File names, Presentation and Security - Information Management Today

Proactively Protecting Your Sensitive Information for Remote Workers

AIIM

JULY 8, 2021

Don’t, however, lose sight of the fact that information scattered across a dispersed workforce can significantly raise the risk of a data breach or other security concerns. At Gimmal, we regularly talk to IT, security, and privacy professionals across a broad portfolio of industries. Applying retention rules (i.e.,

File names

File names Data breaches Risk Privacy

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

Security Affairs

FEBRUARY 10, 2024

The researchers noticed that the backdoor contained a plist file named ‘test’. Some configurations also include specific instructions about what data to collect, such as the maximum size and maximum number of files, as well as lists of targeted extensions and directories, or directories to exclude” Bitdefender continues.

Ransomware

Ransomware File names Passwords IT

What is DKIM Email Security Technology? DKIM Explained

eSecurity Planet

MAY 24, 2023

By implementing DKIM, an organization improves the reputation of its own emails and enables receiving email servers to improve their own email security. Basic DKIM DNS Record Structure The DKIM DNS record is very simple and conveys information both through the content of the record as well as the file name.

Encryption

Encryption Security Authentication File names

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Experts warn of backdoor-like behavior within Gigabyte systems

Security Affairs

MAY 31, 2023

Researchers from firmware security firm Eclypsium have discovered a suspected backdoor-like behavior within Gigabyte systems. Further analysis revealed that this behavior is present in hundreds of models of Gigabyte PCs. ” Firmware security firm Eclypsium said it first detected the anomaly in April 2023. .

File names

File names Risk Passwords Security

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Security Affairs

FEBRUARY 16, 2024

Turla operators used the scripts to exfiltrate keys used to secure the password databases of popular password management software. changepoint” : This command is used to likely tell the implant to switch to the second C2 URL present in the implant. post” : Exfiltrate a file from the victim to the C2, e.g., post C:some_file.bin.

CMS

CMS File names Passwords Access

Another Ransomware For Linux Likely In Development

Security Affairs

SEPTEMBER 2, 2022

Once the folder path is given, it starts encrypting files present inside the folder. Also, a list of all the encrypted files gets stored in a file named wrkman.log.0. The post Another Ransomware For Linux Likely In Development appeared first on Security Affairs. Figure 2: DarkAngels ransomware in action.

Ransomware

Ransomware Encryption File names IT

Medibank Defends its Security Practices as its Ransomware Woes Worsen

IT Governance

NOVEMBER 17, 2022

The organisation’s share price plummeted by almost 19% following the data breach, and despite its claims that it has done the right thing, new details continue to emerge that cast doubt on Medibank’s cyber security practices. Things got worse for Medibank after a second database was leaked , containing a file named “abortions”.

IT

IT Ransomware Security Data breaches

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

Security Affairs

APRIL 10, 2023

MERCURY (aka MuddyWater , SeedWorm and TEMP.Zagros ) has been active since at least 2017, in January 2022 the USCYBERCOM has officially linked the Iran-linked APT group to Iran’s Ministry of Intelligence and Security (MOIS). The attackers were able to interfere with security tools using Group Policy Objects (GPO).

Ransomware

Ransomware File names Access Education

B0r0nt0K ransomware demands $75,000 ransom to the victims

Security Affairs

FEBRUARY 25, 2019

The ransom encrypts all files and renames them by appending. rontok extension to the file names. “The file’s name will also be renamed by encrypting the filename, base64 encoding it, url encoding it, and finally appending the.rontok extension to the new file name. Pierluigi Paganini.

Ransomware

Ransomware File names Encryption Access

Borat RAT, a new RAT that performs ransomware and DDoS attacks

Security Affairs

APRIL 3, 2022

Initially, it checks if a microphone is present in the victim’s machine. If it can find a connected microphone, the RAT records all audio and saves it in a file named micaudio.wav. The post Borat RAT, a new RAT that performs ransomware and DDoS attacks appeared first on Security Affairs. Pierluigi Paganini.

