Security Affairs

SEPTEMBER 12, 2019

Iran-linked Cobalt Dickens APT group carried out a spear-phishing campaign aimed at tens of universities worldwide. This operation is similar to the threat group’s August 2018 campaign , using compromised university resources to send library-themed phishing emails.” and Switzerland.

Phishing 83

Phishing Libraries File names Metadata 83

Security Affairs

JUNE 18, 2020

Researchers uncovered a recent campaign carried out by the InvisiMole group that has been targeting a small number of high-profile organizations. The group has been active since at least 2013, ESET experts linked the group to the Gamaredon Russian APT group Gamaredon despite considers the two crews independent.

Military 90

Military Communications Libraries Encryption 90

eSecurity Planet

AUGUST 8, 2023

. “Modern cryptography management and cryptographic agility are becoming increasingly more essential for businesses of all sizes; however, there has been a distinct lack of open-source tools for developers to support these features,” Graham Steel, head of product for the company’s Quantum Security Group, said in a statement.

Encryption 77

Encryption Cybersecurity Libraries Access 77

Security Affairs

SEPTEMBER 24, 2023

Researchers discovered a previously undocumented sophisticated backdoor, named Deadglyph, used by the Stealth Falcon group for espionage in the Middle East ESET researchers discovered a very sophisticated and unknown backdoor, named Deadglyph, employed by the Stealth Falcon group for espionage in the Middle East.

Libraries 128

Libraries Encryption Security IT 128

Security Affairs

OCTOBER 13, 2022

The Budworm espionage group resurfaced targeting a U.S.-based This is the first time that Symantec researchers have observed the Budworm group targeting a U.S-based The group also targeted a hospital in South East Asia. The China-linked APT27 group has been active since 2010, it targeted organizations worldwide, including U.S.

File names 138

File names Financial Services Manufacturing Libraries 138

Security Affairs

OCTOBER 10, 2019

The researchers believe that the threat actor behind Attor a state-sponsored group involved in highly targeted attacks on selected targets. The malware implements a modular structure with a dispatcher and loadable plugins, all of which are implemented as dynamic-link libraries (DLLs). ” reads the analysis published by ESET.

Communications 84

Communications Encryption Metadata Libraries 84

Security Affairs

OCTOBER 13, 2023

The APT group was discovered in June 2022 by Kaspersky which linked it to a series of attacks aimed at high-profile entities in Europe and Asia since at least December 2020. The CurKeep payload is very small, it is 10kb in size, contains 26 functions and is not statically compiled with any library.

Government 114

Government IT Encryption Libraries 114

Security Affairs

JANUARY 11, 2022

Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems.

Ransomware 113

Ransomware Libraries File names Encryption 113

Security Affairs

OCTOBER 25, 2022

The group used a variety of attack methods, including malspam campaigns, vulnerable RDP servers, and compromised VPN credentials. The most important change in the latest Hive variant is the encryption mechanism it adopts. key files.

Ransomware 99

Ransomware Blockchain Encryption Data breaches 99

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Security 98

Security Libraries Data breaches Ransomware 98

Security Affairs

JANUARY 2, 2022

Y2k22 bug in Microsoft Exchange causes failure in email delivery Security Affairs most-read cyber stories of 2021 PulseTV discloses potential credit card breach The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched How to implant a malware in hidden (..)

Security 103

Security Ransomware Libraries Data breaches 103

Security Affairs

OCTOBER 16, 2022

Microsoft pointed out that this campaign was not connected to any of the 94 currently active ransomware activity groups that it is tracking. MSTIC has not yet attributed the attacks to a known threat group, meantime, it is tracking the campaign as DEV-0960.

Ransomware 99

Ransomware Encryption Libraries Access 99

Security Affairs

MAY 9, 2020

North Korea-linked Lazarus APT group employed a Mac variant of the Dacls Remote Access Trojan (RAT) in recent attacks. The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This library has been used by several threat actors.”

Libraries 90

Libraries Communications Encryption Authentication 90

Security Affairs

SEPTEMBER 3, 2020

The Evilnum APT group has added a new weapon to its arsenal, it is a Python-based spy RAT, dubbed PyVil, designed to target FinTech organizations. The Evilnum APT group was first spotted in 2018 while using the homonym malware. The second layer of Python code decodes and loads to memory the main RAT and the imported libraries.

