Security Affairs

JULY 30, 2024

The original Mandrake campaign had two major infection waves, in 2016–2017 and 2018–2020. These included relocating malicious functions to obfuscated native libraries, using certificate pinning to secure C2 communications, and determine if it was running on a rooted device or in an emulated environment.

Libraries 320

Libraries Communications Encryption IT 320

Security Affairs

DECEMBER 31, 2018

Bug bounty programs are very important for the security of software and hardware, major tech firms launched their own programs to discover flaws before hackers. The project was renewed in 2017 for three more years including bug bounty programs to improve the security of software used. GNU C Library (glibc). 15/10/2019.

Libraries 279

Libraries Privacy Security IT 279

Security Affairs

FEBRUARY 15, 2019

Security experts at Symantec have discovered eight potentially unwanted applications (PUAs) into the Microsoft Store that were dropping cryptojacking Coinhive miners. The malicious Monero (XMR) Coinhive cryptomining scripts were delivered leveraging the Google’s legitimate Google Tag Manager (GTM) library.

Mining 278

Mining Libraries Analytics Security 278

Security Affairs

JANUARY 18, 2019

The Commons FileUpload library is the default file upload mechanism in Struts 2, the CVE-2016-1000031 was discovered two years ago by experts at Tenable. The CVE-2017-5645 flaw resides in the Codehaus versions of Groovy and affected OCA Unified Inventory Management. Pierluigi Paganini.

Financial Services 252

Financial Services Libraries Mining Retail 252

Security Affairs

NOVEMBER 24, 2019

According to Cofense, in the most recent campaign, the message was sent by a compromised email account and passed Symantec Email Security and Microsoft EOP gateways. Unlike past attacks, in the last campaign, attackers attempted to exploit the Microsoft Office remote code execution vulnerability ( CVE-2017-8570 ). Pierluigi Paganini.

Libraries 318

Libraries Sales Phishing Security 318

Security Affairs

MARCH 7, 2019

UPnP-enabled devices running outdated software are exposed to a wide range of attacks exploiting known flaws in UPnP libraries. In early 2013, researchers at Rapid7 published an interesting whitepaper entitled “Security Flaws in Universal Plug and Play” that evaluated the global exposure of UPnP-enabled network devices.

Libraries 268

Libraries Communications Data collection Security 268

Krebs on Security

DECEMBER 14, 2021

Microsoft , Adobe , and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that is already being actively exploited. 9 in the popular logging library for Java called “ log4j ,” which is included in a huge number of Java applications.

Libraries 347

Libraries Cybersecurity Data breaches Cloud 347

Security Affairs

DECEMBER 13, 2021

Cybersecurity and Infrastructure Security Agency (CISA) added 13 new vulnerabilities to the Known Exploited Vulnerabilities Catalog , including recently disclosed Apache Log4Shell Log4j and Fortinet FortiOS flaws. The post CISA adds Log4Shell Log4j flaw to the Known Exploited Vulnerabilities Catalog appeared first on Security Affairs.

CMS 289

CMS Authentication Libraries Risk 289

Security Affairs

JUNE 13, 2019

A security expert at SEC Consult discovered that some WAGO industrial managed switches are affected by several serious vulnerabilities. A security researcher at consulting company SEC Consult discovered several vulnerabilities in some models of WAGO industrial switches. ” reads the security advisory. Pierluigi Paganini.

Libraries 249

Libraries Passwords IoT Security 249

Security Affairs

FEBRUARY 19, 2020

Security researchers from TrendMicro have uncovered a cyber espionage campaign carried out by an APT group tracked as DRBControl that employed a new family of malware. The Type 2 backdoor was first released in July 2017, it was employed in a spear-phishing attack distributing a weaponized Microsoft Word document. Pierluigi Paganini.

Libraries 337

Libraries Phishing Passwords IT 337

Security Affairs

OCTOBER 3, 2018

In one incident in 2017, HIDDEN COBRA actors enabled cash to be simultaneously withdrawn from ATMs located in over 30 different countries. “HIDDEN COBRA actors most likely deployed ISO 8583 libraries on the targeted switch application servers. Security Affairs – Hidden Cobra, FastCash ). ” states the report.

Retail 278

Retail Libraries Government Phishing 278

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. Gallmaker been active since at least December 2017, researchers observed a spike in its operations in April and most recent attacks were uncovered in June.

