Security Affairs

FEBRUARY 21, 2023

Last week, Fortinet has released security updates to address two critical vulnerabilities in FortiNAC and FortiWeb solutions. is an external control of file name or path in the keyUpload scriptlet of FortiNAC. The vulnerability was internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team. “An

File names 98

File names Archiving Access Cybersecurity 98

Security Affairs

MARCH 11, 2023

Researchers at ASEC (AhnLab Security Emergency response Center) observed threat actors deploying the PlugX malware by exploiting vulnerabilities in the Chinese remote control software Sunlogin and Awesun. esetservice.exe is actually a legitimate HTTP Server Service program made by the security firm ESET.

File names 94

File names Security IT Information Security 94

Security Affairs

JULY 13, 2022

“Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel (XLM) 4.0 ThreatLabz reported that the attackers are using various different file names to disguise attachments designed to deliver Qakbot.

File names 123

File names Archiving Compliance IT 123

Security Affairs

FEBRUARY 23, 2023

Last week, Fortinet has released security updates to address two critical vulnerabilities in FortiNAC and FortiWeb solutions. is an external control of file name or path in the keyUpload scriptlet of FortiNAC. The vulnerability was internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team. “An

Honeypots 96

Honeypots File names Cybersecurity Security 96

Security Affairs

JUNE 29, 2023

Fortinet FortiGuard Labs discovered a previously undetected information stealer named ThirdEye. Fortinet started investigating the threat after the discovery of an archive file with a file name in Russian, “Табель учета рабочего времени.zip” (“time sheet” in English). Then the malware sends collected data to C2 server.

File names 91

File names Archiving IT Security 91

Security Affairs

DECEMBER 6, 2023

However, if the iPhone was previously compromised, the security feature cannot block the malware from running in the background, whether the user activates Lockdown Mode or not Upon turning on the feature in the Settings app, the method -[PUILockdownModeController setLockdownModeGloballyEnabled:] is triggered.

File names 116

File names IT Security Access 116

Security Affairs

SEPTEMBER 10, 2023

“When receiving a message, uploadTextMessageToService collects its contents, chat/channel title and ID, as well as sender’s name and ID. The collected information is then encrypted and cached into a temporary file named tgsync.s3. The app sends this temporary file to the command server at certain intervals.”

File names 125

File names Personal data Encryption Security 125

Security Affairs

AUGUST 23, 2023

EsafeNet is owned by Chinese information security firm NSFOCUS. This downloader was used to install the Korplug backdoor on the infected systems. “The downloader attempted to download a file named update.zip from the following location: [link] continues the report. It decompresses and executes a file named content.dll.

File names 87

File names Encryption Archiving Information Security 87

Security Affairs

MAY 31, 2023

Researchers from firmware security firm Eclypsium have discovered a suspected backdoor-like behavior within Gigabyte systems. ” Firmware security firm Eclypsium said it first detected the anomaly in April 2023. .” ” Firmware security firm Eclypsium said it first detected the anomaly in April 2023.

File names 97

File names Risk Passwords Security 97

Security Affairs

FEBRUARY 29, 2024

The ZIP archive contains an HTA file named wine.hta that contains obfuscated JavaScript code. The ZIP archive contains an HTA file named wine.hta that contains obfuscated JavaScript code. The PDF included a link to a fake questionnaire that redirects users to a mailcious ZIP archive hosted on a compromised site.

Archiving 110

Archiving File names IT Information Security 110

eSecurity Planet

MAY 24, 2023

By implementing DKIM, an organization improves the reputation of its own emails and enables receiving email servers to improve their own email security. DKIM deploys as text files in an organization’s hosted Domain Name Service (DNS) record, but the standard can be complex to deploy correctly and maintain.

Encryption 73

Encryption Security Authentication File names 73

Security Affairs

MAY 20, 2021

Microsoft warns of a malware campaign that is spreading a RAT dubbed named STRRAT masquerading as ransomware. Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. If the extension is removed, the files can be opened as usual.”

