysis published by IBM Security X-Force. ” concludes the report.

Ransomware

Ransomware Encryption Manufacturing Government

National Academy of Sciences Encryption Study

Data Matters

FEBRUARY 21, 2018

After supporters and opponents of mandated government access to encrypted communications publicly feuded for much of 2016, reprising arguments they’ve had since at least the days of the “Clipper Chip,” these “encryption debates” seemed to quiet down for much of last year. See, e.g., here.)

Encryption

Encryption Government Access Privacy

Moobot botnet is back and targets vulnerable D-Link routers

Security Affairs

SEPTEMBER 7, 2022

” reads the analysis published by Unit 42. “As a variant, MooBot inherits Mirai’s most significant feature – a data section with embedded default login credentials and botnet configuration – but instead of using Mirai’s encryption key, 0xDEADBEEF, MooBot encrypts its data with 0x22.”

Encryption

Encryption Passwords Security IT

HHS Announces First HIPAA Settlement Agreement Involving Ransomware Attack

Hunton Privacy

NOVEMBER 13, 2023

DMS did not detect the attack until after the ransomware was used to encrypt its files in December 2018. As a result, the electronic protected health information (“ePHI”) of approximately 206,695 individuals was affected.

Ransomware

Ransomware Risk Insurance Encryption

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware

Ransomware Encryption Privacy Security awareness

Why 2018 Will Be the Trust Turning Point for the Digital Economy

Thales Cloud Protection & Licensing

JANUARY 4, 2018

This revolution in the creation, transfer, storage and analysis of data has produced our new digital economy. But to do that you must believe that the data is going to be protected and that the organization is protecting you – and that requires secure infrastructure and encryption. You can also find me at @CindyProvin.

Digital transformation

Digital transformation Artificial Intelligence Cloud IoT

MyKings botnet operators already amassed at least $24 million

Security Affairs

OCTOBER 13, 2021

” reads the analysis published by the expert. ” The malware was first spotted in February 2018 by researchers from Proofpoint when the bot was using the EternalBlue exploit to infect Windows computers and recruit them in Monero cryptocurrency mining activities. ” continues the analysis.

ROT

ROT Mining Encryption IT

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

NOVEMBER 26, 2019

Security experts at Microsoft analyzed a new strain of cryptocurrency miner tracked as Dexphot that has been active since at least October 2018. Layers of obfuscation, encryption, and the use of randomized file names hid the installation process. ”reads the analysis published by Microsoft. msiexec.exe, unzip.exe, rundll32.exe,

File names

File names Encryption Mining Security

The Mystery of Fbot

Security Affairs

JANUARY 21, 2020

In a few days back, the MalwareMustDie team’s security researcher unixfreaxjp has published a new Linux malware analysis of Fbot that has focused on the decryption of the last encryption logic used by its bot client. This article explains what we have learned about the Fbot traced back from the year of 2014.

IoT

IoT Honeypots Encryption IT

Experts linked multiple ransomware strains North Korea-backed APT38 group

Security Affairs

MAY 4, 2022

A Mandiant’s report attributed the string of attacks against the SWIFT banking system to the APT38, including the hack of Vietnam’s TP Bank in 2015, Bangladesh’s central bank in 2016, Taiwan’s Far Eastern International in 2017, Bancomext in Mexico in 2018, and Banco de Chile in 2018.

Ransomware

Ransomware Encryption Cybersecurity Security

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Security Affairs

APRIL 30, 2021

The weaponized RTF documents generated with the exploit builder are able to trigger the CVE-2017-11882 , CVE-2018-0798 , CVE-2018-0802 vulnerabilities in Microsoft’s Equation Editor. ” reads the analysis published by Cybereason. ” reads the analysis published by Cybereason. ” continues the report.

Phishing

Phishing Encryption Security IT

Lancefly APT uses powerful Merdoor backdoor in attacks on Asian orgs

Security Affairs

MAY 15, 2023

“Lancefly’s custom malware, which we have dubbed Merdoor, is a powerful backdoor that appears to have existed since 2018.” ” reads the analysis published by Symantec. The intelligence-gathering campaign started in mid-2022 and is likely still ongoing. pak) containing final payload (Merdoor backdoor).

