Security Affairs

MAY 13, 2023

“Preliminary investigations indicate that Checkmate attacks via SMB services exposed to the internet and employs a dictionary attack to break accounts with weak passwords. Once the attacker successfully logs in to a device, they encrypt data in shared folders and leave a ransom note with the file name “!CHECKMATE_DECRYPTION_README”

Ransomware 90

Ransomware Encryption Passwords File names 90

Security Affairs

DECEMBER 5, 2021

Upon executing the fake installers, they execute the following pieces of malware on the victim’s system: A password stealer called RedLine Stealer. The installer has many different file names. The group resurfaced in April 2021, the malvertising campaigns targeted users in Canada, the U.S., For example: viber-25164.exe,

Sales 83

Sales File names Passwords Encryption 83

Security Affairs

JANUARY 21, 2019

A rogue server could send a LOAD DATA LOCAL statement to the client to get access to any file for which the client has read permission. “In theory, a patched server could be built that would tell the client program to transfer a file of the server’s choosing rather than the file named by the client in the LOAD DATA statement.”

Passwords 96

Passwords File names Access Sales 96

Lenny Zeltser

MARCH 2, 2019

For example, for VMware you’d extract the files into a dedicated folder, then launch the file named “MSEdge – Win10.vmx” ” The password Microsoft assigned to this virtual machine is “Passw0rd! Step 3: Update the VM and Install Malware Analysis Tools.

File names 112

File names Access Archiving Passwords 112

Security Affairs

MAY 29, 2019

If the host is successfully reached, the script renames a file named “kernel.dll”, obviously not the real one, in “uninstall.exe”, another misleading name. These parameters are needed to self-decrypt the “uninstall.exe” file which is again another SFX archive. exe” file. This new script performs a ping to “www[.cloudflare[.com”

IT 67

IT Retail Archiving File names 67

Security Affairs

APRIL 28, 2020

Once the machine is fully compromised, the attacker will install a complete hacking suite, composed of an IRC bot, an SSH scanner, a bruteforce tool, and an XMRIG crypto-miner. When the machine is completely infected, the installed files are the following: Figure 2: Directory listing. The initial script is the file named “ a ”.

Mining 100

Mining File names Honeypots IT 100

OneHub

AUGUST 17, 2021

Provide collaborative tools and resources. It’s difficult for employees to change the way they work, so it’s important to support this growth with smart tools and resources. Online storage and file sharing. If your company isn’t already using online file storage, now is the perfect time to start. Collaborative tools.

Cloud 52

Cloud File names Access Education 52

Security Affairs

JULY 6, 2020

The other database we discovered seems to be connected to Shanghai Yanhua Smartech tools, which provides services related to intelligent buildings. Both databases are now closed. What was in the database? Each database contains particularly sensitive information. The second database (possibly from Shanghai Yanhua Smartech).

Passwords 77

Passwords File names Access Phishing 77

Security Affairs

APRIL 9, 2019

The origin of the infection chain is a simple LNK file, a technique originally adopted by state sponsored and advanced actors, designed to download and run a powershell file named “rdp.ps1” from a remote location through the command: C:WindowsSystem32WindowsPowerShellv1.0powershell.exe -ExecutionPolicy Bypass -Windo 1 $wm=[Text.Encoding]::UTF8.

File names 70

File names Access Security Encryption 70

eSecurity Planet

MARCH 9, 2023

Website and application developers need vulnerability scanning tools to test compiled and uncompiled code for known vulnerabilities. Most DevOps teams will make purchasing decisions for vulnerability scanners based upon deployment flexibility, scanning speed, scanning accuracy, connections to other tools, and, of course, price.

Compliance 78

Compliance Cloud Security Authentication 78

Troy Hunt

NOVEMBER 19, 2020

rar files in it whilst the second has a further 8,949.rar rar files giving a grand total of 23,618 files. The "Rejected.txt" file contained malformed email addresses and "Result(HEX).txt" txt" had a small number of email address and password hex pairs. But is it legit?

Passwords 145

Passwords Archiving Risk File names 145

eSecurity Planet

FEBRUARY 3, 2021

Presenting itself as a JPG file named “gracious_truth.jpg,” Teardrop is a memory-only dropper built to enter a network seamlessly and replace the embedded payload. With access to DSInternals, the malware could query the AD servers and steal data, passwords, and keys. Tools for Detecting Solorigate Vulnerabilities.

Cybersecurity 62

Cybersecurity Access Authentication Cloud 62

Security Affairs

DECEMBER 15, 2021

The threat actors don’t use custom malware and instead rely on legitimate tools, publicly available malware, and living-off-the-land tactics. A suspected ScreenConnect setup MSI appeared to have been delivered in a zipped file named “Special discount program.zip”, suggesting that it arrived in a spear-phishing email.”

File names 92

File names Passwords Phishing Archiving 92

Security Affairs

OCTOBER 5, 2021

The ransomware operators then executed a tiny Python script (6kb) to encrypt all virtual disks and VM settings files of the virtual machines hosted on the server. The script then overwrites the contents of the original file with just the word f**k then deletes the original file. .” ” reads the Sophos analysis.

Encryption 136

Encryption Ransomware File names Passwords 136

Security Affairs

JUNE 4, 2019

The infection chain is composed by different stages of password protected SFX (self extracting archive), each containing vbs or batch scripts. cmd” , which firstly checks for the presence of malware analysis tools. If it detects the presence of Wireshark or Procexp tools, it kill itself. The first file to be executed is “20387.cmd”

Archiving 62

Archiving Passwords File names Military 62

Enterprise Software Blog

APRIL 13, 2023

In this exciting tutorial, we will take your skills to the next level by combining two powerful tools - the API we built in our previous tutorial and the App Builder TM platform. App Builder is a powerful tool that allows users to create robust applications with minimal coding experience. Next, we can create the Login screen.

Passwords 52

Passwords Authentication Access File names 52

Security Affairs

JULY 22, 2020

“The adversary also uses several crafted tools that helps the botnet increase the amount of systems participating in its Monero-mining pool.” The botnet used a modified version of Mimikatz to steal credentials and any other passwords of the compromised network, then send them back to the C2 for reuse.

Mining 85

Mining File names Passwords Communications 85

Troy Hunt

JANUARY 16, 2019

Collection #1 is a set of email addresses and passwords totalling 2,692,818,238 rows. In total, there are 1,160,253,228 unique combinations of email addresses and passwords. This is when treating the password as case sensitive but the email address as not case sensitive. There are 21,222,975 unique passwords. It'll be 99.x%

Data breaches 112

Data breaches Passwords Risk Personal data 112

Security Affairs

JULY 22, 2019

.” The hackers used three new malware families in the campaign that also involved the Pickpocket , a browser credential-theft tool exclusively linked to APT34 campaigns. The fake profiles asked the victims to open the weaponized excel file named ERFT-Details. xls that was used as a dropper. ” concludes FireEye.

File names 86

File names Phishing Passwords Government 86

Security Affairs

FEBRUARY 16, 2021

dll NVIDIA Smart Maximise Helper Host NvSmartMaxApp.exe NvSmartMax.dll VirtualBox Guest Additions Tray Application VBoxTray.exe Mpr.dll VMware NAT Service Vmnat.exe Shfolder.dll WinGup for Notepad++ Gup.exe Libcurl.dll Disc Soft Bus Service Pro (DAEMON Tools Pro) DiscSoftBusService.exe Imgengine.dl exe Dbghelp.dll AVG Dump Process avDump32.exe

Libraries 118

Libraries Communications Phishing Encryption 118