Expert insights. Personalized for you.
File names Related Topics 
Dark Reading
NOVEMBER 4, 2022
Threat actors continue to push malicious Python packages to the popular PyPI service, striking with typosquatting, authentic sounding file names, and hidden imports to fool developers and steal their information
Threatpost
MAY 21, 2021
Microsoft Security discovered malicious PDFs that download Java-based StrRAT, which can steal credentials and change file names but doesn't actually encrypt.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
AUGUST 9, 2022
Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022. My objective with this series of articles is to show examples of malicious file analysis that I presented during my lecture on BSides-Vitória 2022.
Security Affairs
JULY 13, 2022
“Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel (XLM) 4.0
Schneier on Security
JANUARY 26, 2022
There’s a new ransomware that targets NAT devices made by QNAP: The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a.deadbolt file extension.
Schneier on Security
MAY 9, 2022
Most email newsletters you get include an invisible “image,” typically a single white pixel, with a unique file name. Apple Mail now blocks email trackers by default.
Security Affairs
MAY 20, 2021
Microsoft warns of a malware campaign that is spreading a RAT dubbed named STRRAT masquerading as ransomware. This RAT is infamous for its ransomware-like behavior of appending the file name extension.crimson to files without actually encrypting them.
Information Management Resources
JUNE 7, 2018
MyHeritage received a message from a researcher who unearthed a file named 'myheritage' containing email addresses and encrypted passwords of nearly all of its users on a private server outside the company. Hacking Data security Cyber security Cyber attacks
Security Affairs
OCTOBER 24, 2022
Upon clicking the “DOWNLOAD” button, the executable file named “AcroRdrDCx642200120169_uk_UA.exe” will be downloaded to the machine. Running the above executable will decode and run the “rmtpak.dll” DLL file which is the ROMCOM RAT.
Schneier on Security
JULY 8, 2021
After writing a base-64-encoded payload to a file named agent.crt the dropper executed it. […]. The ransomware dropper Agent.exe is signed with a Windows-trusted certificate that uses the registrant name “PB03 TRANSPORT LTD.”
Security Affairs
NOVEMBER 10, 2022
” The researchers discovered an Arbitrary File Write vulnerability, an attacker can exploit the issue to control the msPKIAccountCredentials LDAP attribute and add a malicious Roaming Token entry where the identifier string contains directory traversal characters.
Security Affairs
MARCH 26, 2021
Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. Mamba leverages a disk-level encryption strategy instead of the conventional file-based one. Payment does not guarantee files will be recovered.
Security Affairs
MARCH 2, 2020
“Attached to each email is a ZIP archive with a name formatted as with only the #s changing,” reads the advisory published by IBM X-Force IRIS. The ransomware deletes shadow copies of encrypted files to make in impossible any recovery procedure.
Security Affairs
APRIL 2, 2020
Upon execution, the wiper drops a series of helper files into a temporary folder, including a BAT file named “coronovirus Installer,” which is responsible for most of the setup work. The BAT file creates a hidden folder named COVID-19, then move the dropped files to it.
Security Affairs
SEPTEMBER 2, 2022
The Uptycs Threat Research team recently observed an Executable and Linkable Format ( ELF ) ransomware which encrypts the files inside Linux systems based on the given folder path. Once the folder path is given, it starts encrypting files present inside the folder.
Security Affairs
OCTOBER 13, 2022
The binary, which has the default name vf_host.exe, is usually renamed by the attackers in order to masquerade as a more innocuous file. Masqueraded names included securityhealthservice.exe, secu.exe, vfhost.exe, vxhost.exe, vx.exe, and v.exe.”
Security Affairs
OCTOBER 18, 2022
To prevent analysis, the malware also cleans up created artifacts, overwriting the content of the dropped wlbsctrl.dll file before deleting it. China-linked threat actors APT41 (a.k.a. Winnti ) targeted organizations in Hong Kong, in some cases remaining undetected for a year.
Security Affairs
JUNE 8, 2022
The flaw is a path traversal flaw that can be exploited to save any files to any locations on the file system (in line with the permissions of the current user) before the integrity of the package is checked. diagcab files at all, so users of these services could be potential targets.
Security Affairs
MARCH 19, 2022
Cybersecurity firm Emsisoft released a free decryptor that allows the victims of the Diavol ransomware to recover their files without paying a ransom. Cybersecurity firm Emsisoft has released a free decryption tool to help Diavol ransomware victims recover their files without paying a ransom.
