eSecurity Planet

JULY 1, 2022

Security researchers have uncovered an unusually sophisticated malware that has been targeting small office/home office (SOHO) routers for nearly two years, taking advantage of the pandemic and rapid shift to remote work. See The Best Wi-Fi 6 Routers Secure and Fast Enough for Business. State-Sponsored Hacking Campaign.

File names 117

File names Access Communications Security 117

Security Affairs

FEBRUARY 25, 2019

The ransom encrypts all files and renames them by appending. rontok extension to the file names. “The file’s name will also be renamed by encrypting the filename, base64 encoding it, url encoding it, and finally appending the.rontok extension to the new file name. Pierluigi Paganini.

Ransomware 93

Ransomware File names Encryption Access 93

IT Governance

AUGUST 10, 2021

Welcome to August’s review of phishing scams, in which we look at criminals’ latest tactics and provide examples of successful frauds. Security researchers at Microsoft are again warning users about phishing scams imitating SharePoint. Microsoft issues alert about “crafty” phishing scams. Can you spot a scam? Can you spot a scam?

Phishing 111

Phishing File names Security Risk 111

Security Affairs

JANUARY 11, 2022

The gang has also set up a leak site on the Tor network where it will publish files stolen to the victims that will not pay the ransom. Researchers from MalwareHunterteam first spotted the ransomware family, once encrypted a file, the ransomware appends the ‘. nightsky ‘ extension to encrypted file names. trendmrcio[.]com,

Ransomware 103

Ransomware Libraries File names Encryption 103

Security Affairs

APRIL 24, 2021

Telegram is a legitimate service and enterprise AV engines and security solutions trust its traffic. “The bot is embedded into the ToxicEye RAT configuration file and compiled into an executable file (an example of a file name we found was ‘paypal checker by saint.exe’). Pierluigi Paganini.

Communications 121

Communications File names Encryption Education 121

Security Affairs

JANUARY 21, 2021

.” Microsoft added that additional attacker tactics, anti-forensic behavior, and operational security allowed them to avoid detection and outstand for operations security (OpSec) best practices. ADFIND legit tool) and placed them in folders that mimicked existing programs and files already present on a machine. .”

File names 114

File names Metadata Data collection Security 114

AIIM

AUGUST 26, 2021

Storing important information in a secure and compliant way. Often, you can make some good initial decisions right away by examining things like file name, path name, and file extensions before you attempt to migrate, read, or index the content itself. Using that information in ways that matter.

Digital transformation 200

Digital transformation Search queries Artificial Intelligence Healthcare 200

Security Affairs

JULY 14, 2021

. “The archive contains two malicious DLL libraries as well as two legitimate executables that sideload the DLL files. We found multiple archives like this with file names of government entities in Myanmar, for example “COVID-19 Case 12-11-2020(MOTC).rar” ” reads the analysis published by Kaspersky.

Archiving 98

Archiving File names Government Libraries 98

OneHub

DECEMBER 17, 2020

In addition to costing your company money and stressing out your employees, a poor file structure can jeopardize the security of your files and make onboarding new hires a messy process. Onehub users can use Workspaces as a top-level folder and house all relevant files within that Workspace. Tips for file names.

File names 52

File names Archiving Marketing Cloud 52

AIIM

OCTOBER 30, 2017

Finally, automated scan workflows can define the document destination for example, a third party repository, an on-premise shared folder or line of business application. Consistent document capture and file naming. Another area that lends itself to mixed results is in file naming structure.

e-Delivery 89

e-Delivery File names Compliance ECM 89

Security Affairs

MAY 29, 2020

Figure1: Email vector example. Thus, once clicked, it allows this malicious document to execute a malicious file named HimeraLoader.exe. For this reason, we strongly advise companies to adapt and enhance their cyber security perimeter to resist the new volumes and types of cyber attacks we are experiencing these days.

File names 91

File names Phishing IT Marketing 91

Security Affairs

MARCH 3, 2020

The Kimsuky APT group has been analyzed by several security teams. Hash 757dfeacabf4c2f771147159d26117818354af14050e6ba42cc00f4a3d58e51f Threat Kimsuky loader Brief Description Scr file, initial loader Ssdeep 12288:APWcT1z2aKqkP/mANd2JiEWKZ52zfeCkIAYfLeXcj6uuLl:uhT1z4q030JigZUaULeXc3uLl. Figure 1: tweet on 28 February 2020. Conclusion.

