Analysis, Archiving and Encryption - Information Management Today

Expert warns of Turtle macOS ransomware

Security Affairs

DECEMBER 1, 2023

The popular cyber security researcher Patrick Wardle published a detailed analysis of the new macOS ransomware Turtle. The Turtle ransomware reads files into memory, encrypt them with AES (in CTR mode), rename the files, then overwrites the original contents of the files with the encrypted data. concludes the analysis.

Ransomware

Ransomware Encryption Archiving Cybersecurity

Snake Ransomware isolates infected Systems before encrypting files

Security Affairs

JULY 5, 2020

Experts spotted recent samples of the Snake ransomware that were isolating the infected systems while encrypting files to avoid interference. The Snake ransomware kills processes from a predefined list, including ICS-related processes, to encrypt associated files. ” continues the analysis. Pierluigi Paganini.

Encryption

Encryption Ransomware Cybersecurity Archiving

StrelaStealer targeted over 100 organizations across the EU and US

Security Affairs

MARCH 25, 2024

Upon downloading and opening the archive, a JScript file is dropped onto the system. “The JScript file then drops a Base64-encrypted file and a batch file. The Base64-encrypted file is decoded with the certutil -f decode command, resulting in the creation of a Portable Executable (PE) DLL file.”

Encryption

Encryption Manufacturing Archiving Phishing

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Bronze Starlight targets the Southeast Asian gambling sector

Security Affairs

AUGUST 18, 2023

Then the loaders retrieve a second-stage payload stored in password-protected ZIP archive from Alibaba buckets. “The zip archives downloaded by agentupdate_plugins.exe and AdventureQuest.exe contain sideloading capabilities. ” reads the analysis published by SentinelOne. IP-based geolocation service.

Archiving

Archiving File names Encryption Passwords

Spotting RATs: Delphi wrapper makes the analysis harder

Security Affairs

JULY 8, 2019

Experts observed an increase of the malware spreading using less-known archive types as dropper,in particular ISO image.Delphi wrapper makes analysis harder. In the last period, we observed an increase of the malware spreading using less-known archive types as an initial dropper, in particular, ISO image. Technical Analysis.

File names

File names Encryption Archiving Phishing

Numando, a new banking Trojan that abuses YouTube for remote configuration

Security Affairs

SEPTEMBER 19, 2021

. “Some Numando variants store these images in an encrypted ZIP archive inside their.rsrc sections, while others utilize a separate Delphi DLL just for this storage. ” reads the analysis published by ESET. Decrypting the string results in a different URL that leads to the actual payload archive.

Archiving

Archiving Encryption IT Security

Hades ransomware gang targets big organizations in the US

Security Affairs

MARCH 26, 2021

Accenture security researchers published an analysis of the latest Hades campaign, which is ongoing since at least December 2020. . Then the malware perform a scan in local directories and network shares for content to encrypt. ” reads the analysis published by Accenture. ” concludes the report.

Ransomware

Ransomware Encryption File names Manufacturing

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

The threat actors leverage spear-phishing emails to deliver archive files utilizing DLL side-loading schemes. ” reads the analysis published by Checkpoint. shell – Sends the computer name in a JSON format encrypted with simple XOR encryption and base64 encoded to the C2.

Government

Government IT Encryption Libraries

Iran-linked APT TA453 targets Windows and macOS systems

Security Affairs

JULY 8, 2023

” reads the analysis published by Proofpoint. The.rar archive contained a dropper named “Abraham Accords & MENA.pdf.lnk.” If the target is a macOS system, TA453 sends a second email with a ZIP archive embedding a Mach-O binary that masquerades as a VPN application. ” continues the analysis.

Archiving

Archiving Cloud File names Metadata

New Woody RAT used in attacks aimed at Russian entities

Security Affairs

AUGUST 4, 2022

The attackers were delivering the malware using archive files and Microsoft Office documents exploiting the Follina Windows flaw ( CVE-2022-30190 ). “The earliest versions of this Rat was typically archived into a zip file pretending to be a document specific to a Russian group. .

