Security Affairs

MARCH 11, 2023

The PlugX backdoor has been used since 2008 by multiple China-linked APT groups, including Mustang Panda , Winnti , and APT41 In the attacks observed by ASEC, once exploited the vulnerability, threat actors executed a PowerShell command to create a file named esetservice.exe.

File names 83

File names Security IT Information Security 83

Security Affairs

JUNE 29, 2023

Fortinet started investigating the threat after the discovery of an archive file with a file name in Russian, “Табель учета рабочего времени.zip” (“time sheet” in English). The zip archive contains two files with.exe extension preceded by another document-related extension (double extension). ” concludes the report.

File names 79

File names Archiving IT Security 79

AIIM

JULY 8, 2021

Don’t, however, lose sight of the fact that information scattered across a dispersed workforce can significantly raise the risk of a data breach or other security concerns. This strategy can help keep project files organized among team members and aid in the disposition of documents once a project has been completed.

File names 200

File names Data breaches Risk Privacy 200

Security Affairs

JUNE 19, 2023

The function writes some C code received from the C2 to a temporary file named tmp.c, that is later compiled to a file named /tmp/.ICE-unix/git After compilation, the file is executed in background with two parameters, also received from C2.” ICE-unix/git using the cc command on Fedora and gcc on Debian.

File names 97

File names Archiving IT Security 97

Security Affairs

FEBRUARY 24, 2022

Yesterday, researchers from cybersecurity firms ESET and Broadcom’s Symantec discovered a new data wiper malware that was employed in a recent wave of attacks that hit hundreds of machines in Ukraine. New information shared by Symantec on the data wiper attacks revealed that, in some cases, threat actors used a GoLang-based ransomware decoy.

Ransomware 89

Ransomware File names Cybersecurity Security 89

Security Affairs

SEPTEMBER 10, 2023

The vendor advertised the applications are the fastest apps that use a distributed network of data processing centers around the world. The apps can collect information about the user’s contacts, including IDs, nicknames, names, and phone numbers. The package includes the code to steal sensitive data and process the incoming message.

File names 115

File names Personal data Encryption Security 115

Security Affairs

MAY 20, 2021

The RAT was designed to steal data from victims while masquerading as a ransomware attack. The Java-based STRRAT RAT was distributed in a massive spam campaign, the malware shows ransomware-like behavior of appending the file name extension.crimson to files without actually encrypting them. crimson extension.

Ransomware 115

Ransomware File names Encryption Passwords 115

Security Affairs

MARCH 26, 2021

Mamba leverages a disk-level encryption strategy instead of the conventional file-based one. The first sample of Mamba Ransomware discovered in the wild was using the full disk encryption tool DiskCryptor to strongly encrypt the data. Any attempts to install or run this encryption program and its associated files should be prevented.

Ransomware 142

Ransomware Encryption File names Passwords 142

Security Affairs

AUGUST 25, 2023

The malicious code triangulates the positions of the infected systems using nearby Wi-Fi access points as a data point for Google’s geolocation API. The Google Geolocation API is a legitimate service that triangulates a system’s location using collected Wi-Fi access points and mobile network data and returns coordinates. .”

File names 88

File names Access Encryption IT 88

Security Affairs

AUGUST 23, 2023

This downloader was used to install the Korplug backdoor on the infected systems. “The downloader attempted to download a file named update.zip from the following location: [link] continues the report. “The update.zip file is a zlib compressed archive file. This file is not saved on disk.

File names 74

File names Encryption Archiving Information Security 74

Security Affairs

MARCH 11, 2019

AZORult is a data stealer that was first spotted in 2016 by Proofpoint that discovered it was it was part of a secondary infection via the Chthonic banking trojan. In October a new version of the info-stealer appeared in the wild, it is able to steal more data, including other types of cryptocurrencies. exe and executed it.

Encryption 83

Encryption Ransomware Passwords File names 83

Security Affairs

MARCH 19, 2022

. “The decryptor requires access to a file pair consisting of one encrypted file and the original, unencrypted version of the encrypted file to reconstruct the encryption keys needed to decrypt the rest of your data. This file must be roughly 20KB or larger in size. ” reads the guide for the decryptor.