Ransomware

Ransomware File names Archiving Encryption

Xenomorph malware is back after months of hiatus and expands the list of targets

Security Affairs

SEPTEMBER 26, 2023

The analysis of the code revealed the presence of not implemented features and the large amount of logging present, a circumstance that suggests that this threat is under active development. This allowed the researchers to monitor the server, identifying multiple interesting files. Most of the downloads were from Spain. .”

Phishing

Phishing File names Manufacturing IT

A flaw in the Packagist PHP repository could have allowed supply chain attacks

Security Affairs

OCTOBER 4, 2022

“Sonar discovered and responsibly disclosed a critical vulnerability in Packagist, a central component of the PHP supply chain, to help secure developer tools.” During our security research, we discovered a critical vulnerability in the source code of Composer which is used by Packagist. The CVE-2022-24828 (CVSS score: 8.8)

File names

File names Metadata IT Security

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

MAY 25, 2020

Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. Crooks always devise new techniques to evade detection, the Ragnar Locker is deploying Windows XP virtual machines to encrypt victim’s files while bypassing security measures.

Encryption

Encryption Ransomware Energy and Utilities File names

Crooks use hidden directories of compromised HTTPS sites to deliver malware

Security Affairs

APRIL 2, 2019

Security experts at Zscaler discovered that threat actors are using hidden “well-known” directories of HTTPS sites to store and deliver malicious payloads. HTML files are used to redirect victims to download ZIP files ( reso.zip , rolf.zip, and stroi -invest. zip) that contain the JavaScript file. “The hidden /.well-known/

CMS

CMS Phishing Ransomware File names

Magnat malvertising campaigns spreads malicious Chrome extensions, backdoors and info stealers

Security Affairs

DECEMBER 5, 2021

Talos believes the attacker has set up an advertising campaign that will present links to a web page, offering the download of a software installer. The installer has many different file names. . “The attack begins when a victim looks for a particular piece of software for download. For example: viber-25164.exe,

Sales

Sales File names Passwords Encryption

SolarWinds Attack: Microsoft sheds lights into Solorigate second-stage activation

Security Affairs

JANUARY 21, 2021

” Microsoft added that additional attacker tactics, anti-forensic behavior, and operational security allowed them to avoid detection and outstand for operations security (OpSec) best practices. ADFIND legit tool) and placed them in folders that mimicked existing programs and files already present on a machine. .”

File names

File names Metadata Data collection Security

Guest Post - How important is digital document consistency?

AIIM

OCTOBER 30, 2017

A repository containing documents that were digitized inconsistently or inaccurately presents a new set of problems for an organization, problems that can hinder the productivity gains they had hoped to achieve. Consistent document capture and file naming. What are Automated Scan Workflows?

e-Delivery

e-Delivery File names Compliance ECM

Dacls RAT, the first Lazarus malware that targets Linux devices

Security Affairs

DECEMBER 17, 2019

“At present, the industry has never disclosed the Lazarus Group’s attack samples and cases against the Linux platform. “At present, the industry has never disclosed the Lazarus Group’s attack samples and cases against the Linux platform.” ” reads the analysis published by Qihoo 360 Netlab.

CMS

CMS File names Encryption Access

Is BazarLoader malware linked to Trickbot operators?

Security Affairs

APRIL 18, 2021

Some of the files’ names observed by the experts are presentation-document.exe, preview-document-[number].exe If you want to receive the weekly Security Affairs Newsletter for free subscribe here. appeared first on Security Affairs. exe or annualreport.exe. ” concludes the report. Pierluigi Paganini.

File names

File names Ransomware Phishing Encryption

France: the CNIL has released its annual dawn raid Program for 2023: four national priorities and one priority coming from the EDPB!

DLA Piper Privacy Matters

MARCH 20, 2023

This document provides guidance on the conditions applicable to the use of this technology which presents high risks to the data subjects’ right to privacy. The CNIL will also check the measures implemented to ensure the security of the data. management of data subjects’ rights). Apple IDFA, IDFV and Google AAID).

