Security Affairs

JANUARY 10, 2025

Researchers at Elastic Security Labs who first analyzed the malware confirmed it can steal keychain passwords and data from multiple browsers. VXunderground archived the leak and published it on GitHub. Additionally, the malware was avoiding targeting systems where Russian is the primary language.

Archiving 297

Archiving Phishing Encryption Passwords 297

Security Affairs

MAY 30, 2023

“file archiver in the browser” is a new phishing technique that can be exploited by phishers when victims visit a.ZIP domain. A new phishing technique called “file archiver in the browser” can be used by phishers to “emulate” a file archiver software in a web browser when a victim visits a.ZIP domain.

Archiving 246

Archiving Phishing Security IT 246

Data Breach Today

OCTOBER 24, 2024

Also: Payment Card Theft Trends, Internet Archive Update This week, bulk data transfers to China, credit card theft, the Internet Archive still recovering and the Change Healthcare tally is now 100M. Ukraine fought phishers, civil society against the UN cybercrime treaty, TA866 and virtual hard drives spread malware.

Sales 283

Sales Archiving Security 283

Security Affairs

DECEMBER 23, 2021

The CVE-2021-40444 is a remote code execution security flaw that affected the MSHTML file format. the security defect can be exploited to achieve remote code execution on vulnerable systems. Microsoft addressed the flaw with the release of Microsoft Patch Tuesday security updates for September 2021.

Archiving 363

Archiving File names Ransomware Security 363

Security Affairs

JUNE 21, 2021

The group published the link to 13 password-protected archives, allegedly containing sensitive data stolen from the chipmaker. Attention Password for the Archives: XXXXXXXXXXX#1JLDiw8″ reads the post published by the group on its leak site. !!Inside Only use secure networks and avoid using public Wi-Fi networks.

Ransomware 360

Ransomware Archiving Passwords Authentication 360

Security Affairs

MARCH 24, 2025

Initially, the group published screenshots of stolen data as proof of the attack, now the whole archive can be downloaded from the leak page. The group said that the waiting period had expired and claimed the theft of 134GB of sensitive data.

Ransomware 253

Ransomware Manufacturing Paper Archiving 253

Security Affairs

JULY 20, 2024

The attackers attempted to trick the company’s customers into opening a ZIP archive file named “ crowdstrike-hotfix.zip.” ” The archive includes a loader named Hijack Loader used to execute the Remcos RAT. The ZIP archive contains a HijackLoader payload that, when executed, loads RemCos.

File names 361

File names Archiving Cybersecurity Communications 361

Security Affairs

AUGUST 17, 2024

Background check service National Public Data confirms a data breach that exploded millions of social security numbers and other sensitive information. According to a statement published by the company, exposed data include the name, email address, phone number, social security number, and mailing address(es) of the impacted individuals.

Data breaches 353

Data breaches Archiving Sales Personal data 353

Security Affairs

MAY 14, 2022

The collective has released a 130 GB archive via DDoSecrets that contains nearly 116,500 emails. The collective has stolen over 7,000 emails from the Achinsk city government and leaked an 8.5GB archive via DDoSecrets. The collective has released a 106 GB archive via DDoSecrets that contains nearly 77,500 emails.

Archiving 355

Archiving Mining Government Cybersecurity 355

Security Affairs

MARCH 12, 2021

zipx file is a ZIP archive compressed using the most recent compression methods of the WinZip archiver to provide optimal results. 7Zip initially tries to open the files as a ZIP archive and fails, but afterward, 7Zip recognizes the.zipx files as Rar5 archives and can get their contents unpacked. The emails use a.

Archiving 358

Archiving Access Security IT 358

Security Affairs

SEPTEMBER 20, 2021

Security researchers discovered an unsecured database exposed online containing the personal information of millions of visitors to Thailand. The expert discovered the unsecured database on August 22, 2021, and immediately notified the Thai authorities, he noticed that some of the data stored in the archive date back ten years.

Honeypots 362

Honeypots Archiving Personal data Cybersecurity 362

Security Affairs

SEPTEMBER 19, 2021

“Some Numando variants store these images in an encrypted ZIP archive inside their.rsrc sections, while others utilize a separate Delphi DLL just for this storage. The installer contains a CAB archive with a legitimate application, an injector, and an encrypted Numando banking trojan DLL. ” continues the report.