Ransomware 84

Ransomware File names Encryption Cybersecurity 84

Security Affairs

JANUARY 19, 2019

Cybersecurity expert Marco Ramilli has analyzed the huge trove of data, called Collection #1, that was first disclosed by Troy Hunt. Few weeks ago I wrote about “ How Data Breaches Happen “, where I shared some public available “pasties” within apparently (not tested) SQLi vulnerable websites. PARTIAL Analysis of Collection #1.

Data breaches 83

Data breaches Passwords File names Sales 83

Security Affairs

JUNE 26, 2021

On June 14th, Altus Group, a commercial real estate software solutions firm, disclosed a security breach, now Hive ransomware gang leaked its files. On June 14th, Altus Group, a commercial real estate software solutions company, has announced that its data was breached. A week later, they reported “no evidence of impact”.

Ransomware 94

Ransomware File names Archiving Encryption 94

Security Affairs

FEBRUARY 16, 2024

Talos also discovered previously undetected PowerShell dubbed “TurlaPower-NG ” that was designed for data exfiltration. killme” : Create a BAT file (see below) with a name based on the current tick count. ” reads the report published by Cisco Talos. The report includes indicators of compromise (IoCs).

CMS 96

CMS File names Passwords Access 96

Security Affairs

MARCH 2, 2020

. “Attached to each email is a ZIP archive with a name formatted as with only the #s changing,” reads the advisory published by IBM X-Force IRIS. “The hash of the file contained within each of these archives remains the same and is associated with a highly obfuscated JavaScript file named LOVE_YOU.

Ransomware 116

Ransomware File names Archiving Encryption 116

Security Affairs

JULY 6, 2020

The second database that may be from Shanghai Yanhua Smartech has even more sensitive data, such as easily-decoded audio files, names, employee ID numbers, heart rates, oxygen levels, GPS locations and more. Most of these records are for vehicle GPS locations and tracks, facility data, and people’s GPS tracks.

Passwords 73

Passwords File names Access Phishing 73

Security Affairs

JANUARY 7, 2022

Once encrypted a file, the ransomware appends the ‘ nightsky ‘ extension to encrypted file names. According to BleepingComputer , the group demanded one of its victims, the payment of an initial ransom of $800,000 to recover the encrypted data. Program Files Program Files (x86) #recycle.

Ransomware 125

Ransomware Encryption File names Communications 125

Security Affairs

JANUARY 12, 2022

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. “Some telemetry data is shown below. The malicious code can also act as a first-stage malware.

Manufacturing 129

Manufacturing File names Archiving Encryption 129

Security Affairs

AUGUST 18, 2023

Each of the archives we were able to retrieve consists of a legitimate executable vulnerable to DLL search order hijacking, a malicious DLL that gets sideloaded by the executable when started, and an encrypted data file named agent.data.” ” reads the analysis published by SentinelOne. IP-based geolocation service.

Archiving 88

Archiving File names Encryption Passwords 88

Security Affairs

DECEMBER 22, 2022

This group focuses on public school districts and other educational institutions, like other ransomware gangs it implements a double extortion model and publishes data stolen from the victims on a data leak site. The malware dropped ransom notes with the file name “AllYFilesAE” in each encrypted directory.

Ransomware 118

Ransomware Encryption File names Education 118

Security Affairs

AUGUST 5, 2019

Recently a data-wiping malware tracked as GermanWiper has been targeting German organizations, the malicious code is pushed via phishing messages. GermanWiper is being distributed in Germany through spam messages that pretend to be emails sent by a job applicant named Lena Kretschmer that is submitting her resume. Pierluigi Paganini.

Ransomware 65

Ransomware Encryption File names Archiving 65

Security Affairs

JULY 15, 2022

. “The ransomware searches for files to encrypt on the local system by enumerating the file directories using FindFirstFileW() and FindNextFileW() API functions. It ignores the file extensions such as EXE, DLL, and SYS and excludes a list of directory and file names from the encryption process.”

Ransomware 120

Ransomware Encryption File names Risk 120

Security Affairs

JUNE 30, 2022

The agency released an executable along with a user manual that provides step-by-step instructions to recover encrypted data for free. Hive ransomware uses a hybrid encryption scheme, but uses its own symmetric cipher to encrypt files. The ransomware generates 10MiB of random data, and uses it as a master key.

Ransomware 104

Ransomware Cybersecurity Encryption Blockchain 104

Security Affairs

JUNE 6, 2023

In an unprecedented move, the group is also offering a separate information-stealer malware that can be used to steal sensitive data from infected systems. This Go-Based info-stealer was developed to target specific files in both Windows and Linux. The data is then exfiltrated to the attacker’s server.”