Military 269

Military File names Government Libraries 269

Security Affairs

FEBRUARY 16, 2021

Javali trojan is active since November 2017 and targets users of financial and banking organizations geolocated in Brazil and Mexico. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY.

Libraries 336

Libraries Communications Phishing Encryption 336

Security Affairs

DECEMBER 3, 2018

Security experts at HackenProof are warning Open Elasticsearch instances expose over 82 million users in the United States. Elasticsearch is a Java-based search engine based on the free and open-source information retrieval software library Lucene. ” reads a blog post published by HackenProof. citizens (i.e. citizens (i.e.

Data breaches 279

Data breaches Analytics Libraries Archiving 279

Security Affairs

JUNE 18, 2020

Security researchers at ESET recently uncovered a campaign carried out by the InvisiMole group that has been targeting a small number of high-profile organizations in the military sector and diplomatic missions in Eastern Europe. . The attack chain begins with the deployment of a TCP downloader that fetches the next stage payload.

Military 310

Military Communications Libraries Encryption 310

Security Affairs

FEBRUARY 1, 2019

Security experts at Cybaze – Yoroi ZLab have analyzed a new sample of the AdvisorsBot malware, a downloader that was first spotted in August 2018. It’s interesting to notice it calls some “non-library” functions; functions loaded from the previously referenced dll file. Table 3 – DLL information. Pierluigi Paganini.

Libraries 274

Libraries Phishing Security IT 274

Security Affairs

MARCH 28, 2022

The bot includes exploits for Oracle WebLogic Server vulnerabilities CVE-2019-2725 and CVE-2017-10271 , and the Drupal RCE flaw tracked as CVE-2018-7600. “Debian and Ubuntu have also released security advisories regarding this matter. It saves it as “/tmp/russ” and executes it. Pierluigi Paganini.

Libraries 246

Libraries IoT Communications Access 246

Security Affairs

APRIL 18, 2019

We analyzed this sample two years ago and we linked it to a Sofacy attack operation discovered by FE researchers in the mid of 2017, which hit several hotels in European and Middle Eastern countries. GAMEFISH document dropper (reference sample, 2017). Technical Analysis. exe” system utility. Figure 4: “mrset.bat” file code.

Passwords 252

Passwords Libraries Phishing IT 252

Security Affairs

MAY 27, 2019

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide. Further technical details, including IoCs, are reported in the analysis published by inSile.

Libraries 272

Libraries Phishing Government Cloud 272

Security Affairs

MAY 7, 2019

Early April, experts at Yoroi-Cybaze ZLab spotted a new interesting malware sample, likely active since 2017, that was linked to ATMitch attacks. . In the first days of April, our threat monitoring operations spotted a new interesting malware sample possibly active in the wild since 2017. Pierluigi Paganini.

Libraries 237

Libraries e-Discovery Communications File names 237

Security Affairs

JANUARY 7, 2023

IcedID banking trojan first appeared in the threat landscape in 2017, it has capabilities similar to other financial threats like Gozi , Zeus , and Dridex. The “maker.dll” is a malicious libraries used to perform various malicious activities and load the IcedID malware, while “ikm.msi” is a legitimate installer of the Zoom application.

Phishing 246

Phishing Libraries Cybersecurity IT 246

Security Affairs

DECEMBER 4, 2019

In other words all the infrastructures, the samples, the command and controls, the domains and IPs, the certificate, the libraries and, general speaking, all the operations that come before the attack phase in term of environments. For example from 2017 to early 2018 APT28 used specific techniques such as: T1251 , T1329 , T1336 and T1319.

Computer and Electronics 235

Computer and Electronics Libraries Security Military 235

Security Affairs

AUGUST 28, 2018

Security firm SecureWorks has uncovered a new phishing campaign carried out by COBALT DICKENS APT targeting universities worldwide, it involved sixteen domains hosting more than 300 spoofed websites for 76 universities in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the United Kingdom, and the United States.

Phishing 265

Phishing Libraries Security Access 265

Security Affairs

FEBRUARY 19, 2019

Since the beginning of the year, security firms observed a new intense ransomware campaign spreading the Shade ransomware. Between January and February, a new, intense, ransomware campaign has been observed by many security firms. Comparison between the ransom note of Shade 2019 (up) and Shade 2017 (down, source: SonicWall ).