IT 129

IT File names Libraries Communications 129

Security Affairs

DECEMBER 5, 2021

The installer has many different file names. For example: viber-25164.exe, The most likely are the sale of RDP access, the use of RDP to work around online service security features based on IP address or other endpoint installed tools or the use of RDP for further exploitation on systems that appear interesting to the attacker.”

Sales 86

Sales File names Passwords Encryption 86

Security Affairs

OCTOBER 31, 2020

Recently, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn of a surge of Emotet attacks that have targeted multiple state and local governments in the U.S. Researchers from Microsoft Security Intelligence are also warning of the ongoing Halloween-themed Emotet campaign. since August. Mail: XXXXXXXXX.

File names 107

File names Libraries Ransomware Security 107

Security Affairs

OCTOBER 13, 2018

Security experts from Palo Alto Networks warn of fake Adobe Flash update hiding a miner that works as legitimate update and really update the software. ” The fake Adobe Flash updates use file names starting with AdobeFlashPlayer that are hosted on cloud-based web servers that don’t belong to Adobe.

File names 80

File names Education Cloud Risk 80

eSecurity Planet

JUNE 1, 2023

If not, the record will need to be manually named: Syntax: _dmarc.<domain Of course, while the DMARC record can be published easily and is only a text file, some will underestimate how easy it can be to make a mistake. In our example, “pct=100” requires that 100% of all mail that fails the DMARC check gets rejected.

Authentication 98

Authentication Marketing File names IT 98

Security Affairs

JULY 6, 2020

The second database that may be from Shanghai Yanhua Smartech has even more sensitive data, such as easily-decoded audio files, names, employee ID numbers, heart rates, oxygen levels, GPS locations and more. Examples of data in the second database. Both databases are now closed. What was in the database? Pierluigi Paganini.

Passwords 80

Passwords File names Access Phishing 80

Security Affairs

JANUARY 15, 2020

Both Satan and 5ss5c have an exclusion list of files that are not encrypted by the malicious codes, the list of the new ransomware include additional files like the one associated with Qih00 360 security solutions (i.e. 360download and 360safe files). The ransom demand will double after 48 hours. Pierluigi Paganini.

Ransomware 70

Ransomware File names Encryption Security 70

Adam Shostack

JUNE 14, 2020

pem”) files which were subsequently renamed to the text file “pense1.txt”. This file is next saved as a portable executable file named “gup.exe” and executed using a version of the certutil.exe tool named “Temptcm.tmp”.). For example, we can see in their figure 6 the use of cmd.

File names 52

File names Privacy IT Security 52

Security Affairs

DECEMBER 17, 2019

” The experts found evidence that links the Dacls RAT to the Lazarus Group hackers, for example, the download server ‘ thevagabondsatchel[.]com The name Dacls comes from its file name and the hard-coded strings, the malware has a modular structure that could extend its capabilities by loading plugins. .

CMS 76

CMS File names Encryption Access 76

Krebs on Security

MARCH 3, 2020

Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly removed the unauthorized code.

Insurance 277

Insurance File names Risk Marketing 277

Security Affairs

OCTOBER 28, 2019

“For example, when encrypting files FuxSocy will skip files whose file path contain certain strings. ” The expert also noticed that the FuxSocy ransomware also scrambles the file name and extensions used by encrypted files in a way similar as the Cerber threat. . Pierluigi Paganini.

Ransomware 46

Ransomware Encryption File names IT 46

OneHub

AUGUST 17, 2021

regular staff meetings to keep employees updated on their progress toward these goals and highlight positive examples of teams working together to make this happen. Online storage and file sharing. If your company isn’t already using online file storage, now is the perfect time to start. Try our free 14-day trial today !

Cloud 52

Cloud File names Access Education 52

Security Affairs

FEBRUARY 28, 2019

Security expert Marco Ramilli analyzed a new piece of malware apparently designed to target PIK-Group that implements ransomware , Trojan, and Miner capabilities. So I clicked on the link (see IOC section) and I’ve downloaded a “pik.zip” file. For example, after encryption, the file “1.jpg” 135DB21A6CE65DAEFE26.crypted000007”.

Ransomware 77

Ransomware Mining File names Encryption 77

Security Affairs

JANUARY 28, 2020

The recently discovered Snake Ransomware has been targeting processes and files associated with industrial control systems (ICS). Security experts from SentinelOne reported that the recently discovered Snake Ransomware has been targeting processes and files associated with industrial control systems (ICS). Pierluigi Paganini.

