Analysis, Encryption, Libraries and Phishing - Information Management Today

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

NOVEMBER 18, 2020

” reads the analysis published by Cybereason. The kill chain starts with phishing messages that use a.docx file that once is opened triggers a template injection attack. Experts observed several variants over the recent months, it authors have improved encryption and implemented new functionality of the final Node.js

Phishing

Phishing Mining Libraries Encryption

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

The threat actors leverage spear-phishing emails to deliver archive files utilizing DLL side-loading schemes. ” reads the analysis published by Checkpoint. The CurKeep payload is very small, it is 10kb in size, contains 26 functions and is not statically compiled with any library.

Government

Government IT Encryption Libraries

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

APRIL 14, 2020

PaloAlto Networks experts warn of malicious Coronavirus themed phishing campaigns targeting government and medical organizations. The attacks against the Canadian healthcare organizations were discovered between March 24 and March 26, they started with coronavirus -themed phishing campaigns that were carried out in the last months.

Ransomware

Ransomware Phishing File names Encryption

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Iran-linked APT TA453 targets Windows and macOS systems

Security Affairs

JULY 8, 2023

The spear-phishing message appears as a benign conversation lure masquerading as a senior fellow with the Royal United Services Institute (RUSI) to the public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. ” reads the analysis published by Proofpoint.

Archiving

Archiving Cloud File names Metadata

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

Security Affairs

SEPTEMBER 12, 2019

Iran-linked Cobalt Dickens APT group carried out a spear-phishing campaign aimed at tens of universities worldwide. “In July and August 2019, CTU researchers discovered a new large global phishing operation launched by COBALT DICKENS. ” reads the analysis published by Secureworks. ” continues the report.

Phishing

Phishing Libraries File names Metadata

The Long Run of Shade Ransomware

Security Affairs

FEBRUARY 19, 2019

Technical analysis. The phishing email contains a.zip file named “slavneft.zakaz.zip”, which means something like “slavneft order” in English, showing a direct reference to “Slavneft”. Shade encrypts all the user files using an AES encryption scheme. Background of the infected machine, after encryption phase.

Ransomware

Ransomware Mining File names Encryption

Types of Encryption, Methods & Use Cases

eSecurity Planet

DECEMBER 7, 2023

Encryption scrambles data to make it unreadable to those without decryption keys. Proper use of encryption preserves secrecy and radically lowers the potential damage of a successful cybersecurity attack. Encryption algorithm types will provide an overview of the mathematical algorithms used to encrypt data (AES, RSA, etc.),

Encryption

Encryption Authentication Passwords Communications

Security Affairs newsletter Round 228

Security Affairs

AUGUST 25, 2019

5 Common Phishing Attacks and How to Avoid Them? Malware Analysis Sandboxes could expose sensitive data of your organization. Malware Analysis Sandboxes could expose sensitive data of your organization. A backdoor mechanism found in tens of Ruby libraries. million to allow towns to access encrypted data.

Security

Security Mining Data breaches Libraries

Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign

Security Affairs

SEPTEMBER 20, 2019

Technical Analysis. The document uses a common phishing schema, it invites the user to enable the macro execution due to compatibility reasons with older Microsoft Office versions. The dropped file payload is a.NET executable embedding some anti-analysis tricks. Static information about the doc macro. Load()” method.

Libraries

Libraries Passwords IT Phishing

2021 cyber security review of the year

IT Governance

JANUARY 10, 2022

The tech giant disclosed four zero-day bugs, which were being used to steal sensitive information, encrypt data for ransom and execute destructive attacks. Analysis from its real-time anti-phishing protection system found that cyber criminals increasingly targeted people who were searching for holidays and weekend breaks.

Security

Security Data breaches Ransomware Phishing

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Security Affairs

FEBRUARY 21, 2020

At that time, the researchers tracked the sources IP in Pakistan, the attacks were part of a wider operation that relies on multi vector such as watering hole websites and phishing email campaigns delivering custom RATs dubbed Crimson and Peppy. So, Cybaze-Yoroi ZLab team decided to dive deep into technical analysis. Conclusion.

Military

Military Communications Encryption IT

Analyzing a Danabot Paylaod that is targeting Italy

Security Affairs

DECEMBER 20, 2018

The Cybaze -Yoroi ZLab dissected one of these recent Danabot variants spread across the Italian cyberspace leveraging “ Fattura ” themed phishing emails (e.g. Technical Analysis. These registry keys are responsible of the loading of dynamically linked libraries in the “read only ” and “ hidden ” “ C:ProgramDataD93C2DAC ”.

