Security Affairs

DECEMBER 20, 2021

The DarkWatchman has been distributed through phishing emails that use malicious ZIP archives (named ‘????????? ?12-6317-3621.zip’ The executable is a self-installing WinRAR archive that will install the RAT and keylogger. “This executable is a WinRAR SFX self installing archive that contains two files: ‘134121811.js’

Archiving 353

Archiving Communications Ransomware Phishing 353

Security Affairs

MAY 23, 2024

The messages use specially crafted archives containing LNK files disguised as regular documents. These archives mimicked the installation process of Microsoft Defender or exploited current US political issues. When clicked, the LNK files would execute malicious commands. We have found variations for DropBox and for OneDrive.

Archiving 330

Archiving Military Communications Phishing 330

Security Affairs

JULY 20, 2024

The attackers attempted to trick the company’s customers into opening a ZIP archive file named “ crowdstrike-hotfix.zip.” ” The archive includes a loader named Hijack Loader used to execute the Remcos RAT. The ZIP archive contains a HijackLoader payload that, when executed, loads RemCos.

File names 251

File names Archiving Cybersecurity Communications 251

Data Breach Today

FEBRUARY 18, 2021

California Medical Imaging Group Describes Data Exposure A California medical imaging group practice says vulnerabilities in its picture archiving and communications system left patient data at risk of unauthorized access for more than a year.

Risk 243

Risk Archiving Communications Access 243

Security Affairs

JULY 6, 2024

This forum hosted a ZIP archive that contains the malicious.js The cscript instance spawns PowerShell, which deobfuscates and executes a script that begins discovery activities and communicates with the C2 server. Attackers use the black SEO technique to display a website compromised by GootLoader operators among the results.

Communications 323

Communications Archiving Ransomware IT 323

Security Affairs

MARCH 17, 2020

An evidence about the presence of the malicious file hosted on the legit website is shown in the following figure: Figure 5: Communication with the DropUrl. The downloaded file, as previously mentioned, is a Self Extracting Archive (SFX/SEA). In the archive, five files with different extensions are stored. Technical Analysis.

Archiving 363

Archiving Passwords Encryption IT 363

Security Affairs

SEPTEMBER 4, 2020

“We apologize for being unable to communicate as effectively as normal. “After not paying, the ransomware operators have published a 5GB archive containing data stolen from the school district.” We will know more when the forensic work is complete.” We will send another update at the end of the day.”

Data breaches 357

Data breaches Ransomware Archiving Encryption 357

Security Affairs

JANUARY 8, 2024

Upon extracting the malware from the archive, the malicious code injects its payload into msinfo32.exe. Recent variants include additional commands for C2 communications. “A large number of commands for C2 communication can be found in this malware.

Phishing 330

Phishing Communications Archiving Passwords 330

Security Affairs

MAY 2, 2020

French daily Le Figaro database accidentally exposed online, the archive included roughly 7.4 Logs sensitive data related to the company’s data infrastructure included SQL query errors, Traffic between different servers, Communication protocols, Potential access to admin accounts. French daily newspaper Le Figaro exposed roughly 7.4

Passwords 357

Passwords Archiving Phishing Access 357

Data Breach Today

SEPTEMBER 17, 2019

Tips on Keeping Picture Archiving and Communications Systems Secure New draft guidance from the National Institute of Standards and Technology aims to help healthcare organizations improve the security of picture archiving and communications systems, or PACS.

Archiving 191

Archiving Security Communications 191

Security Affairs

SEPTEMBER 18, 2019

Greenbone Networks researchers analyzed about 2,300 Picture Archiving and Communication System (PACS) systems exposed online. PACS servers are used in the healthcare industry to archive images created by radiological processes and to make them available to medical staff for analysis and diagnosis. million patient records.

Archiving 279

Archiving Communications Access Phishing 279

Security Affairs

DECEMBER 29, 2021

Attacks using Flagpro targeted multiple companies in Defense, Media, and Communications industries several times. . The archive contains a weaponized Microsoft Excel file (.XLSM), Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’.

Phishing 361

Phishing Passwords Communications Archiving 361

Security Affairs

MAY 13, 2024

New Jersey’s Cybersecurity and Communications Integration Cell (NJCCIC) reported that since April, threat actors used the the Phorpiex botnet to send millions of phishing emails as part of a LockBit Black ransomware campaign. Experts estimated that in one year it allowed to steal crypto assets worth of 500,000 dollars.

