File names and Presentation - Information Management Today

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

Security Affairs

FEBRUARY 10, 2024

The researchers noticed that the backdoor contained a plist file named ‘test’. Some configurations also include specific instructions about what data to collect, such as the maximum size and maximum number of files, as well as lists of targeted extensions and directories, or directories to exclude” Bitdefender continues.

Ransomware

Ransomware File names Passwords IT

Proactively Protecting Your Sensitive Information for Remote Workers

AIIM

JULY 8, 2021

This strategy can help keep project files organized among team members and aid in the disposition of documents once a project has been completed. Discovering content on an employee’s workstation by examining meta-data criteria such as file name, type, or age. social security numbers, customer information, etc.).

File names

File names Data breaches Risk Privacy

Experts warn of backdoor-like behavior within Gigabyte systems

Security Affairs

MAY 31, 2023

Further analysis revealed that this behavior is present in hundreds of models of Gigabyte PCs. Upon analyzing of the impacted UEFI firmware, the researchers identified a file named File Name: 8ccbee6f7858ac6b92ce23594c9e2563ebcef59414b5ac13ebebde0c715971b2.bin ” reads the analysis from Eclypsium.

File names

File names Risk Passwords Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Security Affairs

FEBRUARY 16, 2024

changepoint” : This command is used to likely tell the implant to switch to the second C2 URL present in the implant. get” : Fetch a file specified by the C2 using an HTTP GET request and write it to the specified location on disk. post” : Exfiltrate a file from the victim to the C2, e.g., post C:some_file.bin.

CMS

CMS File names Passwords Access

Another Ransomware For Linux Likely In Development

Security Affairs

SEPTEMBER 2, 2022

Once the folder path is given, it starts encrypting files present inside the folder. Also, a list of all the encrypted files gets stored in a file named wrkman.log.0. The extension used by the threat actor is.crypted (see Figure 2). Figure 2: DarkAngels ransomware in action. Figure 4: Inside the start_routine.

Ransomware

Ransomware Encryption File names IT

B0r0nt0K ransomware demands $75,000 ransom to the victims

Security Affairs

FEBRUARY 25, 2019

The ransom encrypts all files and renames them by appending. rontok extension to the file names. “The file’s name will also be renamed by encrypting the filename, base64 encoding it, url encoding it, and finally appending the.rontok extension to the new file name.

Ransomware

Ransomware File names Encryption Access

Borat RAT, a new RAT that performs ransomware and DDoS attacks

Security Affairs

APRIL 3, 2022

Initially, it checks if a microphone is present in the victim’s machine. If it can find a connected microphone, the RAT records all audio and saves it in a file named micaudio.wav. DDOS – This module is used to perform a DDOS attack. Audio Recording – The module can record the audio of a computer.

Ransomware

Ransomware File names Archiving Encryption

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

Security Affairs

APRIL 10, 2023

” DEV-1084 presented itself as cybercrime group likely as an attempt to hide its real motivation of a nation-state actor. The ransomware employed in the attacks changes the file name extension to DARKBIT and drop ransom notes. Then the attackers maintain persistence by registering a scheduled task using GPO.

Ransomware

Ransomware File names Access Education

RIM Month Virtual Colloquium, date and lineup announcement for April 7th 1-3pm EST!

The Schedule

MARCH 3, 2021

Mark your calendars for April 7th, 2021 1pm-3pm EST. Outline of Event: 7 wonderful presenters working in records management, with 7 minute lightning round presentations (see below!). Virtual meeting invite and presentation order coming soon! Presenters: Angela Ossar, Office of the Governor of Texas. Jennifer Thompson, J.

Records Management

Records Management Archiving File names Government

Guest Post - How important is digital document consistency?

AIIM

OCTOBER 30, 2017

A repository containing documents that were digitized inconsistently or inaccurately presents a new set of problems for an organization, problems that can hinder the productivity gains they had hoped to achieve. Consistent document capture and file naming. What are Automated Scan Workflows?

e-Delivery

e-Delivery File names Compliance ECM

Key Takeaways from the NARA Digitizing Permanent Records Webinar

National Archives Records Express

JULY 24, 2023

Consideration should be given to file formats, file-naming conventions, and adherence to preservation standards. The webinar transcript , presentation slides , and recording are available on the NARA webpage for Digitization of Federal Records.