Archiving

Archiving Phishing Encryption Passwords

A database containing data of +8.9 million Zacks users was leaked online

Security Affairs

JUNE 13, 2023

Zacks is the leading investment research firm focusing on stock research, analysis, and recommendations. The availability of the archive was reported by the data breach notification service Have I Been Pwned , which notified Zecks. HIBP pointed out that the most recent record in the leaked database is dated May 2020.

Data breaches

Data breaches Passwords Encryption Archiving

PCI DSS compliance: a range of encryption approaches available to secure your data

Thales Cloud Protection & Licensing

NOVEMBER 29, 2017

Not all types of encryption give you the coverage and flexibility you need. One of the most common and most effective approaches to protecting data is encryption. Encryption is typically employed on four layers of the technology stack: Disk (or media). The pros and cons of encrypting at different layers in the technology stack.

Encryption

Encryption Compliance Security Archiving

China-Linked BRONZE PRESIDENT APT targets Government officials worldwide

Security Affairs

SEPTEMBER 10, 2022

” reads the analysis published by Secureworks. In the recent campaign, the malware is included in RAR archive files. Once opened the archive, it will displays a Windows shortcut (LNK) file that masquerades as a document. The Bronze President group is targeting political and law enforcement organizations and NGOs in Asia.

Government

Government Archiving Metadata Encryption

Top Open Source Security Tools

eSecurity Planet

OCTOBER 18, 2021

Backed by a huge open source database of known exploits, it also provides IT with an analysis of pen testing results so remediation steps can be done efficiently. Read more: Metasploit: Pen Testing Product Overview and Analysis. Read more: Fiddler: Pen Testing Product Overview and Analysis. Security Onion. Aircrack-ng.

Security

Security Encryption Compliance Libraries

Gootkit AaaS malware is still active and uses updated tactics

Security Affairs

AUGUST 2, 2022

This forum hosted a ZIP archive that contains the malicious.js “When the user downloaded and opened this file, it spawned an obfuscated script which, through registry stuffing, installed a chunk of encrypted codes in the registry and added scheduled tasks for persistence. . ” reads the analysis published by Trend Micro.

Encryption

Encryption Archiving Ransomware Access

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, the attacks were launched by multiple hack-for-hire actors recruited on Russian-speaking forums.

Phishing

Phishing Archiving Encryption Authentication

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Security Affairs

MAY 23, 2023

A deeper analysis revealed that the threat actor CloudWizard has been linked to an activity cluster that dates back to May 2016 that was tracked by ESET researchers as Operation Groundbait. The archive contained two files, a decoy document (i.e. PDF, XLSX and DOCX versions) and a malicious LNK file with a double extension (i.e.,pdf.lnk)

Communications

Communications Agriculture Cloud Archiving

Multi-platform Tycoon Ransomware employed in targeted attacks

Security Affairs

JUNE 5, 2020

” reads the analysis published by BlackBerry. Attackers timestamped files with date timestamps of 11th April 2020, 15:16:22: Upon establishing a foothold onto the target network, the attackers executed the Java ransomware module, which encrypted the files on connected servers. ”continues the analysis.

Ransomware

Ransomware Encryption Archiving Education

Malware campaign hides a shellcode into Windows event logs

Security Affairs

MAY 7, 2022

” reads the analysis published by Kaspersky researcher Denis Legezo. The experts discovered that the attackers are hiding encrypted shellcode containing the next-stage malware as 8KB pieces in event logs. ” continues the analysis. The attack chain aims at distributing.RAR archive from the legitimate site file.io

Encryption

Encryption Libraries Archiving Communications

SolarWinds hackers stole some of Mimecast source code

Security Affairs

MARCH 17, 2021

The threat actor also accessed a subset of email addresses and other contact information, as well as encrypted and/or hashed and salted credentials. “ We have no evidence that the threat actor accessed email or archive content held by us on behalf of our customers.” ” reads the incident report published by mimecast.