Computer and Electronics

Computer and Electronics IT File names Access

Himera and AbSent-Loader Leverage Covid19 lures

Security Affairs

MAY 29, 2020

Following, the static information of this file: Name Covid-19-PESANTATION.doc Hash 97FA1F66BD2B2F8A34AAFE5A374996F8 Threat Himera Loader dropper Size 95,4 KB (97.745 byte) Filetype Microsoft Word document Ssdeep 1536:7fVmPSiRO8cOV8xCcoHrZvIdTZ2DSXMqcI3iL5PEs8VlbeH0btGDYLlNq2l+SEg:7fVz8zyUHlvId7H3iL5MVlbeHGkQvqTU. Pierluigi Paganini.

File names

File names Phishing IT Marketing

The North Korean Kimsuky APT threatens South Korea evolving its TTPs

Security Affairs

MARCH 3, 2020

The Kimsuky APT group has been analyzed by several security teams. Hash 757dfeacabf4c2f771147159d26117818354af14050e6ba42cc00f4a3d58e51f Threat Kimsuky loader Brief Description Scr file, initial loader Ssdeep 12288:APWcT1z2aKqkP/mANd2JiEWKZ52zfeCkIAYfLeXcj6uuLl:uhT1z4q030JigZUaULeXc3uLl. Figure 1: tweet on 28 February 2020.

IT

IT File names Libraries Communications

Discovery of Simps Botnet Leads To Ties to Keksec Group

Security Affairs

MAY 18, 2021

, created by a user named “itz UR0A” created on 24 April 2021. The Youtube link also contained a Discord server link of “UR0A”, which was also present in the infection log. The Discord server contained several discussions around DDOS activities and Botnets carrying different names. Figure 10: keksec.infected.you.log file.

IoT

IoT File names Communications Security

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

This is part of a giant list of Living off the Land (LOL) techniques that attackers employ to mask their activities from runtime endpoint security monitoring tools such as AVs. File name: patent-2019-02-20T093A283A05-1.xls Next image presents when the file is opened. File name : 68131_46_20190219.doc

File names

File names Phishing Libraries IT

Using Microsoft Powerpoint as Malware Dropper

Security Affairs

NOVEMBER 16, 2018

Marco Ramilli, founder and CEO at cyber security firm Yoroi has explained how to use Microsoft Powerpoint as Malware Dropper. In the beginning, the Microsoft Powerpoint presentation looked like a white blank page but performing a very interesting and hidden connection to hxxps://a.doko.moe/wraeop.sct.

Computer and Electronics

Computer and Electronics File names Security IT

The Case for Limiting Your Browser Extensions

Krebs on Security

MARCH 3, 2020

Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly removed the unauthorized code.

Insurance

Insurance File names Risk Marketing

Multiple threat actors are targeting Elasticsearch Clusters

Security Affairs

FEBRUARY 27, 2019

Security researchers at Cisco Talos are warning of a spike in attacks on unsecured Elasticsearch clusters to drop cryptocurrency miners. These attacks leverage CVE-2014-3120 and CVE-2015-1427, both of which are only present in old versions of Elasticsearch and exploit the ability to pass scripts to search queries.”

Search queries

Search queries Honeypots File names Mining

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Security Affairs

APRIL 28, 2020

The executed crypto miner is the file named “” kswapd0 ” based on the famous XMRIG monero crypto miner. It is composed only by three files: “ a”, “run”, “stop ”. They are three bash scripts, which we start to analyze: Figure 10: Content of the “a” script file. The initial script is the file named “ a ”.

Mining

Mining File names Honeypots IT

6 Best Threat Intelligence Feeds to Use in 2023

eSecurity Planet

AUGUST 10, 2023

Here are our picks for the top threat intelligence feeds that security teams should consider adding to their defensive arsenal: AlienVault Open Threat Exchange: Best for community-driven threat feeds FBI InfraGard: Best for critical infrastructure security abuse.ch

Cybersecurity

Cybersecurity Access Metadata Energy and Utilities

JSWorm: The 4th Version of the Infamous Ransomware

Security Affairs

SEPTEMBER 4, 2019

Unlike most ransomware, JSWorm does not embed a list of file extensions to encrypt, but uses a set of extensions to exclude during the cipher step. The malware encrypts all the files whose extension is not present in the list. Figure 4: Content of “key” file contained in “C:ProgramData”. Pierluigi Paganini.

