Security Affairs

SEPTEMBER 27, 2019

The Avest ransomware encrypts victim’s files and appends the extension “ ckey().email().pack14” ransomware to decrypt their files for free.

Ransomware 110

Ransomware Encryption File names Access 110

Information Management Resources

JUNE 7, 2018

MyHeritage received a message from a researcher who unearthed a file named 'myheritage' containing email addresses and encrypted passwords of nearly all of its users on a private server outside the company. Hacking Data security Cyber security Cyber attacks

File names 28

File names Encryption Passwords IT 28

Security Affairs

FEBRUARY 25, 2019

The ransom encrypts all files and renames them by appending. rontok extension to the file names. According to the popular malware researcher Michael Gillespie , when the B0r0nt0K ransomware encrypts a file it will base64 the encrypted data.

Ransomware 114

Ransomware Encryption File names Access 114

Security Affairs

MAY 26, 2019

Last week, a hacker that goes online with the moniker ‘Boris Bullet-Dodger’ reported the hack to The Register and showing it a list of files as proof of the attack.

File names 100

File names Manufacturing Cybersecurity Access 100

Security Affairs

DECEMBER 27, 2018

” In the attempt to deceive the victims, attackers used the internal file name “Baidu PC Faster” and the “Baidu WiFi Hotspot Setup” in the description of the file.

File names 114

File names IT Security 114

Security Affairs

OCTOBER 6, 2018

“This application handles file names incorrectly when the user uploads a media file. ” The third flaw directory-traversal vulnerability tracked as CVE-2018-16594 that relates to the way the Photo Sharing Plus app handles file names. The application handles file names incorrectly when receiving a user’s input file via uploading a URL. A attacker can upload an arbitrary file with a crafted file name (e.g.: /./)

File names 87

File names IoT IT Security 87

Security Affairs

SEPTEMBER 7, 2019

The infection caused the encrypted files to appear in the Google search results. The ransomware encrypts files and appends the. lilocked extension to the file name, then it drops a ransom note named # README.

Ransomware 109

Ransomware Encryption File names IT 109

Security Affairs

OCTOBER 11, 2019

Good news for the victims of the Nemty Ransomware , security researchers have released a free decryptor that could be used to recover files. The decryptor currently supports only a limited number of file extensions, anyway, researchers are working to improve it and support other file types.

Ransomware 113

Ransomware Encryption File names IT 113

Security Affairs

MAY 21, 2019

ransomware, thanks to experts at Emsisoft they can decrypt their file for free. Researchers found notable callouts in two different malware samples naming ID Ransomware and several prominent malware researchers: “:HI SIRI, DEMONSLAY AND AMIIIIGO!!! “Its files have the “.[ID-<numbers>][<email>].JSWORM”

Encryption 108

Encryption File names Cybersecurity Ransomware 108

Security Affairs

APRIL 8, 2019

Researchers at Emsisoft developed a decryptor for the Planetary Ransomware family that could allow victims to decrypt their files for free. The latest variant of the Planetary malware appends the.mira extension to the names of the encrypted files. The ransom note, named !!!READ_IT!!!

Ransomware 113

Ransomware Encryption File names IT 113

Security Affairs

AUGUST 26, 2019

The name of the ransomware comes after the extension it adds to the encrypted file names, the malicious code also deletes their shadow copies to make in impossible any recovery procedure.

Ransomware 114

Ransomware Encryption File names IT 114

Security Affairs

DECEMBER 20, 2018

The last Windows zero-day flaw disclosed by SandboxEscaper is an arbitrary file read vulnerability that could be exploited by a low-privileged user or a malicious program to read the content of any file on a Windows system.

File names 114

File names IT Security 114

Security Affairs

AUGUST 23, 2019

“However, when we encountered Asruex in a PDF file, we found that a variant of the malware can also act as an infector particularly through the use of old vulnerabilities CVE-2012-0158 and CVE-2010-2883 , which inject code in Word and PDF files respectively.”

