Analysis, Encryption, Groups and Libraries - Information Management Today

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. The group used a variety of attack methods, including malspam campaigns, vulnerable RDP servers, and compromised VPN credentials. ” reads the post published by Microsoft.

Encryption

Encryption Ransomware Blockchain Libraries

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Symantec researchers reported that cyberespionage group APT41 targeted organizations in Hong Kong in a campaign that is a likely continuation of the Operation CuckooBees activity detailed by Cybereason in May. Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007.

File names

File names Encryption Manufacturing Libraries

New KilllSomeOne APT group leverages DLL side-loading

Security Affairs

NOVEMBER 5, 2020

A new Chinese APT group, tracked as KilllSomeOne, appeared in the threat landscape targeting corporate organizations in Myanmar. A new Chinese APT group, tracked as KilllSomeOne, was spotted by researchers at Sophos. The advanced cyber-espionage group is targeting corporate organizations in Myanmar with DLL side-loading attacks.

File names

File names Encryption Libraries IT

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Homomorphic Encryption Makes Real-World Gains, Pushed by Google, IBM, Microsoft

eSecurity Planet

JUNE 24, 2021

The increasing mobility of data, as it ping-pongs between clouds, data centers and the edge, has made it an easier target of cybercrime groups, which has put a premium on the encryption of that data in recent years. However, there is a glaring weakness. Putting a Focus on FHE. It’s available on GitHub. DARPA Gets In on the Effort.

Encryption

Encryption Cloud Libraries Privacy

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

APRIL 3, 2019

The OceanLotus APT group, also known as APT32 or Cobalt Kitty , leverages a steganography-based loader to deliver backdoors on compromised systems. The APT32 group, also known as OceanLotus Group, has been active since at least 2013, according to the experts it is a state-sponsored hacking group.

Libraries

Libraries Encryption Communications Manufacturing

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Security Affairs

SEPTEMBER 24, 2023

Researchers discovered a previously undocumented sophisticated backdoor, named Deadglyph, used by the Stealth Falcon group for espionage in the Middle East ESET researchers discovered a very sophisticated and unknown backdoor, named Deadglyph, employed by the Stealth Falcon group for espionage in the Middle East.

Libraries

Libraries Encryption Security IT

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

Security Affairs

SEPTEMBER 12, 2019

Iran-linked Cobalt Dickens APT group carried out a spear-phishing campaign aimed at tens of universities worldwide. This operation is similar to the threat group’s August 2018 campaign , using compromised university resources to send library-themed phishing emails.” and Switzerland.

Phishing

Phishing Libraries File names Metadata

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

Researchers uncovered a recent campaign carried out by the InvisiMole group that has been targeting a small number of high-profile organizations. The group has been active since at least 2013, ESET experts linked the group to the Gamaredon Russian APT group Gamaredon despite considers the two crews independent.

Military

Military Communications Libraries Encryption

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

The APT group was discovered in June 2022 by Kaspersky which linked it to a series of attacks aimed at high-profile entities in Europe and Asia since at least December 2020. ” reads the analysis published by Checkpoint. The tools have no code similarities with any known tool used by other threat actors.

Government

Government IT Encryption Libraries

Attor malware was developed by one of the most sophisticated espionage groups

Security Affairs

OCTOBER 10, 2019

The researchers believe that the threat actor behind Attor a state-sponsored group involved in highly targeted attacks on selected targets. ” reads the analysis published by ESET. The malware implements a modular structure with a dispatcher and loadable plugins, all of which are implemented as dynamic-link libraries (DLLs).

Communications

Communications Encryption Metadata Libraries

Iran-linked APT TA453 targets Windows and macOS systems

Security Affairs

JULY 8, 2023

Iran-linked APT group tracked TA453 has been linked to a new malware campaign targeting both Windows and macOS systems. ” reads the analysis published by Proofpoint. That system identifier is then encrypted with the NokNok function and base64 encoded before being used as the payload of an HTTP POST to library-store.camdvr[.]org.”

Archiving

Archiving Cloud File names Metadata

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

MAY 9, 2020

North Korea-linked Lazarus APT group employed a Mac variant of the Dacls Remote Access Trojan (RAT) in recent attacks. The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. ” reads the analysis published by the researchers.

Libraries

Libraries Communications Encryption Authentication

Victims of Pylocky ransomware can decrypt their files for free

Security Affairs

JANUARY 11, 2019

Victims of the PyLocky Ransomware can use a tool released by security researcher Mike Bautista at Cisco Talos group to decrypt their files for free. The good news is that security researcher Mike Bautista at Cisco Talos group released a decryption tool that allows them to decrypt their files for free.