Ransomware

Ransomware Encryption File names Libraries

Malware researcher reverse engineered a threat that went undetected for at least 2 years

Security Affairs

AUGUST 20, 2018

As usually, I am not going to show you who was able to detect it compared to the one who wasn’t, since I won’t ending on wrong a declaration such as (for example): “Marco said that X is better than Y” Anyway, having the hash file I believe it would be enough to search for such information. AntiVirus Coverage.

Computer and Electronics

Computer and Electronics Encryption Security File names

A new trojan Lampion targets Portugal

Security Affairs

DECEMBER 29, 2019

The downloaded file is a compressed file (.zip) As observed, after extracting the file, three files are presented. The file “ FacturaNovembro-4492154-2019-10_8.vbs This is a Visual Basic Script (VBScript) file that is acting as a dropper and downloader. Two files are obtained from 2 AWS S3 buckets.

Passwords

Passwords e-Discovery IT Cleanup

A new sophisticated version of the AZORult Spyware appeared in the wild

Security Affairs

JULY 30, 2018

The messages used employment-related subjects such as “About a role” and “Job Application,” while the malicious attached documents used file names in the format of “firstname.surname_resume.doc”. The post A new sophisticated version of the AZORult Spyware appeared in the wild appeared first on Security Affairs.

Passwords

Passwords File names Ransomware IT

Guarding Against Solorigate TTPs

eSecurity Planet

FEBRUARY 3, 2021

Since then, much has been learned about the tactics, techniques, and procedures (TTPs) deployed and what steps organizations are taking to harden their network and application security. Former Department of Homeland Security (DHS) officials noted “this could be an extremely serious breach of security.” federal agencies.

Cybersecurity

Cybersecurity Access Authentication Cloud

Weekly Vulnerability Recap – Sept. 25, 2023 – Flaws in Apple Devices, DevOps Tools and More

eSecurity Planet

SEPTEMBER 25, 2023

The Akira ransomware group made news too, expanding its attacks to include Linux-based systems, and Trend Micro issued a fix for a zero-day vulnerability in its Apex One endpoint security tools. An attacker can use policies for scheduled security scans to run a pipeline in GitLab, posing as another user. severity rating. before 16.2.7

Ransomware

Ransomware Cybersecurity File names Security

Microsoft Vancouver leaking website credentials via overlooked DS_STORE file

Security Affairs

DECEMBER 8, 2021

The metadata stored on the file led the researchers to several WordPress database dumps, which contained multiple administrator usernames and email addresses, as well as the hashed password for the Microsoft Vancouver website. This is exactly what happened with the leftover DS_STORE file present on the Microsoft Vancouver web server.

Passwords

Passwords Metadata File names Phishing

Socks5Systemz proxy service delivered via PrivateLoader and Amadey

Security Affairs

NOVEMBER 6, 2023

The name Socks5Systemz comes from the name of the unique login panel consistently present in all the C2 servers. .’ Bitsight researchers uncovered a proxy botnet delivered, tracked as Socks5Systemz, which was delivered by PrivateLoader and Amadey loaders.

File names

File names IT Security Information Security

How to deliver malware using weaponized Microsoft Office docs embedding YouTube video

Security Affairs

OCTOBER 28, 2018

Researchers at Cymulate security firm devised a new stealthy technique to deliver malware leveraging videos embedded into weaponized Microsoft Office Documents. The technique works with Office 2016 and older versions, the researchers notified Microsoft but that the tech giant doesn’t acknowledge the technique as a security flaw.

File names

File names Phishing Security IT

[SI-LAB] LockerGoga is the most active ransomware that focuses on targeting companies

Security Affairs

MARCH 21, 2019

The first public mention related to Altran cyber attack was seen in a tweet on January 25th, which received a reply from a computer security researcher who hinted that a malware sample that was uploaded to VirusTotal was behind the attack.ù. File name: yxugwjud6698.exe Figure 8: Files encrypted by LockerGoga —.locked

Ransomware

Ransomware Encryption File names Security

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

Security Affairs

JULY 7, 2020

Figure 4: VBS file – Lampion downloader – obfuscation layer. The next graph presents the various forms already documented the threat. As noted, malware is usually distributed with a simple email template, where the victim downloads a ZIP file with a VBS downloader inside. LNK files from the Windows startup folder.

