Security Affairs

APRIL 14, 2020

PaloAlto Networks experts warn of malicious Coronavirus themed phishing campaigns targeting government and medical organizations. Recently organizations in healthcare, research, and government facilities have been hit by Coronavirus-themed attacks that deployed multiple malware families, including ransomware and information stealers (i.e.

Ransomware 137

Ransomware Phishing File names Encryption 137

Security Affairs

MARCH 30, 2020

Experts from IBM X-Force uncovered a hacking campaign employing the Zeus Sphinx malware, as known as Zloader or Terdot , that focus on government relief payments. . Spam messages sent to the victims claim to provide information related to the Coronavirus outbreak and government relief payments. ” continues the post.”Next,

File names 119

File names Passwords Sales Authentication 119

Security Affairs

MAY 19, 2021

” reads an update published by the Irish Department of the Environment, Climate and Communications. Government experts speculate the two attacks are part of the same campaign targeting the Irish health sector. FEEDC (extension added by Conti Ransomware to filenames of encrypted files) – *.msi

Ransomware 101

Ransomware Encryption File names IoT 101

Security Affairs

JANUARY 24, 2023

Crimew discovered a file named NoFly.csv which is a legitimate U.S. records (first names, last names, and dates of birth) belonging to people with suspected or known ties to terrorist groups. “three csv files, employee_information.csv, NOFLY.CSV and SELECTEE.CSV. no fly list from 2019 containing over 1.56

Archiving 98

Archiving File names Access Authentication 98

Security Affairs

NOVEMBER 20, 2018

The Russia-linked APT group delivers Cannon in a spear-phishing attack that targets government organizations in North America, Europe and in a former USSR state. ” Cannon acts as a downloader and relies on emails to communicate with the C2 server and receive instructions. docx’ for their campaigns.

File names 92

File names Phishing Communications Government 92

IT Governance

NOVEMBER 17, 2022

Things got worse for Medibank after a second database was leaked , containing a file named “abortions”. A fourth file was then leaked, labelled “psychos”, which contained hundreds of claims from policyholders who have undergone mental health treatment. From bad to worse.

IT 107

IT Ransomware Security Data breaches 107

The Texas Record

MAY 18, 2023

Strategies and methods could include, policies, procedures, training, communication channels, storage conditions, informal guidance, etc. Liaison A has reported a 62% rate of proper file names. We won’t have any communication with the liaison.

Records Management 40

Records Management Risk Access File names 40

eSecurity Planet

AUGUST 10, 2023

FBI InfraGard Best for critical infrastructure security InfraGard is a threat intelligence feed and network partnership between the FBI and other government agencies and interested private sector parties. The massive, crowdsourced approach OTX takes limits the possibility of effective quality assurance. critical infrastructure.

Cybersecurity 96

Cybersecurity Access Metadata Energy and Utilities 96

Security Affairs

MAY 2, 2019

The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries. Repeated targeting of Middle Eastern financial, energy and government organisations leads FireEye to assess that those sectors are a primary concern of APT34. Source: MISP Project ).

Computer and Electronics 103

Computer and Electronics Communications Government File names 103

eSecurity Planet

FEBRUARY 3, 2021

A March 2020 software update of the SolarWinds Orion management platform gave malicious actors unhindered access to key government and enterprise networks. Presenting itself as a JPG file named “gracious_truth.jpg,” Teardrop is a memory-only dropper built to enter a network seamlessly and replace the embedded payload.

Cybersecurity 62

Cybersecurity Access Authentication Cloud 62

Security Affairs

DECEMBER 29, 2019

New trojan called ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax during the last days of 2019. Last days of 2019 were the perfect time to spread phishing campaigns using email templates based on the Portuguese Government Finance & Tax. amazonaws[.]com/0.zip amazonaws[.]com/P-19-2.dll.

Passwords 98

Passwords e-Discovery IT Cleanup 98

Security Affairs

SEPTEMBER 13, 2023

UK, Australian, Canadian, and New Zealand governments issued a joint alert about China-linked threat actors targeting CNI organizations and using living off the land to evade detection. “On May 29, the attackers returned and used a renamed version of ProcDump (file name: alg.exe) to dump credentials from LSASS.”

File names 123

File names Access Encryption Communications 123

The Texas Record

JUNE 1, 2021

Records created and stored outside the business network are in contravention of the government records accessibility requirement —this negatively affects that government’s ability to perform regular business operations efficiently. Create a safe communication channel with the employee. What is the risk?

Records Management 71

Records Management File names Risk Government 71

Security Affairs

JULY 7, 2020

Lampion was first documented in December 2019 , and it was distributed in Portugal via phishing emails using templates based on the Portuguese Government Finance & Tax. Here, it was distributed using fake webpages, where the victim downloaded an MSI file, which then held the remaining Lampion infection chain.

Communications 117

Communications Cloud Phishing Encryption 117

Security Affairs

JULY 22, 2019

APT34 is an Iran-linked APT group that has been around since at least 2014, it targeted mainly organizations in the financial, government, energy, telecoms and chemical sectors in the United States and Middle Eastern countries. The fake profiles asked the victims to open the weaponized excel file named ERFT-Details.

File names 104

File names Phishing Passwords Government 104

Security Affairs

NOVEMBER 30, 2018

But, unlike previous incidents using POWERSTATS, the command and control (C&C) communication and data exfiltration in this case is done by using the API of a cloud file hosting provider.” Once enabled, the macros will drop a.dll file (with a PowerShell code embedded) and a.reg file into %temp% directory.

Communications 100

Communications File names Cloud Government 100

Security Affairs

AUGUST 31, 2018

My entire “Cyber adventure” began with a simple email within a.ZIP file named “Nuovo Documento1.zip” Stage1 was dropping and executing a brand new PE file named: rEOuvWkRP.exe (sha256: 92f59c431fbf79bf23cff65d0c4787d0b9e223493edc51a4bbd3c88a5b30b05c) using the bitsadmin.exe native Microsoft program.

Computer and Electronics 72

Computer and Electronics File names Security Access 72