Ransomware 131

Ransomware File names Encryption Passwords 131

Security Affairs

JUNE 19, 2023

The first file identified by the experts is “shared.dat”, once executed it generates a unique device identifier UID and uses a routine to check the OS running on the target machine. The files connect to the C2 server to receive additional commands to execute. . that is later compiled to a file named /tmp/.ICE-unix/git

File names 98

File names Archiving IT Security 98

Security Affairs

FEBRUARY 10, 2024

The researchers noticed that the backdoor contained a plist file named ‘test’. RustDoor is written in Rust language and supports multiple features. The malware impersonates a Visual Studio update and was designed to support Intel and Arm architectures. ” reads the report published by Bitdefender. ” concludes the report.

Ransomware 124

Ransomware File names Passwords IT 124

Security Affairs

MARCH 17, 2024

The experts noticed that this campaign was named “gitgub” by its operators. The analysis of the content used to inflate the file allowed the researcher to determine its actual size of 3.43 The file is utilized as a loader for the RisePro info-stealer (version 1.6). All unique passwords are stored in a file named “brute.txt”.

Passwords 114

Passwords File names Archiving Cybersecurity 114

Security Affairs

MARCH 26, 2021

The researchers shared a detailed analysis on Security Affairs , they explained that once the malware has infected a Windows machine, it overwrites the existing Master Boot Record, with a custom MBR and encrypts the hard drive using the DiskCryptor tool. ” reads the alert published by the FBI. hard drive, storage device, the cloud).

Ransomware 144

Ransomware Encryption File names Passwords 144

AIIM

JULY 8, 2021

Don’t, however, lose sight of the fact that information scattered across a dispersed workforce can significantly raise the risk of a data breach or other security concerns. At Gimmal, we regularly talk to IT, security, and privacy professionals across a broad portfolio of industries. Applying retention rules (i.e.,

File names 200

File names Data breaches Risk Privacy 200

Security Affairs

APRIL 9, 2023

The flaw was reported by the security researcher Seongil Wi from South Korean security firm KAIST WSP Lab. ” Wi also published two proof-of-concept (PoC) exploits for this vulnerability that can be used to escape the sandbox to create an empty file named “flag” on the host. .”

Libraries 78

Libraries File names Education Cybersecurity 78

Security Affairs

FEBRUARY 16, 2024

Turla operators used the scripts to exfiltrate keys used to secure the password databases of popular password management software. get” : Fetch a file specified by the C2 using an HTTP GET request and write it to the specified location on disk. post” : Exfiltrate a file from the victim to the C2, e.g., post C:some_file.bin.

CMS 113

CMS File names Passwords Access 113

Security Affairs

SEPTEMBER 2, 2022

The ELF file we found itself is new, but the Onion link found in the ransomware binary appears to be down, indicating that this new Linux-targeted ransomware might still be under development. Once the folder path is given, it starts encrypting files present inside the folder. Figure 2: DarkAngels ransomware in action. Conclusion.

Ransomware 142

Ransomware Encryption File names IT 142

Security Affairs

APRIL 5, 2022

Ukraine CERT-UA published a security advisory to warn of spear-phishing attacks conducted by Russia-linked Armageddon APT (aka Gamaredon , Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) targeting local state organizations. Upon opening the file, a RAR-archive named “Viyskovi_zlochinci_RU.rar” is created. .

Military 121

Military Phishing File names Archiving 121

Security Affairs

OCTOBER 22, 2023

” A Vietnamese group observed by the researchers used very similar lures and delivery methods in different attacks attempting to deliver: DarkGate Ducktail Lobshot Redline stealer The attack chain began with the download of a file named “Salary and new products.8.4.zip” zip” and the execution of the content.

File names 114

File names Archiving IT Access 114

Security Affairs

MARCH 2, 2020

Security experts uncovered an ongoing campaign delivering Nemty Ransomware via emails disguised as messages from secret lovers. “The hash of the file contained within each of these archives remains the same and is associated with a highly obfuscated JavaScript file named LOVE_YOU. Pierluigi Paganini.

Ransomware 128

Ransomware File names Archiving Encryption 128

Security Affairs

MAY 29, 2019

If the host is successfully reached, the script renames a file named “kernel.dll”, obviously not the real one, in “uninstall.exe”, another misleading name. If the host is successfully reached, the script renames a file named “kernel.dll”, obviously not the real one, in “uninstall.exe”, another misleading name.

IT 71

IT Retail Archiving File names 71

Security Affairs

APRIL 2, 2020

SonicWall’s security researchers have discovered a new piece of malware that exploits the current COVID19 outbreak to render computers unusable by overwriting the master boot record (MBR). The BAT file creates a hidden folder named COVID-19, then move the dropped files to it. ” continues the analysis.