Ransomware 69

Ransomware Encryption Archiving File names 69

Security Affairs

MAY 26, 2019

Perceptics, a maker of vehicle license plate scanning solutions used in the US, has been hacked, attackers stole data and offered for free on the dark web. The company was hacked and attackers stole data and offered business plans, financial documents, and personal information for free on the dark web. Pierluigi Paganini.

File names 64

File names Data breaches Manufacturing Cybersecurity 64

Schneier on Security

MAY 4, 2022

Customized versions of the backdoor that use file names and creation dates that are similar to legitimate files used on a specific infected device. This makes detection through traditional means difficult. Unpacking this threat group is difficult.

IoT 98

IoT File names Encryption Access 98

Security Affairs

FEBRUARY 25, 2019

The ransom encrypts all files and renames them by appending. rontok extension to the file names. According to the popular malware researcher Michael Gillespie , when the B0r0nt0K ransomware encrypts a file it will base64 the encrypted data. ” reported Bleeping Computer. Tweets by demonslay335.

Ransomware 89

Ransomware File names Encryption Access 89

Security Affairs

MARCH 30, 2023

The company started distributing digitally signed Trojanized installers to its customers “The trojanized 3CXDesktopApp is the first stage in a multi-stage attack chain that pulls ICO files appended with base64 data from Github and ultimately leads to a 3rd stage infostealer DLL still being analyzed as of the time of writing.”

File names 82

File names Manufacturing Libraries Cybersecurity 82

Security Affairs

SEPTEMBER 27, 2019

The Avest ransomware encrypts victim’s files and appends the extension “ ckey().email().pack14” txt” that the ransomware drops on the infected systems: "Problems with your data? pack14” to the filename. Below the text of the ransom note “!! ! Contact us: data1992@protonmail [. ]

Ransomware 69

Ransomware File names Encryption Security 69

Security Affairs

APRIL 18, 2021

“The attack begins with a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth).” ” The attack used a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth). .

File names 73

File names Archiving Passwords Communications 73

Security Affairs

FEBRUARY 17, 2022

Upon opening the executable, the malicious code will install DLL files and create shortcut links to self-administer. “Starting in January 2022, Avanan observed how hackers are dropping malicious executable files in Teams conversations. Avanan has seen thousands of these attacks per month.” ” concludes the report.

File names 138

File names Phishing Data breaches Access 138

Security Affairs

JUNE 3, 2023

The Royal ransomware is written in C++, it infected Windows systems and deletes all Volume Shadow Copies to prevent data recovery. ReadMe file name: README.BlackSuit.txt. BlackSuit ransomware operators also set up a data leak site. similarities in jumps based on BinDiff, a comparison tool for binary files.”

Ransomware 92

Ransomware Encryption File names Cybersecurity 92

Security Affairs

DECEMBER 26, 2020

data security breach.” “None of our patients’ payment card details have been compromised but at this stage, we understand that some of our patients’ personal data may have been accessed.” Stolen data includes personal data of customers along with intimate photos of these customers.

Ransomware 110

Ransomware Personal data File names Security 110

Security Affairs

MARCH 15, 2020

Cloudflare Workers allow users to run JavaScript in Cloudflare’s data centers. Researchers from MalwareHunterTeam discovered a suspicious RAR file named “COVID-19-” that was being distributed online, likely through phishing emails. "Important "Important – COVID-19.rar"

Communications 106

Communications File names Archiving Phishing 106

Security Affairs

JUNE 5, 2021

Nucleus Software declared that it does not store customers’ financial data. “The WHOIS information for the domain reveals that the domain of the BlackCocaine ransomware was registered on May 28, 2021” The researchers reported that a file named a.BlackCocaine was recently submitted to different public sandboxes. .”

Ransomware 119

Ransomware Encryption File names Financial Services 119

Security Affairs

JULY 24, 2021

The malicious code was designed to wipe certain file types (DOTM, DOTX, PDF, CSV, XLS, XLSX, XLSM, PPT, PPTX, PPTM, JTDC, JTTC, JTD, JTT , TXT, EXE, LOG) in the user’s personal Windows folder. The malware only targets data under the Users folder, likely because it was designed to infect users who do not have administrator privileges.

File names 137

File names Access Security IT 137