Security Affairs

NOVEMBER 2, 2022

The OpenSSL project fixed two high-severity flaws in its cryptography library that can trigger a DoS condition or achieve remote code execution. The OpenSSL project has issued security updates to address a couple of high-severity vulnerabilities, tracked as CVE-2022-3602 and CVE-2022-3786 , in its cryptography library.

Libraries 107

Libraries Encryption Authentication Communications 107

Security Affairs

JANUARY 17, 2022

Some variants of the ransomware append the English name of the target company to the filenames of the encrypted files. Recently, the Chinese security firm Rising detected a Linux variant of the SFile ransomware that uses the RSA+AES algorithm mode. as the suffix name. ” reported The Record. . ” reported The Record.

Ransomware 143

Ransomware Encryption Libraries Communications 143

Security Affairs

JULY 1, 2020

Security experts have uncovered a new piece of ransomware dubbed EvilQuest designed to encrypt macOS systems, it is also able to install additional payloads and potentially take over the infected machine. ” reads the analysis wrote by Wardle. ” states MalwareBytes.

Ransomware 122

Ransomware Libraries Encryption Communications 122

eSecurity Planet

FEBRUARY 13, 2023

Application security is the practice of securing software and data from hackers, whether that application comes from a third party or was developed in house, regardless of where it resides or how it’s accessed. How Does Application Security Work? What Are the Types of Application Security?

Security 78

Security Cloud Risk Computer and Electronics 78

Security Affairs

OCTOBER 13, 2023

” reads the analysis published by Checkpoint. The CurKeep payload is very small, it is 10kb in size, contains 26 functions and is not statically compiled with any library. shell – Sends the computer name in a JSON format encrypted with simple XOR encryption and base64 encoded to the C2.

Government 106

Government IT Encryption Libraries 106

Security Affairs

SEPTEMBER 24, 2023

The authors used different languages to hinder analysis, researchers explained. ” reads the analysis published by ESET. “Notably, the only component on system’s disk as a file is the initial component, which is in the form of a Dynamic Link Library (DLL).

Libraries 119

Libraries Encryption Security IT 119

eSecurity Planet

JANUARY 5, 2024

Strong encryption protects data securely from unauthorized access, but the specific algorithms that qualify as strong encryption change over time as computing power increases and researchers develop new ways to break encryption. What Makes an Encryption Algorithm Strong?

Encryption 106

Encryption Passwords Libraries Security 106

Security Affairs

OCTOBER 18, 2022

.” reads the analysis published by Symantec. Spyder Loader loads AES-encrypted blobs to create the wlbsctrl.dll which acts as a next-stage loader that executes the content. Like the sample analyzed by Cyberreason, the Spyder Loader sample analyzed by Symantec uses the CryptoPP C++ library. Pierluigi Paganini.

File names 111

File names Encryption Manufacturing Libraries 111

Schneier on Security

OCTOBER 22, 2019

NIST has completed a study -- it was published last year, but I just saw it recently -- calculating the costs and benefits of the Advanced Encryption Standard. Still, I like seeing this kind of analysis about security infrastructure. There's a lot to argue with about the methodology and the assumptions.

Encryption 47

Encryption Agriculture Retail Manufacturing 47

Security Affairs

FEBRUARY 16, 2021

Researchers at cyber security firm Shielder discovered a critical flaw affecting iOS, Android, and macOS versions of the instant messaging app Telegram. The “ rlottie ” folder caught their attention, it was the folder used for the Samsung native library for playing Lottie animations, originally created by Airbnb.

Access 113

Access Libraries Encryption Security 113

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. ” reads the analysis published by Cybereason. The post EventBot, a new Android mobile targets financial institutions across Europe appeared first on Security Affairs.

Financial Services 109

Financial Services Libraries Encryption Authentication 109

Security Affairs

FEBRUARY 2, 2022

Cyber security team at retail giant Walmart dissected a new ransomware family dubbed Sugar, which implements a ransomware-as-a-service model. ” reads the analysis published by Walmart. Other similarities were found by the experts in the GPLib library used for encryption/decryption operations. Pierluigi Paganini.

Ransomware 101

Ransomware Retail Libraries Encryption 101

Security Affairs

JULY 8, 2023

The spear-phishing message appears as a benign conversation lure masquerading as a senior fellow with the Royal United Services Institute (RUSI) to the public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. ” reads the analysis published by Proofpoint.

