Security Affairs

JUNE 19, 2023

The first file identified by the experts is “shared.dat”, once executed it generates a unique device identifier UID and uses a routine to check the OS running on the target machine. The files connect to the C2 server to receive additional commands to execute. . that is later compiled to a file named /tmp/.ICE-unix/git

File names 96

File names Archiving IT Security 96

Security Affairs

SEPTEMBER 10, 2023

The vendor advertised the applications are the fastest apps that use a distributed network of data processing centers around the world. The package includes the code to steal sensitive data and process the incoming message. The collected information is then encrypted and cached into a temporary file named tgsync.s3.

File names 117

File names Personal data Encryption Security 117

AIIM

JULY 8, 2021

Don’t, however, lose sight of the fact that information scattered across a dispersed workforce can significantly raise the risk of a data breach or other security concerns. This strategy can help keep project files organized among team members and aid in the disposition of documents once a project has been completed.

File names 201

File names Data breaches Risk Privacy 201

Security Affairs

MAY 7, 2021

CyberNews researchers found more than 29,000 unprotected databases worldwide that are still publicly accessible, leaving close to 19,000 terabytes of data exposed to anyone, including threat actors. The fact that thousands of open databases are exposing data is not new. Most organizations use databases to store sensitive information.

Passwords 123

Passwords Authentication Access File names 123

Security Affairs

JUNE 29, 2023

Fortinet FortiGuard Labs discovered a previously undetected information stealer named ThirdEye. Fortinet started investigating the threat after the discovery of an archive file with a file name in Russian, “Табель учета рабочего времени.zip” (“time sheet” in English). Then the malware sends collected data to C2 server.

File names 78

File names Archiving IT Security 78

Security Affairs

MARCH 11, 2023

The PlugX backdoor has been used since 2008 by multiple China-linked APT groups, including Mustang Panda , Winnti , and APT41 In the attacks observed by ASEC, once exploited the vulnerability, threat actors executed a PowerShell command to create a file named esetservice.exe.

File names 81

File names Security IT Information Security 81

Security Affairs

MARCH 26, 2021

The first sample of Mamba Ransomware discovered in the wild was using the full disk encryption tool DiskCryptor to strongly encrypt the data. “Once encrypted, the system displays a ransom note including the actor’s email address, ransomware file name, the host system name, and a place to enter the decryption key.”

Ransomware 143

Ransomware Encryption File names Passwords 143

Security Affairs

FEBRUARY 24, 2022

Yesterday, researchers from cybersecurity firms ESET and Broadcom’s Symantec discovered a new data wiper malware that was employed in a recent wave of attacks that hit hundreds of machines in Ukraine. New information shared by Symantec on the data wiper attacks revealed that, in some cases, threat actors used a GoLang-based ransomware decoy.

Ransomware 88

Ransomware File names Cybersecurity Security 88

Security Affairs

MAY 20, 2021

The RAT was designed to steal data from victims while masquerading as a ransomware attack. The Java-based STRRAT RAT was distributed in a massive spam campaign, the malware shows ransomware-like behavior of appending the file name extension.crimson to files without actually encrypting them. crimson extension.

Ransomware 117

Ransomware File names Encryption Passwords 117

DLA Piper Privacy Matters

MARCH 20, 2023

This document provides guidance on the conditions applicable to the use of this technology which presents high risks to the data subjects’ right to privacy. Given the sensitiveness of such file, the related processing activities represent a high risk for data subjects. management of data subjects’ rights).

Computer and Electronics 52

Computer and Electronics IT File names Access 52

Security Affairs

AUGUST 25, 2023

The malicious code triangulates the positions of the infected systems using nearby Wi-Fi access points as a data point for Google’s geolocation API. The Google Geolocation API is a legitimate service that triangulates a system’s location using collected Wi-Fi access points and mobile network data and returns coordinates. .”

File names 86

File names Access Encryption IT 86

Security Affairs

AUGUST 23, 2023

This downloader was used to install the Korplug backdoor on the infected systems. “The downloader attempted to download a file named update.zip from the following location: [link] continues the report. “The update.zip file is a zlib compressed archive file. This file is not saved on disk.