Phishing 144

Phishing Encryption File names Metadata 144

eSecurity Planet

MAY 10, 2022

The researchers said it’s clearly the work of an advanced threat actor but they could not attribute the campaign to a known APT group. The system uses DLL (Dynamic Link Library) files to store some resources the application needs and will load automatically. Also read: How Cobalt Strike Became a Favorite Tool of Hackers.

Encryption 100

Encryption Libraries Communications Security 100

Security Affairs

JANUARY 11, 2019

Victims of the PyLocky Ransomware can use a tool released by security researcher Mike Bautista at Cisco Talos group to decrypt their files for free. The good news is that security researcher Mike Bautista at Cisco Talos group released a decryption tool that allows them to decrypt their files for free.

Ransomware 107

Ransomware Encryption Passwords Libraries 107

Security Affairs

OCTOBER 27, 2022

DEV-0950 group used Clop ransomware to encrypt the network of organizations previously infected with the Raspberry Robin worm. The experts noticed that threat actors tracked as DEV-0950 used Clop ransomware to encrypt the network of organizations previously infected with the worm. exe to execute a malicious command.

Ransomware 103

Ransomware Access Encryption Manufacturing 103

Security Affairs

FEBRUARY 7, 2021

Hackers abuse Plex Media servers for DDoS amplification attacks TeamTNT group uses Hildegard Malware to target Kubernetes Systems Experts found critical flaws in Realtek Wi-Fi Module Packaging giant WestRock is still working to resume after recent Ransomware Attack Watch out!

Security 79

Security Ransomware Encryption Libraries 79

Security Affairs

SEPTEMBER 13, 2022

A cyber espionage group targets governments and state-owned organizations in multiple Asian countries since early 2021. The attackers used Dynamic-link library (DLL) side-loading to deliver the malicious code. In some cases, the arbitrary shellcode is encrypted.” ” continues the report.

Government 96

Government Access Libraries Education 96

Security Affairs

FEBRUARY 10, 2020

The good news is that according to the Agency, data was encrypted, it also added that Google and Adobe were not able to see the CP R numbers. “Google Hosted Libraries have been designed to remove all information that allows identifying users before logging on. ” states the Government Agency. ” explained Kruse.

Encryption 119

Encryption Libraries Access Government 119

Security Affairs

JULY 8, 2023

Iran-linked APT group tracked TA453 has been linked to a new malware campaign targeting both Windows and macOS systems. That system identifier is then encrypted with the NokNok function and base64 encoded before being used as the payload of an HTTP POST to library-store.camdvr[.]org.” ” continues the analysis.

Archiving 98

Archiving Cloud File names Metadata 98

Security Affairs

OCTOBER 23, 2022

Daixin Team targets health organizations with ransomware, US agencies warn Threat actors exploit critical flaw in VMware Workspace ONE Access to drop ransomware, miners EnergyAustralia Electricity company discloses security breach Experts warn of CVE-2022-42889 Text4Shell exploit attempts CISA adds Linux kernel flaw CVE-2021-3493 to its Known Exploited (..)

Security 74

Security Data breaches Ransomware Retail 74

Security Affairs

JANUARY 3, 2022

The systems at the company were infected with the Phoenix Locker, a variant of ransomware tracked as Hades that was part of the arsenal of the cybercrime group known as Evil Corp. Because the tool was too slow, the company used its backups to restore the systems.

Ransomware 124

Ransomware Cybersecurity Access Insurance 124

Elie

MARCH 17, 2018

This file is encrypted with a hardcoded [XOR encryption] function. This encryption is used to escape the signatures that detect the code that Gooligan borrows from previous malware. Encrypting malicious payload is a very old malware trick that has been used by. Android malware. since at least 2011. publicly shared code.

Encryption 82

Encryption Libraries Ransomware Marketing 82

Elie

MARCH 17, 2018

This file is encrypted with a hardcoded [XOR encryption] function. This encryption is used to escape the signatures that detect the code that Gooligan borrows from previous malware. Encrypting malicious payload is a very old malware trick that has been used by. Android malware. since at least 2011. publicly shared code.

Encryption 82

Encryption Libraries Ransomware Marketing 82

Security Affairs

NOVEMBER 11, 2018

Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain. Group-IB and CryptoIns introduce the worlds first insurance against cyber threats for cryptocurrency exchanges. Apache Struts users have to update FileUpload library to fix years-old flaws. Shellbot Botnet Targets IoT devices and Linux servers.