Ransomware 89

Ransomware Energy and Utilities Manufacturing Encryption 89

Security Affairs

MAY 29, 2019

Example of junk instructions used in macro. Once the macro is executed, the malware downloads two files from “kentona[.su”, If the host is successfully reached, the script renames a file named “kernel.dll”, obviously not the real one, in “uninstall.exe”, another misleading name. cloudflare[.com” Pierluigi Paganini.

IT 69

IT Retail Archiving File names 69

Security Affairs

JUNE 8, 2019

Security experts at Cisco Talos uncovered a series of highly targeted attacks, tracked as Frankenstein campaign, hackers used tools built by combining four different open-source techniques. One example of this was the code overlap in the VPNFilter malware that allowed us to associate the activity with the BlackEnergy malware.”

File names 61

File names Encryption Security IT 61

Security Affairs

JUNE 8, 2019

Security experts at Cisco Talos uncovered a series of highly targeted attacks, tracked as Frankenstein campaign, hackers used tools built by combining four different open-source techniques. One example of this was the code overlap in the VPNFilter malware that allowed us to associate the activity with the BlackEnergy malware.”

File names 55

File names Encryption Security IT 55

Security Affairs

OCTOBER 24, 2019

For example, the “Common SMB module” that was part of the WannaCry Ransomware (2017) was similar to the code used the malware Mydoom (2009), Joanap , and DeltaAlfa. The post Experts attribute NukeSped RAT to North Korea-Linked hackers appeared first on Security Affairs. Pierluigi Paganini.

Encryption 42

Encryption File names Ransomware IT 42

Security Affairs

SEPTEMBER 4, 2019

Figure 4: Content of “key” file contained in “C:ProgramData”. During the encryption phase, JSWorm writes a suspicious file named “key.Infection_ID.JSWRM” in “C:ProgramData”.It It contains the AES key used to encrypt the files. The following figure shows an example of the encrypted key. The Encryption Scheme. .

Ransomware 81

Ransomware Encryption File names Libraries 81

eSecurity Planet

AUGUST 10, 2023

Here are our picks for the top threat intelligence feeds that security teams should consider adding to their defensive arsenal: AlienVault Open Threat Exchange: Best for community-driven threat feeds FBI InfraGard: Best for critical infrastructure security abuse.ch

Cybersecurity 95

Cybersecurity Access Metadata Energy and Utilities 95

Troy Hunt

APRIL 19, 2018

Let's start with this video as it pretty succinctly explains the issue in consumer-friendly terms: VIDEO: Nova Scotia's government is accusing a 19-year-old of breaching their government website's security ~ Privacy experts disagree. In summary, improperly secured publicly facing data shouldn't be viewed as a free for all.

Access 70

Access File names Government IT 70

Security Affairs

JULY 23, 2019

Recently, our threat monitoring operations pointed us to an interesting file named “ Lucio Dalla Discografia Completa ”: this file pretends to be a collection of the discography of a famous I talian singer, but it actually hides malicious intents. . Code Snippet 1: Copy of the files in a subfolder. tmp” and “64.tmp”,

Archiving 74

Archiving Mining File names Risk 74

Security Affairs

JULY 30, 2018

The messages used employment-related subjects such as “About a role” and “Job Application,” while the malicious attached documents used file names in the format of “firstname.surname_resume.doc”. For example: if there are cookies or saved passwords from mysite.com, then download and run the file link[.]com/soft.exe.

Passwords 48

Passwords File names Ransomware IT 48

Security Affairs

OCTOBER 28, 2019

Security expert Marco Ramilli published a quick analysis of an interesting attack carried out by SWEED threat actor targeting precision engineering firms in Italy. According to VT history detection the same hash has been seen with at least three different names: educrety.exe , prestezza.exe and cardsharper.exe. Introduction.

Passwords 45

Passwords Encryption File names Military 45

Security Affairs

MARCH 17, 2020

The script creates a new file named “ pinumber.vbs ” and starts filling it with the instructions through the “echo” function appending the strings to the next vbs stage. After that, all the information about compromised machine are sent over the HTTP protocol using a GET method: Figure 9: Example of communication with the C2.

Archiving 128

Archiving Passwords Encryption IT 128

Security Affairs

MAY 7, 2019

The executable sample is a PE32 x86 file named “tester.exe”. For example, using the WFSExecute function it is possible to send one of the supported commands to the dispenser, like OPEN_SHUTTER or OPEN_SAFE_DOOR. The post ATMitch: New Evidence Spotted In The Wild appeared first on Security Affairs. Technical Analysis.

Libraries 62

Libraries e-Discovery Communications File names 62