Encryption

Encryption Military Access Archiving

Ursnif campaign targets Italy with a new infection Chain

Security Affairs

MARCH 17, 2020

Technical Analysis. The downloaded file, as previously mentioned, is a Self Extracting Archive (SFX/SEA). In the archive, five files with different extensions are stored. Once executed, the first file that runs is “ Dwsil23j.vbs” , as described in the archive configuration on the right of the following figure.

Archiving

Archiving Passwords Encryption IT

Security Affairs newsletter Round 422 by Pierluigi Paganini – International edition

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Security

Security Ransomware Phishing Authentication

Securing Corporate Data When Remote Working is the Norm

Thales Cloud Protection & Licensing

APRIL 7, 2020

If your business is taking an ‘encrypt everything’ approach, data discovery with risk analysis will help prioritize where to deploy data security solutions first. Encrypt all sensitive data. Data discovery, classification and risk analysis helps set priorities for data security implementation. Securely store your keys.

Security

Security Encryption Data breaches Cloud

A custom PowerShell RAT uses to target German users using Ukraine crisis as bait

Security Affairs

MAY 16, 2022

Upon clicking on the bottom, a ZIP archive is downloaded on the victim’s computer. The compressed archive contains a CHM file consisting of several compiled HTML files. ” reads the analysis published by MalwareBytes. ” reads the analysis published by MalwareBytes.

Archiving

Archiving Data structuring Encryption Cybersecurity

PureCrypter used to deliver AgentTesla to govt organizations

Security Affairs

FEBRUARY 27, 2023

” reads the analysis published by Menlo Labs. ” The attack chain starts with spear phishing emails containing Discord app URL that points to a password-protected ZIP archive containing the PureCrypter malware. The malware uses an XOR algorithm to encrypt its config file. ” concludes the report.

Passwords

Passwords Government Sales Archiving

ZINC Hackers Leverage Open-source Software to Lure IT Pros

eSecurity Planet

OCTOBER 3, 2022

Then they moved the conversation away from the platform to encrypted messaging apps like WhatsApp. If the social engineering attack succeeds, behavioral analysis can spot anomalous activity, and monitoring outgoing traffic can reveal suspicious activity. They used LinkedIn to connect with the victims and gain their trust.

IT

IT Phishing Encryption Archiving

New Coronavirus-themed attack uses fake WHO chief emails

Security Affairs

MARCH 21, 2020

“X-Force recent analysis identified a new HawkEye malware variant distributed in mails spoofing the World Health Organization. The phishing messages use an archive attachment, that contained an executable named “Coronavirus Disease (Covid-19) CURE.exe.” ” continues the analysis.

Phishing

Phishing Archiving Encryption IT

Symantec uncovered a previously unknown nation-state actor, named Harvester, that targeted telcos

Security Affairs

OCTOBER 19, 2021

” reads the analysis published by Symantec. ” continues the analysis. “Data that cmd.exe pulled from the output and error streams is encrypted and sent back to the attackers’ servers.” The malware deletes all archives older than a week. .

Archiving

Archiving Encryption Passwords Government

Gootkit delivery platform Gootloader used to deliver additional payloads

Security Affairs

MARCH 1, 2021

” reads the analysis published by researchers Gabor Szappanos and Andrew Brandt from Sophos. ” continues the analysis. Gootloader infection process is multi-stage, it begins with a.NET loader, which comprises a Delphi-based loader malware, which, in turn, contains the final payload in encrypted form. “This.js

Search queries

Search queries CMS Ransomware File names

Startup Sees File System as Key to Security

eSecurity Planet

JULY 12, 2021

BrickStor works with primary storage systems, online archives in the cloud, at the edge, or in the data center. It supports file, block and object storage, works with AWS and Azure, encrypts data at rest and in motion, and offers compliance and metadata intelligence. It integrates with SIEM and SOAR systems for log analysis.

Security

Security Ransomware Metadata Cloud

Astaroth Trojan leverages Facebook and YouTube to avoid detection

Security Affairs

SEPTEMBER 15, 2019

” reads the analysis published by Cofense.” ” continues the analysis. Once the victims have clicked on the attachment, the.HTM file downloads a.ZIP archive that contains a malicious.LNK file. Using these resources adds to the trusted source methodology employed by this campaign to bypass the security stack.”