Communications

Communications Cloud Phishing Encryption

The SLoad Powershell malspam is expanding to Italy

Security Affairs

NOVEMBER 27, 2018

It is strange that the image is not used into the malware’s workflow, but the link file starts a complex infection chain, as shown in the following figure: First of all, the.lnk file runs a first PowerShell activator, which searches a file named: “documento-aggiornato-novembre-*.zip”. Pierluigi Paganini.

File names

File names IT Security

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

The following schema is an effort to present in a single high-level diagram the workflow of the most popular Latin American trojans. Next, an email template used by Javali to lure victims is presented. MSI file – The Javali Dropper. Figure 4: Email template used by Javali banking trojan.

Libraries

Libraries Communications Phishing Encryption

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

One of the defining signatures of PerSwaysion is that it spreads like wildfire jumping from one victim to another while no malware is present on a user device during the attack. The page resembles an authentic Microsoft Office 365 file sharing page. PerSwaysion is a highly-targeted phishing campaign. Pierluigi Paganini.

Phishing

Phishing Cloud Financial Services Authentication

Hacking The Hacker. Stopping a big botnet targeting USA, Canada and Italy

Security Affairs

AUGUST 31, 2018

Since blogging is not my business, I do write on my personal blog to share knowledge on Cyber Security, I will describe some of the main steps that took me to own the attacker infrastructure. My entire “Cyber adventure” began with a simple email within a.ZIP file named “Nuovo Documento1.zip” Obfuscation.

Computer and Electronics

Computer and Electronics File names Security Access

Proactively Protecting Your Sensitive Information for Remote Workers

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

Webinars

Trending Sources

What is DKIM Email Security Technology? DKIM Explained

Webinars

Experts warn of backdoor-like behavior within Gigabyte systems

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Another Ransomware For Linux Likely In Development

Medibank Defends its Security Practices as its Ransomware Woes Worsen

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

B0r0nt0K ransomware demands $75,000 ransom to the victims

Borat RAT, a new RAT that performs ransomware and DDoS attacks

Xenomorph malware is back after months of hiatus and expands the list of targets

A flaw in the Packagist PHP repository could have allowed supply chain attacks

Ragnar Ransomware encrypts files from virtual machines to evade detection

Crooks use hidden directories of compromised HTTPS sites to deliver malware

Magnat malvertising campaigns spreads malicious Chrome extensions, backdoors and info stealers

SolarWinds Attack: Microsoft sheds lights into Solorigate second-stage activation

Guest Post - How important is digital document consistency?

Dacls RAT, the first Lazarus malware that targets Linux devices

Is BazarLoader malware linked to Trickbot operators?

France: the CNIL has released its annual dawn raid Program for 2023: four national priorities and one priority coming from the EDPB!

Himera and AbSent-Loader Leverage Covid19 lures

The North Korean Kimsuky APT threatens South Korea evolving its TTPs

Discovery of Simps Botnet Leads To Ties to Keksec Group

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Using Microsoft Powerpoint as Malware Dropper

The Case for Limiting Your Browser Extensions

Multiple threat actors are targeting Elasticsearch Clusters

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

6 Best Threat Intelligence Feeds to Use in 2023

JSWorm: The 4th Version of the Infamous Ransomware

Malware researcher reverse engineered a threat that went undetected for at least 2 years

A new trojan Lampion targets Portugal

A new sophisticated version of the AZORult Spyware appeared in the wild

Guarding Against Solorigate TTPs

Weekly Vulnerability Recap – Sept. 25, 2023 – Flaws in Apple Devices, DevOps Tools and More

Microsoft Vancouver leaking website credentials via overlooked DS_STORE file

Socks5Systemz proxy service delivered via PrivateLoader and Amadey

How to deliver malware using weaponized Microsoft Office docs embedding YouTube video

[SI-LAB] LockerGoga is the most active ransomware that focuses on targeting companies

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

The SLoad Powershell malspam is expanding to Italy

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Hacking The Hacker. Stopping a big botnet targeting USA, Canada and Italy

Stay Connected