Encryption

Encryption Phishing Communications Education

Numando, a new banking Trojan that abuses YouTube for remote configuration

Security Affairs

SEPTEMBER 19, 2021

The threat actor behind this banking Trojan has been active since at least 2018, it focuses almost exclusively on Brazil but experts spotted rare attacks against users in Mexico and Spain. ” reads the analysis published by ESET. Decrypting the string results in a different URL that leads to the actual payload archive.

Archiving

Archiving Encryption IT Security

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Security Affairs

OCTOBER 17, 2018

Today I’d like to share an interesting analysis of a Targeted Attack found and dissected by Yoroi (technical details are available here ). At a first sight, the office document had an encrypted content available on OleObj.1 And why the attacker used an encrypted payload if the victim cannot open it? 1 and OleObj.2.

Computer and Electronics

Computer and Electronics Encryption Military Security

What Is Encryption? Definition, How it Works, & Examples

eSecurity Planet

DECEMBER 7, 2023

Encryption uses mathematical algorithms to transform and encode data so that only authorized parties can access it. What Encryption Is and How It Relates to Cryptology The science of cryptography studies codes, how to create them, and how to solve them. How Does Encryption Process Data? How Does Encryption Process Data?

Encryption

Encryption IT Passwords IoT

Payroll Provider Gives Extortionists a Payday

Krebs on Security

FEBRUARY 23, 2019

19, Apex was alerted that its systems had been infected with a destructive strain of ransomware that encrypts computer files and demands payment for a digital key needed to unscramble the data. “When they encrypt the data, that happens really fast,” he said. Roswell, Ga. on Tuesday, Feb. More than a week later on Jan.

Ransomware

Ransomware Encryption Cloud Access

North Korea-linked Lazarus continues to target job seekers with macOS malware

Security Affairs

SEPTEMBER 28, 2022

” reads the analysis published by SentinelOne. ” The experts were not able to determine the last-stage payload because the C2 server responsible for hosting the malware was offline at the time of the analysis. This has been a long-running theme going as far back as the AppleJeus campaigns that began in 2018.

Encryption

Encryption Security IT Information Security

MY TAKE: The no. 1 reason ransomware attacks persist: companies overlook ‘unstructured data’

The Last Watchdog

SEPTEMBER 18, 2018

One reason for the enduring waves of ransomware is that unstructured data is easy for hackers to locate and simple for them to encrypt. I talked with Jonathan Sander, Chief Technology Officer with STEALTHbits Technologies , about this at Black Hat USA 2018. The main difference between the two is organization and analysis.

Unstructured data

Unstructured data Ransomware Mining Encryption

Platinum APT and leverages steganography to hide C2 communications

Security Affairs

JUNE 6, 2019

In June 2018, experts at Kaspersky were investigating attacks against government and military entities in South and Southeast Asian countries, The experts tracked the campaign as EasternRoppels, they speculate it may have started as far back as 2012. ” reads the analysis published by the expert. ” continues the analysis.

Communications

Communications Encryption Military Government

New Virobot malware combines ransomware and botnet capabilities

Security Affairs

SEPTEMBER 23, 2018

Virobot encrypts files on infected machines and is also implements spam botnet abilities and leverages it target other systems. Virobot was first spotted on September 17, 2018, experts pointed out that it is not associated with any known ransomware families. ” reads the analysis published by Trend Micro.

Ransomware

Ransomware Encryption Risk Security

DoppelPaymer, a fork of BitPaymer Ransomware, appeared in the threat landscape

Security Affairs

JULY 15, 2019

” reads the analysis published by CrowdStrike. Later versions did not include the above info, instead, the variant appeared in the threat landscape since July 2018 only included two emails to negotiate the ransom and to contact to receive the instructions for the payment. ” continues the analysis.

Ransomware

Ransomware Encryption Agriculture Retail

I Was Cited in a Court Decision

Schneier on Security

MARCH 15, 2019

See generally, Kerr & Schneier, Encryption Workarounds, 106 Geo. 989, 990, 994, 998 (2018). And here's the second, in footnote 5: We recognize that ordinary cell phone users are likely unfamiliar with the complexities of encryption technology. See Kerr & Schneier, supra at 995.

Encryption

Encryption Passwords

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

Security Affairs

SEPTEMBER 17, 2021

CVE-2020-14882 Oracle WebLogic Server RCE, and CVE-2018-20062 ThinkPHP RCE) and targeting sites and systems protected with weak administrative credentials. Upon examination, it was clear the malware had some decryption functionality and an encrypted file stored in another directory.” ” concludes the analysis.