Ransomware

Ransomware Encryption Passwords Libraries

Hackers Are Now Exploiting Windows Event Logs

eSecurity Planet

MAY 10, 2022

The researchers said it’s clearly the work of an advanced threat actor but they could not attribute the campaign to a known APT group. The system uses DLL (Dynamic Link Library) files to store some resources the application needs and will load automatically. The malware analysis by Kaspersky is quite remarkable and detailed.

Encryption

Encryption Libraries Communications Security

Cyber espionage campaign targets Asian countries since 2021

Security Affairs

SEPTEMBER 13, 2022

A cyber espionage group targets governments and state-owned organizations in multiple Asian countries since early 2021. ” reads an analysis published by Symantec Threat Hunter team, part of Broadcom Software. ” reads an analysis published by Symantec Threat Hunter team, part of Broadcom Software.

Government

Government Access Libraries Education

Taking down Gooligan: part 2 — inner workings

Elie

MARCH 17, 2018

This post provides an in-depth analysis of the inner workings of Gooligan, the infamous Android OAuth stealing botnet. This file is encrypted with a hardcoded [XOR encryption] function. This encryption is used to escape the signatures that detect the code that Gooligan borrows from previous malware. first post.

Encryption

Encryption Libraries Ransomware Marketing

Taking down Gooligan: part 2 — inner workings

Elie

MARCH 17, 2018

This post provides an in-depth analysis of the inner workings of Gooligan, the infamous Android OAuth stealing botnet. This file is encrypted with a hardcoded [XOR encryption] function. This encryption is used to escape the signatures that detect the code that Gooligan borrows from previous malware. first post.

Encryption

Encryption Libraries Ransomware Marketing

Sofacy’s Zepakab Downloader Spotted In-The-Wild

Security Affairs

JANUARY 29, 2019

The sample has been initially identified by an Italian independent security researcher, who warned the InfoSec community and shared the binary for further analysis. Technical Analysis. Then, all the information is encoded in Base64 and sent to the C2 through the “ connect ” function, using a SSL encrypted HTTP channel.

Communications

Communications Libraries Encryption Security

Latest Turla backdoor leverages email PDF attachments as C&C mechanism

Security Affairs

AUGUST 23, 2018

Malware researchers from ESET have conducted a new analysis of a backdoor used by the Russia-linked APT Turla in targeted espionage operations. The new analysis revealed a list of high-profile victims that was previously unknown. ” reads the analysis published by ESET. ” reads the analysis published by ESET.

Metadata

Metadata Military Libraries Access

Security Affairs newsletter Round 228

Security Affairs

AUGUST 25, 2019

Malware Analysis Sandboxes could expose sensitive data of your organization. A backdoor mechanism found in tens of Ruby libraries. China-linked APT41 group targets US-Based Research University. million to allow towns to access encrypted data. Galaxy S10 is the first 5G phone that can be used by US DoD.

Security

Security Mining Data breaches Libraries

CVE-2019-13720 flaw in Chrome exploited in Operation WizardOpium attacks

Security Affairs

NOVEMBER 1, 2019

The vulnerabilities, tracked as CVE-2019-13720 and CVE-2019-13721, reside respectively in Chrome’s audio component and in the PDFium library. “[$7500][ 1013868 ] High CVE-2019-13721: Use-after-free in PDFium. ” continues the analysis. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Libraries

Libraries Encryption Security IT

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Security Affairs

FEBRUARY 21, 2020

We noticed that the TTP of the group is almost the same leveraging a weaponized document with a fake certificate of request of an Indian public fund. So, Cybaze-Yoroi ZLab team decided to dive deep into technical analysis. Technical Analysis. The SilentCMD Module. aBbU0le8hiInks/B/3500/m1ssh0upUuchCukXanevPozlu[.dll Conclusion.

Military

Military Communications Encryption IT

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Security Affairs

FEBRUARY 5, 2021

The TeamTNT hacker group has been employing a new piece of malware, dubbed Hildegard, to target Kubernetes installs. The hacking group TeamTNT has been employing a new piece of malware, dubbed Hildegard, in a series of attacks targeting Kubernetes systems. ” states the analysis published by Palo Alto Networks.

Mining

Mining Libraries Encryption Access

The Hacker Mind Podcast: Fuzzing Crypto

ForAllSecure

FEBRUARY 2, 2022

Guido Vranken returns to The Hacker Mind to discuss his CryptoFuzz tool on GitHub, as well as his experience fuzzing and finding vulnerabilities in cryptographic libraries and also within cryptocurrencies such as Ethereum. Fortunately, in this episode, we’re discussing vulnerabilities in both. It’s not a secret.

Libraries

Libraries Blockchain Mining Encryption

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

This malware is not new and it was used in past waves by TA505, a group known for sending large-scale Dridex, Locky, and GlobeImposter campaigns, among others. TA505 group is using now a new entity to sign its malware denominated “ AlCOHOL LTD ”, with the following email associated: NastasyaTurkina68@mail[.]ru. Technical Analysis.

