Analysis, Communications, Encryption and Libraries

Experts warn of attacks using a new Linux variant of SFile ransomware

Security Affairs

JANUARY 17, 2022

Some variants of the ransomware append the English name of the target company to the filenames of the encrypted files. ” reads the analysis published by Rising.AFR-6fyvilv #Sfile #Ransomware New Sample: 6E029B9B0A600CDC1E75A4F7228B332B pic.twitter.com/tB27dM8tjd — dnwls0719 (@fbgwls245) January 9, 2022. as the suffix name.

Ransomware

Ransomware Encryption Libraries Communications

OpenSSL fixed two high-severity vulnerabilities

Security Affairs

NOVEMBER 2, 2022

The OpenSSL project fixed two high-severity flaws in its cryptography library that can trigger a DoS condition or achieve remote code execution. The OpenSSL project has issued security updates to address a couple of high-severity vulnerabilities, tracked as CVE-2022-3602 and CVE-2022-3786 , in its cryptography library. of the library.

Libraries

Libraries Encryption Authentication Communications

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

” reads the analysis published by Checkpoint. The CurKeep payload is very small, it is 10kb in size, contains 26 functions and is not statically compiled with any library. shell – Sends the computer name in a JSON format encrypted with simple XOR encryption and base64 encoded to the C2.

Government

Government IT Encryption Libraries

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

New EvilQuest ransomware targets macOS users

Security Affairs

JULY 1, 2020

Security experts have uncovered a new piece of ransomware dubbed EvilQuest designed to encrypt macOS systems, it is also able to install additional payloads and potentially take over the infected machine. According to Felix Seele, it establishes a reverse shell to communicate with the C2 server. " exists.

Ransomware

Ransomware Libraries Encryption Communications

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

.” reads the analysis published by Symantec. Spyder Loader loads AES-encrypted blobs to create the wlbsctrl.dll which acts as a next-stage loader that executes the content. Like the sample analyzed by Cyberreason, the Spyder Loader sample analyzed by Symantec uses the CryptoPP C++ library. ” continues the report.

File names

File names Encryption Manufacturing Libraries

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

” reads the analysis published by Cybereason. The malware also downloads the Command-and-control (C2) URLs, C2 communication is encrypted using Base64, RC4, and Curve25519. . ” concludes the report. ” Please give me your vote for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS [link].

Financial Services

Financial Services Libraries Encryption Authentication

Strong Encryption Explained: 6 Encryption Best Practices

eSecurity Planet

JANUARY 5, 2024

Strong encryption protects data securely from unauthorized access, but the specific algorithms that qualify as strong encryption change over time as computing power increases and researchers develop new ways to break encryption. What Makes an Encryption Algorithm Strong?

Encryption

Encryption Passwords Libraries Security

Wslink, a previously undescribed loader for Windows binaries

Security Affairs

OCTOBER 28, 2021

” reads the analysis published by ESET. The encrypted module is subsequently received with a unique identifier – signature – and an additional key for its decryption.” The decrypted module is loaded into memory using the MemoryModule library. The preceding component that registers the Wslink service is not known.”

Encryption

Encryption Libraries Communications Security

Malware campaign hides a shellcode into Windows event logs

Security Affairs

MAY 7, 2022

” reads the analysis published by Kaspersky researcher Denis Legezo. The experts discovered that the attackers are hiding encrypted shellcode containing the next-stage malware as 8KB pieces in event logs. ” continues the analysis. The attack chain aims at distributing.RAR archive from the legitimate site file.io

Encryption

Encryption Libraries Archiving Communications

Decoding the future: unravelling the intricacies of Hybrid Cloud Mesh versus service mesh

IBM Big Data Hub

JANUARY 26, 2024

It manages service-to-service communication, providing essential functionalities such as service discovery, load balancing, encryption and authentication. Language libraries for connectivity have partial and inconsistent implementation of traffic management features and are difficult to maintain and upgrade.

Cloud

Cloud Communications Libraries Encryption

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

APRIL 3, 2019

. “While continuing to monitor activity of the OceanLotus APT Group, BlackBerry Cylance researchers uncovered a novel payload loader that utilizes steganography to read an encrypted payload concealed within a.png image file.” ” reads the report published by the experts.

Libraries

Libraries Encryption Communications Manufacturing

Attor malware was developed by one of the most sophisticated espionage groups

Security Affairs

OCTOBER 10, 2019

” reads the analysis published by ESET. The malware implements a modular structure with a dispatcher and loadable plugins, all of which are implemented as dynamic-link libraries (DLLs). The Attor malware makes sophisticated use of encryption to hide its components. ” continues the analysis.