Metadata

Metadata Digital preservation Archiving Data migration

Xenomorph malware is back after months of hiatus and expands the list of targets

Security Affairs

SEPTEMBER 26, 2023

The analysis of the code revealed the presence of not implemented features and the large amount of logging present, a circumstance that suggests that this threat is under active development. This allowed the researchers to monitor the server, identifying multiple interesting files. Most of the downloads were from Spain.

Phishing

Phishing File names Manufacturing IT

A flaw in the Packagist PHP repository could have allowed supply chain attacks

Security Affairs

OCTOBER 4, 2022

Below is the step-by-step procedure that could have allowed attackers to exploit the vulnerability against Packagist: Create a project in a remote Mercurial repository; Put the manifest in composer.json and add a malicious readme entry; When using a payload like the one depicted above, create a file named payload.sh

File names

File names Metadata IT Security

Crooks use hidden directories of compromised HTTPS sites to deliver malware

Security Affairs

APRIL 2, 2019

“We have been monitoring the compromised HTTPS sites for a few weeks and have noticed that attackers are favoring a well-known hidden directory present on the HTTPS website for storing and distributing Shade ransomware and phishing pages.” zip) that contain the JavaScript file. ” reads the analysis from Zscaler.

CMS

CMS Phishing Ransomware File names

Dacls RAT, the first Lazarus malware that targets Linux devices

Security Affairs

DECEMBER 17, 2019

“At present, the industry has never disclosed the Lazarus Group’s attack samples and cases against the Linux platform. “At present, the industry has never disclosed the Lazarus Group’s attack samples and cases against the Linux platform.” ” reads the analysis published by Qihoo 360 Netlab.

CMS

CMS File names Encryption Access

Magnat malvertising campaigns spreads malicious Chrome extensions, backdoors and info stealers

Security Affairs

DECEMBER 5, 2021

Talos believes the attacker has set up an advertising campaign that will present links to a web page, offering the download of a software installer. The installer has many different file names. . “The attack begins when a victim looks for a particular piece of software for download. For example: viber-25164.exe,

Sales

Sales File names Passwords Encryption

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

MAY 25, 2020

“In addition to the VirtualBox files, the MSI also deploys an executable (called va.exe), a batch file (named install.bat), and a few support files. The attackers launch the Windows XP virtual machine using the SharedFolder directives created by their batch file that are accessible within the virtual machine.

Encryption

Encryption Ransomware Energy and Utilities File names

France: the CNIL has released its annual dawn raid Program for 2023: four national priorities and one priority coming from the EDPB!

DLA Piper Privacy Matters

MARCH 20, 2023

This document provides guidance on the conditions applicable to the use of this technology which presents high risks to the data subjects’ right to privacy. The CNIL’s roadmap for its dawn raids in 2023 is thus to check that the use of “smart” cameras, complies with the legal framework. Apple IDFA, IDFV and Google AAID).

Computer and Electronics

Computer and Electronics IT File names Access

Himera and AbSent-Loader Leverage Covid19 lures

Security Affairs

MAY 29, 2020

Following, the static information of this file: Name Covid-19-PESANTATION.doc Hash 97FA1F66BD2B2F8A34AAFE5A374996F8 Threat Himera Loader dropper Size 95,4 KB (97.745 byte) Filetype Microsoft Word document Ssdeep 1536:7fVmPSiRO8cOV8xCcoHrZvIdTZ2DSXMqcI3iL5PEs8VlbeH0btGDYLlNq2l+SEg:7fVz8zyUHlvId7H3iL5MVlbeHGkQvqTU.

File names

File names Phishing IT Marketing

What is DKIM Email Security Technology? DKIM Explained

eSecurity Planet

MAY 24, 2023

Basic DKIM DNS Record Structure The DKIM DNS record is very simple and conveys information both through the content of the record as well as the file name. The file name will be in the format of <selector> _domainkey.<domain> The “p” field is the public encryption key value.