File names 72

File names Encryption Archiving Information Security 72

Security Affairs

NOVEMBER 1, 2023

It also leverages multiple threads and a queue to corrupt files concurrently, enhancing its speed and reach. Its actions include overwriting files, renaming them with a random string containing “BiBi,” and excluding certain file types from corruption.” ” reads the analysis published by Security Joes.

File names 100

File names IT Security Information Security 100

Security Affairs

JUNE 1, 2023

“The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data” reads the analysis published by Kaspersky. . The backups contain a partial copy of the filesystem, including part of the user data and service databases.

File names 73

File names IT Security Information Security 73

Security Affairs

APRIL 15, 2024

The first Python payload creates and executes another Python script (“system.pth”), which then decrypts and launches the embedded backdoor component, that executes the attackers’s command in a file named “sslvpn_ngx_error.log.” CVE-2024-3400 (CVSS score of 10.0)

File names 112

File names Access Authentication IT 112

Schneier on Security

JULY 8, 2021

After writing a base-64-encoded payload to a file named agent.crt the dropper executed it. […]. The ransomware dropper Agent.exe is signed with a Windows-trusted certificate that uses the registrant name “PB03 TRANSPORT LTD.” Note that this is yet another supply-chain attack.

Ransomware 140

Ransomware File names Encryption Access 140

Security Affairs

MARCH 19, 2022

“The decryptor requires access to a file pair consisting of one encrypted file and the original, unencrypted version of the encrypted file to reconstruct the encryption keys needed to decrypt the rest of your data. This file must be roughly 20KB or larger in size. ” reads the guide for the decryptor.

Ransomware 82

Ransomware File names Encryption Cybersecurity 82

Security Affairs

FEBRUARY 16, 2024

Talos also discovered previously undetected PowerShell dubbed “TurlaPower-NG ” that was designed for data exfiltration. get” : Fetch a file specified by the C2 using an HTTP GET request and write it to the specified location on disk. post” : Exfiltrate a file from the victim to the C2, e.g., post C:some_file.bin.

CMS 98

CMS File names Passwords Access 98

Security Affairs

JUNE 26, 2021

On June 14th, Altus Group, a commercial real estate software solutions firm, disclosed a security breach, now Hive ransomware gang leaked its files. On June 14th, Altus Group, a commercial real estate software solutions company, has announced that its data was breached. A week later, they reported “no evidence of impact”.

Ransomware 96

Ransomware File names Archiving Encryption 96

Security Affairs

JANUARY 7, 2022

Once encrypted a file, the ransomware appends the ‘ nightsky ‘ extension to encrypted file names. The gang has also set up a leak site on the Tor network where it will publish files stolen to the victims that will not pay the ransom. Program Files Program Files (x86) #recycle.

Ransomware 123

Ransomware Encryption File names Communications 123

Security Affairs

JANUARY 12, 2022

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. “Some telemetry data is shown below. The malicious code can also act as a first-stage malware.

Manufacturing 127

Manufacturing File names Archiving Encryption 127

Security Affairs

MARCH 11, 2019

AZORult is a data stealer that was first spotted in 2016 by Proofpoint that discovered it was it was part of a secondary infection via the Chthonic banking trojan. AZORult is a data stealer that was first spotted in 2016 by Proofpoint that discovered it was it was part of a secondary infection via the Chthonic banking trojan.

Encryption 82

Encryption Ransomware Passwords File names 82

Security Affairs

JULY 19, 2018

Thousands of account credentials associated with the popular file storage service Mega have been published online, The former NSA hacker Patrick Wardle, co-founder at Digita Security , discovered in June a text file containing over 15,500 usernames, passwords, and files names. ” read the post published by ZDNet.

IT 46

IT Data breaches File names Passwords 46

Security Affairs

DECEMBER 22, 2022

This group focuses on public school districts and other educational institutions, like other ransomware gangs it implements a double extortion model and publishes data stolen from the victims on a data leak site. The malware dropped ransom notes with the file name “AllYFilesAE” in each encrypted directory.

Ransomware 120

Ransomware Encryption File names Education 120

Security Affairs

JULY 15, 2022

“Based on our analysis of the attack data, a majority of attackers are attempting to upload a zip file named a57bze8931.zip. When attackers are successful at uploading the zip file, a single file named a57bze8931.php “This file is an uploader under the control of the attacker.