Phishing

Phishing Encryption Archiving Security

New PyLocky Ransomware stands out for anti-machine learning capability

Security Affairs

SEPTEMBER 12, 2018

” reads hte analysis published by Trend Micro. ” Experts warn of its ability to bypass static analysis methods due to the combined use of Inno Setup Installer and PyInstaller. “ PyLocky is configured to encrypt a hardcoded list of file extensions, as shown in Figure 4. ” states the report.

Ransomware

Ransomware Libraries Encryption Archiving

Choosing to Store, Scan, or Shred Your Documents: A Comprehensive Guide

Armstrong Archives

DECEMBER 18, 2023

At Armstrong Archives , we’re here to help you navigate the transition into the digital age while still maintaining your essential paper files. But don’t worry, Armstrong Archives can help. When you work with Armstrong Archives, you have a partner to help you with these decisions.

Archiving

Archiving Paper Records Management Compliance

The Platinum APT group adds the Titanium backdoor to its arsenal

Security Affairs

NOVEMBER 9, 2019

“During recent analysis we discovered Platinum using a new backdoor that we call Titanium (named after a password to one of the self-executable archives). ” reads the analysis publisjed by Kaspersky. The backdoor deploys an SFX archive containing a Windows task installation script.

IT

IT Archiving Encryption Passwords

Is APT28 behind the STIFF#BIZON attacks attributed to North Korea-linked APT37?

Security Affairs

JULY 24, 2022

The attachment used in this campaign is an archive containing a Word document (missile.docx) and a Windows Shortcut file (_weapons.doc.lnk.lnk). ” reads the analysis published by the experts. ” reads the analysis published by the experts. Once opened the LNK file, the infection chain starts.

Archiving

Archiving Phishing Encryption Communications

How UPX Compression Is Used to Evade Detection Tools

eSecurity Planet

APRIL 13, 2023

While some packers like UPX only compress the file, others can also encrypt it. Through a self-extracting archive executable, a packer can unpack itself in memory when a packed file is executed. Packers basically take the original executable and add a small piece of code called a “stub” to the newly created executable.

Artificial Intelligence

Artificial Intelligence Archiving Cybersecurity Encryption

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

rar archive files. The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware. In 2017, password-protected archives accounted for only 0.08% of all malicious objects. More than 80% of all malicious files were disguised as .zip

Ransomware

Ransomware Archiving Passwords Encryption

Purple Fox backdoor spreads through fake Telegram App installer

Security Affairs

JANUARY 4, 2022

” reads the analysis published by Minerva Labs. 7zz.exe – a legitimate 7z archiver. dll file” continues the analysis. dll file” continues the analysis. In the final phase, Purple Fox is downloaded from the C2 as an.msi file that contains encrypted shellcode for both 32 and 64-bit systems.

Archiving

Archiving Phishing Encryption IT

Retefe Banking Trojan resurfaces in the threat landscape with innovations

Security Affairs

MAY 5, 2019

The new variant resurfaced in April, it uses the stunnel encrypted tunneling mechanism and abuses a legitimate shareware app. Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs’ code. ” reads the analysis published by Proofpoint.

Archiving

Archiving Encryption Communications Security

Stealc, a new advanced infostealer appears in the threat landscape

Security Affairs

FEBRUARY 20, 2023

stealc does not generate an archive on the client side, each file to be collected is sent to the server in a separate request The malware exfiltrates the collected data file by file and doesn’t wait to receive all configuration to collect and send data. All lines of work are obfuscated.

Communications

Communications Data collection Archiving Encryption

North Korea-linked malware ATMDtrack infected ATMs in India

Security Affairs

SEPTEMBER 23, 2019

Further analysis showed that the malware was designed to be planted on the victim’s ATMs, where it could read and store the data of cards that were inserted into the machines.” ” reads the analysis published by Kaspersky. ” states the analysis. ” continues Kaspersky.