Encryption

Encryption Security Authentication File names

The North Korean Kimsuky APT threatens South Korea evolving its TTPs

Security Affairs

MARCH 3, 2020

Hash 757dfeacabf4c2f771147159d26117818354af14050e6ba42cc00f4a3d58e51f Threat Kimsuky loader Brief Description Scr file, initial loader Ssdeep 12288:APWcT1z2aKqkP/mANd2JiEWKZ52zfeCkIAYfLeXcj6uuLl:uhT1z4q030JigZUaULeXc3uLl. Figure 2: Written file (AutoUpdate.dll) in the “%AppData%LocalTemp” path. hwp” extension. Bypassing AV Detection.

IT

IT File names Libraries Communications

SolarWinds Attack: Microsoft sheds lights into Solorigate second-stage activation

Security Affairs

JANUARY 21, 2021

Attackers prepared a unique Cobalt Strike DLL implant for each machine and avoided at any cost overlap and reuse of folder name, file name, export function names, C2 domain/IP, HTTP requests, timestamp, file metadata, config, and child process launched. Camouflage and blending into the environment.

File names

File names Metadata Data collection Security

Is BazarLoader malware linked to Trickbot operators?

Security Affairs

APRIL 18, 2021

Some of the files’ names observed by the experts are presentation-document.exe, preview-document-[number].exe Upon clicking on the link, the BazarLoader malware will be download and executed on the victim’s machine. exe or annualreport.exe.

File names

File names Ransomware Phishing Encryption

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

File name: patent-2019-02-20T093A283A05-1.xls Next image presents when the file is opened. However, as already mentioned at the beginning of the technical analysis, SI-LAB team obtained two types of files, namely xls and doc archives. File name : 68131_46_20190219.doc Technical Analysis.

File names

File names Phishing Libraries IT

The Case for Limiting Your Browser Extensions

Krebs on Security

MARCH 3, 2020

A simple Internet search shows this same javascript code is present on hundreds of other Web sites , no doubt inadvertently published by site owners who happened to be editing their sites with this Page Ruler extension installed.

Insurance

Insurance File names Risk Marketing

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Security Affairs

APRIL 28, 2020

The executed crypto miner is the file named “” kswapd0 ” based on the famous XMRIG monero crypto miner. It is composed only by three files: “ a”, “run”, “stop ”. They are three bash scripts, which we start to analyze: Figure 10: Content of the “a” script file. The initial script is the file named “ a ”.

Mining

Mining File names Honeypots IT

Discovery of Simps Botnet Leads To Ties to Keksec Group

Security Affairs

MAY 18, 2021

, created by a user named “itz UR0A” created on 24 April 2021. The Youtube link also contained a Discord server link of “UR0A”, which was also present in the infection log. The Discord server contained several discussions around DDOS activities and Botnets carrying different names. Figure 10: keksec.infected.you.log file.

IoT

IoT File names Communications Security

Medibank Defends its Security Practices as its Ransomware Woes Worsen

IT Governance

NOVEMBER 17, 2022

Things got worse for Medibank after a second database was leaked , containing a file named “abortions”. A fourth file was then leaked, labelled “psychos”, which contained hundreds of claims from policyholders who have undergone mental health treatment. From bad to worse.

IT

IT Ransomware Security Data breaches

Multiple threat actors are targeting Elasticsearch Clusters

Security Affairs

FEBRUARY 27, 2019

These attacks leverage CVE-2014-3120 and CVE-2015-1427, both of which are only present in old versions of Elasticsearch and exploit the ability to pass scripts to search queries.” . “Through ongoing analysis of honeypot traffic, Talos detected an increase in attacks targeting unsecured Elasticsearch clusters.

Search queries

Search queries Honeypots File names Mining

Using Microsoft Powerpoint as Malware Dropper

Security Affairs

NOVEMBER 16, 2018

In the beginning, the Microsoft Powerpoint presentation looked like a white blank page but performing a very interesting and hidden connection to hxxps://a.doko.moe/wraeop.sct. The script downloads a file named: AZZI.exe and saves it by a new name: VRE1wEh9j0mvUATIN3AqW1HSNnyir8id.exe on a System temporary directory for running it.