Schneier on Security
MAY 4, 2022
Customized versions of the backdoor that use file names and creation dates that are similar to legitimate files used on a specific infected device. Mandiant is reporting on a new botnet.
Security Affairs
MARCH 17, 2022
The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability. Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel.
Security Affairs
APRIL 5, 2022
The messages use the HTML-file “War criminals of the Russian Federation.htm” as attachment. Upon opening the file, a RAR-archive named “Viyskovi_zlochinci_RU.rar” is created. .
Security Affairs
SEPTEMBER 22, 2022
The script also downloads a binary file named ko, which exploits the PwnKit vulnerability to escalate the privilege to the root user, while the binary file downloads the ap.sh shell script for the next actions.
Security Affairs
JULY 15, 2022
Cyble researchers warn of three new ransomware operations named Lilith, RedAlert and 0mega targeting organizations worldwide. Researchers from threat intelligence firm Cyble warn of new ransomware gangs that surfaced recently, named Lilith, RedAlert, and 0mega. log), swap files(.vswp),
Security Affairs
OCTOBER 6, 2018
“This application handles file names incorrectly when the user uploads a media file. ” The third flaw directory-traversal vulnerability tracked as CVE-2018-16594 that relates to the way the Photo Sharing Plus app handles file names. The application handles file names incorrectly when receiving a user’s input file via uploading a URL. A attacker can upload an arbitrary file with a crafted file name (e.g.: /./)
Security Affairs
JANUARY 7, 2022
Once encrypted a file, the ransomware appends the ‘ nightsky ‘ extension to encrypted file names. The gang has also set up a leak site on the Tor network where it will publish files stolen to the victims that will not pay the ransom.
Security Affairs
SEPTEMBER 12, 2022
“On September 11, 2022, the bad actors who previously published a list of file names from this security incident to the dark web, posted the actual contents of the same files to the same location on the dark web.
AIIM
JULY 8, 2021
This strategy can help keep project files organized among team members and aid in the disposition of documents once a project has been completed. Discovering content on an employee’s workstation by examining meta-data criteria such as file name, type, or age.
Security Affairs
APRIL 18, 2021
“The attack begins with a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth).”
Security Affairs
OCTOBER 21, 2021
The Macaw Locker ransomware encrypts victims’ files and append the .macaw macaw extension to the file name of the encrypted files.
Security Affairs
JUNE 30, 2022
In February a team of researchers from Kookmin University (South Korea) discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files.
Security Affairs
SEPTEMBER 22, 2022
A user-assisted remote attacker can trigger the issue to overwrite arbitrary files via a. ”The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the “.”
eSecurity Planet
JULY 1, 2022
The name “ZuoRAT” is based on the Chinese word for “left” (after the actor’s file name, “asdf.a”, which suggests a keyboard progression of the left hand).
Security Affairs
FEBRUARY 7, 2022
Cybersecurity firm Avast has released a decryption tool to allow victims of TargetCompany ransomware to recover their files for free. ” The password cracking process is only needed once per PC, there is no need to repeat it for each file.
Security Affairs
JULY 17, 2020
Almost every file into the raw folder is malicious so I strongly recommend you to neither open these files, nor misuse the code to prank your friends. NB: Large File System Hahead. This folder is tracked by using Git Large File System since many files are bigger than 100MB.
Security Affairs
FEBRUARY 17, 2022
In the attacks observed by the experts, threat actors inserted a.exe file called “User Centric” into a chat in an attempt to trick participants into opening it. Upon opening the executable, the malicious code will install DLL files and create shortcut links to self-administer.
Security Affairs
OCTOBER 27, 2021
Researchers from cybersecurity firm Avast released a decryption tool for Babuk ransomware that allows victims to recover their files for free. Cybersecurity firm Avast has released a decryption tool for Babuk ransomware that allows victims to recover their files for free.
Security Affairs
NOVEMBER 26, 2019
Layers of obfuscation, encryption, and the use of randomized file names hid the installation process. Polymorphic techniques involve frequently changing identifiable characteristics like file names and types, encryption keys and other artifacts.
Security Affairs
MARCH 15, 2020
Researchers from MalwareHunterTeam discovered a suspicious RAR file named “COVID-19-” that was being distributed online, likely through phishing emails. "Important The RAR archive contains a file named “Important – COVID-19” that displays a Word icon.
Security Affairs
JUNE 5, 2021
“The WHOIS information for the domain reveals that the domain of the BlackCocaine ransomware was registered on May 28, 2021” The researchers reported that a file named a.BlackCocaine was recently submitted to different public sandboxes.
84 
Let's personalize your content