Archiving 348

Archiving Encryption IT Security 348

Security Affairs

APRIL 22, 2024

Compromised data vary by individuals and organizations, it includes names, passport numbers, Social Security numbers, online crypto account identifiers and bank account numbers, and more. The disclosure of data in the archive poses a threat to the individuals whose data it contains. LSEG acquired Refinitiv is 2021.

Risk 343

Risk Archiving Access Privacy 343

Security Affairs

JUNE 29, 2021

Passwords are not included in the archive. The threat actor that is offering for sale the data shared a sample of 1M records as proof of the authenticity of the archive. The post New LinkedIn breach exposes data of 700 Million users appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook.

Sales 363

Sales Archiving Phishing Passwords 363

Security Affairs

OCTOBER 28, 2022

Multiple high-severity security vulnerabilities have been discovered in Juniper Networks devices. The most severe one is a remote pre-authenticated PHP archive file deserialization vulnerability tracked as CVE-2022-22241 which received a CVSS score of 8.1. ” reads the advisory published by the vendor. Pierluigi Paganini.

Metadata 360

Metadata Archiving Authentication Access 360

WIRED Threat Level

OCTOBER 9, 2024

The hack exposed the data of 31 million users as the embattled Wayback Machine maker scrambles to stay online and contain the fallout of digital—and legal—attacks.

Archiving 226

Archiving Security 226

Security Affairs

APRIL 22, 2024

The expert exploiting this known issue discovered the following vulnerabilities: CVE-2023-36396 Windows Compressed Folder Remote Code Execution Vulnerability – The RCE issue resides in Windows’s new extraction logic for all newly supported archive types. The expert reported to the Microsoft Security Response Center (MSRC) in 2023.

Archiving 343

Archiving Access Security Risk 343

Security Affairs

JUNE 4, 2022

B00da and Porteur leaked a 1T archive containing data and emails from the law firm. Anonymous has leaked a 823 GB archive containing 1.5 B00da , Porteur , and Wh1t3 Sh4d0w leaked a 184 GB archive containing company emails. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Archiving 363

Archiving Government Passwords Security 363

Security Affairs

APRIL 5, 2022

Ukraine CERT-UA published a security advisory to warn of spear-phishing attacks conducted by Russia-linked Armageddon APT (aka Gamaredon , Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) targeting local state organizations. Upon opening the file, a RAR-archive named “Viyskovi_zlochinci_RU.rar” is created. .

Military 343

Military Phishing File names Archiving 343

Security Affairs

AUGUST 6, 2021

The RansomEXX ransomware group claims to have stolen 20.74GB of data from the company and leaked 43 archives (42 archives of 500MB in size and 1 archive containing 239.54MB of documents). The post RansomEXX ransomware leaks files stolen from Italian luxury brand Zegna appeared first on Security Affairs.

Ransomware 321

Ransomware Archiving Retail Manufacturing 321

Krebs on Security

AUGUST 19, 2024

New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. 12 , saying it dates back to a security incident in December 2023. NPD acknowledged the intrusion on Aug.

Passwords 356

Passwords IT Archiving Data breaches 356

Security Affairs

SEPTEMBER 16, 2022

The archive holds a text file containing an IP address and login credentials, and an a backdoored version of PuTTY that was used to load a dropper called DAVESHELL, which deploys a newer variant of a backdoor dubbed AIRDRY. . The post North Korea-linked APT spreads tainted versions of PuTTY via WhatsApp appeared first on Security Affairs.

Archiving 333

Archiving Communications Phishing Access 333

Security Affairs

JULY 12, 2021

Once again, an archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum. LinkedIn’s refusal to treat malicious scraping as a security problem can potentially allow cybercriminals to gather data on new victims with impunity.

Archiving 360

Archiving Passwords Data collection Sales 360

Security Affairs

AUGUST 4, 2024

“Plaintiff brings this Complaint against Defendant for its failure to properly secure and safeguard the personally identifiable information that it collected and maintained as part of its regular business practices. The archive also contains data on deceased individuals.

Data breaches 363

Data breaches Personal data Sales Archiving 363

Security Affairs

NOVEMBER 5, 2023

North Korea-linked Lazarus APT group were spotted using new KandyKorn macOS malware in attacks against blockchain engineers, reported Elastic Security Labs. It utilizes reflective loading, a direct-memory form of execution that may bypass detections,” notes Elastic Security, which identified and analyzed the threat.”