Computer and Electronics

Computer and Electronics File names Security IT

No Bates, No Problem for Native Files: eDiscovery Throwback Thursdays

eDiscovery Daily

JUNE 5, 2019

It seems like many attorneys and some courts still have to learn that you can produce in native format and still support the idea of presenting in image format.

File names

File names Metadata GDPR Education

JSWorm: The 4th Version of the Infamous Ransomware

Security Affairs

SEPTEMBER 4, 2019

Unlike most ransomware, JSWorm does not embed a list of file extensions to encrypt, but uses a set of extensions to exclude during the cipher step. The malware encrypts all the files whose extension is not present in the list. Figure 4: Content of “key” file contained in “C:ProgramData”.

Ransomware

Ransomware Encryption File names Libraries

A new sophisticated version of the AZORult Spyware appeared in the wild

Security Affairs

JULY 30, 2018

The messages used employment-related subjects such as “About a role” and “Job Application,” while the malicious attached documents used file names in the format of “firstname.surname_resume.doc”. Attackers sent out thousands of messages targeting North America.

Passwords

Passwords File names Ransomware IT

A new trojan Lampion targets Portugal

Security Affairs

DECEMBER 29, 2019

The downloaded file is a compressed file (.zip) As observed, after extracting the file, three files are presented. The file “ FacturaNovembro-4492154-2019-10_8.vbs This is a Visual Basic Script (VBScript) file that is acting as a dropper and downloader. At the moment, the file 0.zip amazonaws[.]com/0.zip

Passwords

Passwords e-Discovery IT Cleanup

Malware researcher reverse engineered a threat that went undetected for at least 2 years

Security Affairs

AUGUST 20, 2018

As usually, I am not going to show you who was able to detect it compared to the one who wasn’t, since I won’t ending on wrong a declaration such as (for example): “Marco said that X is better than Y” Anyway, having the hash file I believe it would be enough to search for such information. AntiVirus Coverage.

Computer and Electronics

Computer and Electronics Encryption Security File names

6 Best Threat Intelligence Feeds to Use in 2023

eSecurity Planet

AUGUST 10, 2023

Examples of IoCs include malicious IP and email addresses, suspicious domain names and URLs, unusual file paths or file names, unexpected network traffic patterns, and behavioral oddities like frequent unauthorized access attempts.

Cybersecurity

Cybersecurity Access Metadata Energy and Utilities

Weekly Vulnerability Recap – Sept. 25, 2023 – Flaws in Apple Devices, DevOps Tools and More

eSecurity Planet

SEPTEMBER 25, 2023

19, 2023 Trend Micro releases patches and updates for Apex One zero-day vulnerability Type of attack: Zero-day vulnerability The problem: Trend Micro released a security bulletin with instructions for fixing a zero-day vulnerability present in its Apex One endpoint security product. See the Top Code Debugging and Code Security Tools Sept.

Ransomware

Ransomware Cybersecurity File names Security

Guarding Against Solorigate TTPs

eSecurity Planet

FEBRUARY 3, 2021

Presenting itself as a JPG file named “gracious_truth.jpg,” Teardrop is a memory-only dropper built to enter a network seamlessly and replace the embedded payload. ” The Orion update was signed and presented as the latest update, and malware taking root went undetected.

Cybersecurity

Cybersecurity Access Authentication Cloud

Socks5Systemz proxy service delivered via PrivateLoader and Amadey

Security Affairs

NOVEMBER 6, 2023

The name Socks5Systemz comes from the name of the unique login panel consistently present in all the C2 servers. .’ Bitsight researchers uncovered a proxy botnet delivered, tracked as Socks5Systemz, which was delivered by PrivateLoader and Amadey loaders.

File names

File names IT Security Information Security

Microsoft Vancouver leaking website credentials via overlooked DS_STORE file

Security Affairs

DECEMBER 8, 2021

Leaving DS_STORE files on remote web servers is dangerous because they display their folder structure, which may result in leaks of sensitive or confidential data. This is exactly what happened with the leftover DS_STORE file present on the Microsoft Vancouver web server.