Security 66

Security IoT Insurance Libraries 66

Security Affairs

SEPTEMBER 5, 2021

If you want to also receive for free the international press subscribe here.

Security 58

Security Agriculture Ransomware Libraries 58

Security Affairs

AUGUST 25, 2019

A backdoor mechanism found in tens of Ruby libraries. China-linked APT41 group targets US-Based Research University. million to allow towns to access encrypted data. Malware Analysis Sandboxes could expose sensitive data of your organization. 5 Ways to Protect Yourself from IP Address Hacking. Texas attackers demand $2.5

Security 53

Security Mining Data breaches Libraries 53

IT Governance

FEBRUARY 14, 2023

Likewise, if cyber criminals encrypt the organisation’s files in a ransomware attack, they will face major disruption. Its asset library assigns organisational roles to each asset group, applying relevant potential threats and risks by default. Availability can also apply to a specific employee’s ability to view information.

IT 105

IT Risk GDPR Information Security 105

ForAllSecure

FEBRUARY 2, 2022

Guido Vranken returns to The Hacker Mind to discuss his CryptoFuzz tool on GitHub, as well as his experience fuzzing and finding vulnerabilities in cryptographic libraries and also within cryptocurrencies such as Ethereum. Fortunately, in this episode, we’re discussing vulnerabilities in both. It’s not a secret.

Libraries 52

Libraries Blockchain Mining Encryption 52

Security Affairs

FEBRUARY 12, 2024

The experts exploited the vulnerability to reconstruct encryption keys and developed a decryptor that allows victims of the Rhysida ransomware to recover their encrypted data for free. Rhysida ransomware employed a secure random number generator to generate the encryption key and subsequently encrypt the data.

Ransomware 118

Ransomware Encryption Paper Manufacturing 118

Security Affairs

FEBRUARY 21, 2020

We noticed that the TTP of the group is almost the same leveraging a weaponized document with a fake certificate of request of an Indian public fund. The two dll are legit windows library and are used in support of the malicious behaviour. The downloaded code has been encrypted through the Rijndael algorithm with a hard-coded key.

Military 127

Military Communications Encryption IT 127

Security Affairs

FEBRUARY 5, 2021

The TeamTNT hacker group has been employing a new piece of malware, dubbed Hildegard, to target Kubernetes installs. The hacking group TeamTNT has been employing a new piece of malware, dubbed Hildegard, in a series of attacks targeting Kubernetes systems. Uses a known Linux process name (bioset) to disguise the malicious process.

Mining 110

Mining Libraries Encryption Access 110

Security Affairs

JANUARY 29, 2019

Then, all the information is encoded in Base64 and sent to the C2 through the “ connect ” function, using a SSL encrypted HTTP channel. This last code snippet is likely borrowed from a publicly available AutoIT library script called “ CompInfo.au3 ”: an AutoIt interface to access the Windows Management Instrumentation framework’s data.

Communications 86

Communications Libraries Encryption Security 86

Security Affairs

NOVEMBER 1, 2019

The vulnerabilities, tracked as CVE-2019-13720 and CVE-2019-13721, reside respectively in Chrome’s audio component and in the PDFium library. “[$7500][ 1013868 ] High CVE-2019-13721: Use-after-free in PDFium. Reported by banananapenguin on 2019-10-12[$TBD][ 1019226 ] High CVE-2019-13720: Use-after-free in audio.

Libraries 64

Libraries Encryption Security IT 64

Security Affairs

AUGUST 23, 2018

Turla is the name of a Russian cyber espionage APT group (also known as Waterbug, Venomous Bear and KRYPTON) that has been active since at least 2007 targeting government organizations and private businesses. This is a binary blob with a special format that contains encrypted commands for the backdoor ,” reads the report released by ESET.

Metadata 50

Metadata Military Libraries Access 50

Thales Cloud Protection & Licensing

JUNE 19, 2018

An example they shared was timely, “the Inclusion of malware in organization code via malware injection in code library”. Hackers are a group of people with a deep curiously of how things work, how they can be made better, and they have high levels of creativity. This was a clever group that liked to razz each other a bit.

Risk 59

Risk Security Digital transformation Blockchain 59