Ransomware 247

Ransomware Mining File names Encryption 247

Security Affairs

APRIL 6, 2021

Since 2017, the group was observed launching attacks using RTF lure documents with political content related to Vietnam. The former collects environment information from the victim machine and sends it to DropBox, the latter runs code to evade detection by security products. Follow me on Twitter: @securityaffairs and Facebook.

Military 301

Military Government Phishing Libraries 301

Security Affairs

JUNE 5, 2019

Security experts at Trend Micro have discovered a new Monero cryptomining miner, dubbed BlackSquid, that is targeting web servers, network drives, and removable drives. The post BlackSquid malware uses multiple exploits to drop cryptocurrency miners appeared first on Security Affairs. Pierluigi Paganini.

Mining 232

Mining File names Libraries IT 232

Security Affairs

NOVEMBER 5, 2019

In 2017, a hacker group known as the Shadow Brokers stolen malware and hacking tools from the arsenal of the NSA-Linked Equation Group , then it published online the data dump called “ Lost in Translation.” The DarkUniverse has been active at least from 2009 until 2017. mod and glue30.dll. The updater. Pierluigi Paganini.

Libraries 184

Libraries Phishing Communications Cloud 184

Security Affairs

AUGUST 10, 2018

Security researchers at Intezer and McAfee have conducted a joint investigation that allowed them to collect evidence that links malware families attributed to North Korean APT groups such as the notorious Lazarus Group and Group 123. Further shared code across these families is an AES library from CodeProject. Pierluigi Paganini.

Libraries 174

Libraries Ransomware Security Access 174

Security Affairs

JULY 8, 2023

The spear-phishing message appears as a benign conversation lure masquerading as a senior fellow with the Royal United Services Institute (RUSI) to the public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. ” continues the analysis.

Archiving 246

Archiving Cloud File names Metadata 246

Security Affairs

JULY 20, 2023

Lookout first detected WyrmSpy as early as 2017, while it first discovered DragonEgg at the start of 2021. These commands include instructing the malware to upload log files, photos stored on the device, and acquire device location using the Baidu Location library.” Most recent samples of DraginEgg are dated April 2023.

File names 246

File names Libraries Cybersecurity IT 246

The Last Watchdog

SEPTEMBER 2, 2018

Just like the best sourdough bread derives from a “mother” yeast that gets divided, passed around, and used over and over, open-source software applications get fashioned from a “mother” library of code created and passed around by developers. Related: Equifax hack highlights open source attack vectors.

Compliance 179

Compliance Libraries Personal data Sales 179

Security Affairs

AUGUST 3, 2018

According to Kaspersky, there was a spike in the number of spear phishing messages in November 2017 that targeted up to 400 industrial companies located in Russia. The malicious library includes the system file winspool.drv that is located in the system folder and is used to send documents to the printer. Pierluigi Paganini.

Phishing 174

Phishing Libraries Passwords Archiving 174

The Last Watchdog

MARCH 4, 2019

In fact, memory attacks have quietly emerged as a powerful and versatile new class of hacking technique that threat actors in the vanguard are utilizing to subvert conventional IT security systems. That’s Gartner’s estimate of global spending on cybersecurity in 2017 and 2018. Fast forward to 2017. Manipulating runtime.

Energy and Utilities 212

Energy and Utilities Systems administration Access Cybersecurity 212

Security Affairs

AUGUST 22, 2018

Security researchers from Trend Micro have uncovered a supply chain attack, tracked as Operation Red Signature, against organizations in South Korea. This dynamic-link library (DLL) is responsible for decrypting the encrypted rcview.log file and executing it in memory. Exploit tool for CVE-2017-7269 (IIS 6). zip and file001.zip

Passwords 165

Passwords Libraries Encryption Access 165

Schneier on Security

JUNE 21, 2019

In 2017, some Android phones came with a backdoor pre-installed : Criminals in 2017 managed to get an advanced backdoor preinstalled on Android devices before they left the factories of manufacturers, Google researchers confirmed on Thursday. The attackers used the backdoor to surreptitiously download and install modules.

Manufacturing 111

Manufacturing Libraries Security IT 111

Security Affairs

AUGUST 23, 2018

The new analysis conducted by ESET revealed that hackers breached Germany’s Federal Foreign Office , Turla infected several computers and used the backdoor to syphon data for almost the whole of 2017. The backdoor is a standalone DLL (dynamic link library) that interacts with Outlook and The Bat! Pierluigi Paganini.

Metadata 175

Metadata Military Libraries Access 175