Archiving 96

Archiving Cloud File names Metadata 96

Security Affairs

MAY 7, 2022

” reads the analysis published by Kaspersky researcher Denis Legezo. The experts discovered that the attackers are hiding encrypted shellcode containing the next-stage malware as 8KB pieces in event logs. ” continues the analysis. The attack chain aims at distributing.RAR archive from the legitimate site file.io

Encryption 92

Encryption Libraries Archiving Communications 92

Security Affairs

OCTOBER 28, 2021

” reads the analysis published by ESET. “Accepting a connection is followed by an RSA handshake with a hardcoded 2048-bit public key to securely exchange both the key and IV to be used for 256-bit AES in CBC mode. The decrypted module is loaded into memory using the MemoryModule library. Pierluigi Paganini.

Encryption 92

Encryption Libraries Communications Security 92

Security Affairs

JULY 16, 2021

Since 2019 experts found many Joker apps on Google Play store, in September 2019 security experts at Google removed from the store 24 apps. The developers are embedding Joker as a payload that can be encrypted in different ways, either a.dex file xored or encrypted with a number, or through the same. dex file as before.

Encryption 139

Encryption Libraries Cloud Security 139

Security Affairs

SEPTEMBER 12, 2018

Security experts from Trend Micro have spotted a new strain of ransomware involved in attacks in July and August, the malicious code was posing as the Locky ransomware. ” reads hte analysis published by Trend Micro. exe will drop malware components — several C++ and Python libraries and the Python 2.7

Ransomware 89

Ransomware Libraries Encryption Archiving 89

Security Affairs

NOVEMBER 5, 2020

Dynamic-link library (DLL) side-loading takes advantage of how Microsoft Windows applications handle DLL files. ” reads the analysis published by Sophos. The attackers use a simple XOR encryption algorithm with the string “Hapenexx is very bad” as a key. ” continues the analysis. .

File names 108

File names Encryption Libraries IT 108

Security Affairs

APRIL 3, 2019

Security researchers at Cylance discovered that the OceanLotus APT (also known as APT32 or Cobalt Kitty , group is using a loader leveraging steganography to deliver a version of Denes backdoor and an updated version of Remy backdoor. ” reads the report published by the experts.

Libraries 76

Libraries Encryption Communications Manufacturing 76

eSecurity Planet

MAY 10, 2022

Hackers have found a way to infect Windows Event Logs with fileless malware , security researchers have found. The system uses DLL (Dynamic Link Library) files to store some resources the application needs and will load automatically. If it does not find one, the encrypted shell code is written in 8KB chunks in the event logs.

Encryption 99

Encryption Libraries Communications Security 99

Security Affairs

JUNE 22, 2021

The ransomware uses OpenSSL’s AES algorithm with CBC mode to encrypt files and leverages Telegram’s API for C2 communications. The ransomware appends radioactive symbols (“ ”) to the filenames of encrypted files. . ” reads the analysis published by Trend Micro. CLI tool and library to obfuscate bash scripts.”

Ransomware 105

Ransomware Encryption Passwords Cloud 105

Security Affairs

JANUARY 11, 2019

Victims of the PyLocky Ransomware can use a tool released by security researcher Mike Bautista at Cisco Talos group to decrypt their files for free. The good news is that security researcher Mike Bautista at Cisco Talos group released a decryption tool that allows them to decrypt their files for free.

Ransomware 101

Ransomware Encryption Passwords Libraries 101

Security Affairs

AUGUST 27, 2019

Security experts from Kaspersky spotted a malware in the free version of the popular PDF creator application CamScanner app. The module was hidden in a 3rd-party advertising library that the author of the app recently was introduced. ” reads the analysis published by Kaspersky.

IT 102

IT Libraries Encryption Security 102

Security Affairs

AUGUST 25, 2019

The best news of the week with Security Affairs. Malware Analysis Sandboxes could expose sensitive data of your organization. A backdoor mechanism found in tens of Ruby libraries. million to allow towns to access encrypted data. Hackers are scanning the web for vulnerable Fortinet, Pulse Secure Products installs.

Security 50

Security Mining Data breaches Libraries 50

Security Affairs

NOVEMBER 18, 2020

Cybereason Nocturnus security researchers have identified an active campaign focused on the users of a large e-commerce platform in Latin America. ” reads the analysis published by Cybereason. The post Phishing campaign targets LATAM e-commerce users with Chaes Malware appeared first on Security Affairs.