File names

File names Phishing Libraries IT

How Ursnif Evolves to Keep Threatening Italy

Security Affairs

JUNE 11, 2019

For instance, the latest waves increased their target selectivity abilities by implementing various country-checks and their anti-analysis capabilities through heavy code obfuscation. Technical Analysis. This layer is quite different because it contains a junk-char enriched hexadecimal code, actually XOR encrypted with the 0x52 key.

e-Delivery

e-Delivery Encryption Libraries IT

2021 cyber security review of the year

IT Governance

JANUARY 10, 2022

Meanwhile, a third hospital group – in Dordogne – narrowly avoided falling victim, after an IT supplier detected ransomware on the organisation’s servers. The tech giant disclosed four zero-day bugs, which were being used to steal sensitive information, encrypt data for ransom and execute destructive attacks.

Security

Security Data breaches Ransomware Phishing

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

Security Affairs

APRIL 10, 2019

That file was delivered via malscam campaigns around the world and its source-code is obfuscated in order to evade antivirus detection and complicate its analysis. Themida packer has a large group of specific features that are very appreciated by criminals to protect their threats. Technical Analysis.

Security

Security IT Access Cybersecurity

12 Types of Vulnerability Scans & When to Run Each

eSecurity Planet

JULY 7, 2023

The agent does the vulnerability scan and sends the results to a central server for analysis and remediation. platform for analysis and vulnerability assessment. They look for possible vulnerabilities such as input validation errors, improper coding practices, and known susceptible libraries in the codebase. Tenable.io

Cloud

Cloud Compliance Authentication Access

China-linked APT41 group targets US-Based Research University

Security Affairs

AUGUST 21, 2019

Security experts at FireEye observed Chinese APT41 APT group targeting a web server at a U.S.-based Experts at FireEye observed Chinese APT41 APT group targeting a web server at a U.S.-based The arsenal of the group includes backdoors , credential stealers, keyloggers, and rootkits. based research university. chm ) files.

Libraries

Libraries Education Phishing Encryption

macOS: Bashed Apples of Shlayer and Bundlore

Security Affairs

JULY 14, 2021

The Uptycs threat research team has been observing over 90% of macOS malware in our daily analysis and customer telemetry alerts using shell scripts. The bash script is either a single file or a group of files pointing to the main bash script. Bash scripts invoking encrypted Zip file.

Encryption

Encryption Passwords Libraries Security

Weekly Vulnerability Recap – October 2, 2023 – WS_FTP, Exim, Cisco and Other Exploited Vulnerabilities

eSecurity Planet

OCTOBER 2, 2023

As always, our pressured IT and security teams will need to use severity ratings in combination with a risk analysis of assets potentially exposed by vulnerabilities to determine priorities and schedules. encryption and to contact vendors about possible issues and fixes for their encryption algorithms.

Encryption

Encryption Cybersecurity Ransomware Access

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American trojans share the same modus operandi and even modules and blocks of code observed during the analysis of several malware samples. As observed during the last few years, several threats share a lot of TTP and code, and that is a clear signal of cooperation between malicious groups. Discovering Javali trojan banker.

Libraries

Libraries Communications Phishing Encryption

Analyzing the TriangleDB implant used in Operation Triangulation

Security Affairs

JUNE 22, 2023

In early June, the researchers from the Russian firm Kaspersky uncovered a previously unknown APT group that is targeting iOS devices with zero-click exploits as part of a long-running campaign dubbed Operation Triangulation. the analysis of the final payload has yet to be finished. ” reads the analysis published by Kaspersky.

Libraries

Libraries Encryption Security IT

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Security Affairs

FEBRUARY 23, 2019

“The Cr1ptT0r group member added that the URLs and IP addresses are not logged, so there is no correlation between data and the victim.” It is also possible to decrypt single files paying $19.99, in this case, victims have to send the encrypted file to the operators. ” wrote Bleeping Computer. Pierluigi Paganini.

Ransomware

Ransomware Encryption File names Libraries

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

APRIL 6, 2021

China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda , Hellsing, APT 27, and Conimes) is targeting government and military organizations in Vietnam with spear-phishing.

Military

Military Government Phishing Libraries

Try This One Weird Trick Russian Hackers Hate

Krebs on Security

MAY 17, 2021

Possibly feeling the heat from being referenced in President Biden’s Executive Order on cybersecurity this past week, the DarkSide group sought to distance itself from their attack against Colonial Pipeline. “Sodinokibi”) ransomware groups.