Blockchain 318

Blockchain Archiving Military Encryption 318

Security Affairs

MAY 28, 2022

The experts first detected the intrusion on April 12 when the company’s security team identified unauthorized access to their npm production infrastructure using a compromised AWS API key. A series of CSVs containing an archive of all names and version numbers (semVer) of published versions of all npm private packages as of April 10, 2022.

Metadata 363

Metadata Passwords Archiving Access 363

Security Affairs

AUGUST 5, 2021

Now one of its affiliates leaked the IP addresses for Cobalt Strike C2 servers and an archive of 113 MB that includes training material and tools shared by the Conti operators with its network to conduct ransomware attacks. The Conti Ransomware operators offer their services to their affiliates and maintain 20-30% of each ransom payment.

Ransomware 339

Ransomware Archiving IT Security 339

Security Affairs

JANUARY 6, 2022

Security researchers at Cluster25 uncovered a recent campaign carried out by the North Korea-linked Konni APT group aimed at Russian diplomatic entities that used new versions of malware implants. zip” (“congratulation” in Russian) instead of weaponized office documents, The archive containsand executable that acts as the first stage malware.

Phishing 363

Phishing Archiving IT Security 363

Security Affairs

SEPTEMBER 16, 2024

. “We released a fix for CVE-2024-38112 in our July 2024 security updates which broke this attack chain. See [ CVE-2024-38112 – Security Update Guide – Microsoft – Windows MSHTML Platform Spoofing Vulnerability[([link] Customers should both the July 2024 and September 2024 security update to fully protect themselves.”

Archiving 339

Archiving File names Libraries Passwords 339

Security Affairs

NOVEMBER 27, 2020

The memo also reveals that the company has hired an external security firm to investigate the incident. GB archive called “STRATEGICPLANNINGpart62.zip” “We identified a security incident involving ransomware on August 4, 2020.” The gang has published a 2.2 ” reads the statement. Pierluigi Paganini.

Data breaches 361

Data breaches Ransomware Archiving Access 361

Security Affairs

DECEMBER 20, 2021

The DarkWatchman RAT uses the registry for nearly all temporary and permanent storage, it doesn’t write to disk evading most security tools. . The DarkWatchman has been distributed through phishing emails that use malicious ZIP archives (named ‘????????? ?12-6317-3621.zip’ 12-6317-3621.zip’ Pierluigi Paganini.

Archiving 352

Archiving Communications Ransomware Phishing 352

Security Affairs

SEPTEMBER 5, 2021

The cybercriminals defined the security implemented by the bank terrible. but they have horrible security)” reads the message published on the leak site. ” Below one of the images shared by the group: The ransomware gang published a ZIP archive named proof that contains a series of documents allegedly stolen from the bank.

Ransomware 339

Ransomware Financial Services Archiving Security 339

Security Affairs

APRIL 23, 2021

The malware moves all files stored on the device to password-protected 7zip archives and demand the payment of a $550 ransom. The Taiwanese vendor published a security advisory to warn its customers of the ongoing attacks and is urging them to install the latest Malware Remover version and scan their devices for indicators of compromise.

Ransomware 359

Ransomware Archiving Passwords Encryption 359

Security Affairs

OCTOBER 21, 2023

Okta asks customers to upload an HTTP Archive (HAR) file in order to support them in solving their problems and replicating browser activity. “Within the course of normal business, Okta support will ask customers to upload an HTTP Archive (HAR) file, which allows for troubleshooting of issues by replicating browser activity.

Authentication 335

Authentication Archiving Data breaches Access 335

Security Affairs

SEPTEMBER 8, 2021

The hacker is offering the data for sale, but did not disclose the price for the complete archive. Israel’s National Cyber Directorate is investigating the alleged security breach. The post Personal information of 7 million Israelis available for sale appeared first on Security Affairs. Pierluigi Paganini.

Sales 354

Sales Archiving Security IT 354

Security Affairs

JUNE 4, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security 246

Security Ransomware Phishing Authentication 246

Security Affairs

MAY 25, 2024

com : Distributes a ZIP archive file (“setup-win-x86-x64.exe.zip”) pro : Distributes a RAR archive file (“MBSetup.rar”) that was used to deploy the StealC information stealer malware. Below is the list of malicious websites analyzed by the researchers: avast-securedownload[.]com bitdefender-app[.]com

Archiving 340

Archiving Mining Information Security IT 340