File names 118

File names Access IT Security 118

Security Affairs

JANUARY 7, 2022

Once encrypted a file, the ransomware appends the ‘ nightsky ‘ extension to encrypted file names. The gang has also set up a leak site on the Tor network where it will publish files stolen to the victims that will not pay the ransom. Program Files Program Files (x86) #recycle.

Ransomware 137

Ransomware Encryption File names Communications 137

Security Affairs

FEBRUARY 17, 2022

Starting in January 2022, security researchers from Avanan observed attackers compromising Microsoft Teams accounts attach malicious executables to chat and infect participants in the conversation. Upon opening the executable, the malicious code will install DLL files and create shortcut links to self-administer. Pierluigi Paganini.

File names 143

File names Phishing Data breaches Access 143

Security Affairs

MARCH 31, 2023

Threat actors are actively exploiting a high-severity flaw in the Elementor Pro WordPress plugin used by more than eleven million websites WordPress security firm PatchStack warns of a high-severity vulnerability in the Elementor Pro WordPress plugin that is currently being exploited by threat actors in the wild. 193.169.195.64 194.135.30.6

File names 98

File names Authentication Education Access 98

Security Affairs

APRIL 18, 2021

“The attack begins with a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth).” ” The attack used a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth). .

File names 84

File names Archiving Passwords Communications 84

Security Affairs

MAY 26, 2023

The infection chain commenced with spear phishing messages using a zip file named Brochure.zip in attachment. ” The backdoor connects to the Exchange server and sends the computer name, base64-encoded, to a mailbox to indicate it’s running. “The PowerShell script is a custom backdoor. ” concludes the report.

Communications 95

Communications File names Archiving Phishing 95

Security Affairs

MARCH 19, 2022

“The decryptor requires access to a file pair consisting of one encrypted file and the original, unencrypted version of the encrypted file to reconstruct the encryption keys needed to decrypt the rest of your data. This file must be roughly 20KB or larger in size. ” reads the guide for the decryptor.

Ransomware 95

Ransomware File names Encryption Cybersecurity 95

Security Affairs

AUGUST 25, 2023

In turn the server reply with a success message and a secret unique identifier that is saved in a file named “%APPDATA%Roamingwlanstr-12.bin.” ” Whiffy Recon checks for the WLAN AutoConfig service (WLANSVC) on the infected system and terminates itself if the service name doesn’t exist.

File names 96

File names Access Encryption IT 96

Security Affairs

FEBRUARY 3, 2023

The attack chain starts with spear-phishing messages with a.RAR attachment named “12-1-125_09.01.2023.” The.RAR archive contains the.LNK file named “Запит Служба безпеки України 12-1-125 від 09.01.2023.lnk” lnk” (“Request of the Security Service of Ukraine 12-1-125 dated 09.01.2023.lnk”). shop/09.01_otck/quicker[.]rtf.

File names 95

File names Archiving Phishing Government 95

Security Affairs

JUNE 3, 2023

ReadMe file name: README.BlackSuit.txt. blacksuit extension to the name of the encrypted files, drops a ransom note into each directory containing the encrypted files, and adds the reference to its TOR chat site in the ransom note along with a unique ID for each of its victims. Extension: blacksuit.

Ransomware 98

Ransomware Encryption File names Cybersecurity 98

Security Affairs

JUNE 6, 2023

Researchers from security firm Uptycs reported that threat actors linked to the Cyclops ransomware are offering a Go-based information stealer. This Go-Based info-stealer was developed to target specific files in both Windows and Linux. The config file contains a list of filenames along with corresponding extensions and sizes.

Ransomware 81

Ransomware Encryption Archiving File names 81

Security Affairs

JULY 24, 2021

Researchers from the Japanese security firm Mitsui Bussan Secure Directions (MBSD) discovered an Olympics-themed malware that implements wiping capabilities, The Record reported. ” reads the report published by the security firm. ” reads the report published by the security firm. Pierluigi Paganini.

File names 141

File names Access Security IT 141

Security Affairs

MARCH 17, 2022

The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability. The name B1txor20 is based on the file name “b1t” used for the propagation and the XOR encryption algorithm, and the RC4 algorithm key length of 20 bytes.

Honeypots 135

Honeypots File names Communications Encryption 135