Honeypots

Honeypots Mining Encryption Access

North Korea-linked malware ATMDtrack infected ATMs in India

Security Affairs

SEPTEMBER 23, 2019

ATMDtrack has been spotted on the networks of Indian banks since late summer 2018, a more sophisticated version tracked as Dtrack , was involved in attacks aimed at Indian research centers. “In the late summer of 2018, we discovered ATMDtrack, a piece of banking malware targeting Indian banks. ” states the analysis.

Archiving

Archiving Encryption Passwords Access

Victims of Pylocky ransomware can decrypt their files for free

Security Affairs

JANUARY 11, 2019

In this phase, the ransomware sends to the command and control server information on the encryption process, including a string that contains the Initialization Vector (IV) and a random password used by the ransomware to encrypt the files. “To combat this ransomware, Cisco Talos is releasing a free decryption tool.

Ransomware

Ransomware Encryption Passwords Libraries

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Security Affairs

FEBRUARY 23, 2022

The forensic analysis conducted by researchers revealed the presence of multiple instances of the general-purpose Dridex malware which was also used to distribute other malware. In a first stage it allocates the memory space where to copy the encrypted data and whose content is executed by the packer. ” continues the report.

Ransomware

Ransomware Encryption IT Government

Sodinokibi Ransomware Operators hit electrical energy company Light S.A.

Security Affairs

JULY 2, 2020

. “The company claims to have been the victim of a virus attack, but what motivated this attack has been kept confidential: hackers have invaded the system and sent a virus that encrypts all Windows system files.” ” reads the analysis published by AppGate. ” reads the analysis published by AppGate.

Ransomware

Ransomware Encryption Access IT

Key Reuse opens to attacks on IPsec IKE, Cisco, Huawei, ZyXEL products are affected

Security Affairs

AUGUST 14, 2018

Security researchers from the University of Opole in Poland and the Ruhr-University Bochum in Germany have devised a new attack technique that allows cracking encrypted communications. We exploit a Bleichenbacher oracle in an IKEv1 mode, where RSA encrypted nonces are used for authentication.” Many vendors are affected.

Encryption

Encryption Paper Authentication Communications

Mirai and Gafgyt target Apache Struts and SonicWall to hit enterprises

Security Affairs

SEPTEMBER 10, 2018

” reads the analysis published by Palo Alto Networks. In August, the same IP address was intermittently hosting samples of Gafgyt that were including the exploit code to trigger the CVE-2018-9866 flaw affecting older versions of SonicWall Global Management System (GMS). ” continues the analysis. ” . .

IoT

IoT Data breaches Encryption Security

Operation Sharpshooter targets critical infrastructure and global defense

Security Affairs

DECEMBER 13, 2018

“In October and November 2018, the Rising Sun implant has appeared in 87 organizations across the globe, predominantly in the United States, based on McAfee telemetry and our analysis.” ” reads the analysis published by McAfee. ” continues the report.

Encryption

Encryption Metadata Phishing Security

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing

Thales Cloud Protection & Licensing

DECEMBER 22, 2020

New EU restrictions could force companies to change data transfer practices and adopt more advanced data encryption methods. The 2020 analysis found that customer data was by far the most-commonly compromised type of record with 80% of breached organizations saying that customer PII was affected. Tue, 12/22/2020 - 10:08. In the Dec.

Data Privacy

Data Privacy Privacy Security Encryption

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. M]uch of InfoSec management falls back on employee training and avoiding employee error – particularly with respect to phishing , spear phishing, and encryption lapses.”.

Data Privacy

Data Privacy Compliance Privacy Security

New Miori botnet has a unique protocol for C2 communication

Security Affairs

JULY 12, 2019

it first appeared oi the threat landscape in late 2018 when the bot was spread by exploiting a ThinkPHP remote code execution vulnerability after the exploit code was made publicly available. ” reads the analysis published by Trend Micro. The Miori bot borrows the code from the dreaded Mirai malware.

Communications

Communications IoT Encryption Sales

xHunt hackers hit Microsoft Exchange with two news backdoors

Security Affairs

NOVEMBER 9, 2020

Experts attribute the attack to a known threat actor tracked as xHunt , aka Hive0081, which was first discovered in 2018. ” reads the analysis published by the experts. ” continues the analysis. b” continues the analysis. “The commands executed by the two tasks attempt to run splwow64.ps1

Communications

Communications Access Government Encryption

Evaluating the NSA's Telephony Metadata Program

Schneier on Security

AUGUST 12, 2019

Interesting analysis: " Examining the Anomalies, Explaining the Value: Should the USA FREEDOM Act's Metadata Program be Extended? " The second emerged in June 2018 when the NSA announced the purging of three years' worth of CDR records for "technical irregularities." by Susan Landau and Asaf Lubin.