File names 112

File names Phishing Encryption IT 112

Security Affairs

MARCH 29, 2019

This messages warned the users about imminent summons against them, inviting them to read the attached lawsuit, a not so innocent looking file named “ Avviso del tribunale.jar ”. The JAR file seems to be corrupted due to the absence of some classes. Encrypted file content.

Encryption 113

Encryption File names Archiving IT 113

Security Affairs

NOVEMBER 27, 2018

A new malspam campaign hit Italy in this days, threat actors are spreading a new variant of a powerful downloader named sLoad. As usual, it comes as a zip file attached to an e-mail, this file contains two elements: A fake shortcut to directory (.lnk

File names 114

File names IT Security 114

Security Affairs

MARCH 28, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The malicious code allows the attackers to download and execute files on the infected machine.

Libraries 111

Libraries Archiving File names Education 111

Security Affairs

FEBRUARY 23, 2019

Once the malware has infected a system drops two plain text files, one is a ransom note called “_FILES_ENCRYPTED_README.txt,” which gives information to the victim on what has happened and instruction to pay the ransom. The second text file named “_cr1ptt0r_support.txt”

Ransomware 113

Ransomware Encryption File names Libraries 113

Security Affairs

JULY 22, 2019

The fake profiles asked the victims to open the weaponized excel file named ERFT-Details. It supports several commands for collecting system information, uploading and downloading files, and arbitrary shell command execution.

Phishing 113

Phishing File names Passwords Communications 113

Security Affairs

APRIL 28, 2019

Trend Micro researchers also discovered that the latest variant of the AESDDoS bot can modify files i.e., /etc/ rc. local , as an autostart technique by appending the {malware path } /{malware file name} reboot command. A new variant of the AESDDoS bot is exploiting a recent vulnerability in the Atlassian collaborative software Confluence.

File names 87

File names Encryption Risk IT 87

Security Affairs

JUNE 15, 2019

“A batch file first executes the WinEggDrop scanner (s.exe), which tries port 2375 on various hosts with Chinese IP address ranges specified in the ip.txt file.”

Mining 114

Mining File names Access Communications 114

Security Affairs

FEBRUARY 19, 2019

The phishing email contains a.zip file named “slavneft.zakaz.zip”, which means something like “slavneft order” in English, showing a direct reference to “Slavneft”. It contains a russian speaking JavaScript file named “«??? «??? «?????????» ??????????? ??????”,

Ransomware 104

Ransomware Mining CMS Encryption 104

Security Affairs

JULY 31, 2019

The list of flaws includes OS Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site Request Forgery, Small Space of Random Values, Cross-site Scripting, Exposure of Backup file to Unauthorized Control Sphere, Improper Authentication, and Use of Hard-coded Credentials.

Access 103

Access Authentication File names Manufacturing 103

Security Affairs

AUGUST 5, 2019

GermanWiper is being distributed in Germany through spam messages that pretend to be emails sent by a job applicant named Lena Kretschmer that is submitting her resume. Once infected a system, the GermanWiper deletes files and leaves a ransom note asking for the payment of BTC 0.15038835.

Ransomware 101

Ransomware Encryption File names Phishing 101

Security Affairs

OCTOBER 28, 2019

The name of the ransomware comes after the FSociety hacking collective in the Mr. Robot tv series. “For example, when encrypting files FuxSocy will skip files whose file path contain certain strings.

Ransomware 52

Ransomware Encryption File names IT 52

Security Affairs

MAY 28, 2019

The ransomware also drops on the Desktop 10 text files, named README1.txt through README10.txt, “Attention! All the important files on your disks were encrypted. The details can be found in README.txt files which you can find on any of your disks.”

Ransomware 111

Ransomware File names Encryption Education 111

Security Affairs

MAY 29, 2019

Once successfully logged in with administrative privileges, threat actors execute a sequence of MS-SQL commands that allow them to download malicious payload from a remote file server and execute it with SYSTEM privileges. start”) in the name of the script initiating port scans.”