Phishing 116

Phishing Mining Libraries Encryption 116

Security Affairs

JUNE 29, 2022

To control the browser, the malware uses a library called Rod. The malware encrypts all the data with a key that is unique for each sample and sends it along with a sample identifier to the C2 server located at the domain name youbot[.]solutions. ” “The business listing has a logo of an eye in a red circle.

Authentication 98

Authentication Libraries Encryption Marketing 98

IT Governance

JANUARY 10, 2022

The cyber security landscape offered similarly familiar topics: there were huge data breaches at Facebook and LinkedIn, while the threat of ransomware reached catastrophic levels. You can read more about that attack, along with the year’s other biggest stories, in our 2021 cyber security review of the year.

Security 115

Security Data breaches Ransomware Phishing 115

Security Affairs

MAY 9, 2020

” reads the analysis published by the researchers. The Mac version uses the same AES key and IV as the Linux variant to encrypt and decrypt the config file. Like the Linux variant, the backdoor communicates with the C&C using a TLS connection and encrypts data using the RC4 algorithm. ” continues the report. .”

Libraries 84

Libraries Communications Encryption Authentication 84

IBM Big Data Hub

JANUARY 26, 2024

Hybrid Cloud Mesh Hybrid Cloud Mesh is a modern application-centric connectivity solution that is simple, secure, scalable and seamless. It creates a secure network overlay for applications distributed across cloud, edge and on-prem and holistically tackles the challenges posed by distribution of services across hybrid multicloud.

Cloud 66

Cloud Communications Libraries Encryption 66

Security Affairs

SEPTEMBER 13, 2022

” reads an analysis published by Symantec Threat Hunter team, part of Broadcom Software. The attackers used Dynamic-link library (DLL) side-loading to deliver the malicious code. In some cases, the arbitrary shellcode is encrypted.” ” continues the report. Follow me on Twitter: @securityaffairs and Facebook.

Government 91

Government Access Libraries Education 91

Security Affairs

APRIL 14, 2020

” reads the analysis published by PaloAlto Networks. ” The messages use a weaponized rich text format (RTF) attachment that exploits the CVE-2012-0158 buffer overflow in Microsoft’s ListView / TreeView ActiveX controls in MSCOMCTL.OCX library. .” ” continues the analysis. Pierluigi Paganini.

Ransomware 119

Ransomware Phishing File names Encryption 119

Security Affairs

OCTOBER 10, 2019

” reads the analysis published by ESET. The malware implements a modular structure with a dispatcher and loadable plugins, all of which are implemented as dynamic-link libraries (DLLs). The Attor malware makes sophisticated use of encryption to hide its components. ” continues the analysis. Pierluigi Paganini.

Communications 81

Communications Encryption Metadata Libraries 81

Security Affairs

NOVEMBER 21, 2019

Security experts discovered a new peer-to-peer (P2P) botnet dubbed Roboto that is targeting Linux servers running unpatched Webmin installs. ” reads the analysis published by 360 Netlab. One of the addresses disguised the Bot sample as a Google font library “ roboto. ” reads the analysis.

Honeypots 81

Honeypots Systems administration Passwords IoT 81

Security Affairs

MAY 10, 2020

Researchers at security firm Red Canary uncovered a Monero cryptocurrency-mining campaign, tracked as Blue Mockingbird, that exploits the CVE-2019-18935 vulnerability in web applications built on the ASP.NET framework. Researchers also included Indicators of Compromise (IoCs) in the analysis they have published. Pierluigi Paganini.

Mining 84

Mining Libraries Access Encryption 84

Security Affairs

SEPTEMBER 4, 2019

Technical Analysis. JSWorm encrypts all the user files appending a new extension to their name. During the encryption phase, the ransomware creates an HTML Application “JSWRM-DECRYPT.hta” in each folder it encounters. The malware encrypts all the files whose extension is not present in the list. The Encryption Scheme.

Ransomware 83

Ransomware Encryption File names Libraries 83

Security Affairs

NOVEMBER 12, 2019

Buran is advertised as a stable malware that uses an offline cryptoclocker , 24/7 support, global and session keys, and has no third-party dependencies such as libraries. “In our analysis we detected two different versions of Buran, the second with improvements compared to the first one released.” Pierluigi Paganini.

Ransomware 46

Ransomware Encryption Libraries Security 46

Security Affairs

SEPTEMBER 12, 2019

This operation is similar to the threat group’s August 2018 campaign , using compromised university resources to send library-themed phishing emails.” ” reads the analysis published by Secureworks. The landing page appears to be identical or quite similar to the spoofed library resource. and Switzerland.

Phishing 80

Phishing Libraries File names Metadata 80