Libraries

Libraries Phishing Encryption Authentication

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

In February 2019, SI-LAB captured multiple samples of phishing campaigns using an Office Excel document carrying a malicious Excel 4.0 For more details on this finding see the Technical Analysis below. Technical Analysis. Phishing is, in fact, the major attack vector to distribute threats this nature in-the-wild.

File names

File names Phishing Libraries IT

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American trojans share the same modus operandi and even modules and blocks of code observed during the analysis of several malware samples. The malicious activity starts with a phishing email sent to the target victims in Latin American – Brazil, Mexico, Chile, and Peru – and Europe – Spain and Portugal.

Libraries

Libraries Communications Phishing Encryption

A taste of the latest release of QakBot

Security Affairs

MAY 6, 2021

This piece of malware is focused on stealing banking credentials and victim’s secrets using different techniques tactics and procedures (TTP) which have evolved over the years, including its delivery mechanisms, C2 techniques, and anti-analysis and reversing features. In the next workflow, we can learn how the QakBot infection chain works.

Encryption

Encryption Libraries Ransomware IT

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

APRIL 6, 2021

China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda , Hellsing, APT 27, and Conimes) is targeting government and military organizations in Vietnam with spear-phishing. The threat actors are sending out spear-phishing messages to compromise diplomatic targets in Southeast Asia, India, and the U.S. at least since 2013.

Military

Military Government Phishing Libraries

China-linked APT41 group targets US-Based Research University

Security Affairs

AUGUST 21, 2019

Experts observed APT41 using spear-phishing email with attachments such as compiled HTML (. “HIGHNOON is a backdoor that consists of multiple components, including a loader, dynamic-link library (DLL), and a rootkit. ” reads the analysis published by FireEye. chm ) files. into memory.

Libraries

Libraries Education Phishing Encryption

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

Security Affairs

JULY 7, 2020

Lampion was first documented in December 2019 , and it was distributed in Portugal via phishing emails using templates based on the Portuguese Government Finance & Tax. VBS file leverages the Windows rundll32 library to inject the first DLL into memory (P-14-7.dll), More recently, in May 2020, a new variant of Lampion was observed.

Communications

Communications Cloud Phishing Encryption

Is APT27 Abusing COVID-19 To Attack People ?!

Security Affairs

MARCH 19, 2020

Today, many reports are describing how infamous attackers are abusing such an emergency time to lure people by sending thematic email campaigns or by using thematic IM within Malware or Phishing links. The following VBScript is run through cscript.exe, It’s an obfuscated and xor-encrypted payload. OCX VT coverage. neighboring[.]site/01/index.php.

Computer and Electronics

Computer and Electronics IT Encryption Security

The Hacker Mind Podcast: Going Passwordless

ForAllSecure

JANUARY 19, 2022

So by that, I mean, if your developer libraries are available, it's easy to do. Vamosi: In the 1970s, while working for Bell Labs, Robert Morris Sr came up with the idea of a one way algorithm, a means of encryption that can’t easily be decrypted. Well, actually, well, if you encrypt the password, it can be decrypted.

Passwords

Passwords Authentication Access Data breaches

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

eSecurity Planet

MAY 2, 2024

This picture comes from an analysis of specific statistics and by reading between the lines in reports from 1Password, Cisco, CrowdStrike, Flashpoint, Google Threat Analysis Group/Mandiant, NetScout, Pentera, and Sophos. and software libraries to attack the supply chain.

Cybersecurity

Cybersecurity Ransomware Passwords Cloud

Information Management Today

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Webinars

Trending Sources

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Webinars

Iran-linked APT TA453 targets Windows and macOS systems

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

The Long Run of Shade Ransomware

Types of Encryption, Methods & Use Cases

Security Affairs newsletter Round 228

Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign

2021 cyber security review of the year

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Analyzing a Danabot Paylaod that is targeting Italy

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

A taste of the latest release of QakBot

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

China-linked APT41 group targets US-Based Research University

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

Is APT27 Abusing COVID-19 To Attack People ?!

The Hacker Mind Podcast: Going Passwordless

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

Top SD-WAN Solutions for Enterprise Security

Stay Connected