Passwords

Passwords Metadata File names Phishing

How to deliver malware using weaponized Microsoft Office docs embedding YouTube video

Security Affairs

OCTOBER 28, 2018

A default XML file named ‘document.xml’ can be edited by an attacker, in particular, it is possible to modify the video configuration included in a parameter called ’embeddedHtml’ and an iFrame for the YouTube video, which can be replaced with attacker HTML. ” reads the analysis published by Cymulate.

File names

File names Phishing Security IT

The SLoad Powershell malspam is expanding to Italy

Security Affairs

NOVEMBER 27, 2018

It is strange that the image is not used into the malware’s workflow, but the link file starts a complex infection chain, as shown in the following figure: First of all, the.lnk file runs a first PowerShell activator, which searches a file named: “documento-aggiornato-novembre-*.zip”.

File names

File names IT Security

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

One of the defining signatures of PerSwaysion is that it spreads like wildfire jumping from one victim to another while no malware is present on a user device during the attack. The page resembles an authentic Microsoft Office 365 file sharing page. PerSwaysion is a highly-targeted phishing campaign.

Phishing

Phishing Cloud Financial Services Authentication

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

Security Affairs

JULY 7, 2020

Figure 4: VBS file – Lampion downloader – obfuscation layer. The next graph presents the various forms already documented the threat. As noted, malware is usually distributed with a simple email template, where the victim downloads a ZIP file with a VBS downloader inside. LNK files from the Windows startup folder.

Communications

Communications Cloud Phishing Encryption

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

Proactively Protecting Your Sensitive Information for Remote Workers

Webinars

Trending Sources

Experts warn of backdoor-like behavior within Gigabyte systems

Webinars

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Another Ransomware For Linux Likely In Development

B0r0nt0K ransomware demands $75,000 ransom to the victims

Borat RAT, a new RAT that performs ransomware and DDoS attacks

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

RIM Month Virtual Colloquium, date and lineup announcement for April 7th 1-3pm EST!

Guest Post - How important is digital document consistency?

Key Takeaways from the NARA Digitizing Permanent Records Webinar

Xenomorph malware is back after months of hiatus and expands the list of targets

A flaw in the Packagist PHP repository could have allowed supply chain attacks

Crooks use hidden directories of compromised HTTPS sites to deliver malware

Dacls RAT, the first Lazarus malware that targets Linux devices

Magnat malvertising campaigns spreads malicious Chrome extensions, backdoors and info stealers

Ragnar Ransomware encrypts files from virtual machines to evade detection

France: the CNIL has released its annual dawn raid Program for 2023: four national priorities and one priority coming from the EDPB!

Himera and AbSent-Loader Leverage Covid19 lures

What is DKIM Email Security Technology? DKIM Explained

The North Korean Kimsuky APT threatens South Korea evolving its TTPs

SolarWinds Attack: Microsoft sheds lights into Solorigate second-stage activation

Is BazarLoader malware linked to Trickbot operators?

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

The Case for Limiting Your Browser Extensions

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Discovery of Simps Botnet Leads To Ties to Keksec Group

Medibank Defends its Security Practices as its Ransomware Woes Worsen

Multiple threat actors are targeting Elasticsearch Clusters

Using Microsoft Powerpoint as Malware Dropper

No Bates, No Problem for Native Files: eDiscovery Throwback Thursdays

JSWorm: The 4th Version of the Infamous Ransomware

A new sophisticated version of the AZORult Spyware appeared in the wild

A new trojan Lampion targets Portugal

Malware researcher reverse engineered a threat that went undetected for at least 2 years

6 Best Threat Intelligence Feeds to Use in 2023

Weekly Vulnerability Recap – Sept. 25, 2023 – Flaws in Apple Devices, DevOps Tools and More

Guarding Against Solorigate TTPs

Socks5Systemz proxy service delivered via PrivateLoader and Amadey

Microsoft Vancouver leaking website credentials via overlooked DS_STORE file

How to deliver malware using weaponized Microsoft Office docs embedding YouTube video

The SLoad Powershell malspam is expanding to Italy

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

Stay Connected