Phishing 328

Phishing Ransomware Security awareness Authentication 328

Security Affairs

APRIL 18, 2021

“The.zip file is not a compressed archive, but a batch script that then invokes the built-into-Windows certutil.exe program to download two additional files, win_s.zip and win_d.zip.” “Among the files contained in the QuickCPU.dat archive are the configurator for the miner, which appears to be xmr-stak.

File names 297

File names Archiving Passwords Communications 297

Security Affairs

JUNE 17, 2020

“Once the contact was established, the attackers snuck malicious files into the communication, disguising them as documents related to the advertised job offer,” reads the report. “a password-protected RAR archive containing a LNK file. Attackers used documents related to the job offer as a lure.

Military 283

Military Archiving Passwords Communications 283

Security Affairs

JUNE 24, 2024

The communication between GoRed and its C2 server relies on the RPC protocol. For secure communication, operators employ DNS/ICMP tunneling, WSS, and QUIC protocols. The backdoor serializes, encrypts, archives, and sends the collected data to a designated server that stores compromised data.

File names 290

File names Communications Mining Archiving 290

ARMA International

MAY 30, 2022

A common misconception is that only financial- and personnel-powerful archives like state and federal archives have the resources to implement an exhibit displaying part of its archival collection. However, you may be surprised what a small or in-house archiving team can accomplish with relatively few resources.

Archiving 99

Archiving Communications IT Records Management 99

Security Affairs

MARCH 21, 2023

Researchers believe that threat actors use spear phishing as an initial attack vector, the messages include an URL pointing to a ZIP archive hosted on a web server under the control of the attackers. The archive contained two files, a decoy document (i.e. pdf.lnk) used to start the infection and deploy the PowerMagic backdoor.

Agriculture 246

Agriculture Archiving Communications Phishing 246

Security Affairs

APRIL 18, 2020

The malicious code is not directly loaded as an executable, it is written to disk as an archive named “smile.zip” that is appended at the end of the word document. The.zip archive contains a Python script and interpreter, the Word macros checks for a sandbox environment. ” continues the analysis.

Energy and Utilities 344

Energy and Utilities Archiving Phishing Government 344

Security Affairs

JUNE 26, 2021

IT back-office and communications systems, such as email have been taken offline at the time. The sample archive is password protected – but the file names and types are clearly visible. Now, we have information that their data may have possibly been leaked by Hive – a new ransomware group. Here’s what we know.

Ransomware 338

Ransomware File names Archiving Encryption 338

Security Affairs

MARCH 13, 2020

Before September 2019, victims were delivered with a RAR-SFX archive containing a legitimate Adobe Flash v14 installer and a second RAR-SFX archive containing components of the Skipper backdoor. PyFlash is the first Python-based backdoor ever used by Turla , it communicates with its hardcoded C&C server via HTTP.

Archiving 363

Archiving Government Communications IT 363

Security Affairs

AUGUST 21, 2022

. “Grandoreiro is written in Delphi and utilizes techniques like binary padding to inflate binaries, Captcha implementation for sandbox evasion, and command-and-control (CnC) communication using patterns that are identical to LatentBot.”

Archiving 268

Archiving Phishing Communications Manufacturing 268

The Last Watchdog

JANUARY 13, 2022

According to a SEC release , hefty fines brought against JPMorgan, and its subsidiaries were based on “widespread and longstanding failures by the firm and its employees to maintain and preserve written communications”. Approved forms of communication such as phone calls, emails, and fax are viewed by some consumers as obsolete.

Compliance 254

Compliance Customer Experience Communications Archiving 254

Security Affairs

FEBRUARY 28, 2022

The phishing messages masqueraded as a job promotion attempted to trick victims into clicking a URL pointing to a RAR archive file hosted on cloud storage service OneHub. The archive contained a Windows Installer.msi file that was used to install ScreenConnect remote access software to establish a foothold.

Phishing 259

Phishing Archiving Communications Access 259

Security Affairs

OCTOBER 8, 2020

The loader allows to deliver the main payload, experts noticed that it is hidden inside a self-extracting RAR archive. In order to trick the victims into opening it, the archive references phone lists, medical test results or technical documentation in order to convince the employees of the targeted organization to download the file.