Communications

Communications Encryption Metadata Libraries

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

MAY 9, 2020

” reads the analysis published by the researchers. The Mac version uses the same AES key and IV as the Linux variant to encrypt and decrypt the config file. The Mac RAT implements a C&C communication similar to the Linux variant. “Both Mac and Linux variants use the WolfSSL library for SSL communications.

Libraries

Libraries Communications Encryption Authentication

Wormable bash DarkRadiation Ransomware targets Linux distros and docker containers

Security Affairs

JUNE 22, 2021

The ransomware uses OpenSSL’s AES algorithm with CBC mode to encrypt files and leverages Telegram’s API for C2 communications. The ransomware appends radioactive symbols (“ ”) to the filenames of encrypted files. . ” reads the analysis published by Trend Micro.

Ransomware

Ransomware Encryption Passwords Cloud

Hackers Are Now Exploiting Windows Event Logs

eSecurity Planet

MAY 10, 2022

The system uses DLL (Dynamic Link Library) files to store some resources the application needs and will load automatically. If it does not find one, the encrypted shell code is written in 8KB chunks in the event logs. The malware analysis by Kaspersky is quite remarkable and detailed. Also read: How Hackers Evade Detection.

Encryption

Encryption Libraries Communications Security

Top 5 Application Security Tools & Software for 2023

eSecurity Planet

MAY 19, 2023

Encryption: This protects sensitive data by converting it into a coded form that can only be accessed or decrypted with the appropriate key. Encryption ensures that data remains confidential and secure, even if intercepted or accessed by unauthorized parties.

Security

Security Cloud Compliance Risk

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

APRIL 14, 2020

a United States defense research entity, a Turkish government agency managing public works, several large technology and communications firms headquartered in Canada, Germany, and the United Kingdom, and medical organizations/medical research facilities located in Japan and Canada). ” reads the analysis published by PaloAlto Networks.

Ransomware

Ransomware Phishing File names Encryption

Sofacy’s Zepakab Downloader Spotted In-The-Wild

Security Affairs

JANUARY 29, 2019

The sample has been initially identified by an Italian independent security researcher, who warned the InfoSec community and shared the binary for further analysis. Technical Analysis. Then, all the information is encoded in Base64 and sent to the C2 through the “ connect ” function, using a SSL encrypted HTTP channel.

Communications

Communications Libraries Encryption Security

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

” reads the analysis published by ESET. They use DNS tunneling for stealthier C&C communications, and place execution guardrails on the malicious components to hide the malware from security researchers.” The downloader communicates with C2 servers using DNS tunneling.

Military

Military Communications Libraries Encryption

Types of Encryption, Methods & Use Cases

eSecurity Planet

DECEMBER 7, 2023

Encryption scrambles data to make it unreadable to those without decryption keys. Proper use of encryption preserves secrecy and radically lowers the potential damage of a successful cybersecurity attack. Encryption algorithm types will provide an overview of the mathematical algorithms used to encrypt data (AES, RSA, etc.),

Encryption

Encryption Authentication Passwords Communications

Kaiji, a new Linux malware targets IoT devices in the wild

Security Affairs

MAY 5, 2020

” reads the analysis published by Intezer. ” continues the analysis. While most attackers derive their implants from popular and well-tested sources such as open source (e.g., Mirai) or blackmarket toolsets (e.g., “Kaiji has simple features.

IoT

IoT Libraries IT Security

Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign

Security Affairs

SEPTEMBER 20, 2019

Technical Analysis. The dropped file payload is a.NET executable embedding some anti-analysis tricks. This way, the control flow is switched to the delegated method which actually points to a DLL containing the anti-analysis logic. Static information about the AgentTesla evasive loader. Load()” method. The “Swety” Module.

Libraries

Libraries Passwords IT Phishing

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Security Affairs

FEBRUARY 21, 2020

So, Cybaze-Yoroi ZLab team decided to dive deep into technical analysis. Technical Analysis. The two dll are legit windows library and are used in support of the malicious behaviour. The first operation is to provide to the C2 a list of the running processes on the victim machine: Figure 10: C2 communication. Conclusion.

Military

Military Communications Encryption IT

Y Soft Validated as a Digital Transformation Leader in Quocirca Print 2025 Report

Info Source

MARCH 5, 2018

In addition to secure access to print devices and pull-printing, YSoft SafeQ encrypts communications within YSoft SafeQ and communications to other systems (for example, 3 rd party document repositories, shared network folders and email services) and will provide the corresponding tools to our customers in order for them to be fully GDPR compliant.

Digital transformation

Digital transformation Paper Artificial Intelligence Cloud

Analyzing a Danabot Paylaod that is targeting Italy

Security Affairs

DECEMBER 20, 2018

Technical Analysis. The malware tries to connect to the remote host 149.154.157.104 (EDIS-IT IT) through an encrypted SSL channel, then it downloads other components and deletes itself from the filesystem. In the meanwhile it sets up a system service into the “HKLMSYSTEMCurrentControlSetServices” registry key. dll” and “D93C2D64.dll”.