Ransomware

Ransomware Risk Libraries Encryption

Tape Won’t Work for Ransomware Protection. Here’s Why.

eSecurity Planet

SEPTEMBER 15, 2021

Q: If a ransomware attack happens on your system(s) and all the data is encrypted, is it possible that the hacker has total control of your system(s), meaning administrative privileges? Since all the system data is encrypted, the hackers have admin/root privileges. Q: Is tape slower than disk storage systems? A device is a device.

Ransomware

Ransomware Libraries Encryption Passwords

How to Prevent SQL Injection Attacks

eSecurity Planet

MARCH 10, 2021

For SQLi purposes, this means keeping all web application software components, including database server software, frameworks, libraries, plug-ins, and web server software, up to date. . Encryption: Keep Your Secrets Secret. Encryption is almost universally employed as a data protection technique today and for a good reason.

Passwords

Passwords Encryption Access Security

Is APT27 Abusing COVID-19 To Attack People ?!

Security Affairs

MARCH 19, 2020

Security researcher Marco Ramilli analyzed a new Coronavirus (COVID-19)-themed attack gathering evidence of the alleged involvement of an APT group. I want to “spoil” the conclusions now, but it’s getting pretty sad if an APT group makes use of its knowledge to take advance from COVID-19 outbreak. The first stage is a fake PDF file.

Computer and Electronics

Computer and Electronics IT Encryption Security

Top Security Orchestration, Automation and Response (SOAR) Solutions for 2022

eSecurity Planet

MARCH 16, 2022

And as cyber attackers become ever more sophisticated, so too have the technologies and tools that companies must buy to address rising threats, such as IDPS , UEBA , threat intelligence , patch management , encryption , DLP , DDoS protection , vulnerability management , and even mobile security management. Key Differentiators. ManageEngine.

Security

Security Cybersecurity Marketing Cloud

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

And modern fuzzers are not random, they’re guided so they dynamically work their way through the code, increasing their code coverage to find unknown vulnerabilities that can escape other software testing such as static analysis. Not only do I get a much faster time to market, I don’t have to worry about rolling my own encryption.

Passwords

Passwords e-Discovery Encryption Paper

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

And modern fuzzers are not random, they’re guided so they dynamically work their way through the code, increasing their code coverage to find unknown vulnerabilities that can escape other software testing such as static analysis. Not only do I get a much faster time to market, I don’t have to worry about rolling my own encryption.

Passwords

Passwords e-Discovery Encryption Paper

The debate on the Data Protection Bill in the House of Lords

Data Protector

OCTOBER 11, 2017

It will ensure that libraries can continue to archive material, that journalists can continue to enjoy the freedoms that we cherish in this country, and that the criminal justice system can continue to keep us safe. Of course, as new rights like this are created, the Bill will ensure that they cannot be taken too far.

GDPR

GDPR Personal data Government IT

New Hive ransomware variant is written in Rust and use improved encryption method

China-linked APT41 group targets Hong Kong with Spyder Loader

Webinars

Trending Sources

New KilllSomeOne APT group leverages DLL side-loading

Webinars

Homomorphic Encryption Makes Real-World Gains, Pushed by Google, IBM, Microsoft

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Attor malware was developed by one of the most sophisticated espionage groups

Iran-linked APT TA453 targets Windows and macOS systems

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Victims of Pylocky ransomware can decrypt their files for free

Hackers Are Now Exploiting Windows Event Logs

Cyber espionage campaign targets Asian countries since 2021

Taking down Gooligan: part 2 — inner workings

Taking down Gooligan: part 2 — inner workings

Sofacy’s Zepakab Downloader Spotted In-The-Wild

Latest Turla backdoor leverages email PDF attachments as C&C mechanism

Security Affairs newsletter Round 228

CVE-2019-13720 flaw in Chrome exploited in Operation WizardOpium attacks

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

The Hacker Mind Podcast: Fuzzing Crypto

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

How Ursnif Evolves to Keep Threatening Italy

2021 cyber security review of the year

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

12 Types of Vulnerability Scans & When to Run Each

China-linked APT41 group targets US-Based Research University

macOS: Bashed Apples of Shlayer and Bundlore

Weekly Vulnerability Recap – October 2, 2023 – WS_FTP, Exim, Cisco and Other Exploited Vulnerabilities

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Analyzing the TriangleDB implant used in Operation Triangulation

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Try This One Weird Trick Russian Hackers Hate

Tape Won’t Work for Ransomware Protection. Here’s Why.

How to Prevent SQL Injection Attacks

Is APT27 Abusing COVID-19 To Attack People ?!

Top Security Orchestration, Automation and Response (SOAR) Solutions for 2022

The Hacker Mind: Shellshock

The Hacker Mind: Shellshock

The debate on the Data Protection Bill in the House of Lords

Stay Connected