Encryption 276

Encryption Archiving Communications Cloud 276

Security Affairs

DECEMBER 1, 2020

An archive of 25,000+ partner and client organizations, such as pharmaceutical laboratories and pharmacies, serviced by the Apodis Pharma distribution platform. An archive of 25,000+ partner and client organizations, such as pharmaceutical laboratories and pharmacies, serviced by the Apodis Pharma distribution platform. Disclosure.

Healthcare 297

Healthcare Archiving Sales Access 297

Security Affairs

FEBRUARY 12, 2019

In the last days, a huge attack campaign hit several organizations across the Italian cyberspace, as stated on bulletin N020219 the attack waves tried to impersonate legit communication from a known Express Courier. This download first component and keep communication with C2 server. Figure 7: C2 Communication comparison.

Communications 268

Communications Archiving Passwords IT 268

Security Affairs

NOVEMBER 22, 2019

The archive also includes data belonging to external websites and platforms that Gekko Group system communicate with, including Booking.com. The archive included data in numerous languages originating from multiple countries, mostly in Europe (Spain, The United Kingdom, The Netherlands, Portugal, France, Belgium, Italy, Israel).

Archiving 271

Archiving B2B Passwords Communications 271

Security Affairs

MARCH 3, 2023

In the /pub/god directory of this server there are multiple Korplug loaders, archives, and tools that were used in previous Mustang Panda campaigns.” MQsTTang supports common backdoor capabilities, one of its hallmarks is the use of the MQTT protocol for C&C communication. ” reads the analysis published by ESET.

Archiving 246

Archiving Communications IoT IT 246

Security Affairs

APRIL 20, 2022

The researchers pointed out that each variant will communicate with a different command-and-control (C&C) server. The Pterodo variant employed in the attacks is a modified self-extracting archive, which contains obfuscated VBScripts that act as a dropper.

Archiving 342

Archiving Phishing Communications Security 342

Security Affairs

SEPTEMBER 2, 2019

The malware attempt to connect via SSH on Port 22 and deliver itself as a gzip archive. “The malware is uploaded as gzip compressed tarball archives of binaries, scripts, and libraries. ” The expert discovered that the script executes init2, that is one of the files in the gzip archive, if the directory.

IoT 277

IoT Honeypots Libraries Archiving 277

Security Affairs

JUNE 7, 2021

The messages use a RAR archive as an attachment and trick victims into opening it. Upon downloading and opening the archive, an EXE file with a double extension, filename. Details in the file… »,« a criminal case has been filed against you. Details in the application… ». pdf.exe , is dropped on the system.

Phishing 268

Phishing Archiving Government Passwords 268

Security Affairs

JANUARY 19, 2022

The malicious code is hosted on a web hard drive or a remote file hosting service in the form of compressed ZIP archives. Upon executing the executable (“Game_Open.exe”) in the archive, the malware is executed while the actual game is launched. Attackers used different games containing the same malware.

Archiving 263

Archiving Communications Security IT 263

The Texas Record

OCTOBER 22, 2021

The records management assistance unit at the Texas State Library and Archives Commission (TSLAC) receives many questions from state agencies when it comes to recertifying retention schedules. Let’s look at what archives considers when reviewing a record. Agencies often ask us how potential archival records should be transferred.

Archiving 98

Archiving Records Management Paper Access 98

Security Affairs

SEPTEMBER 23, 2024

The EAGLEDOOR backdoor can communicate with C2 via DNS, HTTP, TCP, and Telegram. Earth Baxia exfiltrates data in archives that are transferred using curl.exe. The.NET applications use AppDomainManager injection, which allows arbitrary code execution within a target application by injecting a custom application domain.

Phishing 347

Phishing File names Cloud Government 347

Security Affairs

DECEMBER 1, 2019

Security experts at vpnMentor discovered a database belonging to the US communications company, TrueDialog that was leaking millions of SMS messages. According to the researchers the database included 1 billion entries belonging to over 100 million US citizens, last time they analyzed the archive it included 604 GB of data.

Education 355

Education Marketing Archiving Passwords 355

Security Affairs

JULY 14, 2021

The Dropbox link leads to a RAR archive that masquerades as a Word document by setting the “file_subpath” parameter to point to a filename with a.DOCX extension. “The archive contains two malicious DLL libraries as well as two legitimate executables that sideload the DLL files. ” reads the analysis published by Kaspersky.

Archiving 246

Archiving File names Government Libraries 246