Libraries

Libraries Phishing Encryption Authentication

The Hacker Mind Podcast: Fuzzing Crypto

ForAllSecure

FEBRUARY 2, 2022

Guido Vranken returns to The Hacker Mind to discuss his CryptoFuzz tool on GitHub, as well as his experience fuzzing and finding vulnerabilities in cryptographic libraries and also within cryptocurrencies such as Ethereum. Fortunately, in this episode, we’re discussing vulnerabilities in both. It’s not a secret.

Libraries

Libraries Blockchain Mining Encryption

How Ursnif Evolves to Keep Threatening Italy

Security Affairs

JUNE 11, 2019

For instance, the latest waves increased their target selectivity abilities by implementing various country-checks and their anti-analysis capabilities through heavy code obfuscation. Technical Analysis. This layer is quite different because it contains a junk-char enriched hexadecimal code, actually XOR encrypted with the 0x52 key.

e-Delivery

e-Delivery Encryption Libraries IT

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

The first port is used to maintain communications between C2 and clients. For more details on this finding see the Technical Analysis below. Technical Analysis. However, as already mentioned at the beginning of the technical analysis, SI-LAB team obtained two types of files, namely xls and doc archives. dll library).

File names

File names Phishing Libraries IT

12 Types of Vulnerability Scans & When to Run Each

eSecurity Planet

JULY 7, 2023

The agent does the vulnerability scan and sends the results to a central server for analysis and remediation. platform for analysis and vulnerability assessment. Microsoft Defender for Endpoint captures and analyzes network traffic data, such as network flows, protocols, and communication patterns, by deploying network sensors.

Cloud

Cloud Compliance Authentication Access

Firmware Fuzzing 101

ForAllSecure

DECEMBER 16, 2020

This is a blog post for advanced users with binary analysis experience. Non-glibc C standard library. Uses uClibc instead of glibc C standard library. Extracting firmware can sometimes be difficult due to custom firmware layouts and encryption. Very few of these devices have security in mind when they were built.

Libraries

Libraries IT Authentication Access

Firmware Fuzzing 101

ForAllSecure

DECEMBER 15, 2020

This is a blog post for advanced users with binary analysis experience. Non-glibc C standard library. Uses uClibc instead of glibc C standard library. Extracting firmware can sometimes be difficult due to custom firmware layouts and encryption. Very few of these devices have security in mind when they were built.

Libraries

Libraries IT Authentication Access

Decommissioned medical infusion pumps sold on secondary market could reveal Wi-Fi configuration settings

Security Affairs

AUGUST 3, 2023

Rapid7 conducted an analysis on three distinct infusion pump models: the Alaris PC 8015, the Baxter Sigma Spectrum model 35700BAX2 along with its associated Wireless Battery Module (WBM), and the Hospira Abbott PLUM A+ with MedNet. ” reads the analysis published by Rapid7. . ” reads the analysis published by Rapid7.

Marketing

Marketing Authentication Communications Manufacturing

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American trojans share the same modus operandi and even modules and blocks of code observed during the analysis of several malware samples. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY.

Libraries

Libraries Communications Phishing Encryption

macOS: Bashed Apples of Shlayer and Bundlore

Security Affairs

JULY 14, 2021

The Uptycs threat research team has been observing over 90% of macOS malware in our daily analysis and customer telemetry alerts using shell scripts. The openssl program is a command line tool in macOS for using the various cryptography functions (SSL, TLS) of OpenSSL’s crypto library from the shell.

Encryption

Encryption Passwords Libraries Security

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

Security Affairs

JULY 7, 2020

Our analysis of the phishing email of this new campaign detected at the end of June – July 2020 showed that the template is very similar to the template distributed on May 8th, 2020. VBS file leverages the Windows rundll32 library to inject the first DLL into memory (P-14-7.dll), Deofuscation and renaming VBS calls. .–create

Communications

Communications Cloud Phishing Encryption

How to Prevent SQL Injection Attacks

eSecurity Planet

MARCH 10, 2021

The most popular attack type, in-band SQL injections uses the same communication channel and come in two forms: Error-based : by testing what queries receive error messages, attackers can craft targeted SQL injections based on the database structure. . Encryption: Keep Your Secrets Secret. They include: SQLi Type. Description.

Passwords

Passwords Encryption Access Security

Guarding Against Solorigate TTPs

eSecurity Planet

FEBRUARY 3, 2021

In Symantec’s analysis, they noted three examples of how Raindrop behaved: Enabled the malware to access network computers via the management software, and later extract a copy of the Directory Services Internals. Encryption. Cloud Access Security Broker (CASB). Zero Trust Network Access (ZTNA). Secure email gateway.