File names 110

File names Security Information Security IT 110

Security Affairs

MARCH 2, 2020

. “The hash of the file contained within each of these archives remains the same and is associated with a highly obfuscated JavaScript file named LOVE_YOU. Nemty ransomware first appeared on the threat landscape in August 2019, the name of the malware comes after the extension it adds to the encrypted file names.

Ransomware 114

Ransomware File names Archiving Encryption 114

Security Affairs

JULY 6, 2020

The second database that may be from Shanghai Yanhua Smartech has even more sensitive data, such as easily-decoded audio files, names, employee ID numbers, heart rates, oxygen levels, GPS locations and more. Most of these records are for vehicle GPS locations and tracks, facility data, and people’s GPS tracks.

Passwords 73

Passwords File names Access Phishing 73

Security Affairs

JUNE 3, 2023

The Royal ransomware is written in C++, it infected Windows systems and deletes all Volume Shadow Copies to prevent data recovery. The Royal ransomware is written in C++, it infected Windows systems and deletes all Volume Shadow Copies to prevent data recovery. ReadMe file name: README.BlackSuit.txt. Extension: blacksuit.

Ransomware 90

Ransomware Encryption File names Cybersecurity 90

Security Affairs

FEBRUARY 17, 2022

In the attacks observed by the experts, threat actors inserted a.exe file called “User Centric” into a chat in an attempt to trick participants into opening it. Upon opening the executable, the malicious code will install DLL files and create shortcut links to self-administer. ” concludes the report. Pierluigi Paganini.

File names 139

File names Phishing Data breaches Access 139

Security Affairs

JANUARY 19, 2019

Cybersecurity expert Marco Ramilli has analyzed the huge trove of data, called Collection #1, that was first disclosed by Troy Hunt. Few weeks ago I wrote about “ How Data Breaches Happen “, where I shared some public available “pasties” within apparently (not tested) SQLi vulnerable websites. PARTIAL Analysis of Collection #1.

Data breaches 83

Data breaches Passwords File names Sales 83

Security Affairs

MARCH 30, 2023

The company started distributing digitally signed Trojanized installers to its customers “The trojanized 3CXDesktopApp is the first stage in a multi-stage attack chain that pulls ICO files appended with base64 data from Github and ultimately leads to a 3rd stage infostealer DLL still being analyzed as of the time of writing.”

File names 81

File names Manufacturing Libraries Cybersecurity 81

Security Affairs

DECEMBER 26, 2020

data security breach.” “None of our patients’ payment card details have been compromised but at this stage, we understand that some of our patients’ personal data may have been accessed.” Stolen data includes personal data of customers along with intimate photos of these customers.

Ransomware 112

Ransomware Personal data File names Security 112

Security Affairs

JUNE 30, 2022

The agency released an executable along with a user manual that provides step-by-step instructions to recover encrypted data for free. Hive ransomware uses a hybrid encryption scheme, but uses its own symmetric cipher to encrypt files. The ransomware generates 10MiB of random data, and uses it as a master key.

Ransomware 106

Ransomware Cybersecurity Encryption Blockchain 106

Security Affairs

JUNE 6, 2023

In an unprecedented move, the group is also offering a separate information-stealer malware that can be used to steal sensitive data from infected systems. This Go-Based info-stealer was developed to target specific files in both Windows and Linux. The data is then exfiltrated to the attacker’s server.”

Ransomware 67

Ransomware Encryption Archiving File names 67

Security Affairs

APRIL 18, 2021

“The attack begins with a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth).” ” The attack used a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth). .

File names 75

File names Archiving Passwords Communications 75

Security Affairs

JANUARY 16, 2023

In order to determine if s T95 Android TV Box has been infected, the researcher recommends checking the presence of a folder named: /data/system/Corejava. and a file named. data/system/shared_prefs/open_preference.xml ? They are stealing your data and (unless you can watch DNS logs) do so without a trace!”

Cleanup 94

Cleanup File names Sales Passwords 94

Security Affairs

MARCH 1, 2019

defense contractors , financial services firms, and a national data center in Central Asia. The cyber spies delivered the threat in multiple ways, including malicious Word documents leveraging Dynamic Data Exchange (DDE), manual deployment via stolen credentials, or via a redirect from a strategic web compromise (SWC). Windows NT 6.3;

IT 77

IT File names Financial Services Communications 77