Metadata

Metadata Communications Paper Encryption

GreyEnergy: Welcome to 2019

Security Affairs

JANUARY 16, 2019

The GreyEnergy implant is also known as “FELIXROOT” backdoor: FireEye researchers published a technical article on July 2018 about a spear-phishing campaign trying to deliver the malware to undisclosed targets. Technical analysis. Figure 5 – GreyEnergy invokes sleep API to evade analysis.

Phishing

Phishing Manufacturing Encryption IT

The Long Run of Shade Ransomware

Security Affairs

FEBRUARY 19, 2019

As stated in a recent Eset report , the Shade infection had an increase during October 2018, keeping a constant trend until the second half of December 2018, taking a break around Christmas, and then resuming in mid-January 2019 doubled in size (shown in Figure 1). Technical analysis. References to an Oil-Gas company.

Ransomware

Ransomware Mining File names Encryption

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

APRIL 3, 2019

. “While continuing to monitor activity of the OceanLotus APT Group, BlackBerry Cylance researchers uncovered a novel payload loader that utilizes steganography to read an encrypted payload concealed within a.png image file.” ” reads the report published by the experts.

Libraries

Libraries Encryption Communications Manufacturing

BackdoorDiplomacy APT targets diplomats from Africa and the Middle East

Security Affairs

JUNE 13, 2021

Several victims were compromised via mechanisms that closely matched the Rehashed Rat and a MirageFox-APT15 campaign documented by Fortinet in 2017 and Intezer in 2018, respectively. The Linux variant of Turian shares the same network encryption protocol characteristics and attempts to return a TTY reverse shell to the operator.”

Encryption

Encryption Security Access IT

Iran-linked DEV-0270 group abuses BitLocker to encrypt victims’ devices

Patch Tuesday, November 2018 Edition

Webinars

Trending Sources

Some Fortinet products used hardcoded keys and weak encryption for communications

Webinars

Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug

ESET PROTECT Advanced Review: Features & Benefits

RansomExx Ransomware upgrades to Rust programming language

National Academy of Sciences Encryption Study

Moobot botnet is back and targets vulnerable D-Link routers

HHS Announces First HIPAA Settlement Agreement Involving Ransomware Attack

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Why 2018 Will Be the Trust Turning Point for the Digital Economy

MyKings botnet operators already amassed at least $24 million

Microsoft warns of Dexphot miner, an interesting polymorphic threat

The Mystery of Fbot

Experts linked multiple ransomware strains North Korea-backed APT38 group

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Lancefly APT uses powerful Merdoor backdoor in attacks on Asian orgs

Numando, a new banking Trojan that abuses YouTube for remote configuration

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

What Is Encryption? Definition, How it Works, & Examples

Payroll Provider Gives Extortionists a Payday

North Korea-linked Lazarus continues to target job seekers with macOS malware

MY TAKE: The no. 1 reason ransomware attacks persist: companies overlook ‘unstructured data’

Platinum APT and leverages steganography to hide C2 communications

New Virobot malware combines ransomware and botnet capabilities

DoppelPaymer, a fork of BitPaymer Ransomware, appeared in the threat landscape

I Was Cited in a Court Decision

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

North Korea-linked malware ATMDtrack infected ATMs in India

Victims of Pylocky ransomware can decrypt their files for free

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Sodinokibi Ransomware Operators hit electrical energy company Light S.A.

Key Reuse opens to attacks on IPsec IKE, Cisco, Huawei, ZyXEL products are affected

Mirai and Gafgyt target Apache Struts and SonicWall to hit enterprises

Operation Sharpshooter targets critical infrastructure and global defense

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing

Security Compliance & Data Privacy Regulations

New Miori botnet has a unique protocol for C2 communication

xHunt hackers hit Microsoft Exchange with two news backdoors

Evaluating the NSA's Telephony Metadata Program

GreyEnergy: Welcome to 2019

The Long Run of Shade Ransomware

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

BackdoorDiplomacy APT targets diplomats from Africa and the Middle East

Stay Connected