Cybersecurity

Cybersecurity Access Authentication Cloud

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

APRIL 6, 2021

In the recent campaign associated with Cycldek , Kaspersky observed that attackers targeted a legitimate component from Microsoft Outlook (FINDER.exe) by loading the malicious library outlib.dll that is used to hijacks the intended execution flow of the program to decode and run a shellcode placed in the rdmin.src binary file.

Military

Military Government Phishing Libraries

The Importance of a Proactive Cyber Defense Solution To Protect Your Critical Data

Security Affairs

FEBRUARY 13, 2021

Falco is an open source library, a kernel module for Linux systems that intercepts the traffic between userspace and kernel space, detecting unexpected application and OS behaviour at runtime. and the library that is making that outbound connection is ‘post-receive’ within GitLab. Conclusion. government agencies and institutions).

Cybersecurity

Cybersecurity Access Marketing Military

China-linked APT41 group targets US-Based Research University

Security Affairs

AUGUST 21, 2019

. “HIGHNOON is a backdoor that consists of multiple components, including a loader, dynamic-link library (DLL), and a rootkit. When loaded, the DLL may deploy one of two embedded drivers to conceal network traffic and communicate with its command and control server to download and launch memory-resident DLL plugins.”

Libraries

Libraries Education Phishing Encryption

Top Security Orchestration, Automation and Response (SOAR) Solutions for 2022

eSecurity Planet

MARCH 16, 2022

And as cyber attackers become ever more sophisticated, so too have the technologies and tools that companies must buy to address rising threats, such as IDPS , UEBA , threat intelligence , patch management , encryption , DLP , DDoS protection , vulnerability management , and even mobile security management. Chat-driven automations.

Security

Security Cybersecurity Marketing Cloud

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

And modern fuzzers are not random, they’re guided so they dynamically work their way through the code, increasing their code coverage to find unknown vulnerabilities that can escape other software testing such as static analysis. Not only do I get a much faster time to market, I don’t have to worry about rolling my own encryption.

Passwords

Passwords e-Discovery Encryption Paper

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

And modern fuzzers are not random, they’re guided so they dynamically work their way through the code, increasing their code coverage to find unknown vulnerabilities that can escape other software testing such as static analysis. Not only do I get a much faster time to market, I don’t have to worry about rolling my own encryption.

Passwords

Passwords e-Discovery Encryption Paper

The debate on the Data Protection Bill in the House of Lords

Data Protector

OCTOBER 11, 2017

It will ensure that libraries can continue to archive material, that journalists can continue to enjoy the freedoms that we cherish in this country, and that the criminal justice system can continue to keep us safe. These decentralised encrypted trust networks are attractive to those who do not trust big databases for privacy reasons.

GDPR

GDPR Personal data Government IT

Experts warn of attacks using a new Linux variant of SFile ransomware

OpenSSL fixed two high-severity vulnerabilities

Webinars

Trending Sources

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Webinars

New EvilQuest ransomware targets macOS users

China-linked APT41 group targets Hong Kong with Spyder Loader

EventBot, a new Android mobile targets financial institutions across Europe

Strong Encryption Explained: 6 Encryption Best Practices

Wslink, a previously undescribed loader for Windows binaries

Malware campaign hides a shellcode into Windows event logs

Decoding the future: unravelling the intricacies of Hybrid Cloud Mesh versus service mesh

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Attor malware was developed by one of the most sophisticated espionage groups

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Wormable bash DarkRadiation Ransomware targets Linux distros and docker containers

Hackers Are Now Exploiting Windows Event Logs

Top 5 Application Security Tools & Software for 2023

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Sofacy’s Zepakab Downloader Spotted In-The-Wild

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Types of Encryption, Methods & Use Cases

Kaiji, a new Linux malware targets IoT devices in the wild

Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Y Soft Validated as a Digital Transformation Leader in Quocirca Print 2025 Report

Analyzing a Danabot Paylaod that is targeting Italy

The Hacker Mind Podcast: Fuzzing Crypto

How Ursnif Evolves to Keep Threatening Italy

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

12 Types of Vulnerability Scans & When to Run Each

Firmware Fuzzing 101

Firmware Fuzzing 101

Decommissioned medical infusion pumps sold on secondary market could reveal Wi-Fi configuration settings

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

macOS: Bashed Apples of Shlayer and Bundlore

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

How to Prevent SQL Injection Attacks

Guarding Against Solorigate TTPs

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

The Importance of a Proactive Cyber Defense Solution To Protect Your Critical Data

China-linked APT41 group targets US-Based Research University

Top Security Orchestration, Automation and Response (SOAR) Solutions for 2022

The Hacker Mind: Shellshock

The Hacker Mind: Shellshock

The debate on the Data Protection Bill in the House of Lords

Stay Connected