Mining 111

Mining File names Cybersecurity IT 111

Security Affairs

JUNE 4, 2019

Hash 5555a3292bc6b6e7cb61bc8748b21c475b560635d8b0cc9686b319736c1d828e Threat Gamaredon Pteranodon implant Brief Description SFX file Ssdeep 24576:PXwOrRsTyuURQFsVhIe74lpyevrM4vZxn6k1gQ Guo:PgwRAyuURQ2/1YpyeT7ok8. Information about initial SFX file. Script content in “ 15003.cmd ” file.

Archiving 107

Archiving Passwords File names Military 107

Security Affairs

APRIL 2, 2019

The following graph shows different types of threats that were distributed with this approach, the Shade ransomware was the most common one: Compromises websites delivering the Shade/Troldesh ransomware, included three types of files, namely HTML, ZIP, and EXE files masquerading as.jpg images.

CMS 114

CMS Ransomware Phishing Encryption 114

Security Affairs

MAY 29, 2019

Hash 0c88e285b6fc183c96b6f03ca5700cc9ca7c83dfccc6ad14a946d1868d1cc273 Threat Dropper Brief Description Excel file with malicious macro Ssdeep 3072:Mc38TehYTdeHVhjqabWHLtyeGxml8/dgzxXYhh3vVYwrq 8/P5HKuPF1+bkm13Kkf:B38TehYTdeHVhjqabWHLty/xml8/dgNr. Files contained in “wprgxyeqd79.exe” (SFX).

IT 107

IT Retail File names Archiving 107

Security Affairs

MARCH 11, 2019

“These tasks include showing a fake Windows Update screen, disabling Windows Defender, and blocking access to security sites by adding entries to Windows’s HOSTS file.” The post STOP ransomware encrypts files and steals victim’s data appeared first on Security Affairs.

Encryption 112

Encryption Ransomware Passwords File names 112

Security Affairs

FEBRUARY 5, 2019

The security researcher Alex Inführ discovered a severe remote code execution vulnerability in LibreOffice and Apache OpenOffice that could be exploited by tricking victims into opening an ODT (OpenDocument Text) file embedding an event embedded.

File names 114

File names Libraries IT Security 114

John Battelle's Searchblog

OCTOBER 14, 2019

Something’s been bugging me about Tik Tok. I’ve almost downloaded it about a dozen times over the past few months. But I always stop short. I don’t have a ton of time ( here’s why ) so forgive me as I resort to some short form tricks here.

Artificial Intelligence 99

Artificial Intelligence File names Paper Government 99

Security Affairs

JANUARY 4, 2019

The new version of NRSMiner updates existing infections by downloading new modules and removing files and services installed by old previous versions. This malicious code first installs a service named snmpstorsrv , with snmpstorsrv.dll registered as servicedll.

Mining 112

Mining File names IT Access 112

Security Affairs

NOVEMBER 10, 2019

According to screenshots shared by some customers on Twitter, the piece of ransomware that infected the company appends the “ kjhbx ” file extension to each file name it encrypts.

Ransomware 52

Ransomware Encryption File names IT 52

Security Affairs

NOVEMBER 20, 2018

Hackers used weaponized files named ‘crash list (Lion Air Boeing 737).docx’ Sofacy APT group (aka APT28 , Pawn Storm , Fancy Bear , Sednit , Tsar Team, and Strontium ) has a new weapon in its arsenal dubbed Cannon.

Phishing 111

Phishing File names Communications Access 111

Security Affairs

NOVEMBER 7, 2019

Attackers have devised a new technique to distribute malware bypassing secure email gateways and other security solutions by using a specially crafted ZIP file. “The ZIP file had a file size significantly greater than that of its uncompressed content.

Archiving 52

Archiving File names Security IT 52

Security Affairs

JULY 19, 2018

Thousands of account credentials associated with the popular file storage service Mega have been published online, The former NSA hacker Patrick Wardle, co-founder at Digita Security , discovered in June a text file containing over 15,500 usernames, passwords, and files names. Found file on VirusTotal w/ 15K+ Mega accounts (user names/passwords & users' file listings). File listings included files names describing child abuse content.

File names 62

File names Passwords Authentication Encryption 62