Archiving

Archiving Encryption Passwords Access

New Emotet variant uses connected devices as proxy C2 servers

Security Affairs

APRIL 29, 2019

“Recently, an analysis of Emotet traffic has revealed that new samples use a different POST-infection traffic than previous versions. ” reads the analysis published by Trend Micro. The ZIP archive contains variants of Powload that uses Powershell to download an executable the final Emotet payload.

IoT

IoT Archiving Encryption Passwords

BlackCat Ransomware affiliates target unpatched Microsoft Exchange servers

Security Affairs

JUNE 16, 2022

The compromise of Exchange servers allows threat actors to access the target networks, perform internal reconnaissance and lateral movement activities, and steal sensitive documents before encrypting them. The attackers created a dump file of the LSASS.exe process via Taskmgr.exe and saved the file to a ZIP archive.

Ransomware

Ransomware Archiving Access Encryption

Experts spotted a rare Linux Desktop spyware dubbed EvilGnome

Security Affairs

JULY 18, 2019

” reads the analysis published by Intezer. The analysis revealed that the malicious code includes an unfinished keylogger , some comments, symbol names and compilation metadata, a circumstance that suggests the authors are still working on it. ” continues the analysis. run suffix, that can be launched as is. .

Metadata

Metadata Archiving Phishing Encryption

Expert warns of Turtle macOS ransomware

Snake Ransomware isolates infected Systems before encrypting files

Webinars

Trending Sources

StrelaStealer targeted over 100 organizations across the EU and US

Webinars

Bronze Starlight targets the Southeast Asian gambling sector

Spotting RATs: Delphi wrapper makes the analysis harder

Numando, a new banking Trojan that abuses YouTube for remote configuration

Hades ransomware gang targets big organizations in the US

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Iran-linked APT TA453 targets Windows and macOS systems

New Woody RAT used in attacks aimed at Russian entities

A database containing data of +8.9 million Zacks users was leaked online

PCI DSS compliance: a range of encryption approaches available to secure your data

China-Linked BRONZE PRESIDENT APT targets Government officials worldwide

Top Open Source Security Tools

Gootkit AaaS malware is still active and uses updated tactics

YouTube creators’ accounts hijacked with cookie-stealing malware

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Multi-platform Tycoon Ransomware employed in targeted attacks

Malware campaign hides a shellcode into Windows event logs

SolarWinds hackers stole some of Mimecast source code

Ursnif campaign targets Italy with a new infection Chain

Security Affairs newsletter Round 422 by Pierluigi Paganini – International edition

Securing Corporate Data When Remote Working is the Norm

A custom PowerShell RAT uses to target German users using Ukraine crisis as bait

PureCrypter used to deliver AgentTesla to govt organizations

ZINC Hackers Leverage Open-source Software to Lure IT Pros

New Coronavirus-themed attack uses fake WHO chief emails

Symantec uncovered a previously unknown nation-state actor, named Harvester, that targeted telcos

Gootkit delivery platform Gootloader used to deliver additional payloads

Startup Sees File System as Key to Security

Astaroth Trojan leverages Facebook and YouTube to avoid detection

New PyLocky Ransomware stands out for anti-machine learning capability

Choosing to Store, Scan, or Shred Your Documents: A Comprehensive Guide

The Platinum APT group adds the Titanium backdoor to its arsenal

Is APT28 behind the STIFF#BIZON attacks attributed to North Korea-linked APT37?

How UPX Compression Is Used to Evade Detection Tools

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Purple Fox backdoor spreads through fake Telegram App installer

Retefe Banking Trojan resurfaces in the threat landscape with innovations

Stealc, a new advanced infostealer appears in the threat landscape

North Korea-linked malware ATMDtrack infected ATMs in India

New Emotet variant uses connected devices as proxy C2 servers

BlackCat Ransomware affiliates target unpatched Microsoft Exchange servers

Experts spotted a rare Linux Desktop spyware dubbed EvilGnome

Stay Connected